[Opendnssec-user] termination of obs2 DelegationSignerSubmitCommand input stream missing?

Yuri Schaeffer yuri at nlnetlabs.nl
Wed Dec 21 15:10:52 UTC 2016 

> key state has NOT changed after 'next transition'; not sure what SHOULD have shown ...

This as a remnant of the 1.4 enforcer. Which expressed states in
'publish', 'ready', etc. 2.0 has a more fine grained model. But it
presents the state in something familiar to 1.4 users. (at least it
tries to find a presentation as close as possible to the actual state,
which is not always a perfect match).

Use ods-enforcer key list --debug to see what *really* is going on.

> 
> 	ods-enforcer key list --verbose
> 		Keys:
> 		Zone:                           Keytype: State:    Date of next transition: Size: Algorithm: CKA_ID:                          Repository: KeyTag:
> 		example.info                    KSK      publish   2016-12-21 06:51:01      2048  8          acec57818bc81329aff8b50d1b368c37 SoftHSM     31180
> 		example.info                    ZSK      ready     2016-12-21 06:51:01      1024  8          93d581dac130c9ff795c246698511e97 SoftHSM     4800
> 
> eventually, simply waiting longer
> 
> 	date
> 		Wed Dec 21 06:53:29 PST 2016
> 
> 	ods-enforcer key list --verbose
> 		Keys:
> 		Zone:                           Keytype: State:    Date of next transition: Size: Algorithm: CKA_ID:                          Repository: KeyTag:
> 		example.info                    KSK      ready     waiting for ds-seen      2048  8          acec57818bc81329aff8b50d1b368c37 SoftHSM     31180
> 		example.info                    ZSK      active    2016-12-21 10:35:01      1024  8          93d581dac130c9ff795c246698511e97 SoftHSM     4800
> 
> still no "keystate_ds_x_cmd" in logs, and no email sent

What you are describing should indeed either have send a mail or have
logged something. Your theory about not terminating the command could
maybe also be the case. In any case I'll have a look.

Have you tried executing the script manually running under the
opendnssec user? - did it work?

//Yuri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161221/89063b36/attachment.bin>

More information about the Opendnssec-user mailing list