[Opendnssec-user] Questions about SoftHSM and 'ods-ksmutil backup'

Jake Zack jake.zack at cira.ca
Thu Sep 24 16:45:50 CEST 2015


I'm trying to sync the kaspdb between two servers, which I expect to do periodically to counter drift between two signing boxes.

On the primary, I'm using ods-ksmutil backup to prepare and create /var/opendnssec/kasp.db.backup:

-rw-r--r-- 1 ods ods 39936 Sep 24 10:36 /var/opendnssec/kasp.db.backup

I'm scp'ing that file over to the secondary server.

Can I make ods-enforcerd use this kaspdb without a restart of ods-enforcerd?

I tried to make the secondary server do an "ods-ksmutil backup rollback" to make it read the .backup config into running config...but I get "There were no keys to rollback".

I'd've expected there to be a "restore" option or what not...what am I missing?  What's the preferred method for syncing two signers?

Thanks,

-Jacob Zack
Sr. DNS Administrator - CIRA (.CA TLD)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20150924/f182673a/attachment.html>


More information about the Opendnssec-user mailing list