Issue #6495: DNSSEC: ipa-ods-expoter.socket creates incorrect socket and breaks DNSSEC signing - freeipa

freeipa

#6495 DNSSEC: ipa-ods-expoter.socket creates incorrect socket and breaks DNSSEC signing

Closed: Fixed None Opened 7 years ago by mbasti.

Zone ipa.test.
selinux: permissive

Journal

ipa-dnskeysyncd[88215]: ipa         : INFO     Commencing sync process
ipa-dnskeysyncd[88215]: ipa.ipapython.dnssec.keysyncer.KeySyncer: INFO     Initial LDAP dump is done, sychronizing with ODS and BIND
ipa-dnskeysyncd[88215]: ipa.ipapython.dnssec.odsmgr.ODSMgr: INFO     Zones removed from LDAP: []
ipa-dnskeysyncd[88215]: ipa.ipapython.dnssec.odsmgr.ODSMgr: INFO     Zones added to LDAP: [('c2f87904-ac4a-11e6-9c31-ca6628ed6884', <DNS name ipa.test.>)
ipa-dnskeysyncd[88215]: ipa.ipapython.dnssec.odsmgr.ODSMgr: INFO     WARNING: The input file /var/lib/ipa/dns/zone/entryUUID/c2f87904-ac4a-11e6-9c31-ca66
ipa-dnskeysyncd[88215]: zonelist filename set to /etc/opendnssec/zonelist.xml.
ipa-dnskeysyncd[88215]: Imported zone: ipa.test
ipa-dnskeysyncd[88215]: ipa.ipapython.dnssec.odsmgr.ODSMgr: INFO     Notifying enforcer of new database...
ipa-dnskeysyncd[88215]: Traceback (most recent call last):
ipa-dnskeysyncd[88215]:   File "/usr/libexec/ipa/ipa-dnskeysyncd", line 112, in <module>
ipa-dnskeysyncd[88215]:     while ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
ipa-dnskeysyncd[88215]:   File "/usr/lib64/python2.7/site-packages/ldap/syncrepl.py", line 409, in syncrepl_poll
ipa-dnskeysyncd[88215]:     self.syncrepl_refreshdone()
ipa-dnskeysyncd[88215]:   File "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py", line 116, in syncrepl_refreshdone
ipa-dnskeysyncd[88215]:     self.hsm_master_sync()
ipa-dnskeysyncd[88215]:   File "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py", line 191, in hsm_master_sync
ipa-dnskeysyncd[88215]:     ipautil.run([paths.ODS_SIGNER, 'ipa-hsm-update'])
ipa-dnskeysyncd[88215]:   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 518, in run
ipa-dnskeysyncd[88215]:     raise CalledProcessError(p.returncode, arg_string, str(output))
ipa-dnskeysyncd[88215]: subprocess.CalledProcessError: Command '/usr/sbin/ods-signer ipa-hsm-update' returned non-zero exit status 1



[root@vm-058-013 ~]# sudo -u ods -s /bin/bash
bash-4.3$ source /etc/sysconfig/ods
bash-4.3$ export SOFTHSM2_CONF
bash-4.3$ /usr/sbin/ods-signer ipa-hsm-update
Unable to connect to engine: connect() failed: No such file or directory

pspacek commented 7 years ago

This is a regression caused by incorrect daemons/dnssec/ipa-ods-exporter.socket.in path template introduced in commit 312e780.

mbasti commented 7 years ago

regression in master, fixed in master

master:

5862eaa Build: fix path in ipa-ods-exporter.socket unit file

Metadata Update from @mbasti:
- Issue assigned to pspacek
- Issue set to the milestone: FreeIPA 4.5

7 years ago

Metadata

Assignee

pspacek

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

FreeIPA 4.5

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

DNS

blocking

None

on_review

https://github.com/freeipa/freeipa/pull/260

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#6495 DNSSEC: ipa-ods-expoter.socket creates incorrect socket and breaks DNSSEC signing Closed: Fixed None Opened 7 years ago by mbasti.

Metadata

#6495 DNSSEC: ipa-ods-expoter.socket creates incorrect socket and breaks DNSSEC signing

Closed: Fixed None Opened 7 years ago by mbasti.