[Opendnssec-user] Error allocating ksks / zsks

[Havard Eidnes]

> so I worried that the key in the "generate" state for the
> godegrep.no zone might mess things up (orphaned?), so it is now
> history:

This removal of the apparently orphaned key in "generate" state
seems to have unwedged this one.  In the log I now found

Feb  3 09:34:40 hugin ods-enforcerd: Zone godegrep.no found.
Feb  3 09:34:40 hugin ods-enforcerd: Policy for godegrep.no set to default.
Feb  3 09:34:40 hugin ods-enforcerd: Config will be output to /var/opendnssec/signconf/godegrep.no.xml.
Feb  3 09:34:40 hugin ods-enforcerd: KSK key allocation for zone godegrep.no: 1 key(s) allocated 
Feb  3 09:34:40 hugin ods-enforcerd: WARNING: KSK rollover for zone 'godegrep.no' not completed as there are no keys in the 'ready' state; ods-enforcerd will try again when it runs next
Feb  3 09:34:40 hugin ods-enforcerd: WARNING: ZSK rollover for zone 'godegrep.no' not completed as there are no keys in the 'ready' state; ods-enforcerd will try again when it runs next

and listing the keys for the zone shows significant change:

ods @ hugin: {29} ods-ksmutil key list --all --zone godegrep.no
Keys:
Zone:                           Keytype:      State:    Date of next transition:
godegrep.no                     KSK           active    2015-12-13 15:12:43 
godegrep.no                     ZSK           dead      to be deleted       
godegrep.no                     ZSK           active    2016-01-07 04:30:48 
godegrep.no                     ZSK           publish   2016-02-03 15:49:40 
godegrep.no                     KSK           publish   2016-02-03 15:49:40 

ods @ hugin: {30} 

So by the end of today, there should be both a new zsk and ksk in
"ready" state to progress the key rotation.

Regards,

- Håvard