On Tue, 22 May 2012, Matthijs Mekking wrote:
On restarting the signer I got :
ods-signerd: signer/rrset.c:667: rrset_sign: assertion ctx failed
Do you also got this log message?:
ods-signerd: [worker[1]] error creating libhsm context
Yes I did.
I am not sure how to deal with a failing libhsm. We could abort the
drudger, stop the signer, retry until eternity, ...
There are still issues with running ods-hsmutil while opendnssec is
running. ods-hsmutil is used to get the current key ids out to use
for bind signing. But it seems to run into kasp.db locking issues,
and cause subsequent ods-hsmutil calls to hang as well.
It wouls be nice if ods-ksmutil just failed, instead of blocked forever.
Perhaps it is possible to ask the enforced/signerd about the keys, to
avoid multiple apps needing to read the kasp.db, which it apparently
can't do very well?
Paul
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
