[Opendnssec-user] Can not start enforcer(1.4.10)

Berry A.W. van Halderen berry at nlnetlabs.nl
Tue Jun 7 08:08:02 UTC 2016


On 06/07/2016 05:22 AM, yaohongyuan wrote:
> Hi all,
>         Today I found the opendnssec in my test environment's not work well.
>         When I start the enforcer and signer thread will get error as
> below : 
>                 [gtld at p01-test-devops-9-81 sbin]$ ./ods-control start
>                 Starting enforcer...
>                 OpenDNSSEC ods-enforcerd started (version 1.4.10), pid 40128
>                 Could not start enforcer
>         But the thread enforcerd has started up.
>                 [gtld at p01-test-devops-9-81 sbin]$ ps -ef | grep ods
>                 gtld     40128     1  0 11:13 ?        00:00:00
> /home/gtld/software/OpenDNSSEC-1.4.10/sbin/od-enforcerd
>                 gtld     40144 37758  0 11:14 pts/0    00:00:00 grep
> --color=auto ods
>         System log :
>                 Jun  7 11:13:58 p01-test-devops-9-81 ods-enforcerd:
> opendnssec starting...
>                 Jun  7 11:13:58 p01-test-devops-9-81 ods-enforcerd:
> opendnssec Parent exiting...
>                 Jun  7 11:13:58 p01-test-devops-9-81 ods-enforcerd:
> opendnssec forked OK...
>                 Jun  7 11:13:58 p01-test-devops-9-81 ods-enforcerd:
> opendnssec started (version 1.4.10), pid 40128    
>         And if I start the signerd , it'll not work and got some system
> log as below : 
>                 Jun  7 11:17:24 p01-test-devops-9-81 ods-signerd:
> [query] zone testzone just added, don't answer for now
>          Could anybody please help me to fix this ?
> 

The ods-enforcer thread that is running is not a hung thread from a
previous run?  I would kill it off first and then retry.  Otherwise;

Most of the times these problems are related to file permissions that
prevent OpenDNSSEC from functioning correctly.
What you can do is start the enforcer daemon in debug mode and without
letting it spawn into the background.  This sometimes gives more
information on either the standard error/output or the syslog.
Start the enforcer with the -d option like this:

    ods-enforcer -d

You still need to review both output and syslog.

\Berry




More information about the Opendnssec-user mailing list