[Opendnssec-user] starting enforcer failed at first time " ods-control start" but second time to run "ods-control start" running !!!

Yuri Schaeffer yuri at nlnetlabs.nl
Mon Sep 1 09:53:12 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The logs indicates the enforcer started properly the first time, but
the start script does not.

Can you check if the enforcer is running after the first start?

1) stop opendnssec
2) remove pidfile, make sure enforcerd is not running.
3) ods-control start
4) pidof ods-enforcerd

What is the output?

//Yuri

On 01-09-14 11:25, Abdalmonem Tharwat Galila wrote:
> *[root at ns2 ~]# ods-control start*
> 
> *Starting enforcer...*
> 
> *OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 23164*
> 
> *Could not start enforcer*
> 
> *[root at ns2 ~]#*
> 
> 
> 
> ------------------------------------------------------- Log 
> --------------------------------------------------------
> 
> Sep  1 12:20:41 ns2 ods-enforcerd: opendnssec started (version
> 1.4.5), pid 23164
> 
> Sep  1 12:20:44 ns2 ods-enforcerd: HSM opened successfully.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Checking database connection...
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Database connection ok.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Reading config
> "/etc/opendnssec/conf.xml"
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Reading config schema 
> "/usr/share/opendnssec/conf.rng"
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Communication Interval: 360
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: No DS Submit command supplied
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: SQLite database set to: 
> /var/opendnssec/kasp.db
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Log User set to: local0
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Switched log facility to:
> local0
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Connecting to Database...
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Policy default found.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Key sharing is Off.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: No zones on policy default,
> skipping...
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Policy MyTLDPolicy found.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Key sharing is Off.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: 1 zone(s) found on policy
> "MyTLDPolicy"
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: No new KSKs need to be created.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: No new ZSKs need to be created.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: zonelist filename set to 
> /etc/opendnssec/zonelist.xml.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Zone myTLD found.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Policy for myTLD set to
> MyTLDPolicy.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Config will be output to 
> /DNSSEC31-08-2014/zones/conf/myTLD.xml.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: WARNING: New KSK has reached
> the ready state; please submit the DS for myTLD and use ods-ksmutil
> key ds-seen when the DS appears in the DNS.
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: No change to: 
> /DNSSEC31-08-2014/zones/conf/myTLD.xml
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Disconnecting from Database...
> 
> Sep  1 12:20:47 ns2 ods-enforcerd: Sleeping for 360 seconds.
> 
> 
> 
> *[root at ns2 ~]# ods-control start*
> 
> *Starting enforcer...*
> 
> *OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 23181*
> 
> *Starting signer engine...*
> 
> *OpenDNSSEC signer engine version 1.4.5*
> 
> *Engine running.*
> 
> 
> 
> [root at ns2 ~]#
> 
> ------------------------------------------------------- Log 
> --------------------------------------------------------
> 
> 
> 
> Sep  1 12:21:56 ns2 ods-enforcerd: opendnssec started (version
> 1.4.5), pid 23181
> 
> Sep  1 12:21:58 ns2 ods-enforcerd: HSM opened successfully.
> 
> Sep  1 12:21:59 ns2 ods-signerd: [hsm] libhsm connection opened
> succesfully
> 
> Sep  1 12:21:59 ns2 ods-signerd: [engine] signer started (version 
> 1.4.5), pid 23185
> 
> Sep  1 12:22:01 ns2 ods-enforcerd: Checking database connection...
> 
> Sep  1 12:22:01 ns2 ods-enforcerd: Database connection ok.
> 
> Sep  1 12:22:01 ns2 ods-enforcerd: pidfile 
> /var/run/opendnssec/enforcerd.pid already exists, a process with
> pid 23164 is already running. If no ods-enforcerd process is
> running, a previous instance didn't shutdown cleanly, please remove
> this file and try again.
> 
> Sep  1 12:22:20 ns2 ods-signerd: [STATS] myTLD 2014082852
> RR[count=0 time=0(sec)] NSEC3[count=0 time=0(sec)] RRSIG[new=332
> reused=1142 time=18(sec) avg=18(sig/sec)] TOTAL[time=18(sec)]
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message----- From: Yuri Schaeffer
> [mailto:yuri at nlnetlabs.nl] Sent: Monday, September 01, 2014 12:10
> PM To: Abdalmonem Tharwat Galila;
> opendnssec-user at lists.opendnssec.org Subject: Re: [Opendnssec-user]
> starting enforcer failed at first time " ods-control start" but
> second time to run "ods-control start" running !!!
> 
> 
> 
> Hash: SHA1
> 
> 
> 
> On 01-09-14 10:57, Abdalmonem Tharwat Galila wrote:
> 
>> I am afraid , I am already do that but nothing new.
> 
> 
> 
> So what says the log after you've done that?
> 
> 
> 
> //Yuri
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQEQggACgkQI3PTR4mhavhpbwCgncH8ARj0I5F974qR5d9YiyB1
1xwAnRZVs1LBd5OTLVImdAqc6fUdcQD+
=p6J5
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list