Aug 31 13:34:17 stage-ns2 ods-enforcerd: Config will be output to /var/named/zones/conf/testTLD.xml. Aug 31 13:34:17 stage-ns2 ods-enforcerd: Could not open: /var/named/zones/conf/xn--testTLD.xml.tmp (Permission denied) Aug 31 13:34:17 stage-ns2 ods-enforcerd: Error writing signconf for testTLD
[root@stage-ns2 ~]# ll /var/named/zones/conf/ total 0 -rw-r--r--. 1 root ods 0 Aug 31 01:23 xn--wgbh1c.xml.tmp [root@stage-ns2 ~]# [root@stage-ns2 ~]# ods-hsmutil list Listing keys in all repositories. 4 keys found. This is >>>>>> drw-r--r--. 5 root ods 4096 Aug 28 00:46 zones >>> where i store nisgned and signed and conf folders Could you advice ? ________________________________________ From: [email protected] [[email protected]] on behalf of Abdalmonem Tharwat Galila [[email protected]] Sent: Sunday, August 31, 2014 12:24 PM To: Jarno Huuskonen; [email protected] Subject: RE: [Opendnssec-user] Re: ods-enforcerd: Error creating key in repository SoftHSM-KSK -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jarno Huuskonen Sent: Sunday, August 31, 2014 12:32 PM To: [email protected] Subject: [Opendnssec-user] Re: ods-enforcerd: Error creating key in repository SoftHSM-KSK Hi, > I got the following error message and enforcer could not restarted > > [root@ns2 ~]# ods-control start > Starting enforcer... > OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 9473 Could not > start enforcer > [root@stage-ns2 ~]# tail -f /var/log/messages Aug 30 01:03:27 > stage-ns2 ods-enforcerd: Connecting to Database... > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy default found. > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off. > Aug 30 01:03:27 stage-ns2 ods-enforcerd: No zones on policy default, > skipping... > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy DotMasr found. > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off. > Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 zone(s) found on policy "Dot2" > Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 new KSK(s) (2048 bits) need to be > created for policy Dot2: keys_to_generate(1) = keys_needed(1) - > keys_available(0). > Aug 30 01:03:27 stage-ns2 ods-enforcerd: Error creating key in > repository SoftHSM-KSK Aug 30 01:03:27 stage-ns2 ods-enforcerd: > generate key pair: CKR_GENERAL_ERROR >> What do you have in softhsm.conf (/etc/softhsm.conf) ? 0:/var/softhsm/slot0.db 1:/var/softhsm/slot1.db 2:/var/softhsm/slot2.db >> Is the user account used for ods-enforcerd able to access the files defined >> in softhsm.conf (can change to the directory and read/write the files). How to get that user , you are talking about ? >> Does your opendnssec/conf.xml <Repository> / <TokenLabel> match what you get >> with "softhsm --show-slots" ? Yes , matches Available slots: Slot 0 Token present: yes Token initialized: yes User PIN initialized: yes Token label: OpenDNSSEC Slot 1 Token present: yes Token initialized: yes User PIN initialized: yes Token label: KSK Slot 2 Token present: yes Token initialized: yes User PIN initialized: yes Token label: ZSK >> -Jarno -- >> Jarno Huuskonen _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
