[Opendnssec-user]ods-signer failed when ods-signerd is running

刘硕 shuoleo at 126.com
Wed Jul 18 07:20:18 UTC 2012 

Hi Jerry,
I have found three ods-signerd, but two of them are created in configure-make-make install process, so I think only the last one is used.
[root at CST-BJ-103 opendnssec]#  find / -name ods-signerd
/home/lius/opendnssec-related/OpenDNSSEC_trunk/signer/src/ods-signerd
/home/lius/opendnssec-related/opendnssec-1.3.9/signer/src/ods-signerd
/usr/local/sbin/ods-signerd

I will show you how mutiple ods-signerds are running together
[root at CST-BJ-103 opendnssec]# ods-control start
Starting enforcer...
OpenDNSSEC ods-enforcerd started (version 1.4.0-trunk), pid 2828
Starting signer engine...
OpenDNSSEC signer engine version 1.4.0-trunk
Engine running.

[root at CST-BJ-103 opendnssec]# ps -aux | grep ods
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root      2828  1.6  0.1  40276  4896 ?        SLs  15:07   0:00 /usr/local/sbin/ods-enforcerd
root      2834  201  0.6 300696 27448 ?        SLsl 15:07   0:08 /usr/local/sbin/ods-signerd
root      2851  0.0  0.0  61188   752 pts/2    S+   15:07   0:00 grep ods
[root at CST-BJ-103 opendnssec]# ll
total 8
-rw-r--r-- 1 root root 5 Jul 18 15:07 enforcerd.pid
srwxr-xr-x 1 root root 0 Jul 18 15:07 engine.sock
-rw-r--r-- 1 root root 5 Jul 18 15:07 signerd.pid

The messages above is normal and show that the OpenDNSSEC works well, but let's continue:

[root at CST-BJ-103 opendnssec]# ods-signerd
OpenDNSSEC signer engine version 1.4.0-trunk
[root at CST-BJ-103 opendnssec]# ps -aux | grep ods
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root      2828  0.1  0.1  40276  4896 ?        SLs  15:07   0:00 /usr/local/sbin/ods-enforcerd
root      2834  188  5.5 462208 224584 ?       SLsl 15:07   1:26 /usr/local/sbin/ods-signerd
root      2858  159  0.5 222600 23516 ?        SLsl 15:08   0:09 ods-signerd
root      2871  0.0  0.0  61188   752 pts/2    R+   15:08   0:00 grep ods

[root at CST-BJ-103 opendnssec]# ll
total 8
-rw-r--r-- 1 root root 5 Jul 18 15:07 enforcerd.pid
srwxr-xr-x 1 root root 0 Jul 18 15:08 engine.sock
-rw-r--r-- 1 root root 5 Jul 18 15:08 signerd.pid

engine.sock and signerd.pid is changed, and the content of signerd.pid is the latter on, that is 2858.


When I run ods-control stop, the former ods-signerd is left, the latter setup ods-signerd is shundown with ods-enforcerd
[root at CST-BJ-103 tmp]# ods-control stop
Stopping enforcer...
Stopping signer engine...
Engine shut down.
[root at CST-BJ-103 tmp]# tail /var/log/messages
Jul 18 15:16:24 CST-BJ-103 last message repeated 85080 times
Jul 18 15:16:24 CST-BJ-103 ods-signerd: [tools] unable to write zone example2: adapter failed (Assertion error)
Jul 18 15:16:24 CST-BJ-103 ods-signerd: [worker[2]] backoff task [configure] for zone example2 with 120 seconds
Jul 18 15:17:01 CST-BJ-103 ods-enforcerd: Received SIGTERM, exiting...
Jul 18 15:17:01 CST-BJ-103 ods-enforcerd: all done! hsm_close result: 0
Jul 18 15:17:02 CST-BJ-103 puppet-agent[2881]: Could not request certificate: getaddrinfo: Name or service not known
Jul 18 15:17:02 CST-BJ-103 ods-signerd: [cmdhandler] received command stop[4]
Jul 18 15:17:02 CST-BJ-103 ods-signerd: [engine] signer shutdown
Jul 18 15:17:02 CST-BJ-103 ods-signerd: [cmdhandler] received command [0]
Jul 18 15:17:06 CST-BJ-103 ods-signerd: [log] switching log to stderr verbosity 0 (log level 2)
[root at CST-BJ-103 tmp]# ps -aux | grep ods
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
root      2834  129 12.2 744468 496204 ?       SLsl 15:07  12:36 /usr/local/sbin/ods-signerd
root      2979  0.0  0.0  61192   764 pts/2    S+   15:17   0:00 grep ods

I'm puzzled, I know ods-signerd will bind to a port whose default value is 53, so why can I setup more than one ods-signerd?

Best regards,
Stuart
From: Jerry Lundstr鰉
Date: 2012-07-18 14:29
To: shuoleo
CC: opendnssec-user
Subject: Re: Re: [Opendnssec-user]ods-signer failed when ods-signerd is running
Hi Stuart,

On Wed, Jul 18, 2012 at 8:08 AM, 刘硕 <shuoleo at 126.com> wrote:
> If ods-signerd is running, then I run ods-signerd seems do nothing at all,
> but sometimes there are more than one ods-signerd process at the same time!
> I don't this situation would affect opendnssec's signing work, because I
> think some ods-signerd would do the work at a mixed period.

You should not have more then one ods-signerd process running.

Maybe you have installed OpenDNSSEC in different locations.

Can you run as root:

find / -name ods-signerd

/Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120718/a3ab51cf/attachment.htm>

More information about the Opendnssec-user mailing list