Description of problem:
Noticed this in my freeipa's dc log. It tries to run every minute or so and it fails
Version-Release number of selected component:
freeipa-server-dns-4.9.10-3.fc36
Additional info:
reporter: libreport-2.17.1
cgroup: 0::/system.slice/ipa-dnskeysyncd.service
cmdline: /usr/bin/python3 -I /usr/libexec/ipa/ipa-dnskeysyncd
crash_function: run
exception_type: ipapython.ipautil.CalledProcessError
executable: /usr/libexec/ipa/ipa-dnskeysyncd
interpreter: python3-3.10.6-1.fc36.x86_64
kernel: 5.18.16-200.fc36.x86_64
runlevel: N 3
type: Python3
uid: 996
Truncated backtrace:
#1 [/usr/lib/python3.10/site-packages/ipapython/ipautil.py:599] run
#2 [/usr/lib/python3.10/site-packages/ipaserver/dnssec/bindmgr.py:146] install_key
#3 [/usr/lib/python3.10/site-packages/ipaserver/dnssec/bindmgr.py:205] sync_zone
#4 [/usr/lib/python3.10/site-packages/ipaserver/dnssec/bindmgr.py:232] sync
#5 [/usr/lib/python3.10/site-packages/ipaserver/dnssec/keysyncer.py:128] syncrepl_refreshdone
#6 [/usr/lib64/python3.10/site-packages/ldap/syncrepl.py:464] syncrepl_poll
#7 [/usr/libexec/ipa/ipa-dnskeysyncd:130] <module>
Comment 7Florence Blanc-Renaud
2022-08-11 09:42:03 UTC
Hi,
thanks for your BZ report.
Based on the journal backtrace (dnssec-keyfromlabel: warning: ENGINE_load_private_key failed (not found)\ndnssec-keyfromlabel: fatal: failed to get key <domain removed>/RSASHA256: not found\n'), it can be closed as a duplicate of BZ #2115865.
There is already an update of openssl-pkcs11 (FEDORA-2022-2f6e9a0b6c has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-2f6e9a0b6c) that contains a fix. Can you try to update and confirm it properly solves your issue?
*** This bug has been marked as a duplicate of bug 2115865 ***