Sorry for my bad nomenclature in my original request. I’m pre-populating HSM’s with keys, so no worries there about backups of that…I’m merely trying to sync kasp db’s.
I was hoping to do it without needing to restart ods-enforcerd. I just find it odd that if I can do ‘ods-ksmutil backup …’ commands to generate a kasp.db.backup…that I can’t restore from that backup on the same server and/or a different server seamlessly. -jake From: Rickard Bellgrim [mailto:rick...@opendnssec.org] Sent: Friday, September 25, 2015 2:03 AM To: Rick van Rein Cc: Jake Zack; opendnssec-user@lists.opendnssec.org Subject: Re: [Opendnssec-user] Questions about SoftHSM and 'ods-ksmutil backup' On Thu, Sep 24, 2015 at 4:55 PM, Rick van Rein <r...@openfortress.nl<mailto:r...@openfortress.nl>> wrote: The SQLite backups are made at the database level, and that is the level at which you should look for tooling support for import / recover the backup. The default procedure in lieu of any would be to stop KASP, replace the database with the newly copied backup, and bring the KASP backup. Also, there are no keys in the KASP database, only the metadata about them. The keys are stored in the HSM. In SoftHSM, the keys are stored in the token database according to softhsm.conf. The README have more information on the backup procedures.
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
