Hi guys.
I think after, but am not 100% certain, I signed my zones I
get these(quite regularly):
...
ipapython.ipautil: DEBUG stderr=
ipaserver.dnssec.bindmgr: DEBUG Key metadata in LDAP:
{<DNS name private.pawel.>:
{'1d24e517-5612-11ec-9843-95791e1d967b': <ldap.cidict.cidict
object at 0x7f12c2cc96a0>,
'1d24e519-5612-11ec-9843-95791e1d967b': <ldap.cidict.cidict
object at 0x7f12c2cc9670>}, <DNS name 1.3.10.in-addr.arpa.>:
{'1d24e51d-5612-11ec-9843-95791e1d967b': <ldap.cidict.cidict
object at 0x7f12c2cc9af0>,
'1d24e51f-5612-11ec-9843-95791e1d967b': <ldap.cidict.cidict
object at 0x7f12c2cc9cd0>}, <DNS name mine.private.>:
{'64ab7109-5612-11ec-9843-95791e1d967b': <ldap.cidict.cidict
object at 0x7f12c2cd67f0>,
'64ab710b-5612-11ec-9843-95791e1d967b': <ldap.cidict.cidict
object at 0x7f12c2cd67c0>}, <DNS name private.road.>:
{'64ab7111-5612-11ec-9843-95791e1d967b': <ldap.cidict.cidict
object at 0x7f12c2cd6df0>,
'64ab7113-5612-11ec-9843-95791e1d967b': <ldap.cidict.cidict
object at 0x7f12c2cdf040>}}
ipaserver.dnssec.bindmgr: DEBUG Zones modified but
skipped during bindmgr.sync: set()
ipaserver.dnssec.bindmgr: INFO Synchronizing zone
1.3.10.in-addr.arpa.
ipaserver.dnssec.bindmgr: DEBUG Fixing directory
permissions:
/var/lib/ipa/dnssec/tokens/7af30d9a-17e4-be64-d067-36773049ff7a
...
ipapython.ipautil: DEBUG
args=['/usr/sbin/dnssec-keyfromlabel-pkcs11', '-K',
'/var/named/dyndb-ldap/ipa/master/1.3.10.in-addr.arpa/tmpsqtcpdk7',
'-a', b'RSASHA256', '-l',
b'pkcs11:object=510d521b9dcec97000294dbcfa2af36a;pin-source=/var/lib/ipa/dnssec/softhsm_pin',
'-P', b'20211205212748', '-A', b'20211205212748',
'-I',
'none', '-D', 'none', '-f', 'KSK', '-E',
'pkcs11',
'1.3.10.in-addr.arpa.']
ipapython.ipautil: DEBUG Process execution failed
Traceback (most recent call last):
File "/usr/libexec/ipa/ipa-dnskeysyncd", line 113, in
<module>
while ldap_connection.syncrepl_poll(all=1,
msgid=ldap_search):
File
"/usr/lib64/python3.9/site-packages/ldap/syncrepl.py", line
465, in syncrepl_poll
self.syncrepl_refreshdone()
File
"/usr/lib/python3.9/site-packages/ipaserver/dnssec/keysyncer.py",
line 128, in syncrepl_refreshdone
self.bindmgr.sync(self.dnssec_zones)
File
"/usr/lib/python3.9/site-packages/ipaserver/dnssec/bindmgr.py",
line 231, in sync
self.sync_zone(zone)
File
"/usr/lib/python3.9/site-packages/ipaserver/dnssec/bindmgr.py",
line 204, in sync_zone
self.install_key(zone, uuid, attrs, tempdir)
File
"/usr/lib/python3.9/site-packages/ipaserver/dnssec/bindmgr.py",
line 145, in install_key
result = ipautil.run(cmd, capture_output=True)
File
"/usr/lib/python3.9/site-packages/ipapython/ipautil.py",
line 534, in run
p = subprocess.Popen(args, stdin=p_in, stdout=p_out,
stderr=p_err,
File "/usr/lib64/python3.9/subprocess.py", line 951, in
__init__
self._execute_child(args, executable, preexec_fn,
close_fds,
File "/usr/lib64/python3.9/subprocess.py", line 1821, in
_execute_child
raise child_exception_type(errno_num, err_msg,
err_filename)
FileNotFoundError: [Errno 2] No such file or directory:
'/usr/sbin/dnssec-keyfromlabel-pkcs11'
..
Before making it a BZ I thought I'd consult here - all
thoughts much appreciated.
I'm on CentOS 9 Stream with ipa-server-common-4.9.6-9.el9.noarch
many thanks, L.