CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

replication behind load balancer

I am having trouble getting replication to work behind a load balancer. I have two Linux blades with addresses and behind a F5 load balancer. I configured cosign so that it works on either blade, but I am having problems getting the cosignd processes to talk to each other. I started cosignd and monster with the following commands:

cosignd -d -F local5 -h
monster -d -F local5 -h

cosignd -d -F local5 -h
monster -d -F local5 -h

Here is the error from /var/log/cosignd.log on

Mar 23 15:03:48 cosign12 cosignd[14293]: connect:
Mar 23 15:03:48 cosign12 cosignd[14293]: f_starttls: No access for
Mar 23 15:03:48 cosign12 cosignd[11950]: child 14293 exited with 1

The address is a virtual address for outgoing traffic from the load balancer that originated on one of the blades.

One problem is the client certificate. Originally, I had certificates with, which is the host name associated with the load balanced pool. This caused a problem when I started cosignd on each blade because the CN didn't match the hostname/IP address of the individual blade. I created new client certs on each host with the IP address of the host as the CN.

Here is the contents of my cosign.conf file on each host:

service     0
service       0

Has anyone been able to get cosign to work behind a F5 load balancer? Is this even how cosign replication is intended to work?


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010