[Opendnssec-user] Missing keys and various other problems on 2.0

Dennis Baaten dennis at baaten.com
Tue Jul 31 09:23:55 UTC 2018 

I've been reading up on this thread and I think I'm experiencing similar
problems.
I'm running Debian stable, but I've been using the ODS packages from testing
for a while now.
I'm still trying to figure out what is happening exactly, but in my logs I
find the following: 

Jul 30 09:45:16 traxotic ods-enforcerd: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 30 09:45:17 traxotic ods-enforcerd: [hsm_key_factory_get_key] no keys
available
Jul 30 09:45:17 traxotic ods-enforcerd: [enforcer] updatePolicy: No keys
available in HSM for policy default, retry in 60 seconds
Jul 30 09:45:17 traxotic ods-enforcerd: [hsm_key_factory_get_key] no keys
available
Jul 30 09:45:17 traxotic ods-enforcerd: [enforcer] updatePolicy: No keys
available in HSM for policy com_net_org, retry in 60 seconds
Jul 30 09:46:17 traxotic ods-enforcerd: [hsm_key_factory_get_key] no keys
available
Jul 30 09:46:17 traxotic ods-enforcerd: [enforcer] updatePolicy: No keys
available in HSM for policy com_net_org, retry in 60 seconds
Jul 31 10:08:40 traxotic ods-enforcerd: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:08:41 traxotic ods-signerd: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:08:41 traxotic ods-signerd: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:25:29 traxotic ods-hsmutil: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:37:41 traxotic ods-enforcerd: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:37:43 traxotic ods-signerd: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:37:43 traxotic ods-signerd: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:40:13 traxotic softhsm2-util: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:46:19 traxotic ods-enforcerd: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false
Jul 31 10:48:12 traxotic ods-hsmutil: Configuration.cpp(122): Missing
slots.removable in configuration. Using default value: false


Jul 31 09:50:52 traxotic ods-signerd: ObjectFile.cpp(122): The attribute
does not exist: 0x00000002
Jul 31 09:50:52 traxotic ods-signerd: [hsm] unable to get key: key
56be14a85f43ed317c789841fe664136 not found
Jul 31 09:50:52 traxotic ods-signerd: [hsm] hsm_get_dnskey(): Got NULL key
Jul 31 09:50:52 traxotic ods-signerd: [hsm] unable to get key: hsm failed to
create dnskey
Jul 31 09:50:52 traxotic ods-signerd: [zone] unable to publish dnskeys for
zone traxotic.net: error creating dnskey
Jul 31 09:50:52 traxotic ods-signerd: [tools] unable to read zone
traxotic.net: failed to publish dnskeys (General error)
Jul 31 09:50:52 traxotic ods-signerd: CRITICAL: failed to sign zone
traxotic.net: General error
Jul 31 10:02:55 traxotic ods-signerd: ObjectFile.cpp(122): The attribute
does not exist: 0x00000002
Jul 31 10:02:55 traxotic ods-signerd: [hsm] unable to get key: key
56be14a85f43ed317c789841fe664136 not found
Jul 31 10:02:55 traxotic ods-signerd: [hsm] hsm_get_dnskey(): Got NULL key
Jul 31 10:02:55 traxotic ods-signerd: [hsm] unable to get key: hsm failed to
create dnskey
Jul 31 10:02:55 traxotic ods-signerd: [zone] unable to publish dnskeys for
zone traxotic.net: error creating dnskey
Jul 31 10:02:55 traxotic ods-signerd: [tools] unable to read zone
traxotic.net: failed to publish dnskeys (General error)
Jul 31 10:02:55 traxotic ods-signerd: CRITICAL: failed to sign zone
traxotic.net: General error

After restarting some ODS service, it seems to be working again.

-----Oorspronkelijk bericht-----
Van: Opendnssec-user <opendnssec-user-bounces at lists.opendnssec.org> Namens
Casper Gielen
Verzonden: woensdag 18 juli 2018 10:58
Aan: opendnssec-user at lists.opendnssec.org
Onderwerp: Re: [Opendnssec-user] Missing keys and various other problems on
2.0

Op 02-07-18 om 16:57 schreef Casper Gielen:
>>> I've added a cron-job that restarts the enforcer every 6 hours.
>>> That's not ideal but should make clear if the problem is just that 
>>> the enforcer gets stuck and thus misses its deadlines, or if the 
>>> problems go deeper.
> 
> Due to a small mistake this cron-job never got installed on the system 
> and this morning the enforcer was stuck again, so I don't have an new 
> results.
> I've fixed the problem and the enforcer got back to it. I hope to have 
> more information tomorrow.

Just a little update.
Restarting the enforcer every 6 hours supresses the symptoms. I still get
occasional errors ("DB prepare Err 2006: MySQL server has gone
away") every few days, but after a restart of the enforcer the process
continues. There are no longer large jumps in state or dissappearing keys. I
do not consider the problem solved, but DNS is usable again.

--
Casper Gielen <cgielen at uvt.nl> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156
C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon
013 466 4100 | G 236 | http://www.uvt.nl


_______________________________________________
Opendnssec-user mailing list
Opendnssec-user at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list