[Opendnssec-user] Re: Backup/restore information
Fred Zwarts (KVI)
F.Zwarts at KVI.nl
Mon Apr 2 15:27:11 UTC 2012
"Jerry Lundström" wrote in message
news:FED80B7D-A637-441D-9836-24EDCB4CD57C at opendnssec.org...
>On Apr 2, 2012, at 13:56 , Fred Zwarts (KVI) wrote:
>>> Here is what I do:
>>> ods-ksmutil backup prepare
>>> sqlite3 /var/lib/softhsm/slot0.db .dump | gzip | mygpg > $shsmfile
>>> mysqldump -u opendnssec opendnssec | gzip | mygpg > $kaspfile
>>> ods-ksmutil backup commit
>> I assume that $shsmfile and $kaspfile are stored on a safe place and
>> contain all the information needed to restore the SoftHSM and OpenDNSsec
>> state. They are probably included in your system backup.
>> I am not familiar with mysql or sqlite. What are the commands needed to
>> restore the state from these two safe files?
>> Have you verified that it is sufficient to restore your zones and keys
>> from these two files (and the unsigned zone files, of course)?
>There isn't any guide to backup and restore but there are some
>documentation about the backups for each software.
As far as I can see, this one only tells how to tell OpenDNSsec that a
backup will be made, not how a backup of the OpenDNSstate is made.
>If your running MySQL there should be plenty of documentation on how to
>backup/restore on mysql.com or if your running SQLite it's basically just a
>database in a file so you could .dump it or copy it.
Thanks, I think this is the strategy that I will use for the softHSM
database. (With OpenDNSsec shut down.)
>If you want to keep state in the backup the best bet is to shutdown
>OpenDNSSEC and copy everything in /etc/opendnssec and /var/opendnssec (or
>/var/lib/opendnssec, depending on your installation).
Thanks, this is what I need to know, concerning the locations where
OpenDNSsec stores its state.
So, I think I will make a daily cron job that performs the following steps.
1) Shut down OpenDNSsec
2) create a tar file with the softHSM and OpenDNSsec configuration in etc
and the OpenDNSsec state in /var/opendsnsec.
3) dump the database of /var/softhsm/slot0.db to another file
4) startup OpenDNSsec again.
The next step is that I will try to use these backup files to restore the
OpenDNSsec and softHSM state on another server, just to prove that it is
More information about the Opendnssec-user