I've been reading up on this thread and I think I'm experiencing similar problems. I'm running Debian stable, but I've been using the ODS packages from testing for a while now. I'm still trying to figure out what is happening exactly, but in my logs I find the following:
Jul 30 09:45:16 traxotic ods-enforcerd: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 30 09:45:17 traxotic ods-enforcerd: [hsm_key_factory_get_key] no keys available Jul 30 09:45:17 traxotic ods-enforcerd: [enforcer] updatePolicy: No keys available in HSM for policy default, retry in 60 seconds Jul 30 09:45:17 traxotic ods-enforcerd: [hsm_key_factory_get_key] no keys available Jul 30 09:45:17 traxotic ods-enforcerd: [enforcer] updatePolicy: No keys available in HSM for policy com_net_org, retry in 60 seconds Jul 30 09:46:17 traxotic ods-enforcerd: [hsm_key_factory_get_key] no keys available Jul 30 09:46:17 traxotic ods-enforcerd: [enforcer] updatePolicy: No keys available in HSM for policy com_net_org, retry in 60 seconds Jul 31 10:08:40 traxotic ods-enforcerd: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:08:41 traxotic ods-signerd: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:08:41 traxotic ods-signerd: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:25:29 traxotic ods-hsmutil: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:37:41 traxotic ods-enforcerd: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:37:43 traxotic ods-signerd: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:37:43 traxotic ods-signerd: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:40:13 traxotic softhsm2-util: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:46:19 traxotic ods-enforcerd: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 10:48:12 traxotic ods-hsmutil: Configuration.cpp(122): Missing slots.removable in configuration. Using default value: false Jul 31 09:50:52 traxotic ods-signerd: ObjectFile.cpp(122): The attribute does not exist: 0x00000002 Jul 31 09:50:52 traxotic ods-signerd: [hsm] unable to get key: key 56be14a85f43ed317c789841fe664136 not found Jul 31 09:50:52 traxotic ods-signerd: [hsm] hsm_get_dnskey(): Got NULL key Jul 31 09:50:52 traxotic ods-signerd: [hsm] unable to get key: hsm failed to create dnskey Jul 31 09:50:52 traxotic ods-signerd: [zone] unable to publish dnskeys for zone traxotic.net: error creating dnskey Jul 31 09:50:52 traxotic ods-signerd: [tools] unable to read zone traxotic.net: failed to publish dnskeys (General error) Jul 31 09:50:52 traxotic ods-signerd: CRITICAL: failed to sign zone traxotic.net: General error Jul 31 10:02:55 traxotic ods-signerd: ObjectFile.cpp(122): The attribute does not exist: 0x00000002 Jul 31 10:02:55 traxotic ods-signerd: [hsm] unable to get key: key 56be14a85f43ed317c789841fe664136 not found Jul 31 10:02:55 traxotic ods-signerd: [hsm] hsm_get_dnskey(): Got NULL key Jul 31 10:02:55 traxotic ods-signerd: [hsm] unable to get key: hsm failed to create dnskey Jul 31 10:02:55 traxotic ods-signerd: [zone] unable to publish dnskeys for zone traxotic.net: error creating dnskey Jul 31 10:02:55 traxotic ods-signerd: [tools] unable to read zone traxotic.net: failed to publish dnskeys (General error) Jul 31 10:02:55 traxotic ods-signerd: CRITICAL: failed to sign zone traxotic.net: General error After restarting some ODS service, it seems to be working again. -----Oorspronkelijk bericht----- Van: Opendnssec-user <[email protected]> Namens Casper Gielen Verzonden: woensdag 18 juli 2018 10:58 Aan: [email protected] Onderwerp: Re: [Opendnssec-user] Missing keys and various other problems on 2.0 Op 02-07-18 om 16:57 schreef Casper Gielen: >>> I've added a cron-job that restarts the enforcer every 6 hours. >>> That's not ideal but should make clear if the problem is just that >>> the enforcer gets stuck and thus misses its deadlines, or if the >>> problems go deeper. > > Due to a small mistake this cron-job never got installed on the system > and this morning the enforcer was stuck again, so I don't have an new > results. > I've fixed the problem and the enforcer got back to it. I hope to have > more information tomorrow. Just a little update. Restarting the enforcer every 6 hours supresses the symptoms. I still get occasional errors ("DB prepare Err 2006: MySQL server has gone away") every few days, but after a restart of the enforcer the process continues. There are no longer large jumps in state or dissappearing keys. I do not consider the problem solved, but DNS is usable again. -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
