<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<STYLE>
BLOCKQUOTE {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em
}
OL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
UL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
BODY {
LINE-HEIGHT: 1.5; FONT-FAMILY: ËÎÌå; COLOR: #000000; FONT-SIZE: 10.5pt
}
</STYLE>
<META name=GENERATOR content="MSHTML 8.00.6001.18702"></HEAD>
<BODY style="MARGIN: 10px">
<DIV>Hi all,</DIV>
<DIV>After I signed a zone and I noticed there were something wrong in the
log:</DIV>
<DIV>
<DIV>Jul 4 10:21:34 CST-BJ-104 ods-signerd: *** glibc detected *** /usr/local/sbin/ods-signerd: double free or corruption (!prev): 0x00007f006132f020 ***</DIV>
<DIV>I knew the ods-signerd process was down, because I met this kind of
situation lots of times, that is the ods-signerd is not stable.</DIV>
<DIV>After I restart the ods-signerd with</DIV>
<DIV>
<DIV>$/usr/local/sbin/ods-signerd</DIV>
<DIV>OpenDNSSEC signer engine version 1.4.0a2</DIV>
<DIV>there is still only ods-enforcerd</DIV>
<DIV>
<DIV>$ps -aux | grep ods</DIV>
<DIV>Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ</DIV>
<DIV>root 9873 0.0 0.0 40764 5540 ? SLs Jul03 0:06 /usr/local/sbin/ods-enforcerd</DIV>
<DIV>root 16733 0.0 0.0 103232 796 pts/0 S+ 10:25 0:00 grep ods</DIV>
<DIV>And in the log I got:</DIV></DIV></DIV>
<DIV>Jul 4 10:22:14 CST-BJ-104 ods-signerd: [hsm] hsm_get_slot_id(): could not find token with the name OpenDNSSEC</DIV>
<DIV>Jul 4 10:22:14 CST-BJ-104 ods-signerd: [engine] setup failed: HSM error</DIV>
<DIV>Jul 4 10:22:14 CST-BJ-104 ods-signerd: [engine] signer shutdown</DIV>
<DIV> </DIV>
<DIV>That really puzzled me why there was a sudden error with softhsm.</DIV>
<DIV>
<DIV>$ softhsm --show-slot</DIV>
<DIV>Available slots:</DIV>
<DIV>Slot 0 </DIV>
<DIV> Token present: yes</DIV>
<DIV> <SPAN
style="FONT-WEIGHT: bold"> Token initialized: no</SPAN></DIV>
<DIV
style="FONT-WEIGHT: bold"> User PIN initialized: no</DIV>
<DIV>initialized:no? I'm sure I use this slot to create keys before this
disaster came.</DIV>
<DIV>
<DIV>$ ods-ksmutil key list</DIV>
<DIV>Keys:</DIV>
<DIV>Zone: Keytype: State: Date of next transition:</DIV>
<DIV>example KSK ready waiting for ds-seen </DIV>
<DIV>example ZSK active 2012-07-04 14:15:51 </DIV>
<DIV>example1 KSK ready waiting for ds-seen </DIV>
<DIV>example1 ZSK active 2012-07-04 13:47:47 </DIV>
<DIV>example2 KSK publish 2012-07-04 10:19:05 </DIV>
<DIV>example2 ZSK active 2012-07-04 14:03:05 </DIV>
<DIV>example3 KSK publish 2012-07-04 10:31:51 </DIV>
<DIV>example3 ZSK active 2012-07-04 14:15:51 </DIV>
<DIV>But I can get the key list, does that mean the slot or the softhsm is
ok?</DIV>
<DIV>Finally,I have to run</DIV>
<DIV>$softhsm --init-token --slot 0 --label "OpenDNSSEC"</DIV>
<DIV>to re-initialized the slot,but the disaster occurred that all the keys used
before are not in the new repository,and all the keys are useless</DIV>
<DIV>
<DIV>SQLite database set to: /var/opendnssec/kasp.db</DIV>
<DIV>Keys:</DIV>
<DIV>Zone: Keytype: State: Date of next transition (to): Size: Algorithm: CKA_ID: Repository: Keytag:</DIV>
<DIV>example KSK ready waiting for ds-seen (active) 2048 8 ac7d92d2f8999e802ca05d2086e8f8cf SoftHSM NOT IN repository</DIV>
<DIV>example ZSK active 2012-07-04 14:15:51 (retire) 1024 8 a3ffe7838bebcef0225fe35ff40292d7 SoftHSM NOT IN repository</DIV>
<DIV>example1 KSK ready waiting for ds-seen (active) 2048 8 e40f22ff04d03880f71ed76fb1e59a87 SoftHSM NOT IN repository</DIV>
<DIV>example1 ZSK active 2012-07-04 13:47:47 (retire) 1024 8 4f01f6a4ab5eee2b451319a7ef9dc9af SoftHSM NOT IN repository</DIV>
<DIV>example2 KSK publish 2012-07-04 10:19:05 (ready) 2048 8 ec71add233fa01aefabdb68a03a21631 SoftHSM NOT IN repository</DIV>
<DIV>example2 ZSK active 2012-07-04 14:03:05 (retire) 1024 8 c19a192bce86b4ff48416fcddf6fff9a SoftHSM NOT IN repository</DIV>
<DIV>example3 KSK publish 2012-07-04 10:31:51 (ready) 2048 8 025df9cd17567e1b694af33f7649a5d8 SoftHSM NOT IN repository</DIV>
<DIV>example3 ZSK active 2012-07-04 14:15:51 (retire) 1024 8 f6b390c2010abaa386b8c0131eab346c SoftHSM NOT IN repository</DIV></DIV>
<DIV>in the log I got :</DIV>
<DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key e40f22ff04d03880f71ed76fb1e59a87 not found</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for zone example1: error creating dnskey</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 025df9cd17567e1b694af33f7649a5d8 not found</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for zone example3: error creating dnskey</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key ac7d92d2f8999e802ca05d2086e8f8cf not found</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for zone example: error creating dnskey</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example1: failed to publish dnskeys (General error)</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example3: failed to publish dnskeys (General error)</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [worker[2]] backoff task [configure] for zone example1 with 60 seconds</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key ec71add233fa01aefabdb68a03a21631 not found</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [worker[4]] backoff task [configure] for zone example3 with 60 seconds</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example: failed to publish dnskeys (General error)</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [worker[1]] backoff task [configure] for zone example with 60 seconds</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for zone example2: error creating dnskey</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example2: failed to publish dnskeys (General error)</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:36:58 CST-BJ-104 ods-signerd: [worker[3]] backoff task [configure] for zone example2 with 60 seconds</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key ac7d92d2f8999e802ca05d2086e8f8cf not found</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for zone example: error creating dnskey</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key e40f22ff04d03880f71ed76fb1e59a87 not found</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for zone example1: error creating dnskey</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key ec71add233fa01aefabdb68a03a21631 not found</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for zone example2: error creating dnskey</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example: failed to publish dnskeys (General error)</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [worker[2]] backoff task [configure] for zone example with 120 seconds</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 025df9cd17567e1b694af33f7649a5d8 not found</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example1: failed to publish dnskeys (General error)</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for zone example3: error creating dnskey</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [worker[4]] backoff task [configure] for zone example1 with 120 seconds</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example2: failed to publish dnskeys (General error)</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [worker[1]] backoff task [configure] for zone example2 with 120 seconds</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example3: failed to publish dnskeys (General error)</DIV>
<DIV
style="FONT-STYLE: italic">Jul 4 10:37:58 CST-BJ-104 ods-signerd: [worker[3]] backoff task [configure] for zone example3 with 120 seconds</DIV></DIV>
<DIV>So, can somebody tell me the ods-signerd problem and softhsm slot
error?</DIV>
<DIV> </DIV>
<DIV>best regards</DIV>
<DIV>Stuart Lau</DIV></DIV></DIV></DIV>
<DIV> </DIV>
<HR style="WIDTH: 210px; HEIGHT: 1px" align=left color=#b5c4df SIZE=1>
<DIV><SPAN>Stuart Lau</SPAN></DIV></BODY></HTML>