[root@signer-02 log]# ods-ksmutil key list
/var/opendnssec/kasp.db.our_lock already locked, sleep
/var/opendnssec/kasp.db.our_lock already locked, sleep
/var/opendnssec/kasp.db.our_lock already locked, sleep
couldn't get lock on /var/opendnssec/kasp.db.our_lock; Resource
temporarily unavailable
[root@signer-02 log]# ps auxww |grep -i ods
zonefile 3264 0.0 0.0 22468 680 ? S 11:01 0:00
/usr/sbin/ods-signer update ZONENAME
zonefile 3497 0.0 0.0 108184 1256 ? S 11:11 0:00 sh -c {
ods-ksmutil key list --all --verbose; } 2>&1
zonefile 3498 0.0 0.0 25416 1652 ? S 11:11 0:00
ods-ksmutil key list --all --verbose
root 3505 0.0 0.0 103232 868 pts/0 S+ 11:12 0:00 grep -i
ods
zonefile 37394 0.0 0.0 44816 5156 ? Ss Jul06 0:02
/usr/sbin/ods-enforcerd
zonefile 37418 1.9 3.1 2546748 1665532 ? Ssl Jul06 85:04
/usr/sbin/ods-signerd
Questions:
signerd is locking the kasp database during signing?
Why would an "ods-ksmutil key list", a read function, be locked out?
Can a signerd lock also lock out enforcerd?
Is this why keys between multiple separate instances of kasp/enforcer can
work beautifully for days and then magically get out of sync? Where all
instances are picking the same keys in the same order, but occasionally at
different times for reasons unknown?
-jake
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
