[Opendnssec-user] Signer stuck after migration from 32-bit to 64-bit

Ondřej Surý ondrej at sury.org
Mon Jan 23 13:33:17 UTC 2012


Hi Matthijs,

it's much better with logging in 1.3.5 and Verbosity set to 3 (log below).

It seems there's something wrong with changing the architectures, because
the slot0.db file is readable by sqlite3 utility (can be dumped), but still

(on 64-bit)
root at pagan:/var/lib/softhsm# sha1sum *
7a9c1a1d637bc666ea7dce16f2b77eeefe6ebd2f  slot0.db
root at pagan:/var/lib/softhsm# ods-hsmutil list
Listing keys in all repositories.
0 keys found.

Repository            ID                                Type
----------            --                                ----

shows this empty list.

With same file, same versions of opendnssec and softhsm, but in i386
chroot gives this result:

root at pagan-i386-chroot:/var/lib/softhsm# sha1sum *
7a9c1a1d637bc666ea7dce16f2b77eeefe6ebd2f  slot0.db
root at pagan-i386-chroot:/var/lib/softhsm# ods-hsmutil list
Listing keys in all repositories.
16 keys found.

Repository            ID                                Type
----------            --                                ----
SoftHSM               65844b9450376e9d2d709582d380efd9  RSA/1024
SoftHSM               9c3429897d5abeeeeb70e33f3a62a340  RSA/2048
SoftHSM               4263939bc83e0c2753e7762240ebbec8  RSA/1024
SoftHSM               206b0c79a041371ef3f5b63e3fcf8122  RSA/1024
SoftHSM               6bc14475d41e7894456cb05d01b7ff13  RSA/1024
SoftHSM               ae1f0d06d1ec3ef39a5b49f01001c3bc  RSA/1024
SoftHSM               ed07b8610a33369e7870ca8f3bd25902  RSA/1024
SoftHSM               68cedd00ae6baaa3797d1398ca1c5cdc  RSA/1024
SoftHSM               494c58cf61911f6b3d927ca0363f2417  RSA/1024
SoftHSM               f5b74c2db033f7bf6a5d96cff6076996  RSA/2048
SoftHSM               fc7d2a9bfca8d8426daffa3acd9567bc  RSA/2048
SoftHSM               f6d499b916b8d92d29d5c4c2b4c26ee2  RSA/2048
SoftHSM               8f614332b07ecdfe5ed97c4d2246ad41  RSA/2048
SoftHSM               6f3e33e3b850b7f114e51e5f9ea793eb  RSA/2048
SoftHSM               9da8193402778fe27c741849a44a67ad  RSA/2048
SoftHSM               fcc11a676a38d53be38a327684236312  RSA/2048


O.

Jan 23 08:05:39 pagan ods-signerd: [engine] signer started
Jan 23 08:05:39 pagan ods-signerd: [hsm] unable to get key: key
9c3429897d5abeeeeb70e33f3a62a340 not found
Jan 23 08:05:39 pagan ods-signerd: [zone] unable to publish dnskeys
zone e-psychologie.cz: error creating DNSKEY for key
9c3429897d5abeeeeb70e33f3a62a340
Jan 23 08:05:39 pagan ods-signerd: [zone] unable to recover zone
e-psychologie.cz: corrupted file
Jan 23 08:05:39 pagan ods-signerd: [engine] unable to recover zone
e-psychologie.cz from backup, performing full sign
[...much more...]

On Mon, Jan 23, 2012 at 09:53, Matthijs Mekking <matthijs at nlnetlabs.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Ondřej,
>
> Does the logs say anything useful? Could you provide the backup files
> from the tmp directory (off list)?
>
> Best regards,
>  Matthijs
>
> On 01/22/2012 11:29 AM, Ondřej Surý wrote:
>> Hi,
>>
>> I have upgraded my old Pentium III server to something slightly not
>> so outdated and now the signer is stuck:
>>
>> # ods-signer cmd> queue It is now Sun Jan 22 11:28:08 2012
>>
>> I have 7 tasks scheduled. On Sun Jan 22 11:28:17 2012 I will [load
>> signconf for] zone e-psychologie.cz On Sun Jan 22 11:28:17 2012 I
>> will [load signconf for] zone slea8.cz On Sun Jan 22 11:28:17 2012
>> I will [load signconf for] zone sury.cz On Sun Jan 22 11:28:17 2012
>> I will [load signconf for] zone surykatka.cz On Sun Jan 22 11:28:17
>> 2012 I will [load signconf for] zone udp53.cz On Sun Jan 22
>> 11:28:17 2012 I will [load signconf for] zone rfc1925.org On Sun
>> Jan 22 11:28:17 2012 I will [load signconf for] zone sury.org
>>
>> The only difference is the architecture, the old one was i386, the
>> new one is amd64.
>>
>> Is there something I miss and I should have done? (Like dumping the
>> database and importing it back?)
>>
>> O.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPHR/vAAoJEA8yVCPsQCW5ueYH/0nFrGmbKZlQ8Nh15u6ARHZ5
> azMYdVYnGfei1bvtCEwe6+y/9KMU4Ajq1niki49S0VdbHQyCjCIchYYr3mqHulYV
> 90phSHEDhyQzZ7ZXmkTcIPvcMEVUJXcRSm01azvBuWbB/zYdGdZLsN5V7BKzd9aS
> 2ytVbmjNwgMz2NnAa+hHH+wlZ134aJ5Rl63bKe1hg0WrNNAake7OihFMgnIsc51X
> FPFGhErsxoPkEqjCpY1DLT3NgCR+hy2QHHwjd/B9/0WoAze6S66QTDMaeRfOvWhs
> BqLgpQvHOkiuWGRDnILRCzGqO6fz3ZnW/Gl8WOz6yF2oqacs3ikzMR8GctiGzTs=
> =9mD7
> -----END PGP SIGNATURE-----



-- 
Ondřej Surý <ondrej at sury.org>



More information about the Opendnssec-user mailing list