[Opendnssec-user] Bad signerd crash.
Mathieu Arnold
mat at mat.cc
Thu Sep 19 07:06:16 UTC 2013
+--On 19 septembre 2013 08:16:25 +0200 Rickard Bellgrim
<rickard at opendnssec.org> wrote:
|> Looking at the code (shared/hsm.c), it looks like hsm_find_key_by_id()
|> returns NULL, but libhsm does not provide an error. After a couple of
|> tries, the signer reports "key not found".
|>
|
| Could it be related to:
| https://issues.opendnssec.org/browse/SOFTHSM-45
|
| Most of the code in SoftHSM had protection against a busy database. But
| there were examples where it wasn't. E.g. when opening the library at the
| same time there was a lot of key generation.
Funny thing you said that... I just got :
Sep 19 08:59:02 ns1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair
generated
Sep 19 08:59:02 ns1 ods-enforcerd: Created key in repository SoftHSM-KSK
Sep 19 08:59:02 ns1 ods-enforcerd: Created KSK size: 2048, alg: 8 with id:
d7985e82cc8dc96d6c40acd23072532c in repository: SoftHSM-KSK and database.
Sep 19 08:59:03 ns1 ods-signerd: [hsm] idle libhsm connection, trying to
reopen
Sep 19 08:59:03 ns1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair
generated
Sep 19 08:59:03 ns1 ods-enforcerd: Created key in repository SoftHSM-KSK
Sep 19 08:59:03 ns1 ods-enforcerd: Created KSK size: 2048, alg: 8 with id:
54346a57c9e3c59886434f9b309c78bd in repository: SoftHSM-KSK and database.
And then :
Sep 19 08:59:10 ns1 ods-signerd: [hsm] libhsm connection opened succesfully
Sep 19 08:59:10 ns1 ods-signerd: [hsm] error signing rrset with libhsm
Sep 19 08:59:10 ns1 ods-signerd: [rrset] unable to sign RRset[6]:
lhsm_sign() failed
Sep 19 08:59:10 ns1 ods-signerd: [hsm] error signing rrset with libhsm
Sep 19 08:59:10 ns1 ods-signerd: [rrset] unable to sign RRset[6]:
lhsm_sign() failed
Sep 19 08:59:10 ns1 ods-signerd: [hsm] error signing rrset with libhsm
Sep 19 08:59:10 ns1 ods-signerd: [worker[2]] sign zone
dr-majourau-bouriez-aurelie.chirurgiens-dentistes.fr failed: 1 RRsets failed
Sep 19 08:59:10 ns1 ods-signerd: [worker[2]] CRITICAL: failed to sign zone
dr-majourau-bouriez-aurelie.chirurgiens-dentistes.fr: General error
Sep 19 08:59:10 ns1 ods-signerd: [worker[2]] backoff task [sign] for zone
dr-majourau-bouriez-aurelie.chirurgiens-dentistes.fr with 60 seconds
Sep 19 08:59:10 ns1 ods-signerd: [rrset] unable to sign RRset[6]:
lhsm_sign() failed
Sep 19 08:59:10 ns1 ods-signerd: [hsm] error signing rrset with libhsm
Sep 19 08:59:10 ns1 ods-signerd: [rrset] unable to sign RRset[6]:
lhsm_sign() failed
Sep 19 08:59:10 ns1 ods-signerd: [worker[3]] sign zone
dr-coat-philippe.chirurgiens-dentistes.fr failed: 1 RRsets failed
Sep 19 08:59:10 ns1 ods-signerd: [worker[3]] CRITICAL: failed to sign zone
dr-coat-philippe.chirurgiens-dentistes.fr: General error
Sep 19 08:59:10 ns1 ods-signerd: [worker[3]] backoff task [sign] for zone
dr-coat-philippe.chirurgiens-dentistes.fr with 60 seconds
Sep 19 08:59:10 ns1 ods-signerd: [worker[4]] sign zone
cathou-associes.notaires.fr failed: 1 RRsets failed
Sep 19 08:59:10 ns1 ods-signerd: [worker[4]] CRITICAL: failed to sign zone
cathou-associes.notaires.fr: General error
Sep 19 08:59:10 ns1 ods-signerd: [worker[4]] backoff task [sign] for zone
cathou-associes.notaires.fr with 60 seconds
it did not take it well... I'll have to restart it...
--
Mathieu Arnold
More information about the Opendnssec-user
mailing list