Hi, picking just a few of your questions:
> 3) How can i backup keys and slots? > 4) How to backup DB? This is the script I use to backup the slot0.db, the only one, on my installation: #! /bin/sh cd /var/db/softhsm/ ods-ksmutil backup prepare sqlite3 slot0.db ".backup slot0-backup.`date +%d`.db" ods-ksmutil backup commit This is done each night, and the backup files are then subject to normal system backups (you get a total of 31 backup files where each one is re-used and overwritten approximately every month). The "ods-ksmutil backup ..." dance is so that the keys only get a "backed up" flag if they were actually part of the backup, and the sqlite3 .backup should ensure that the backup is in a consistent state, "database-wise". (I hope I've got that right.) > 5) How to upgrade OpenDNSSEC? are there any notes about that? That's version-specific. Usually, upgrades within a given major version go smoothly and require no particular actions, but do consult the relevant release notes, e.g. http://www.opendnssec.org/2014/07/21/opendnssec-1-4-6/ You obviously need to ensure that you're actually running the new bits after you've done the upgrade, i.e. you need to restart long-running processes which are part of OpenDNSSEC. An example of information supplied with a major version upgrade can e.g. be found at https://wiki.opendnssec.org/display/DOCS/New+in+OpenDNSSEC+1.4 > 6) How can i clone the current system to another one without > any failure? are there any notes about that? Here I'm a little sketchy because I've not yet done this myself, but I'm thinking that if you have a "cold standby" with the exact same software versions installed (kept in sync when you upgrade), and you suffer a catastrophic breakdown on your production system, copying the latest backup of the SoftHSM database, putting it in place of slot0.db, and ensuring that zones can enter and leave the OpenDNSSEC installation on the former cold standby, now active OpenDNSSEC system, you should be good to go (this obviously needs testing to ensure confidence in the required procedure). I see one stumbling block, though: the SoftHSM sofware uses "unsigned long" in on-disk data storage, and that causes a SoftHSM database to not be portable between 32- and 64-bit systems, ref. https://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+v1.3#SoftHSMDocumentationv1.3-Backup > 7) are there any yum repo to install opendnssec? I don't know. Maybe http://www.opendnssec.org/download/packages/ can give some directions. Regards, - HÃ¥vard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
