[Opendnssec-user] Bad signerd crash.
matthijs at nlnetlabs.nl
Thu Sep 19 07:37:30 CEST 2013
On 09/18/2013 09:09 AM, Mathieu Arnold wrote:
> (OpenDNSSEC 1.4.2 on FreeBSD.)
> Yesterday evening, it seems something went wrong somehow. The signer
> complained that some keys were not there, (see attached log,) but they are,
> they're the current ZSKs :
> # ods-ksmutil key list -z 1-wire.fr -v
> Zone: Keytype: State: Date of next
> transition (to): Size: Algorithm: CKA_ID:
> Repository: Keytag:
> 1-wire.fr KSK active 2014-07-20 09:06:02
> (retire) 2048 8 b511db6d9bec32ee33c90f0ba1b9f6b2
> SoftHSM-KSK 50864
> 1-wire.fr ZSK active 2013-09-18 09:53:29
> (retire) 1024 8 651d67ff14adc7e56071e83f07824ce4
> SoftHSM-ZSK 51118
> 1-wire.fr ZSK publish 2013-09-18 09:31:50
> (ready) 1024 8 e460a1aa5d1b4ebbde1abc4d4db48b3c
> SoftHSM-ZSK 59416
Looking at the code (shared/hsm.c), it looks like hsm_find_key_by_id()
returns NULL, but libhsm does not provide an error. After a couple of
tries, the signer reports "key not found".
It looks like the connection to the HSM went bad:
Sep 17 20:27:01 ns1 ods-signerd: [hsm] idle libhsm connection, trying to
But then it also looks like the drudger threads didn't start up:
Sep 17 20:27:02 ns1 ods-signerd: daemon/engine.c at 444 could not
pthread_join(engine->drudgers[i]->thread_id, NULL): No such process
Do you have logs from between start and Sep 17 20:24:09?
> Then the signer crashed (btw, can't find a core file, should be in the tmp
> directory, right ?, how do I get one ?) leaving its control socket around,
> and, preventing itself from launching again...
Core file, depends on the system. When testing it is my experience that
sometimes it is stored in the directory that the binary is called from.
We could mitigate against the preventing itself from launching again by
setting the SO_REUSEADDR option in the socket.
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
More information about the Opendnssec-user