On Thu, 11 Mar 2021, (Berry) A.W. van Halderen via Opendnssec-user wrote:
>> Listing keys in all repositories.
>>
>> … hangs "forever" (1 hour at least).
>>
>> Hmm, is this something to worry about?
Not if it's that large.
I have the same issue, reporting a few years ago. See the mail archive.
In my case, though, it is clearly seen in the logs:
Mar 15 14:24:43 ns0 ods-enforcerd: Not enough keys to satisfy zsk policy for
zone: chaishinyu.com. keys_to_allocate(1) = keys_needed(1) - (keys_available(1)
- keys_pending_retirement(1))
Mar 15 14:24:43 ns0 ods-enforcerd: Tried to allocate 1 keys, failed on
allocating key number 1
Mar 15 14:24:43 ns0 ods-enforcerd: ods-enforcerd will create some more keys on
its next run
So it adds a key, thinks it failed, and 15 minutes later will do it
again. I have about 20 zones and my softhsm size is:
-rw-rw-r--. 1 ods ods 51M Mar 11 18:06 /var/lib/softhsm/slot0.db
It has reached the point where I can no longer add zones to my config,
and I need to sit down one day and re-install this signer :/
This is on 1.4.14 though, as previous attempts to upgrade to 2.x have
failed.
Paul
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
