Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1361274

Summary: gnome-session errors in /var/log/messages after fresh install
Product: Red Hat Enterprise Linux 7 Reporter: jigar <jraising>
Component: dnssec-triggerAssignee: Tomáš Hozza 🤓 <thozza>
Status: CLOSED NOTABUG QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: high    
Version: 7.2CC: jraising, psklenar
Target Milestone: rcFlags: thozza: needinfo? (jraising)
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-17 16:17:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1380362, 1393869    

Description jigar 2016-07-28 16:26:23 UTC
Description of problem: Following errors were seen in /var/log/messages after fresh install of RHEL-7.2 :

quanta gnome-session: Apr 11 15:18:17 dnssec-trigger-panel[14265] fatal error: cannot setup ssl context: Error setting up SSL_CTX client key and cert error:02001002:system library:fopen:No such file or directory

Version-Release number of selected component (if applicable): dnssec-trigger-0.11-21.el7

How reproducible: Sometimes

Steps to Reproduce:
1. Install RHEL-7.2
2. Check /var/log/messages

Actual results: Errors seen in /var/log/messages after fresh install

Expected results: Errors shouldn't be logged in /var/log/messages after fresh install

Comment 2 Tomáš Hozza 🤓 2016-07-29 11:54:51 UTC
Was the dnssec-trigger installed explicitly? The problem here is that the SSL certificates used by the panel to communicate with the daemon are created when the daemon is started for the first time. I don't think we want to create them during the installation, because there may be issues with not having enough entropy.

Comment 5 Tomáš Hozza 🤓 2017-02-17 16:17:09 UTC
I tried to reproduce this issue. The customer had to install dnssec-trigger explicitly, as it is not included in the default installation. After the installation, dnssec-trigger daemon is not started, but is enabled. The panel is not started. If one starts the dnssec-trigger-panel before the reboot, the error is there. During the next system start all necessary keys are created. After that it is not possible to reproduce the error message.

The bottom line is, that the log message can not be present after fresh insyall of the system, but the user has to do an invalid step.

The use and installation of dnssec-trigger is documented in the Security Guide (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_DNS_Traffic_with_DNSSEC.html#sec-Security_Guide-Understanding_Dnssec-trigger).

Closing as NOTABUG. Feel free to reopen if you don't agree.