Hello all,
initially our main FreeIPA has been installed with DNSSEC but at the moment
I have issues with it as the ipa-ods-exporter is failing. I've tried the
following:
- ipa-dns-install --no-dnssec-validation - at the moment this is exiting
with the following errors in 6/7 step - creating replica keys
2023-11-06T12:07:32Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py",
line 686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.9/site-packages/ipaserver/install/service.py",
line 672, in run_step
method()
File
"/usr/lib/python3.9/site-packages/ipaserver/install/dnskeysyncinstance.py",
line 320, in __setup_replica_keys
p11 = _ipap11helper.P11_Helper(
File "/usr/lib/python3.9/site-packages/ipaserver/p11helper.py", line 882,
in __init__
check_return_value(rv, "log in")
File "/usr/lib/python3.9/site-packages/ipaserver/p11helper.py", line 609,
in check_return_value
raise Error(errmsg)
ipaserver.p11helper.Error: Error at log in: 0xa0
- ipa-dns-install --dnssec-master --kasp-db /var/opendnssec/kasp.db -
this commands fails with
2023-11-06T12:15:28Z DEBUG stderr=ipa-dnskeysync-replica: INFO To
increase debugging set debug=True in dns.conf See default.conf(5) for
details
Traceback (most recent call last):
File "/usr/libexec/ipa/ipa-dnskeysync-replica", line 179, in <module>
localhsm = LocalHSM(
File "/usr/lib/python3.9/site-packages/ipaserver/dnssec/localhsm.py",
line 96, in __init__
self.p11 = _ipap11helper.P11_Helper(label, pin, library)
File "/usr/lib/python3.9/site-packages/ipaserver/p11helper.py", line 882,
in __init__
check_return_value(rv, "log in")
File "/usr/lib/python3.9/site-packages/ipaserver/p11helper.py", line 609,
in check_return_value
raise Error(errmsg)
ipaserver.p11helper.Error: Error at log in: 0xa0
Exception ignored in: <function LocalHSM.__del__ at 0x7fef464364c0>
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/ipaserver/dnssec/localhsm.py",
line 99, in __del__
self.p11.finalize()
AttributeError: 'LocalHSM' object has no attribute 'p11'
Can someone advice how to regenerate everything from scratch so DNSSEC is
again available for the configured zones
Best Regards
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
