[Opendnssec-user] signer setup fails with more than 10 key repositories

Sion Lloyd sion at nominet.org.uk
Fri Jan 7 13:32:55 UTC 2011


On Friday 07 Jan 2011 1:13:27 pm Simon Mittelberger wrote:
> Hi,
> 
> after adding more than 10 repositories, OpenDNSSEC won't start up.
> 
> I got the following on the logs:
> Jan  7 13:57:54 dnsec1 ods-enforcerd: opendnssec starting...
> Jan  7 13:57:54 dnsec1 ods-enforcerd: opendnssec Parent exiting...
> Jan  7 13:57:54 dnsec1 ods-enforcerd: opendnssec forked OK...
> Jan  7 13:57:54 dnsec1 ods-enforcerd: group set to: opendnssec (111)
> Jan  7 13:57:54 dnsec1 ods-enforcerd: user set to: opendnssec (106)
> Jan  7 13:57:54 dnsec1 ods-enforcerd: opendnssec started (version
> 1.2.0rc3), pid 9151
> Jan  7 13:57:54 dnsec1 ods-enforcerd: hsm_open() result: 1
> Jan  7 13:57:59 dnsec1 ods-signerd: setup failed: error initializing
> libhsm (errno 1)
> Jan  7 13:57:59 dnsec1 ods-signerd: signer engine setup failed
> Jan  7 13:57:59 dnsec1 ods-signerd: signer engine setup failed
> Jan  7 13:57:59 dnsec1 ods-signerd: shutdown signer engine
> 
> The config files are attached. It works just fine with 10 repositories.
> With 11 or more however it stops working.
> 
> Does anyone know a reason for this? All the repositories are SoftHSM's.


libhsm.h contains the following line:

#define HSM_MAX_SESSIONS 10

Which probably goes some way to explaining it. I'm not sure that this can just 
be raised though as:

1) I don't know why it is set to 10 in the first place
and
2) There may be some assumptions that it is 10 in other places. (I know that 
there shouldn't be, but I have not checked for it.)

Sion



More information about the Opendnssec-user mailing list