+--On 19 septembre 2013 09:06:16 +0200 Mathieu Arnold <m...@mat.cc> wrote: | +--On 19 septembre 2013 08:16:25 +0200 Rickard Bellgrim | <rick...@opendnssec.org> wrote: ||> Looking at the code (shared/hsm.c), it looks like hsm_find_key_by_id() ||> returns NULL, but libhsm does not provide an error. After a couple of ||> tries, the signer reports "key not found". ||> || || Could it be related to: || https://issues.opendnssec.org/browse/SOFTHSM-45 || || Most of the code in SoftHSM had protection against a busy database. But || there were examples where it wasn't. E.g. when opening the library at the || same time there was a lot of key generation. | | Funny thing you said that... I just got :
And with the number of zones I have, ZSK rollovers do happen more than once a day, and the signer signs something every 30 seconds or so on average. So, I get this : Sep 20 02:19:36 ns1 ods-enforcerd: Created ZSK size: 1024, alg: 8 with id: ca2fbfeac75d4883ecd8b66658c58063 in repository: SoftHSM-ZSK and database. Sep 20 02:19:36 ns1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair generated Sep 20 02:19:36 ns1 ods-enforcerd: Created key in repository SoftHSM-ZSK Sep 20 02:19:36 ns1 ods-enforcerd: Created ZSK size: 1024, alg: 8 with id: 0c6c42ff281dae875a804e9bf195cd0a in repository: SoftHSM-ZSK and database. Sep 20 02:19:37 ns1 ods-signerd: [hsm] Open first session: CKR_GENERAL_ERROR Sep 20 02:19:37 ns1 ods-signerd: [hsm] error signing rrset with libhsm Sep 20 02:19:37 ns1 ods-signerd: [rrset] unable to sign RRset[6]: lhsm_sign() failed Sep 20 02:19:37 ns1 ods-signerd: [worker[3]] sign zone dr-nguyen-appercel-lan-anh.chirurgiens-dentistes.fr failed: 1 RRsets failed Sep 20 02:19:37 ns1 ods-signerd: [worker[3]] CRITICAL: failed to sign zone dr-nguyen-appercel-lan-anh.chirurgiens-dentistes.fr: General error Sep 20 02:19:37 ns1 ods-signerd: [worker[3]] backoff task [sign] for zone dr-nguyen-appercel-lan-anh.chirurgiens-dentistes.fr with 60 seconds Sep 20 02:19:37 ns1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key pair generated Sep 20 02:19:37 ns1 ods-enforcerd: Created key in repository SoftHSM-ZSK Sep 20 02:19:37 ns1 ods-enforcerd: Created ZSK size: 1024, alg: 8 with id: b7387e9f827417e4fe2dd90a3716b6a7 in repository: SoftHSM-ZSK and database. A lot :-/ -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
