"Fred Zwarts (KVI)" wrote in message news:[email protected]...
...
So, I think I will make a daily cron job that performs the following steps.
1) Shut down OpenDNSsec
2) create a tar file with the softHSM and OpenDNSsec configuration in etc
and the OpenDNSsec state in /var/opendsnsec.
3) dump the database of /var/softhsm/slot0.db to another file
4) startup OpenDNSsec again.
The next step is that I will try to use these backup files to restore the
OpenDNSsec and softHSM state on another server, just to prove that it is
sufficient.
Today I tried to restore the OpenDNSsec state on another server, using the
files saved as described above on the original server.
I compiled and built the software.
I did not run any of the programs, but first I tried to restore the state as
follows:
I removed the /var/softhsm/slot0.db file and recreated it from the
softhsmdump file with:
sqlite3 /var/softhsm/slot0.db < softhsmdump
(This softhsmdump file was created with:
sqlite3 /var/softhsm/slot0.db .dump > softhsmdump
on the original server.)
I deleted the /var/opendnssec directory and restored the contents from a tar
file created on the original server.
I restored the files in /etc/opendnssec from the same tar file created on
the original server.
I assumed that now everything was restored to the state in which the backup
was made.
The commands "ods-ksmutil zone list"
and "ods-ksmutil repository list" worked correctly.
But when I tried to list the keys with:
ods-ksmutil key list --verbose
the result was:
SQLite database set to: /var/opendnssec/kasp.db
Keys:
hsm_get_slot_id(): could not find token with the name OpenDNSSEC
Error: failed to list keys
Any suggestion as to what is missing in the backup/restore procedure?
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
