25-06-18 om 17:05 schreef Casper Gielen: > > Are you using SoftHSM as HSM? If so, which version? > > There is a known, resolved issue with certain versions. > > I just switched to SoftHSM 2.4.0, from Debian Unstable. > I'll run it for a bit and see if anything improves.
After two days nothing has happened. That is, all keys seem to be in exactly the same state as two days ago. Calling 'ods-enforcer enforce' manually does trigger something, but the enforcer is not able to talk to our SQL server. Jun 28 11:52:16 ramachandra ods-enforcerd: DB prepare SQL SELECT policy.id, policy.rev, policy.name, policy.description, policy.signaturesResign, policy.signaturesRefresh, policy.signaturesJitter, policy.signaturesInceptionOffset, policy.signaturesValidityDefault, policy.signaturesValidityDenial, po licy.signaturesValidityKeyset, policy.signaturesMaxZoneTtl, policy.denialType, policy.denialOptout, policy.denialTtl, policy.denialResalt, policy.denialAlgorithm, policy.denialIterations, policy.denialSaltLength, policy.denialSalt, policy.denialSaltLastChange, policy.keysTtl, policy.keysRetireSafety , policy.keysPublishSafety, policy.keysShared, policy.keysPurgeAfter, policy.zonePropagationDelay, policy.zoneSoaTtl, policy.zoneSoaMinimum, policy.zoneSoaSerial, policy.parentRegistrationDelay, policy.parentPropagationDelay, policy.parentDsTtl, policy.parentSoaTtl, policy.parentSoaMinimum, policy.p assthrough FROM policy WHERE policy.id = ? Jun 28 11:52:16 ramachandra ods-enforcerd: DB prepare Err 2006: MySQL server has gone away Jun 28 11:52:16 ramachandra ods-enforcerd: [hsm_key_factory_generate_task] generate for policy key [duration: 0] Jun 28 11:52:16 ramachandra ods-enforcerd: [hsm_key_factory_generate] repository LocalHSM role KSK Jun 28 11:52:16 ramachandra ods-enforcerd: SELECT COUNT(*) FROM hsmKey WHERE hsmKey.policyId = ? AND hsmKey.state = ? AND hsmKey.bits = ? AND hsmKey.algorithm = ? AND hsmKey.role = ? AND hsmKey.isRevoked = ? AND hsmKey.keyType = ? AND hsmKey.repository = ? Jun 28 11:52:16 ramachandra ods-enforcerd: DB prepare SQL SELECT COUNT(*) FROM hsmKey WHERE hsmKey.policyId = ? AND hsmKey.state = ? AND hsmKey.bits = ? AND hsmKey.algorithm = ? AND hsmKey.role = ? AND hsmKey.isRevoked = ? AND hsmKey.keyType = ? AND hsmKey.repository = ? Jun 28 11:52:16 ramachandra ods-enforcerd: DB prepare Err 2006: MySQL server has gone away After restarting the enforcer it connects correctly to MySQL and the keys start advancing through the various states. I've added a cron-job that restarts the enforcer every 6 hours. That's not ideal but should make clear if the problem is just that the enforcer gets stuck and thus misses its deadlines, or if the problems go deeper. -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
