Csnyc2 is really cool. The problem is getting it up and running. Due to very bad documentation there is some info that is just not very well explained. So here we go. a step by step for getting csync2 installed with SSL support.
As always see if the package is available in the repo first. In this case it is so a simple apt-get works to get csync2 installed on the system:
apt-get install csync2 sqlite3 openssl
After that is where it starts getting fun. All SSL files generated are needed on ALL hosts in the group. So first get the certs and keys generated on the main node:
mkdir /etc/csync2 cd /etc/csync2 openssl genrsa -out csync2_ssl_key.pem 1024 openssl req -new -subj '/C=DE/ST=MVP/L=Schwerin' -key csync2_ssl_key.pem -out csync2_ssl_cert.csr openssl x509 -req -days 600 -in csync2_ssl_cert.csr -signkey csync2_ssl_key.pem -out Csync2_ssl_cert.pem csync2 -k csync2_ssl_cert.key
NOTE 1: The subject line in the cert creation should be changed to fit your needs.
NOTE 2: If your node is not very busy you may need to help in entropy generation (in another shell just type “du -h /”).
BE ADVISED!!! In the subject line you MUST leave the “Common Name” (CN) blank!!!
When you are done you will have 4 files that need to be copied over to the other nodes in the group you configure in your csync2.cfg file:
-rw-r--r-- 1 root root 570 Oct 12 09:26 csync2_ssl_cert.csr -rw------- 1 root root 65 Oct 12 09:27 csync2_ssl_cert.key -rw-r--r-- 1 root root 757 Oct 11 13:08 csync2_ssl_cert.pem -rw-r--r-- 1 root root 887 Oct 11 13:08 csync2_ssl_key.pem