Berry A.W. van Halderen <[email protected]> wrote:
On 01/16/2017 07:49 PM, Michael Grimm wrote:
Hmm, what do I need to do in order to recover from that error? Any
input
is highly appreciated.
The enforcer will try to allocate more keys upon the next run. The
time
when this is depends (in 1.4), upon the Interval setting in the
conf.xml. Normally a number of minutes (at 14:00 your time).
But my assumption is that this already was tried a number of times.
Indeed. In the meantime I do find many of those errors in the logfile.
I don't know which HSM you are using.
softhsm 1.3.8
If you are using SoftHSM, it
could be due to permissions problems on the files where the keys
are stored, or to a full filesystem. Check /var/lib/softhsm,
the default location (set in /etc/softhsm.conf).
-rw-r--r-- 1 root wheel uarch 44032 Jan 16 20:48
/usr/local/var/opendnssec/kasp.db
I have to note, that 8 other domains are kept in that database. None of
the other domains triggered a similar error (yet).
You can also increase the verbosity in conf.xml and restart
to get a bit more information.
I had had <Verbosity>3</Verbosity>. I did increase to 4,5, and 10, but
to no avail. The very same log messages are reported, no additional
ones. Is this the verbosity you were refering to?
Did you keep the original
/usr/local/var/opendnssec/signconf/example.com.xml
by any change?
Yes. I did save before rescue trials:
-rw-r--r-- root/opendnssec 990 2017-01-06 21:02
opendnssec/signconf/example.com.xml
What do you want me to do with that?
I do have to admit that I am pretty helpless in understanding the
details of the software I am using. Sad to say :-(
So, what should I do next?
Create a new key for example.com and import it into softhsm?
Export kaps.db and re-import? (how?)
Anything else?
Thanks and regards,
Michael
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
