Abdulkareem H. Ali
2018-08-08 13:20:27 UTC
Hi Maurice,
We have the same issue. My setup is ODS 1.4.12 with ThalesHSM as a backend, on CentOS 7 systems.
The issue started for us when we migrated from SoftHSM to ThalesHSM. Not sure if the issue happens cause we're not using SoftHSM or if it is related to ThalesHSM software it self.
Since then I've been pregenerating keys to avoid it causing problems.
If a fix would be found, that would be great. Our logs shows the exact same error that you see.
Kareem.
P.S. I've just subscribed to this list, so, sorry if this email comes in incorrect format cause I manually started the reply.
Abdulkareem H. Ali
Operations Team Leader
CentralNic Group PLC
London Stock Exchange Symbol: CNIC
+44 20 3388 0600
www.CentralNic.com
CentralNic Group PLC is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R
6AR.
We have the same issue. My setup is ODS 1.4.12 with ThalesHSM as a backend, on CentOS 7 systems.
The issue started for us when we migrated from SoftHSM to ThalesHSM. Not sure if the issue happens cause we're not using SoftHSM or if it is related to ThalesHSM software it self.
Since then I've been pregenerating keys to avoid it causing problems.
If a fix would be found, that would be great. Our logs shows the exact same error that you see.
Kareem.
P.S. I've just subscribed to this list, so, sorry if this email comes in incorrect format cause I manually started the reply.
Message: 1
Date: Tue, 7 Aug 2018 16:07:51 +0200
Subject: [Opendnssec-user] signer daemon bug
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hello,
It seems Like I have a bug on opendnssec-1.4.13-1.el7.x86_64.
Sometimes a zone sign fails and the next message appears in the log.
CKR_OBJECT_HANDLE_INVALID
Aug? 7 14:09:04 ns04 ods-signerd: [hsm] unable to get key: hsm failed to
create dnskey
Aug? 7 14:09:04 ns04 ods-signerd: [zone] unable to publish dnskeys for
zone $zone : error creating dnskey
failed to publish dnskeys (General error)
Aug? 7 14:09:04 ns04 ods-signerd: [worker[2]] CRITICAL: failed to sign
zone $zone : General error
Aug? 7 14:09:04 ns04 ods-signerd: [worker[2]] backoff task [read] for
zone $zone? with 3600 seconds
After a restart of ods-signerd the problem disappears.
Does anybody experience the same behavoir ?
--Date: Tue, 7 Aug 2018 16:07:51 +0200
Subject: [Opendnssec-user] signer daemon bug
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hello,
It seems Like I have a bug on opendnssec-1.4.13-1.el7.x86_64.
Sometimes a zone sign fails and the next message appears in the log.
CKR_OBJECT_HANDLE_INVALID
Aug? 7 14:09:04 ns04 ods-signerd: [hsm] unable to get key: hsm failed to
create dnskey
Aug? 7 14:09:04 ns04 ods-signerd: [zone] unable to publish dnskeys for
zone $zone : error creating dnskey
failed to publish dnskeys (General error)
Aug? 7 14:09:04 ns04 ods-signerd: [worker[2]] CRITICAL: failed to sign
zone $zone : General error
Aug? 7 14:09:04 ns04 ods-signerd: [worker[2]] backoff task [read] for
zone $zone? with 3600 seconds
After a restart of ods-signerd the problem disappears.
Does anybody experience the same behavoir ?
Abdulkareem H. Ali
Operations Team Leader
CentralNic Group PLC
London Stock Exchange Symbol: CNIC
+44 20 3388 0600
www.CentralNic.com
CentralNic Group PLC is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R
6AR.