[Opendnssec-user] Problem with signer in 1.4.0a2
Fred Zwarts (KVI)
F.Zwarts at KVI.nl
Wed Jun 27 09:32:29 UTC 2012
Yesterday I upgraded our test system from 1.3.8 via 1.4.0a1 to 1.4.0a2 (on a
Linux SLES11SP2 x86_64 system).
Everything seems to run nice. I the log file I see every now and then a
[STATS] message that says that some new signatures were generated for the
different zones in this configuration.
There are, however, a few things that worry me.
The command "ods-control signer queue" tells for all zones "I will
[configure] zone". It used to say "I will [sign] zone". In the system log I
see messages like "ods-signerd: [worker[4]] backoff task [configure] for
zone". What does that mean?
If I use "ods-control signer sign --all", then the messages in the system
log change. I still see at regular intervals messages telling that new
signatures are generated, but know the backoff message show [read] instead
of [configure]. Also "ods-control signer queue" now tells for all zones "I
will [read] zone". What does that mean?
Finally, if I attempt to clear a zone with e.g. "ods-control signer clear
KVI.nl", then the signer exits prematurely. In the system log I see the
following messages (I did it three times):
Jun 27 11:00:16 KVIVS13 kernel: [1967938.619844] do_general_protection: 21
callbacks suppressed
Jun 27 11:00:16 KVIVS13 kernel: [1967938.619849] ods-signerd[20578] general
protection ip:415d98 sp:7f32027fb610 error:0 in ods-signerd[400000+53000]
Jun 27 11:01:51 KVIVS13 kernel: [1968033.673677] ods-signerd[20679] general
protection ip:415d98 sp:7f80d9443610 error:0 in ods-signerd[400000+53000]
Jun 27 11:22:23 KVIVS13 kernel: [1969265.342103] ods-signerd[20999] general
protection ip:415d98 sp:7f95b4e4f610 error:0 in ods-signerd[400000+53000]
After restarting the ods-signerd, the queue shows again the "I will
[configure] zone" messages.
I wonder how serious these messages are. Is this a problem with the software
or a corruption of my configuration? It looks as if the signing process is
still running OK, as long as I do not touch it.
More information about the Opendnssec-user
mailing list