[Opendnssec-user] softhsm

Discussion:

Randy Bush

2018-07-29 20:04:41 UTC

a server developed hardware disease. i spun up a vm and moved dns
content over. as the zones are signed, i am worried about expiration.
so i tried to get opendnssec going. but it is barfing on softhsm.

```
/var/log/messages:Jul 29 19:45:42 rip ods-enforcerd: hsm_get_slot_id(): No slots found in HSM
```

and my google fu is failing.

clue bat, please

randy

Daniel Griggs

2018-07-29 21:02:19 UTC

Permalink

softhsm --show-slots

if no slots,

softhsm --init-token --slot <num> --label <name to use in Opendnssec>

if there are slots,

Verify that the token label is the name you have used in the Opendnssec
config.

Also verify all you user permissions, i.e. the Opendnssec users needs to be
able to read the SoftHSM config and R/W to the token storage file.

Post by Randy Bush
a server developed hardware disease. i spun up a vm and moved dns
content over. as the zones are signed, i am worried about expiration.
so i tried to get opendnssec going. but it is barfing on softhsm.
```
/var/log/messages:Jul 29 19:45:42 rip ods-enforcerd: hsm_get_slot_id(): No
slots found in HSM
```
and my google fu is failing.
clue bat, please
randy
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

--
Daniel Griggs
e: ***@internetnz.net.nz
p: +64 27 448 8230

Randy Bush

2018-07-29 22:19:34 UTC

Permalink

bingo. /var/lib/softhsm was owned by root :(

so now

Jul 29 22:12:02 rip ods-enforcerd: ERROR: unable to connect to database - unable to open database file

where the heck is the sqllite database?

Daniel Griggs

2018-07-29 22:22:22 UTC

Permalink

It should be inside /var/lib/softhsm

Otherwise check /etc/softhsm/softhsm.conf for what's configured where.

Post by Randy Bush
bingo. /var/lib/softhsm was owned by root :(
so now
Jul 29 22:12:02 rip ods-enforcerd: ERROR: unable to connect to database -
unable to open database file
where the heck is the sqllite database?

--
Daniel Griggs
e: ***@internetnz.net.nz
p: +64 27 448 8230

Randy Bush

2018-07-29 22:25:14 UTC

Permalink

ignore me. found the directory i did not restore from backuo

/usr/local/var/opendnssec

randy