[Opendnssec-user]Problem with ods-signerd and softhsm slot error

刘硕 Tue, 03 Jul 2012 19:43:45 -0700

Hi all,
After I signed a zone and I noticed there were something wrong in the log:
Jul  4 10:21:34 CST-BJ-104 ods-signerd: *** glibc detected *** 
/usr/local/sbin/ods-signerd: double free or corruption (!prev): 
0x00007f006132f020 ***
I knew the ods-signerd process was down, because I met this kind of situation 
lots of times, that is the ods-signerd is not stable.
After I restart the ods-signerd with
$/usr/local/sbin/ods-signerd
OpenDNSSEC signer engine version 1.4.0a2
there is still only ods-enforcerd
$ps -aux | grep ods
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
root      9873  0.0  0.0  40764  5540 ?        SLs  Jul03   0:06 
/usr/local/sbin/ods-enforcerd
root     16733  0.0  0.0 103232   796 pts/0    S+   10:25   0:00 grep ods
And in the log I got:
Jul  4 10:22:14 CST-BJ-104 ods-signerd: [hsm] hsm_get_slot_id(): could not find 
token with the name OpenDNSSEC
Jul  4 10:22:14 CST-BJ-104 ods-signerd: [engine] setup failed: HSM error
Jul  4 10:22:14 CST-BJ-104 ods-signerd: [engine] signer shutdown


That really puzzled me why there was a sudden error with softhsm.
$ softhsm --show-slot
Available slots:
Slot 0 
           Token present: yes
           Token initialized: no
           User PIN initialized: no
initialized:no? I'm sure I use this slot to create keys before this disaster 
came.
$ ods-ksmutil key list
Keys:
Zone:                           Keytype:      State:    Date of next transition:
example                         KSK           ready     waiting for ds-seen 
example                         ZSK           active    2012-07-04 14:15:51 
example1                        KSK           ready     waiting for ds-seen 
example1                        ZSK           active    2012-07-04 13:47:47 
example2                        KSK           publish   2012-07-04 10:19:05 
example2                        ZSK           active    2012-07-04 14:03:05 
example3                        KSK           publish   2012-07-04 10:31:51 
example3                        ZSK           active    2012-07-04 14:15:51 
But I can get the key list, does that mean the slot or the softhsm is ok?
Finally,I have to run
$softhsm --init-token --slot 0 --label "OpenDNSSEC"
to re-initialized the slot,but the disaster occurred that all the keys used 
before are not in the new repository,and all the keys are useless
SQLite database set to: /var/opendnssec/kasp.db
Keys:
Zone:                           Keytype:      State:    Date of next transition 
(to):  Size:   Algorithm:  CKA_ID:                           Repository:        
               Keytag:
example                         KSK           ready     waiting for ds-seen 
(active)   2048    8           ac7d92d2f8999e802ca05d2086e8f8cf  SoftHSM NOT IN 
repository
example                         ZSK           active    2012-07-04 14:15:51 
(retire)   1024    8           a3ffe7838bebcef0225fe35ff40292d7  SoftHSM NOT IN 
repository
example1                        KSK           ready     waiting for ds-seen 
(active)   2048    8           e40f22ff04d03880f71ed76fb1e59a87  SoftHSM NOT IN 
repository
example1                        ZSK           active    2012-07-04 13:47:47 
(retire)   1024    8           4f01f6a4ab5eee2b451319a7ef9dc9af  SoftHSM NOT IN 
repository
example2                        KSK           publish   2012-07-04 10:19:05 
(ready)    2048    8           ec71add233fa01aefabdb68a03a21631  SoftHSM NOT IN 
repository
example2                        ZSK           active    2012-07-04 14:03:05 
(retire)   1024    8           c19a192bce86b4ff48416fcddf6fff9a  SoftHSM NOT IN 
repository
example3                        KSK           publish   2012-07-04 10:31:51 
(ready)    2048    8           025df9cd17567e1b694af33f7649a5d8  SoftHSM NOT IN 
repository
example3                        ZSK           active    2012-07-04 14:15:51 
(retire)   1024    8           f6b390c2010abaa386b8c0131eab346c  SoftHSM NOT IN 
repository
in the log I got :
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 
e40f22ff04d03880f71ed76fb1e59a87 not found
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for 
zone example1: error creating dnskey
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 
025df9cd17567e1b694af33f7649a5d8 not found
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for 
zone example3: error creating dnskey
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 
ac7d92d2f8999e802ca05d2086e8f8cf not found
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for 
zone example: error creating dnskey
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example1: 
failed to publish dnskeys (General error)
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example3: 
failed to publish dnskeys (General error)
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [worker[2]] backoff task [configure] 
for zone example1 with 60 seconds
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 
ec71add233fa01aefabdb68a03a21631 not found
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [worker[4]] backoff task [configure] 
for zone example3 with 60 seconds
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example: 
failed to publish dnskeys (General error)
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [worker[1]] backoff task [configure] 
for zone example with 60 seconds
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for 
zone example2: error creating dnskey
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example2: 
failed to publish dnskeys (General error)
Jul  4 10:36:58 CST-BJ-104 ods-signerd: [worker[3]] backoff task [configure] 
for zone example2 with 60 seconds
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 
ac7d92d2f8999e802ca05d2086e8f8cf not found
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for 
zone example: error creating dnskey
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 
e40f22ff04d03880f71ed76fb1e59a87 not found
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for 
zone example1: error creating dnskey
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 
ec71add233fa01aefabdb68a03a21631 not found
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for 
zone example2: error creating dnskey
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example: 
failed to publish dnskeys (General error)
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [worker[2]] backoff task [configure] 
for zone example with 120 seconds
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [hsm] unable to get key: key 
025df9cd17567e1b694af33f7649a5d8 not found
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example1: 
failed to publish dnskeys (General error)
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [zone] unable to publish dnskeys for 
zone example3: error creating dnskey
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [worker[4]] backoff task [configure] 
for zone example1 with 120 seconds
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example2: 
failed to publish dnskeys (General error)
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [worker[1]] backoff task [configure] 
for zone example2 with 120 seconds
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [tools] unable to read zone example3: 
failed to publish dnskeys (General error)
Jul  4 10:37:58 CST-BJ-104 ods-signerd: [worker[3]] backoff task [configure] 
for zone example3 with 120 seconds
So, can somebody tell me the ods-signerd problem and softhsm slot error?

best regards
Stuart Lau




Stuart Lau

_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

[Opendnssec-user]Problem with ods-signerd and softhsm slot error

Reply via email to