Dear Barry,
Thank you for taking the time to reply.
On 16/02/23 11:05 +0100, Berry van Halderen wrote:
On 2023-02-16 01:40, Nick Urbanik via Opendnssec-user wrote:
Dear Folks,
I am attempting to start ods-enforcerd on Fedora 37.
journalctl shows this:
[engine] enforcerd (pid: 1233258) stopped with exitcode 3
Running on the command line shows this:
$ sudo -u ods /usr/sbin/ods-enforcerd -d -v -v -v -v -v
OpenDNSSEC key and signing policy enforcer version 2.1.10
setup failed: Database error
Dear Nick,
I see that you want to run OpenDNSSEC as a specific user. It is better
to do this in the configuration. In the conf.xml you can specify
a <User> and <Group> such that OpenDNSSEC will drop priviledges and
run as this user and/or group, after it has done some essential stuff.
This will avoid a number of problems, especially forgetting to use the
sudo command and having all your files owned by root and then figuring
out next time why nothing works when using the sudo again.
I am just using the configuration provided by Fedora, with systemd
running with user, group as ods. The default configuration also has
User and Group as ods in conf.xml.
tcpdump shows no network connection to the database.
Here is part of my /etc/opendnssec/conf.xml:
<Datastore>
<MySQL>
<Host Port="3306">localhost</Host>
<Database>opendnssec</Database>
<Username>ods</Username>
<Password>Cherry7Chunky8Voyage</Password>
</MySQL>
</Datastore>
Given the database is set-up correctly and available through the command
line, and you using "sudo", I suspect the MySQL/MariaDB socket might not
be available for the "ods" user.
Shouldn't ods-enforcerd be trying to connect to the database through
TCP port 3306 on localhost? Yet tcpdump shows no attempts. I suspect
that ods-enforcerd doesn't like some other aspect of my configuration,
but it seems reluctant to let me know.
Verify /var/run/mysql/mysql.sock (your mileage may vary depending on
your distribution) can be accessed by the "ods" user.
The mariadb socket is readable by all:
$ ls -l /var/lib/mysql/mysql.sock
srwxrwxrwx. 1 mysql mysql 0 Feb 16 10:21 /var/lib/mysql/mysql.sock
ods-enforcer-db-setup has probably not be run as the ods user, so
could use the same settings, hence my suspicioun.
I'll nuke the database and start again, see if I get any joy. The
software seems reluctant to tell me enough for me to understand what
it doesn't like about the way I set it up.
Best regards,
\Berry
I can connect to mariadb with:
mysql -h 127.0.0.1 -u ods -pCherry7Chunky8Voyage opendnssec
...
MariaDB [opendnssec]> show tables;
+----------------------+
| Tables_in_opendnssec |
+----------------------+
| databaseVersion |
| hsmKey |
| keyData |
| keyDependency |
| keyState |
| policy |
| policyKey |
| zone |
+----------------------+
8 rows in set (0.001 sec)
Can anyone suggest how to get more information to troubleshoot?
Thank you for your suggestions.
--
Nick Urbanik http://nicku.org ni...@nicku.org
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
