We are still seeing: "key_data_update() failed" Oct 11 05:03:13 signer ods-enforcerd[6452]: [enforcer] removeDeadKeys deleting key: 60e49cfb7857be2942afa451c0654c98 Oct 11 05:03:13 signer ods-enforcerd[6452]: [hsm_key_factory_get_key] removing key 60e49cfb7857be2942afa451c0654c98 from HSM Oct 11 05:03:13 signer ods-enforcerd[6452]: [enforcer] removeDeadKeys: keys deleted from HSM: 1 Oct 11 05:03:13 signer ods-enforcerd[6452]: [enforcer] update: key_data_update() failed Oct 11 18:30:18 signer ods-enforcerd[6452]: [enforcer] removeDeadKeys deleting key: 96a5d13abd2cc3246e703cfdd429a0d2 Oct 11 18:30:18 signer ods-enforcerd[6452]: [hsm_key_factory_get_key] removing key 96a5d13abd2cc3246e703cfdd429a0d2 from HSM Oct 11 18:30:18 signer ods-enforcerd[6452]: [enforcer] removeDeadKeys: keys deleted from HSM: 1 Oct 11 18:30:18 signer ods-enforcerd[6452]: [enforcer] update: key_data_update() failed
for key rollovers. We upgraded on Oct 10 to 2.1.10 On Sat, Sep 11, 2021 at 1:05 PM Berry van Halderen via Opendnssec-user <opendnssec-user@lists.opendnssec.org> wrote: > > Dear all, > > Just released, OpenDNSSEC 2.1.10, available immediately from our regular > download site: > > https://dist.opendnssec.org/source/opendnssec-2.1.10.tar.gz > > SHA256: c0a8427de241118dccbf7abc508e4dd53fb75b45e9f386addbadae7ecc092756 > > This release addresses an automatic resalting after a migration from 1.4 > and an error manifesting as a key_data_update failure in the logs where > a retired key wasn't removed from the signer configuration in time in > certain circumstances. > Also an RPM is now provided for RHEL/CentOS distros at the same download > location: https://dist.opendnssec.org/source/ > > \Berry > > * OPENDNSSEC-957: Fix exit code signer daemon to not always report > failure. > * OPENDNSSEC-958: Fix immediate resalting after migration from 1.4. > * OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count > that is deemed too high. > * SUPPORT-265: Resolve conflict when deleting keys from HSM whilst > also performing step in key roll process. Typically a message > "key_data_update failed" is present in logs. > * Provided RedHat/CentOS spec file in contrib directory. > _______________________________________________ > Opendnssec-user mailing list > Opendnssec-user@lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
