> key state has NOT changed after 'next transition'; not sure what SHOULD have > shown ...
This as a remnant of the 1.4 enforcer. Which expressed states in 'publish', 'ready', etc. 2.0 has a more fine grained model. But it presents the state in something familiar to 1.4 users. (at least it tries to find a presentation as close as possible to the actual state, which is not always a perfect match). Use ods-enforcer key list --debug to see what *really* is going on. > > ods-enforcer key list --verbose > Keys: > Zone: Keytype: State: Date of next > transition: Size: Algorithm: CKA_ID: Repository: > KeyTag: > example.info KSK publish 2016-12-21 > 06:51:01 2048 8 acec57818bc81329aff8b50d1b368c37 SoftHSM > 31180 > example.info ZSK ready 2016-12-21 > 06:51:01 1024 8 93d581dac130c9ff795c246698511e97 SoftHSM > 4800 > > eventually, simply waiting longer > > date > Wed Dec 21 06:53:29 PST 2016 > > ods-enforcer key list --verbose > Keys: > Zone: Keytype: State: Date of next > transition: Size: Algorithm: CKA_ID: Repository: > KeyTag: > example.info KSK ready waiting for > ds-seen 2048 8 acec57818bc81329aff8b50d1b368c37 SoftHSM > 31180 > example.info ZSK active 2016-12-21 > 10:35:01 1024 8 93d581dac130c9ff795c246698511e97 SoftHSM > 4800 > > still no "keystate_ds_x_cmd" in logs, and no email sent What you are describing should indeed either have send a mail or have logged something. Your theory about not terminating the command could maybe also be the case. In any case I'll have a look. Have you tried executing the script manually running under the opendnssec user? - did it work? //Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
