[Opendnssec-user] Semi-Urgent: Production SoftHSM with Wrong schema version

Peter Olsson pol at leissner.se
Mon Jun 6 11:21:29 UTC 2011 

Thanks very much!
This worked, I have the ods processes running again.

Peter Olsson

On Mon, Jun 06, 2011 at 09:38:26AM +0200, Rickard Bellgrim wrote:
> It appears that dumping the database does not keep the pragma. You can
> add it back by running this command:
> sqlite3 <path to your token> "PRAGMA user_version = 100;"
> 
> I will investigate more on this issue.
> 
> // Rickard
> 
> On Sun, Jun 5, 2011 at 12:25 AM, Peter Olsson <pol at leissner.se> wrote:
> > Hello!
> >
> > Some details first:
> > I have less than a week to solve this problem, current
> > signatures expire at 20110611.
> > FreeBSD 8.1-RELEASE-p4
> > OpenDNSSEC 1.2.1 (installed from FreeBSD ports)
> > SoftHSM 1.2.1 (installed from FreeBSD ports)
> >
> > Two weeks ago we started using OpenDNSSEC for the main three
> > production domains of a customer. No problems at all until
> > today, when I upgraded sqlite3 from 3.7.6.2 to 3.7.6.3.
> >
> > The release notes for the sqlite3 upgrade seemed to indicate
> > that it was safe, but after the upgrade and a reboot
> > /usr/local/var (which I have softlinked to
> > /var/named/usr/local/var because named is chrooted)
> > had disappeared completely.
> > I may have caused this myself since I was stupid enough not
> > to stop ods-signer and ods-enforcerd during the sqlite3 upgrade.
> >
> > I restored from yesterdays backup, but now I get these errors:
> > ods-enforcerd: SoftHSM: init: Wrong database schema version: /usr/local/var/softhsm/slot0.db
> > ods-enforcerd: hsm_get_slot_id(): could not find token with the name OpenDNSSEC
> > ods-signerd: SoftHSM: init: Wrong database schema version: /usr/local/var/softhsm/slot0.db
> > ods-signerd: setup failed: error initializing libhsm (errno 268435457)
> > ods-signerd: signer engine setup failed
> > ods-signerd: shutdown signer engine
> >
> > I tried reverting to version 3.7.6.2 of sqlite3, but I get the
> > same errors whatever I do now. I have compared the dump of the
> > current slot0.db with dumps from backuped slot0.db, and they
> > have no diffs.
> >
> > If I understand lib/SoftDatabase.cpp in SoftHSM source correctly
> > the cause of the error is that there should be a
> > PRAGMA user_version=100;
> > or something like that in the SoftHSM db. But the only PRAGMA
> > I have in there, even in the old backups, is
> > PRAGMA foreign_keys=OFF;
> >
> > My first idea is to enter a PRAGMA user_version into slot0.db,
> > but since I don't know if that will solve the problem and also
> > I'm no good at SQL, I'm not trying that right now. If anyone can
> > confirm that this is the solution and give me the steps to fix it
> > I would be very grateful.
> >
> > Otherwise I guess I'll have to reset the SoftHSM database,
> > but I don't know how to export current keys from slot0.db
> > when I can't start the SoftHSM application.
> >
> > Starting from scratch with fresh keys is the least preferred
> > solution.
> >
> > Any ideas are welcome!
> >
> > Thanks!
> >
> > --
> > Peter Olsson                    pol at leissner.se
> > _______________________________________________
> > Opendnssec-user mailing list
> > Opendnssec-user at lists.opendnssec.org
> > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> >

More information about the Opendnssec-user mailing list