[Opendnssec-user] Repository softHSM is full
sion at nominet.org.uk
sion at nominet.org.uk
Mon Oct 12 15:21:31 UTC 2009
> I run trunk r2207, and I get this error in my logfile
> Oct 12 16:48:04 bure ods-enforcerd: Repository softHSM is full, cannot
> create more KSKs for policy default
> Oct 12 16:48:04 bure ods-enforcerd: Repository softHSM is full, cannot
> create more ZSKs for policy default
>
> How do I expand and/or clean my softHSM? Or should I do something else?
There may be more than one thing happening here.
There was a bug between r2203 and 2207 which meant that repositories
defined (in conf.xml) without a capacity would always look full.
That should not be a problem as you are running r2207, I mention it more
for anyone else who is running one of those versions.
It seems that you have filled up your HSM to its declared capacity, so you
have 2 choices:
1) purge dead keys from the system using "ods-ksmutil key purge --policy
<policy>"
or
2) increase the capacity in conf.xml and run "ods-ksmutil update" to push
the new information into the database.
If you remove the Capacity tag completely you get a repository that will
have an "unlimited" size.
Sion
More information about the Opendnssec-user
mailing list