Hello, I'm running OpenDNSSEC 2.1.8 in our acceptance environment and when I try to purge keys from the politie zone it gives the message in the subject.
I run the following command: root@ede1-signa1:~# ods-enforcer key purge --zone politie --delete No keys to purge for politie Found no keys to delete from HSM root@ede1-signa1:~# The logging shows the following: Mar 3 11:34:09 ede1-signa1 ods-enforcerd: received command key purge --zone politie --delete Mar 3 11:34:09 ede1-signa1 ods-enforcerd: [hsm_key_factory_delete_key] looking for keys to purge from HSM Mar 3 11:34:09 ede1-signa1 ods-enforcerd: [hsm_key_factory_delete_key] unable to remove key cc4a433a33a40fce18717beea330a3d1 And I can understand that is unable to delete this key from the HSM, because it is no longer available in the HSM: root@ede1-signa1:~# ods-hsmutil list HSM-OTA | grep cc4a433a33a40fce18717beea330a3d1 root@ede1-signa1:~# How can I tell OpenDNSSEC that this key has already been removed from the HSM and it should no longer try to remove it from the HSM. I thought about removing it from hsmKey table in the MySQL database directly. But I don't know if this has any side effects. -- Stefan Ubbink DNS & Systems Engineer Present: Mon, Tue, Wed, Fri SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands T +31 (0)26 352 55 00 https://www.sidn.nl
pgpy1pfHCmMlO.pgp
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
