From audiomobster at gmail.com Wed Jun 24 09:18:16 2020 From: audiomobster at gmail.com (=?UTF-8?Q?Ulrich-Lorenz_Schl=c3=bcter?=) Date: Wed, 24 Jun 2020 09:18:16 -0000 Subject: [Opendnssec-user] My ods-signerd failing to start Message-ID: Hello there, when configuring bind and opendnssec with ansible I get following output: Jun 23 19:24:27 ods-signerd[19994]: [engine] starting signer Jun 23 19:24:27 ods-signerd[19994]: [parser] check cfgfile /etc/opendnssec/conf.xml with rngfile /usr/share/opendnssec/conf.rng Jun 23 19:24:27 ods-signerd[19994]: [file] open file file=/etc/opendnssec/conf.xml mode=reading Jun 23 19:24:27 ods-signerd[19994]: [file] openfile /etc/opendnssec/conf.xml count 1 Jun 23 19:24:27 ods-signerd[19994]: [config] read cfgfile: /etc/opendnssec/conf.xml Jun 23 19:24:27 ods-signerd[19994]: [parser] added 127.0.0.1:51 interface to listener Jun 23 19:24:27 ods-signerd[19994]: [parser] added SoftHSM repository to repositorylist Jun 23 19:24:27 ods-signerd[19994]: [engine] setup signer engine Jun 23 19:24:27 ods-signerd[19994]: [cmdhandler] create socket /var/run/opendnssec/engine.sock Jun 23 19:24:27 ods-signerd[19994]: [socket] create udp socket '127.0.0.1:51': No such file or directory Jun 23 19:24:27 ods-signerd[19994]: [socket] bind udp/ipv4 socket '127.0.0.1:51': No such file or directory Jun 23 19:24:27 ods-signerd[19994]: [socket] unable to bind udp/ipv4 socket '127.0.0.1:51': bind() failed (Permission denied) Jun 23 19:24:27 ods-signerd[19994]: [socket] socket listening to 127.0.0.1:51 Jun 23 19:24:27 ods-signerd[19994]: [dnshandler] unable to start: sock_listen() failed (Unable to bind socket) Jun 23 19:24:27 ods-signerd[19994]: [engine] setup: unable to listen to sockets (Unable to bind socket) Jun 23 19:24:27 ods-signerd[19994]: OpenDNSSEC signer engine version 2.1.6 Jun 23 19:24:27 ods-signerd[19994]: [engine] setup failed: XFR handler error Jun 23 19:24:27 ods-signerd[19994]: [zonelist] cleanup zonelist As the log says engine.sock does not exist. What may I have missed configuring? Who should create that socket? Thanks in advance Uli From audiomobster at gmail.com Thu Jun 25 12:27:53 2020 From: audiomobster at gmail.com (=?UTF-8?Q?Ulrich-Lorenz_Schl=c3=bcter?=) Date: Thu, 25 Jun 2020 12:27:53 -0000 Subject: [Opendnssec-user] My ods-signerd failing to start In-Reply-To: References: Message-ID: <51d2b848-37c8-7686-5efd-d0f4d52b1e11@gmail.com> Hello again, I found ods-signerd started by commandline works fine. I can then connect via ods-signer. The error only occurs with systemd starting ods-signerd. I forgot to mention that I'm on fedora 32. Best Am 24.06.20 um 11:18 schrieb Ulrich-Lorenz Schl?ter: > Hello there, > > when configuring bind and opendnssec with ansible I get following output: > > Jun 23 19:24:27 ods-signerd[19994]: [engine] starting signer > Jun 23 19:24:27 ods-signerd[19994]: [parser] check cfgfile > /etc/opendnssec/conf.xml with rngfile /usr/share/opendnssec/conf.rng > Jun 23 19:24:27 ods-signerd[19994]: [file] open file > file=/etc/opendnssec/conf.xml mode=reading > Jun 23 19:24:27 ods-signerd[19994]: [file] openfile > /etc/opendnssec/conf.xml count 1 > Jun 23 19:24:27 ods-signerd[19994]: [config] read cfgfile: > /etc/opendnssec/conf.xml > Jun 23 19:24:27 ods-signerd[19994]: [parser] added 127.0.0.1:51 > interface to listener > Jun 23 19:24:27 ods-signerd[19994]: [parser] added SoftHSM repository to > repositorylist > Jun 23 19:24:27 ods-signerd[19994]: [engine] setup signer engine > Jun 23 19:24:27 ods-signerd[19994]: [cmdhandler] create socket > /var/run/opendnssec/engine.sock > Jun 23 19:24:27 ods-signerd[19994]: [socket] create udp socket > '127.0.0.1:51': No such file or directory > Jun 23 19:24:27 ods-signerd[19994]: [socket] bind udp/ipv4 socket > '127.0.0.1:51': No such file or directory > Jun 23 19:24:27 ods-signerd[19994]: [socket] unable to bind udp/ipv4 > socket '127.0.0.1:51': bind() failed (Permission denied) > Jun 23 19:24:27 ods-signerd[19994]: [socket] socket listening to > 127.0.0.1:51 > Jun 23 19:24:27 ods-signerd[19994]: [dnshandler] unable to start: > sock_listen() failed (Unable to bind socket) > Jun 23 19:24:27 ods-signerd[19994]: [engine] setup: unable to listen to > sockets (Unable to bind socket) > Jun 23 19:24:27 ods-signerd[19994]: OpenDNSSEC signer engine version 2.1.6 > Jun 23 19:24:27 ods-signerd[19994]: [engine] setup failed: XFR handler error > Jun 23 19:24:27 ods-signerd[19994]: [zonelist] cleanup zonelist > > As the log says engine.sock does not exist. What may I have missed > configuring? Who should create that socket? > > Thanks in advance > Uli > From audiomobster at gmail.com Fri Jun 26 10:57:55 2020 From: audiomobster at gmail.com (=?UTF-8?Q?Ulrich-Lorenz_Schl=c3=bcter?=) Date: Fri, 26 Jun 2020 10:57:55 -0000 Subject: [Opendnssec-user] My ods-signerd failing to start In-Reply-To: References: Message-ID: Hi list, this turns out to be a permission problem. I'm getting this error although I checked normal permissions as well as acls and selinux. Anyway, as this is OT forget my question. Best Uli From audiomobster at gmail.com Fri Jun 26 13:42:59 2020 From: audiomobster at gmail.com (=?UTF-8?Q?Ulrich-Lorenz_Schl=c3=bcter?=) Date: Fri, 26 Jun 2020 13:42:59 -0000 Subject: [Opendnssec-user] My ods-signerd failing to start (SOLVED) In-Reply-To: References: Message-ID: <66e6b904-e939-95ac-93da-b66443485c65@gmail.com> fyi On fedora 32 I had to change capabilities of ods-signerd with: setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/ods-signerd After this some additional SELinux AVCs have to be collected in permissive mode and everything works as expected. Best Uli