[Opendnssec-user] starting enforcer failed at first time " ods-control start" but second time to run "ods-control start" running !!!

Abdalmonem Tharwat Galila agalila at mcit.gov.eg
Mon Sep 1 11:26:11 UTC 2014 

What you mean by start script ?



[root at ns2 ~]# ods-control stop

Stopping enforcer...

Stopping signer engine...

Engine shut down.

[root at ns2 ~]# rm /var/run/opendnssec/enforcerd.pid

rm: cannot remove `/var/run/opendnssec/enforcerd.pid': No such file or directory

[root at ns2 ~]# ods-control start

Starting enforcer...

OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 23558

Could not start enforcer

[root at ns2 ~]# pidof ods-enforcerd

23558 22945





-----Original Message-----
From: Yuri Schaeffer [mailto:yuri at nlnetlabs.nl]
Sent: Monday, September 01, 2014 12:53 PM
To: Abdalmonem Tharwat Galila; opendnssec-user at lists.opendnssec.org
Subject: Re: [Opendnssec-user] starting enforcer failed at first time " ods-control start" but second time to run "ods-control start" running !!!



-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



The logs indicates the enforcer started properly the first time, but the start script does not.



Can you check if the enforcer is running after the first start?



1) stop opendnssec

2) remove pidfile, make sure enforcerd is not running.

3) ods-control start

4) pidof ods-enforcerd



What is the output?



//Yuri



On 01-09-14 11:25, Abdalmonem Tharwat Galila wrote:

> *[root at ns2 ~]# ods-control start*

>

> *Starting enforcer...*

>

> *OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 23164*

>

> *Could not start enforcer*

>

> *[root at ns2 ~]#*

>

>

>

> ------------------------------------------------------- Log

> --------------------------------------------------------

>

> Sep  1 12:20:41 ns2 ods-enforcerd: opendnssec started (version 1.4.5),

> pid 23164

>

> Sep  1 12:20:44 ns2 ods-enforcerd: HSM opened successfully.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Checking database connection...

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Database connection ok.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Reading config

> "/etc/opendnssec/conf.xml"

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Reading config schema

> "/usr/share/opendnssec/conf.rng"

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Communication Interval: 360

>

> Sep  1 12:20:47 ns2 ods-enforcerd: No DS Submit command supplied

>

> Sep  1 12:20:47 ns2 ods-enforcerd: SQLite database set to:

> /var/opendnssec/kasp.db

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Log User set to: local0

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Switched log facility to:

> local0

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Connecting to Database...

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Policy default found.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Key sharing is Off.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: No zones on policy default,

> skipping...

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Policy MyTLDPolicy found.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Key sharing is Off.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: 1 zone(s) found on policy

> "MyTLDPolicy"

>

> Sep  1 12:20:47 ns2 ods-enforcerd: No new KSKs need to be created.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: No new ZSKs need to be created.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: zonelist filename set to

> /etc/opendnssec/zonelist.xml.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Zone myTLD found.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Policy for myTLD set to

> MyTLDPolicy.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Config will be output to

> /DNSSEC31-08-2014/zones/conf/myTLD.xml.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: WARNING: New KSK has reached the

> ready state; please submit the DS for myTLD and use ods-ksmutil key

> ds-seen when the DS appears in the DNS.

>

> Sep  1 12:20:47 ns2 ods-enforcerd: No change to:

> /DNSSEC31-08-2014/zones/conf/myTLD.xml

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Disconnecting from Database...

>

> Sep  1 12:20:47 ns2 ods-enforcerd: Sleeping for 360 seconds.

>

>

>

> *[root at ns2 ~]# ods-control start*

>

> *Starting enforcer...*

>

> *OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 23181*

>

> *Starting signer engine...*

>

> *OpenDNSSEC signer engine version 1.4.5*

>

> *Engine running.*

>

>

>

> [root at ns2 ~]#

>

> ------------------------------------------------------- Log

> --------------------------------------------------------

>

>

>

> Sep  1 12:21:56 ns2 ods-enforcerd: opendnssec started (version 1.4.5),

> pid 23181

>

> Sep  1 12:21:58 ns2 ods-enforcerd: HSM opened successfully.

>

> Sep  1 12:21:59 ns2 ods-signerd: [hsm] libhsm connection opened

> succesfully

>

> Sep  1 12:21:59 ns2 ods-signerd: [engine] signer started (version

> 1.4.5), pid 23185

>

> Sep  1 12:22:01 ns2 ods-enforcerd: Checking database connection...

>

> Sep  1 12:22:01 ns2 ods-enforcerd: Database connection ok.

>

> Sep  1 12:22:01 ns2 ods-enforcerd: pidfile

> /var/run/opendnssec/enforcerd.pid already exists, a process with pid

> 23164 is already running. If no ods-enforcerd process is running, a

> previous instance didn't shutdown cleanly, please remove this file and

> try again.

>

> Sep  1 12:22:20 ns2 ods-signerd: [STATS] myTLD 2014082852

> RR[count=0 time=0(sec)] NSEC3[count=0 time=0(sec)] RRSIG[new=332

> reused=1142 time=18(sec) avg=18(sig/sec)] TOTAL[time=18(sec)]

>

>

>

>

>

>

>

>

>

> -----Original Message----- From: Yuri Schaeffer

> [mailto:yuri at nlnetlabs.nl]<mailto:[mailto:yuri at nlnetlabs.nl]> Sent: Monday, September 01, 2014 12:10 PM

> To: Abdalmonem Tharwat Galila; opendnssec-user at lists.opendnssec.org<mailto:opendnssec-user at lists.opendnssec.org>

> Subject: Re: [Opendnssec-user] starting enforcer failed at first time

> " ods-control start" but second time to run "ods-control start"

> running !!!

>

>

>

> Hash: SHA1

>

>

>

> On 01-09-14 10:57, Abdalmonem Tharwat Galila wrote:

>

>> I am afraid , I am already do that but nothing new.

>

>

>

> So what says the log after you've done that?

>

>

>

> //Yuri

>

>

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1



iEYEARECAAYFAlQEQggACgkQI3PTR4mhavhpbwCgncH8ARj0I5F974qR5d9YiyB1

1xwAnRZVs1LBd5OTLVImdAqc6fUdcQD+

=p6J5

-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140901/9a1113b4/attachment.htm>

More information about the Opendnssec-user mailing list