[Opendnssec-user] Problem with configuration; terse output

Berry van Halderen berry at nlnetlabs.nl
Thu Feb 16 10:05:05 UTC 2023 

On 2023-02-16 01:40, Nick Urbanik via Opendnssec-user wrote:
> Dear Folks,
> 
> I am attempting to start ods-enforcerd on Fedora 37.
> 
> journalctl shows this:
> [engine] enforcerd (pid: 1233258) stopped with exitcode 3
> 
> Running on the command line shows this:
> $ sudo -u ods /usr/sbin/ods-enforcerd -d -v -v -v -v -v
> OpenDNSSEC key and signing policy enforcer version 2.1.10
> setup failed: Database error

Dear Nick,

I see that you want to run OpenDNSSEC as a specific user.  It is better
to do this in the configuration.  In the conf.xml you can specify
a <User> and <Group> such that OpenDNSSEC will drop priviledges and
run as this user and/or group, after it has done some essential stuff.
This will avoid a number of problems, especially forgetting to use the
sudo command and having all your files owned by root and then figuring
out next time why nothing works when using the sudo again.

> tcpdump shows no network connection to the database.
> 
> Here is part of my /etc/opendnssec/conf.xml:
>                 <Datastore>
>                         <MySQL>
>                                 <Host Port="3306">localhost</Host>
>                                 <Database>opendnssec</Database>
>                                 <Username>ods</Username>
>                                 
> <Password>Cherry7Chunky8Voyage</Password>
>                         </MySQL>
>                 </Datastore>

Given the database is set-up correctly and available through the command
line, and you using "sudo", I suspect the MySQL/MariaDB socket might not
be available for the "ods" user.

Verify /var/run/mysql/mysql.sock (your mileage may vary depending on 
your
distribution) can be accessed by the "ods" user.  ods-enforcer-db-setup
has probably not be run as the ods user, so could use the same settings,
hence my suspicioun.

Best regards,
\Berry

> I can connect to mariadb with:
> mysql -h 127.0.0.1 -u ods -pCherry7Chunky8Voyage opendnssec
> ...
> MariaDB [opendnssec]> show tables;
> +----------------------+
> | Tables_in_opendnssec |
> +----------------------+
> | databaseVersion      |
> | hsmKey               |
> | keyData              |
> | keyDependency        |
> | keyState             |
> | policy               |
> | policyKey            |
> | zone                 |
> +----------------------+
> 8 rows in set (0.001 sec)
> 
> Can anyone suggest how to get more information to troubleshoot?

More information about the Opendnssec-user mailing list