On 2021-05-26 17:15, Roman Serbski via Opendnssec-user wrote:
On Fri, May 7, 2021 at 5:14 PM Randy Bush via Opendnssec-user
<opendnssec-user@lists.opendnssec.org> wrote:
> OpenDNSSEC 2.1.9 is out, which solves this issue I think.
the kindness of dr akkerhuis allowed me to install on a binary-only
freebsd.
i am not positive that 2.1.9 fixed the problem; but it definintely
suppressed the error messages :)
Hello,
I'm not 100% sure it's the same issue, but I start getting the similar
errors with OpenDNSSEC 2.1.9 under FreeBSD 12.2-RELEASE-p2 r369009.
Some days ago, I removed one zone using the command:
ods-enforcer zone delete --zone domain.org
And yesterday I started receiving:
Related, but not the same issue, and not really in OpenDNSSEC but with
SoftHSM.
The start/stop should have fixed it, but a ods-signer update --all
should
also have done the trick. I'm afraid this will turn out to be a
concurrency
issue that will be hard to pick up in SoftHSM.
If anyone else sees this message I would like to know because I think it
will be
very rare.
\Berry
May 24 19:16:29 SRV-SIGN01 ods-signerd[5480]: File.cpp(94): Could not
open the file (No such file or directory):
/var/lib/softhsm/tokens//3eab29c6-3b3f-fcf9-4aed-ff695aef81b0/63f07aa8-56e9-3639-4ebd-41692cb2a208.object
May 24 19:16:29 SRV-SIGN01 ods-signerd[5480]: [hsm] sign init:
CKR_OBJECT_HANDLE_INVALID
May 24 19:16:29 SRV-SIGN01 ods-signerd[5480]: [hsm] error signing
rrset with libhsm
May 24 19:16:29 SRV-SIGN01 ods-signerd[5480]: [rrset] unable to sign
RRset[6]: lhsm_sign() failed
May 24 19:16:29 SRV-SIGN01 ods-signerd[5480]: [worker[2]] sign zone
domain.org failed: 1 RRsets failed
May 24 19:16:29 SRV-SIGN01 ods-signerd[5480]: [worker[2]] CRITICAL:
failed to sign zone domain.org: General error
May 24 19:16:29 SRV-SIGN01 ods-signerd[5480]: back-off task [sign] for
zone domain.org with 60 seconds
I also noticed errors while purging expired ZSKs for other domains, for
example:
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]: [enforcer] update
zone: domain2.org
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]: [enforcer]
removeDeadKeys deleting key: 37abe5998879aceefea122b69ca98751
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]:
[hsm_key_factory_delete_key] looking for keys to purge from HSM
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]:
[hsm_key_factory_get_key] removing key
37abe5998879aceefea122b69ca98751 from HSM
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]:
[hsm_key_factory_get_key] removing key
be586f8af9ec83163ffe73c66a21f319 from HSM
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]:
[hsm_key_factory_get_key] removing key
78586dbbaab0ebf9ddd01b0fb4cbd83f from HSM
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]: [enforcer]
removeDeadKeys: keys deleted from HSM: 3
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]: [enforcer] update:
key_data_update() failed
May 24 17:35:01 SRV-SIGN01 ods-enforcerd[5474]: [enforce_task] No
changes to signconf file required for zone domain2.org
/usr/local/etc/rc.d/opendnssec stop/start seems to suppress the error.
Thanks.
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
