cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: replication behind load balancer
> I added the opposite blade's IP address to the /etc/hosts file on each
> blade. Now, communication between cosignd processes is not crossing the
> load balancer, so I think I am just dealing with cosign configuration
> issues at this point.
Then why is it coming from the external IP, I wonder? Is
cosignd/monster properly getting host=>ip lookups? Too
many programs nowadays have a tendancy to be ignorant of
/etc/hosts entries and trust DNS regardless. curl springs
to mind. Quite annoying.
I'd to a 'tcpdump -s0 -i internal port 6663 -w tcpdump.out' on the BigIP
and see if your packets are hitting the BigIP, just to be sure.
> I get a "CHILD xxxxx talking to itself" error in the other host's
> log file.
I don't yet have replication or multiple cosign daemons at all, and I
get this - is this expected?
Brian Hatch "Be liberal in what you
Systems and accept, and conservative
Security Engineer in what you send."
http://www.ifokr.org/bri/ --RFC1123. If only the
rest of the world agreed...
Every message PGP signed
Description: Digital signature