"Jerry Lundström" wrote in message
news:[email protected]...
Hi Fred,
On Apr 2, 2012, at 13:56 , Fred Zwarts (KVI) wrote:
Here is what I do:
ods-ksmutil backup prepare
sqlite3 /var/lib/softhsm/slot0.db .dump | gzip | mygpg > $shsmfile
mysqldump -u opendnssec opendnssec | gzip | mygpg > $kaspfile
invoke-system-backup
ods-ksmutil backup commit
I assume that $shsmfile and $kaspfile are stored on a safe place and
contain all the information needed to restore the SoftHSM and OpenDNSsec
state. They are probably included in your system backup.
I am not familiar with mysql or sqlite. What are the commands needed to
restore the state from these two safe files?
Have you verified that it is sufficient to restore your zones and keys
from these two files (and the unsigned zone files, of course)?
There isn't any guide to backup and restore but there are some
documentation about the backups for each software.
OpenDNSSEC -
https://wiki.opendnssec.org/display/DOCS/Key+Management#KeyManagement-Markingkeysasbackedup
As far as I can see, this one only tells how to tell OpenDNSsec that a
backup will be made, not how a backup of the OpenDNSstate is made.
SoftHSM -
https://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+Home#SoftHSMDocumentationHome-Backup
If your running MySQL there should be plenty of documentation on how to
backup/restore on mysql.com or if your running SQLite it's basically just a
database in a file so you could .dump it or copy it.
Thanks, I think this is the strategy that I will use for the softHSM
database. (With OpenDNSsec shut down.)
If you want to keep state in the backup the best bet is to shutdown
OpenDNSSEC and copy everything in /etc/opendnssec and /var/opendnssec (or
/var/lib/opendnssec, depending on your installation).
Thanks, this is what I need to know, concerning the locations where
OpenDNSsec stores its state.
So, I think I will make a daily cron job that performs the following steps.
1) Shut down OpenDNSsec
2) create a tar file with the softHSM and OpenDNSsec configuration in etc
and the OpenDNSsec state in /var/opendsnsec.
3) dump the database of /var/softhsm/slot0.db to another file
4) startup OpenDNSsec again.
The next step is that I will try to use these backup files to restore the
OpenDNSsec and softHSM state on another server, just to prove that it is
sufficient.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
