Ours are quite old too: $ ls -l /opt/nfast/toolkits/pkcs11/ total 11540 -rwxr-xr-x 1 root root 32768 Nov 23 2012 ConfigPKCS11onCP -rwxr-xr-x 1 root root 11780890 Nov 23 2012 libcknfast.so
We have added this to the ods init scripts: CKNFAST_LOADSHARING=1 export CKNFAST_LOADSHARING regards Klaus On 28.05.2014 13:16, Mark Elkins wrote: > Still having problems with Thales integration. > I've read the paper: "nShields ISC BIND DNSSEC UNIX ig.pdf" > ...but its over two years old. Not sure how much of it is still > relevant. > > In my logfile on "start" - I get: > > ods-enforcerd: opendnssec started (version 1.4.5), pid 12747 > ods-enforcerd: HSM opened successfully. > ods-enforcerd: Checking database connection... > ods-enforcerd: Database connection ok. > ods-enforcerd: pidfile /var/run/opendnssec/enforcerd.pid already exists, > but no process with pid 12729 is running. A previous instance didn't > shutdown cleanly, this pidfile is stale. > ods-enforcerd: Reading config "/etc/opendnssec/conf.xml" > ods-enforcerd: Reading config schema > "/usr/local/share/opendnssec/conf.rng" > ods-enforcerd: Communication Interval: 3600 > ods-enforcerd: No DS Submit command supplied > ods-enforcerd: MySQL database schema set to: KASP > ods-enforcerd: MySQL database user set to: kaspuser > ods-enforcerd: MySQL database password set > ods-enforcerd: Log User set to: local0 > ods-enforcerd: Switched log facility to: local0 > ods-enforcerd: Connecting to Database... > ods-enforcerd: Policy zacr-nsec3 found. > ods-enforcerd: Key sharing is Off. > ods-enforcerd: 2 zone(s) found on policy "zacr-nsec3" > ods-enforcerd: 2 new KSK(s) (2048 bits) need to be created for policy > zacr-nsec3: keys_to_generate(2) = keys_needed(2) - keys_available(0). > ods-signerd: [hsm] libhsm connection opened succesfully > ods-signerd: [engine] signer started (version 1.4.5), pid 12752 > ods-signerd: [worker[2]] CRITICAL: failed to sign zone web.za: General > error > ods-signerd: [worker[2]] backoff task [configure] for zone web.za with > 60 seconds > ods-signerd: [worker[1]] CRITICAL: failed to sign zone za: General error > ods-signerd: [worker[1]] backoff task [configure] for zone za with 60 > seconds > kernel: [681529.262759] ods-enforcerd[12747]: segfault at 0 ip > 00007fa14d93bb14 sp 00007ffff7aeb4f0 error 4 in > libcknfast.so[7fa14d892000+1ee000] > > So - good news - I'm talking to the Thales, but it looks like the > library supplied might be too old? > > Looking at the supplied Library: > root:/opt/nfast/toolkits/pkcs11# ls -l > -rwxr-xr-x 1 mje mje 32768 May 20 15:46 ConfigPKCS11onCP > -rwxr-xr-x 1 mje mje 11780890 May 20 15:46 libcknfast.so > > root:pkcs11# ldd libcknfast.so > linux-vdso.so.1 => (0x00007fff797fe000) > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f6b443d0000) > libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 > (0x00007f6b441b2000) > librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f6b43fa9000) > libnsl.so.1 => /lib/x86_64-linux-gnu/libnsl.so.1 (0x00007f6b43d8f000) > /lib64/ld-linux-x86-64.so.2 (0x00007f6b44adf000) > > root:pkcs11# ls -l /lib/x86_64-linux-gnu/libc.so.6 > lrwxrwxrwx 1 root root 12 Apr 12 12:38 /lib/x86_64-linux-gnu/libc.so.6 > -> libc-2.19.so > > root:pkcs11# ls /lib/x86_64-linux-gnu/libpthread.so.0 > /lib/x86_64-linux-gnu/libpthread.so.0 > > root:pkcs11# ls -l /lib/x86_64-linux-gnu/libpthread.so.0 > lrwxrwxrwx 1 root root 18 Apr 12 > 12:38 /lib/x86_64-linux-gnu/libpthread.so.0 -> libpthread-2.19.so > > root:pkcs11# ls -l /lib/x86_64-linux-gnu/librt.so.1 > lrwxrwxrwx 1 root root 13 Apr 12 12:38 /lib/x86_64-linux-gnu/librt.so.1 > -> librt-2.19.so > > root:pkcs11# ls -l /lib/x86_64-linux-gnu/libnsl.so.1 > lrwxrwxrwx 1 root root 14 Apr 12 12:38 /lib/x86_64-linux-gnu/libnsl.so.1 > -> libnsl-2.19.so > > root:pkcs11# ls -l /lib64/ld-linux-x86-64.so.2 > lrwxrwxrwx 1 root root 32 Apr 12 12:38 /lib64/ld-linux-x86-64.so.2 > -> /lib/x86_64-linux-gnu/ld-2.19.so > > The (virtual) server: > Linux mjedev 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC > 2014 x86_64 x86_64 x86_64 GNU/Linux > > Anyone doing similar? > Anyone with a newer thales library? > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
