[Opendnssec-user] Re: Backup/restore information
Fred Zwarts (KVI)
F.Zwarts at KVI.nl
Tue Apr 3 14:32:43 UTC 2012
"Fred Zwarts (KVI)" wrote in message news:jlcggf$hfg$1 at dough.gmane.org...
>
...
>
>So, I think I will make a daily cron job that performs the following steps.
>1) Shut down OpenDNSsec
>2) create a tar file with the softHSM and OpenDNSsec configuration in etc
>and the OpenDNSsec state in /var/opendsnsec.
>3) dump the database of /var/softhsm/slot0.db to another file
>4) startup OpenDNSsec again.
>
>The next step is that I will try to use these backup files to restore the
>OpenDNSsec and softHSM state on another server, just to prove that it is
>sufficient.
Today I tried to restore the OpenDNSsec state on another server, using the
files saved as described above on the original server.
I compiled and built the software.
I did not run any of the programs, but first I tried to restore the state as
follows:
I removed the /var/softhsm/slot0.db file and recreated it from the
softhsmdump file with:
sqlite3 /var/softhsm/slot0.db < softhsmdump
(This softhsmdump file was created with:
sqlite3 /var/softhsm/slot0.db .dump > softhsmdump
on the original server.)
I deleted the /var/opendnssec directory and restored the contents from a tar
file created on the original server.
I restored the files in /etc/opendnssec from the same tar file created on
the original server.
I assumed that now everything was restored to the state in which the backup
was made.
The commands "ods-ksmutil zone list"
and "ods-ksmutil repository list" worked correctly.
But when I tried to list the keys with:
ods-ksmutil key list --verbose
the result was:
SQLite database set to: /var/opendnssec/kasp.db
Keys:
hsm_get_slot_id(): could not find token with the name OpenDNSSEC
Error: failed to list keys
Any suggestion as to what is missing in the backup/restore procedure?
More information about the Opendnssec-user
mailing list