On 3.5.2016 13:28, Gary T. Giesen wrote:
> 1. Confirmed, it was already set to ISMASTER=1
> 
> 2. Logs:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    Current cookie is: None
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    Detected add of entry: 
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.odsmgr.ODSMgr: DEBUG    LDAP zones: {'203dbe2d-8d9c-1
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    Detected add of entry: 
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    Detected add of entry: 
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    Detected add of entry: 
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    Detected add of entry: 
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    Detected add of entry: 
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    Detected add of entry: 
> May 03 07:21:07 host.example.com ipa-dnskeysyncd[27240]:
> ipa.ipapython.dnssec.keysyncer.KeySyncer: DEBUG    New cookie is: host.exa

The log seems to be truncated. Please attach it as a file to avoid truncation
and line wrapping problems.

Thanks
Petr^2 Spacek

> 
> 
> 3. # rpm -q ipa-server
> ipa-server-4.2.0-15.0.1.el7.centos.6.1.x86_64
> 
> -----Original Message-----
> From: freeipa-users-boun...@redhat.com
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Petr Spacek
> Sent: May-03-16 7:08 AM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Unable to configure DNSSEC signing
> 
> Okay, this is a problem. It should list your zone example.com because it has
> DNSSEC signing enabled.
> 
> Make sure you are working on host.example.com (the host listed by the
> ldapsearch above).
> 
> I would check two things:
> 1. File /etc/sysconfig/ipa-dnskeysyncd contains line "ISMASTER=1". If it
> does not, re-run ipa-dns-install with --dnssec-master option to fix that.
> 
> 2. Debug logs from the daemon. Please edit /etc/ipa/default.conf and make
> sure that it contains line "debug=True" and restart ipa-dnskeysyncd when you
> are done with it.
> 
> The log should be much longer after this change.
> 
> I hope it will help to identify the root cause.
> 
> What IPA version do you use?
> $ rpm -q freeipa-server
> 
> Petr^2 Spacek
> 
> 
> 
>> Per the instructions, I've restarted ipa-dnskeysyncd, but it has had 
>> no effect. The only log entries I see are:
>>
>> # journalctl -u ipa-dnskeysyncd
>>
>> May 02 20:35:52 host.example.com systemd[1]: Stopping IPA key daemon...
>> May 02 20:35:52 host.example.com ipa-dnskeysyncd[14903]: ipa         :
> INFO
>> Signal 15 received: Shutting down!
>> May 02 20:35:52 host.example.com systemd[1]: Started IPA key daemon.
>> May 02 20:35:52 host.example.com systemd[1]: Starting IPA key daemon...
>> May 02 20:35:52 host.example.com ipa-dnskeysyncd[15014]: ipa: WARNING:
>> session memcached servers not running
>> May 02 20:35:53 host.example.com ipa-dnskeysyncd[15014]: ipa         :
> INFO
>> LDAP bind...
>> May 02 20:35:53 host.example.com python2[15014]: GSSAPI client step 1 
>> May 02 20:35:53 host.example.com python2[15014]: GSSAPI client step 1 
>> May 02 20:35:54 host.example.com python2[15014]: GSSAPI client step 1 
>> May 02 20:35:54 host.example.com python2[15014]: GSSAPI client step 2
>> May 02 20:35:54 host.example.com ipa-dnskeysyncd[15014]: ipa         :
> INFO
>> Commencing sync process
>>
>>
>>
>> Can anyone advise on next steps? I've been banging my head against a 
>> wall for a couple days now and would really appreciate some help.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to