On Wed, Mar 03, 2021 at 11:44:44AM +0100, Stefan Ubbink via Opendnssec-user wrote: > I'm running OpenDNSSEC 2.1.8 in our acceptance environment and when I > try to purge keys from the politie zone it gives the message in the > subject. > > I run the following command: > root@ede1-signa1:~# ods-enforcer key purge --zone politie --delete > No keys to purge for politie > Found no keys to delete from HSM > root@ede1-signa1:~#
I believe this happened because the key has been manually removed from the HSM without telling OpenDNSSEC because of the bug fixed in 2.1.8. > And I can understand that is unable to delete this key from the HSM, > because it is no longer available in the HSM: > root@ede1-signa1:~# ods-hsmutil list HSM-OTA | grep > cc4a433a33a40fce18717beea330a3d1 > root@ede1-signa1:~# > > How can I tell OpenDNSSEC that this key has already been removed from > the HSM and it should no longer try to remove it from the HSM. > I thought about removing it from hsmKey table in the MySQL database > directly. But I don't know if this has any side effects. > I think we need to do this indeed thru the database, I believe you know the query (a delete from a single table). This will not have any side effects. \Berry _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
