Alarig Le Lay
2017-12-04 15:23:04 UTC
Hi,
Iâm trying to update to OpenDNSSEC 2.0.3 but I canât start enforcerd
anymore.
Dec 4 15:46:31 morvan ods-enforcerd: [engine] running as pid 6227
Dec 4 15:46:31 morvan ods-enforcerd: [engine] enforcer started
Dec 4 15:46:31 morvan ods-enforcerd: [engine] Initialization: CKR_GENERAL_ERROR
Dec 4 15:46:31 morvan ods-enforcerd: [engine] enforcer shutdown
Dec 4 15:46:31 morvan ods-enforcerd: [engine] enforcerd (pid: 6227) stopped with exitcode 4
My configuration seems to be correct:
morvan ~ # ods-kaspcheck
INFO: The XML in /etc/opendnssec/conf.xml is valid
INFO: The XML in /etc/opendnssec/kasp.xml is valid
WARNING: In policy default, Y used in duration field for Keys/KSK Lifetime (P10Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days
WARNING: In policy lab, Y used in duration field for Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days
INFO: The XML in /etc/opendnssec/zonelist.xml is valid
I followed
https://github.com/opendnssec/opendnssec/tree/develop/enforcer/utils/1.4-2.0_db_convert
to migrate the DB (Iâm using SQlite).
And, the only match on the wiki is
https://wiki.opendnssec.org/display/OpenDNSSEC/2.0+%28Enforcer+NG%29+Documentation?preview=%2F2621764%2F3342421%2Fcmp140to200.txt
So, Iâm wondering what is causing 'CKR_GENERAL_ERROR'.
Thanks,
Iâm trying to update to OpenDNSSEC 2.0.3 but I canât start enforcerd
anymore.
Dec 4 15:46:31 morvan ods-enforcerd: [engine] running as pid 6227
Dec 4 15:46:31 morvan ods-enforcerd: [engine] enforcer started
Dec 4 15:46:31 morvan ods-enforcerd: [engine] Initialization: CKR_GENERAL_ERROR
Dec 4 15:46:31 morvan ods-enforcerd: [engine] enforcer shutdown
Dec 4 15:46:31 morvan ods-enforcerd: [engine] enforcerd (pid: 6227) stopped with exitcode 4
My configuration seems to be correct:
morvan ~ # ods-kaspcheck
INFO: The XML in /etc/opendnssec/conf.xml is valid
INFO: The XML in /etc/opendnssec/kasp.xml is valid
WARNING: In policy default, Y used in duration field for Keys/KSK Lifetime (P10Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days
WARNING: In policy lab, Y used in duration field for Keys/KSK Lifetime (P1Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days
INFO: The XML in /etc/opendnssec/zonelist.xml is valid
I followed
https://github.com/opendnssec/opendnssec/tree/develop/enforcer/utils/1.4-2.0_db_convert
to migrate the DB (Iâm using SQlite).
And, the only match on the wiki is
https://wiki.opendnssec.org/display/OpenDNSSEC/2.0+%28Enforcer+NG%29+Documentation?preview=%2F2621764%2F3342421%2Fcmp140to200.txt
So, Iâm wondering what is causing 'CKR_GENERAL_ERROR'.
Thanks,
--
alarig
alarig