Hello,
[It might be that this is actually something for openca-devel, but
since I'm new to the project, I cannot really judge it.]
I would like to tell about one of the inconveniences that occured
during installation of openca-0.9.3-rc1. Maybe one wants to document
it somewhere; or some other user can find it here on the mailing list.
My problem:
===========
After some while, I got the error message in stderr.log, that the
OpenCA server could not write log messages to syslog.
Error message:
PKI Master Alert: Logging error
PKI Master Alert: Aborting all operations
PKI Master Alert: Error: 64510030
PKI Master Alert: Message: addMessage failed for log slot sys_syslog
(6511070).
Cannot write to syslogdevice.
PKI Master Alert: debugging messages of logging follow
OpenCA: General error trapped 64510030: addMessage failed for log slot
sys_syslog (6511070). Cannot write to syslogdevice. at
/opt/openca/perl5/OpenCA/UI/HTML.pm line 179.
Compilation failed in require at /opt/openca/CA/OpenCA/etc/openca_start
line 62.
I searched in the openca mailing lists, but the discussions there
about similar errors did not match my situation. The syslog service is
running and configured correctly, I use it all the time.
The root cause:
===============
I'm using syslog-ng (on SUSE 10.0 actually, but I suspect that this
does not matter). I used socket_type 'unix' in log.xml, as is default.
Then the communication from the OpenCA server to the syslog service
uses /dev/log.
When syslog-ng is restarted -- e.g., during a log rotation -- it
closes and reopens /dev/log. Afterwards that error appears. This is
repeatable:
1) Starting OpenCA server: logging works w/o error messages
2) Reload of syslog-ng: afterwards, error messages appear
3) Restart of OpenCA server: error messages disappear
4) repeat 2) as necessary to check the situation. ;-)
It might well be that using the original syslog has the same effect,
as long as /dev/log is used for communication.
The workaround:
===============
I updated the Perl module Sys::Syslog to the current version of 0.18.
(Btw, this is a system module and not a site-module.) Then I could use
the (newly introduced) socket_type 'native' which is much more stable
and Just Works(tm). Just updating was not sufficient, the unix
socket_type in Sys-Syslog-0.18 has still the same behaviour.
But this workaround might not be suitable for the general
distribution, since Sys::Syslog-0.18 is too new to be available in
most installations. This is the reason why I'm posting this
observation on openca-users and not on openca-devel. For a full
generic improvement, I assume that one would need to repeat a call to
openlog() on specific errors.
I hope this is of interest for anyone,
Joachim
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: [EMAIL PROTECTED]
Roedermark, Germany
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
