Hi Yuri, > The actual generation of the key fails but that happens at slightly > different time. Could you provide more log output? how would a log message look like when new keys are generated ? I searched the log (already at verbosity 10) but did not find any messages that would indicate that ODS is generating, or trying to generate but failing, any new keys.
The only thing I found is in the startup messages, where it says that "No new ZSKs need to be created". See logs below (config filenames and DB information have been removed from the log messages): ods-enforcerd: [ID 676094 daemon.info] opendnssec starting... ods-enforcerd: [ID 326049 local0.info] HSM connection open. ods-enforcerd: [ID 442419 local0.info] Reading config ods-enforcerd: [ID 321401 local0.info] Reading config schema ods-enforcerd: [ID 779269 local0.info] Communication Interval: 900 ods-enforcerd: [ID 166010 local0.info] Rollover Notification Interval: 604800 ods-enforcerd: [ID 796646 local0.info] Using command: to submit DS records ods-enforcerd: [ID 646761 local0.info] MySQL database schema set to: ods-enforcerd: [ID 950666 local0.info] MySQL database user set to: ods-enforcerd: [ID 130658 local0.info] MySQL database password set ods-enforcerd: [ID 517519 local0.info] Log User set to: local0 ods-enforcerd: [ID 399845 local0.info] Pidfile set to: ods-enforcerd: [ID 599916 local0.info] Switched log facility to: local0 ods-enforcerd: [ID 813082 local0.info] Connecting to Database... ods-enforcerd: [ID 799338 local0.info] Policy default found. ods-enforcerd: [ID 792314 local0.info] Key sharing is On ods-enforcerd: [ID 931102 local0.info] 86 zone(s) found on policy "default" ods-enforcerd: [ID 970822 local0.info] No new KSKs need to be created. ods-enforcerd: [ID 193721 local0.info] No new ZSKs need to be created. ods-enforcerd: [ID 630891 local0.info] NOTE: keys generated in repository SoftHSM will not become active until they have been backed up ods-enforcerd: [ID 685651 local0.debug] Purging keys... Regards Marc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
