Re: [Opendnssec-user] CRITICAL: failed to sign zone example.com: General error

[Michael Grimm]

PGNet Dev <pgnet....@gmail.com> wrote:

> I've seen this before
> 
>> Jan 18 17:11:26 dns2 ods-signerd: [file] open file  
>> file=/usr/local/var/opendnssec/signconf/example.com.xml mode=reading
>> Jan 18 17:11:26 dns2 ods-signerd: [file] unable to open file 
>> /usr/local/var/opendnssec/signconf/example.com.xml for reading: No such file 
>> or directory
> 
> albeit with ods 2.1x ... here, it was perms.
> 
> Do user/group shown in
> 
>       ps aux | grep ods
> 
> match perms on
> 
>       /usr/local/var/opendnssec/signconf
>       /usr/local/var/opendnssec/signconf/example.com.xml
> 
> ?

ods-signerd/enforcerd both run uid root; permissions of directories in 
/usr/local/var/opendnssec are opendnssec:opendnssec, though.

BUT: /usr/local/var/opendnssec/signconf/example.com.xml is missing because I 
cleaned that directory on purpose in order to recover from my issue. If I am 
not mistaken are those files in /usr/local/var/opendnssec/signconf rebuild 
after restarting opendnssec's deamons. My issue is that ods-enforcerd isn't 
able to allocate a ZSK although such a key is available in HSM:

        Jan 18 07:10:13 dns2 ods-enforcerd: Error allocating zsks to zone 
example.com
        Jan 18 07:11:26 dns2 ods-signerd: [worker[3]] CRITICAL: failed to sign 
zone example.com: General error

Regards,
Michael
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user