freebsd 13.1
opendnssec 2.1.10
softhsm 1.3.8
things running happily for months. suddenly, i have logs full of
Apr 9 21:22:12 rip ods-enforcerd[35513]: [hsm_key_factory_delete_key]
looking for keys to purge from HSM
Apr 9 21:22:15 rip ods-signerd[35519]: [hsm] unable to get key: key
c6ab03c6ecd8ca4e9d57eae9ccc79a69 not found
Apr 9 21:22:15 rip ods-signerd[35519]: [hsm] hsm_get_dnskey(): Got NULL key
Apr 9 21:22:15 rip ods-signerd[35519]: [hsm] unable to get key: hsm failed
to create dnskey
Apr 9 21:22:15 rip ods-signerd[35519]: [zone] unable to prepare signing
keys for zone 150.180.198.in-addr.arpa: error getting dnskey
Apr 9 21:22:15 rip ods-signerd[35519]: [worker[1]] CRITICAL: failed to
sign zone 150.180.198.in-addr.arpa: General error
so i duckduckwent and found
https://opendnssec-user.opendnssec.narkive.com/w52YSVrG/signer-does-not-find-a-key
which seems to suggest a home directory has changed? really?
https://issues.opendnssec.org/browse/SUPPORT-278 does not wnlighten me
much more; though maybe that's my fault.
reading
https://opendnssec-user.opendnssec.narkive.com/E5sZ0Wrt/missing-keys-and-various-other-problems-on-2-0
i tried
# service opendnssec restart
Stopping enforcer..
Engine shut down.
pid 35513
Stopping signer engine...
Engine shut down.pid 35519
Starting enforcer...
OpenDNSSEC key and signing policy enforcer version 2.1.10
Engine running.
Starting signer engine...
OpenDNSSEC signer engine version 2.1.10
Engine running.
https://www.mail-archive.com/[email protected]/msg03958.html
and thread seem to say that restarting signerd should have worked. we
have jokes about 'should' in my family.
rebooting the whole server did not help either. sigh.
any more clues out there?
randy
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
