[Opendnssec-user] Questions about SoftHSM and 'ods-ksmutil backup'
jake.zack at cira.ca
Thu Sep 24 14:45:50 UTC 2015
I'm trying to sync the kaspdb between two servers, which I expect to do periodically to counter drift between two signing boxes.
On the primary, I'm using ods-ksmutil backup to prepare and create /var/opendnssec/kasp.db.backup:
-rw-r--r-- 1 ods ods 39936 Sep 24 10:36 /var/opendnssec/kasp.db.backup
I'm scp'ing that file over to the secondary server.
Can I make ods-enforcerd use this kaspdb without a restart of ods-enforcerd?
I tried to make the secondary server do an "ods-ksmutil backup rollback" to make it read the .backup config into running config...but I get "There were no keys to rollback".
I'd've expected there to be a "restore" option or what not...what am I missing? What's the preferred method for syncing two signers?
Sr. DNS Administrator - CIRA (.CA TLD)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user