From Gentoo Wiki
Jump to:navigation Jump to:search

csync2 is a tool for asynchronous file synchronization in clusters.


USE flags

Cannot load package information. Is the atom sys-cluster/csync2 correct?


root #emerge --ask sys-cluster/csync2


Create ssl certificates for transfers

root #emerge --config sys-cluster/csync2

Create key for authentication with peers

root #csync2 -k /etc/csync2/csync2.key_mygroup

Setup synchronization

FILE /etc/csync2/csync2.cfg
group mygroup
	host hostname1 host2_ip (hostname3); # (hostname3) can only download changes. - #
	key /etc/csync2/csync2.key_mygroup;  # Identical file for all in group. - #

	include /mnt/shared;                 # Same list for all. - #
	exclude /mnt/shared/local*;

Things to note

  • All nodes (of a group) share a common key, for example /etc/csync2/csync2.key_mygroup. This means it has to be copied to each node.
  • The shared folder paths need to be identical for all nodes (of a group). The configuration file need not be identical.
  • Although the host parameter requires the actual hostname (or ip) to be used, it seems to work according to the /etc/hosts file.
    • The following command shows what csync2 sees as hostname:
    • root #csync2 -Tvv |& head



To enable the service to run at system boot:

root #rc-update add csync2 default

To start the daemon now:

root #rc-service csync2 start


Sample parameters

        -x [-d] [[-r] file..]   Run checks for all given files and update
                                remote hosts.
        -d      Dry-run on all remote update operations
        -P peer1,peer1,...
                Only update these peers (still mark all as dirty).
                Only show files for these peers in -o (compare) mode.
        -f [-r] file..          Force files to win next conflict resolution.
        -r      Recursive operation over subdirectories.
        -M      List all dirty files from status db.


  • Update all with this one:
    • root #csync2 -x
    • See failed changes:
      • root #csync2 -M
  • Dry-run an update towards hostname3:
    • root #csync2 -P hostname3 -xd
    • Increased verbosity with -vvv.
  • Force local files onto others:
    • root #csync2 -fr /mnt/shared/force_these
      root #csync2 -x

Debug receiver

To see the messages of the receiver, after stopping any csync2 daemon, for a single execution:

root #csync2 -iii -vvv |& less


remote host remote_host did not accept my identification

If working on both sides of an iptables NAT and getting this error from the inner side:

root #csync2 -Tv this_host remote_host /path/to/file
Connecting to host remote_host (SSL) ...
Connect to remote_ip:30865 (remote_host).
ERROR: remote host remote_host did not accept my identification.
Connection closed.
Finished with 2 errors.

It might be because of this command on the router (that translates inner node addresses to the router's):

root #iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE

A solution to which, is to prepend the following, in order to exclude the csync2 port:

root #iptables -t nat -A POSTROUTING -o ${WAN} -p TCP --dport csync2 -j RETURN

response from peer(/path/to/file): remote_host [15] <- Permission denied!

Verify that the file mentioned is included in the remote host's /etc/csync2/csync2.cfg.

See also

External resources