[Opendnssec-user] Signer Engine?
B C
brettlists at gmail.com
Wed Aug 19 09:42:59 UTC 2009
So I am making my first tentative steps with opendnssec, I have added
a new zone as follows:
/opt/opendnssec/bin/ksmutil addzone pwei.net default
/var/opendnssec/pweiconf.xml /var/opendnssec/unsigned/pwei.net
/var/opendnssec/signed/pwei.net
I have initialised the SoftHSM,
Added my zone to zonelist.xml
Succesfully started communicated and keygend
When I start up signer_engine I get
Python engine proof of concept, v 0.0002 alpha
Zone list updated: 0 removed, 1 added, 0 updated
running as pid 14891
Unable to continue, stopping:
A signed zone has been written to /var/opendnssec/signed
In /var/opendnssec/tmp I also see:
-rw-r--r-- 1 root root 6946 Aug 19 09:13 pwei.net.nsecced
-rw-r--r-- 1 root root 9124 Aug 19 09:13 pwei.net.signed
-rw-r--r-- 1 root root 6045 Aug 19 09:13 pwei.net.sorted
So from an output point of view things look good
Looking at the logs (pasted below) doesn't really give me any clue as
to why the signer_engine didn't continue to run.
Any clues/ideas appreciated.
Brett
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Zone pwei.net locked
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Scheduling task
to sign zone pwei.net at 1250674520.32 with resign time 7200
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: acquire cond
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: notify
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: release cond
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Releasing lock on
zone pwei.net
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: No output file
found, seconds to resign: 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Scheduling task
to sign zone pwei.net at 1250674520.32 with resign time 7200
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: acquire cond
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: notify
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: release cond
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Zone pwei.net added
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: opening socket:
/var/run/opendnssec/engine.sock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Engine running
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: call stop_workers()
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: call stop_workers()
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: wake all workers
so they can finish
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: acquire cond
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: notify
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: release cond
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: let workers finish
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: shut down command socket
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: close command socket
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: remove command socket
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: close syslog
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 1 acquiring lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 1 acquired lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 1 released lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Got task for worker 1
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Worker 1 run task
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Zone action to perform: 3
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Resorting signed
zone: pwei.net
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: No signed zone yet
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Sorting zone: pwei.net
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: No information
yet for key 1cfeaa7c1a02774b62fb640bfb0b5dbf
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Generating DNSKEY
RR for 1cfeaa7c1a02774b62fb640bfb0b5dbf
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 2 acquiring lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 2 acquired lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: no task for
worker 2, sleep for 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 2 released
lock by going to wait (indef)
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 3 acquiring lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 3 acquired lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: no task for
worker 3, sleep for 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 3 released
lock by going to wait (indef)
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 4 acquiring lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 4 acquired lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: no task for
worker 4, sleep for 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 4 released
lock by going to wait (indef)
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 5 acquiring lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 5 acquired lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: no task for
worker 5, sleep for 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 5 released
lock by going to wait (indef)
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 6 acquiring lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 6 acquired lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: no task for
worker 6, sleep for 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 6 released
lock by going to wait (indef)
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 7 acquiring lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 7 acquired lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: no task for
worker 7, sleep for 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 7 released
lock by going to wait (indef)
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 8 acquiring lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 8 acquired lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: call stop_workers()
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: call stop_workers()
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: stopping worker 1
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: stopping worker 2
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: stopping worker 3
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: stopping worker 4
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: stopping worker 5
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: stopping worker 6
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: stopping worker 7
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: stopping worker 8
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: wake all workers
so they can finish
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: acquire cond
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: no task for
worker 8, sleep for 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: worker 8 released lock
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: notify
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: release cond
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: let workers finish
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: let worker 1 finish
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: create_dnskey status: 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: equality: True
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Found key
1cfeaa7c1a02774b62fb640bfb0b5dbf
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: No information
yet for key d000af9031cbca0caeec04df9b947936
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Generating DNSKEY
RR for d000af9031cbca0caeec04df9b947936
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: create_dnskey status: 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: equality: True
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Found key
d000af9031cbca0caeec04df9b947936
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: No information
yet for key 9390ac52de287fa9f35239c04933192e
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Generating DNSKEY
RR for 9390ac52de287fa9f35239c04933192e
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: create_dnskey status: 0
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: equality: True
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Found key
9390ac52de287fa9f35239c04933192e
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: No information
yet for key c0064c2a42844fdb04574edfb56040bc
Aug 19 10:35:20 dnssigner2 OpenDNSSEC signer engine: Generating DNSKEY
RR for c0064c2a42844fdb04574edfb56040bc
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: create_dnskey status: 0
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: equality: True
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: Found key
c0064c2a42844fdb04574edfb56040bc
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: Run command:
'/opt/opendnssec/libexec/opendnssec/zone_reader -o pwei.net -w
/var/opendnssec/tmp/pwei.net.sorted -n -s 2DC6959
B14B3583B -t 5 -a 1'
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: Writing file to
zone_reader: /var/opendnssec/unsigned/pwei.net
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: Done sorting
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: NSEC(3)ing zone: pwei.net
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: Run command:
'/opt/opendnssec/libexec/opendnssec/nsec3er -o pwei.net -s
2DC6959B14B3583B -t 5 -a 1 -i /var/opendnssec/tmp/pwe
i.net.sorted -w /var/opendnssec/tmp/pwei.net.nsecced'
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: Run command:
'/opt/opendnssec/libexec/opendnssec/signer -c /etc/opendnssec/conf.xml
-p /var/opendnssec/tmp/pwei.net.signed -w
/var/opendnssec/tmp/pwei.net.signed2 -r'
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:origin pwei.net
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:soa_ttl 3600
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:soa_minimum 3600
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: set serial to 1250674521
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:expiration 20090826093521
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:expiration_denial 20090902093521
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:jitter 43200
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:inception 20090819093021
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:refresh 20090823093521
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:refresh_denial 20090830093521
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: use signature
key: 1cfeaa7c1a02774b62fb640bfb0b5dbf
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:add_ksk 1cfeaa7c1a02774b62fb640bfb0b5dbf 7 257
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: use signature
key: 9390ac52de287fa9f35239c04933192e
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: write to subp:
:add_zsk 9390ac52de287fa9f35239c04933192e 7 256
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: signer stderr:
Warning: unable to open /var/opendnssec/tmp/pwei.net.signed: No such
file or directory, performing full zone s
ign
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: Created 20 new signatures
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: Run command:
'/opt/opendnssec/libexec/opendnssec/finalizer -f
/var/opendnssec/tmp/pwei.net.signed'
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: worker 1 finished
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: let worker 2 finish
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: worker 2 finished
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: let worker 3 finish
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: worker 3 finished
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: let worker 4 finish
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: worker 4 finished
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: let worker 5 finish
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: worker 5 finished
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: let worker 6 finish
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: worker 6 finished
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: let worker 7 finish
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: worker 7 finished
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: let worker 8 finish
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: worker 8 finished
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: shut down command socket
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: close command socket
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: remove command socket
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: no command
channel to clean up
Aug 19 10:35:21 dnssigner2 OpenDNSSEC signer engine: close syslog
More information about the Opendnssec-user
mailing list