Hello,
My ipa server on centos 8 seems to have a problem.
The ipa-dnskeysyncd keeps trying to start and keeps crashing while doing so.
I suspect this is caused by the crashed ipaserver that I now have removed
from the domain.
I spend quite some time adjusting all the dns entries so they now all point
to the new server however the dnskeysyncd keeps trying to run even though
there is no server anymore to sync with.
Where do I need to check or configure things so that it no longer keeps
crashing.
Rob
apr 20 12:46:11 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]:
ipaserver.dnssec.keysyncer: INFO Initial LDAP dump is done,
sychronizing with ODS and BIND
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]: Traceback
(most recent call last):
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]: File
"/usr/libexec/ipa/ipa-dnskeysyncd", line 116, in <module>
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]: while
ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]: File
"/usr/lib64/python3.6/site-packages/ldap/syncrepl.py", line 457, in
syncrepl_poll
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]:
self.syncrepl_refreshdone()
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]: File
"/usr/lib/python3.6/site-packages/ipaserver/dnssec/keysyncer.py", line 126,
in syncrepl_refreshdone
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]:
self.hsm_replica_sync()
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]: File
"/usr/lib/python3.6/site-packages/ipaserver/dnssec/keysyncer.py", line 192,
in hsm_replica_sync
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]:
ipautil.run([paths.IPA_DNSKEYSYNCD_REPLICA])
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]: File
"/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 598, in run
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]:
p.returncode, arg_string, output_log, error_log
apr 20 12:46:14 freeipa02.tjako.thuis ipa-dnskeysyncd[13112]:
ipapython.ipautil.CalledProcessError: CalledProcessError(Command
['/usr/libexec/ipa/ipa-dnskeysync-replica'] returned non-zero exit status
1: 'ipalib.plugable: DEBUG impor
ting all plugin modules in ipaserver.plugins...\nipalib.plugable: DEBUG
importing plugin module ipaserver.plugins.aci\nipalib.plugable: DEBUG
importing plugin module ipaserver.plugins.automember\nipalib.plugable:
DEBUG importin
g plugin module ipaserver.plugins.automount\nipalib.plugable: DEBUG
importing plugin module ipaserver.plugins.baseldap\nipalib.plugable:
DEBUG ipaserver.plugins.baseldap is not a valid plugin
module\nipalib.plugable: DEBUG impo
rting plugin module ipaserver.plugins.baseuser\nipalib.plugable: DEBUG
importing plugin module ipaserver.plugins.batch\nipalib.plugable: DEBUG
importing plugin module ipaserver.plugins.ca\nipalib.plugable: DEBUG
importing plugi
n module ipaserver.plugins.caacl\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.cert\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.certmap\nipalib.plugable: DEBUG
importing plugin module i
paserver.plugins.certprofile\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.config\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.delegation\nipalib.plugable: DEBUG importing
plugin module
ipaserver.plugins.dns\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.dnsserver\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.dogtag\nipalib.plugable: DEBUG importing plugin
module ipaserve
r.plugins.domainlevel\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.group\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.hbac\nipalib.plugable: DEBUG ipaserver.plugins.hbac is
not a valid
plugin module\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.hbacrule\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.hbacsvc\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugin
s.hbacsvcgroup\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.hbactest\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.host\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.
hostgroup\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.idrange\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.idviews\nipalib.plugable: DEBUG importing
plugin module
ipaserver.plugins.int
ernal\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.join\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.krbtpolicy\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.ldap2\n
ipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.location\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.migration\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.misc\nipali
b.plugable: DEBUG importing plugin module
ipaserver.plugins.netgroup\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.otp\nipalib.plugable: DEBUG
ipaserver.plugins.otp is not a valid plugin module\nipalib.pluga
ble: DEBUG importing plugin module
ipaserver.plugins.otpconfig\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.otptoken\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.passwd\nipalib.plugable
: DEBUG importing plugin module
ipaserver.plugins.permission\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.ping\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.pkinit\nipalib.plugable: DEBU
G importing plugin module ipaserver.plugins.privilege\nipalib.plugable:
DEBUG importing plugin module
ipaserver.plugins.pwpolicy\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.rabase\nipalib.plugable: DEBUG
ipaserver.plugins.rabase is not a valid plugin module\nipalib.plugable:
DEBUG importing plugin module
ipaserver.plugins.radiusproxy\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.realmdomains\nipalib.plugable:
DEBUG importing plugin module ipaserver.plugins.role\nipalib.plugable:
DEBUG importing plugin module ipaserver.plugins.schema\nipalib.plugable:
DEBUG importing plugin module
ipaserver.plugins.selfservice\nipalib.plugable: DEBU
G importing plugin module
ipaserver.plugins.selinuxusermap\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.server\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.serverrole\nipalib.plugable:
DEBUG importing plugin module
ipaserver.plugins.serverroles\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.service\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.servicedelegation\nipalib.p
lugable: DEBUG importing plugin module
ipaserver.plugins.session\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.stageuser\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.sudo\nipalib.plugabl
e: DEBUG ipaserver.plugins.sudo is not a valid plugin
module\nipalib.plugable: DEBUG importing plugin module
ipaserver.plugins.sudocmd\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.sudocmdgroup\nipalib.pluga
ble: DEBUG importing plugin module
ipaserver.plugins.sudorule\nipalib.plugable: DEBUG importing plugin
module ipaserver.plugins.topology\nipalib.plugable: DEBUG importing
plugin module ipaserver.plugins.trust\nipalib.plugable:
DEBUG importing plugin module ipaserver.plugins.user\nipalib.plugable:
DEBUG importing plugin module ipaserver.plugins.vault\nipalib.plugable:
DEBUG importing plugin module
ipaserver.plugins.virtual\nipalib.plugable: DEBUG i
paserver.plugins.virtual is not a valid plugin module\nipalib.plugable:
DEBUG importing plugin module ipaserver.plugins.whoami\nipalib.plugable:
DEBUG importing plugin module
ipaserver.plugins.xmlserver\nipa-dnskeysync-replica: DE
BUG Kerberos principal:
ipa-dnskeysyncd/freeipa02.tjako.thuis\nipalib.install.kinit: DEBUG
Initializing principal ipa-dnskeysyncd/freeipa02.tjako.thuis using
keytab /etc/ipa/dnssec/ipa-dnskeysyncd.keytab\nipalib.install.kinit: DEB
UG using ccache
/tmp/ipa-dnskeysync-replica.ccache\nipalib.install.kinit: DEBUG Attempt
1/5: success\nipa-dnskeysync-replica: DEBUG Got TGT\nTraceback (most
recent call last):\n File "/usr/libexec/ipa/ipa-dnskeysync-replica",
line 177, in <module>\n f.read()\n File
"/usr/lib/python3.6/site-packages/ipaserver/dnssec/localhsm.py", line 104,
in __init__\n self.p11 = _ipap11helper.P11_Helper(label, pin, library)\n
File "/usr/lib/python3.6/site-packages/i
paserver/p11helper.py", line 868, in __init__\n raise Error("No slot for
label {} found".format(self.token_label))\nipaserver.p11helper.Error: No
slot for label ipaDNSSEC found\nException ignored in: <bound method
LocalHSM.__del__ of
<ipaserver.dnssec.localhsm.LocalHSM object at 0x7ff5f2bf6c50>>\nTraceback
(most recent call last):\n File
"/usr/lib/python3.6/site-packages/ipaserver/dnssec/localhsm.py", line 107,
in __del__\n self.p11.finalize()\nAttributeError:
\'LocalHSM\' object has no attribute \'p11\'\n')