[Opendnssec-user] Repository softHSM is full

Bjorn Hansson hansson at netera.se
Mon Oct 12 18:02:16 UTC 2009


Thanks for your very quick reply!

> There was a bug between r2203 and 2207 which meant that repositories
> defined (in conf.xml) without a capacity would always look full.
 > [...]
> 1) purge dead keys from the system using "ods-ksmutil key purge --policy
> <policy>"

Purging the keys solved my immediate problem, and the signing process 
could go on.

However, I don't have a capacity tag in the conf.xml (actually I do, but 
it's commented out). Compared to the conf.xml.sample, I have only 
changed <NotifyCommand> in my conf.xml, so my softHSM should already be 
"unlimited" if I understand things correctly. Can I check if my softHSM 
is "unlimited" in some way?

Another problem, maybe related to the above, when sent a command to sign 
a zone, it is actually signed, but not copied to my output directory. I 
can however find the sign file in the temp directory. If I manually copy 
the signed file from the tmp directory to my output directory, bind 
accepts it. It seems the auditor fails for some reason, please see the 
attached file for details. I'll be happy to provide more information 
about my system if you need.

Best regards,
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ods_fail_cdpris_se_20091012.txt
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091012/ea6f8fb4/attachment.txt>

More information about the Opendnssec-user mailing list