[Opendnssec-user] enforcer and Signer keeps shutingdown

[Berry van Halderen]

On 2021-06-06 20:48, Bas van den Dikkenberg via Opendnssec-user wrote:
> The signer and enforcer keep shutingdown
> 
> I see this in the log, any one any ideas:
> 
> Jun  6 20:45:03 domein ods-signerd[2761]: OpenDNSSEC signer engine
> version 2.1.9

Dear Bas,

 From the logs I can see that there is a problem in your configuration.
In your etc/opendnssec/conf.xml you will find two entries:
     <Configuration>  ->  <Signer>     ->   <SocketFile>
and
     <Configuration>  ->  <Enforcer>   ->   <SocketFile>
In both cases there is a file path specified where the signer and
enforcer will place a unix domain socket.  This means that:
The directories where these two are placed need to be writable for
the user as which OpenDNSSEC will run, and if there is already a file
that this must be writable.
The user is either the user which you use when you start OpenDNSSEC,
or the user specified as <User> as specified in etc/opendnssec/conf.xml

So either the path is wrong or isn't writable.

It isn't uncommon that OpenDNSSEC is installed and tried as root, but
later run as a dedicated user, resulting in this problem.

\Berry

> Jun  6 20:45:03 domein systemd[1]: opendnssec-signer.service: Main
> process exited, code=exited, status=1/FAILURE
> 
> Jun  6 20:45:03 domein systemd[1]: opendnssec-signer.service: Failed
> with result 'exit-code'.
> 
> Jun  6 20:45:03 domein systemd[1]: Stopped OpenDNSSEC signer daemon.
> 
> Jun  6 20:45:03 domein systemd[1]: Stopping OpenDNSSEC Enforcer
> daemon...
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforce_task] No changes to
> signconf file required for zone 4.x.x.in-addr.arpa
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforcer] update zone:
> 5.x.x.in-addr.arpa
> 
> Jun  6 20:45:03 domein ods-enforcerd: [hsm_key_factory_delete_key]
> looking for keys to purge from HSM
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforcer] removeDeadKeys: keys
> deleted from HSM: 0
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforce_task] No changes to
> signconf file required for zone 5.x.x.in-addr.arpa
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforcer] update zone:
> 7.x.x.in-addr.arpa
> 
> Jun  6 20:45:03 domein ods-enforcerd: [hsm_key_factory_delete_key]
> looking for keys to purge from HSM
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforcer] removeDeadKeys: keys
> deleted from HSM: 0
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforce_task] No changes to
> signconf file required for zone 7.x.x.in-addr.arpa
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforcer] update zone:
> 8.x.x.in-addr.arpa
> 
> Jun  6 20:45:03 domein ods-enforcerd: [hsm_key_factory_delete_key]
> looking for keys to purge from HSM
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforcer] removeDeadKeys: keys
> deleted from HSM: 0
> 
> Jun  6 20:45:03 domein ods-enforcerd: [enforce_task] No changes to
> signconf file required for zone 8.x.x.in-addr.arpa
> 
> Jun  6 20:45:03 domein ods-enforcerd: [engine] cannot connect to
> command handler: connect() failed: No such file or directory
> 
> Jun  6 20:45:03 domein ods-enforcerd: [engine] command handler self
> pipe trick failed, unclean shutdown
> 
> THanks in advance!
> 
> Bas
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user