9 Pro
2020
9 Pro
'20
11:15
Hi Thomas,
could you please try if this issue is reproducible: if whenever you
attempt the backup (to a fresh empty target directory), it fails with
"not exists"?
Could you please check if the keys that happen to make it to the backup
belong to the same zone, or that it's one from each zone? (You light use
`keymgr list` to check which key ID belongs to which zone.)
Thanks,
Libor
Dne 08. 12. 20 v 21:36 Thomas napsal(a):
Hi Libor,
sorry, I was really too unspecific.
I'm hosting 2 zones. These 4 keys are on the production machine:
root@signer-0:/var/lib/knot/keys/keys# ls -alh
-rw-r----- 1 knot knot 1,7K Nov 5 16:22
087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
-rw-r----- 1 knot knot 916 Nov 5 16:44
1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
-rw-r----- 1 knot knot 916 Nov 5 16:22
6ebb8eb3ec2ddaf150119b4bc11b47dcec91621a.pem
-rw-r----- 1 knot knot 1,7K Nov 5 16:44
d7e47e2909f4d5947d8fb8684cb79ed06feb4b0a.pem
Performing a backup with the following command:
# knotc zone-backup +backupdir /tmp/backup
Backup directory after performing the backup shows:
root@signer-0:/tmp/backup/keys/keys# ls -ahl
-rw-r----- 1 knot knot 1,7K Dez 8 20:21
087cc573318e070befff1d9cbcf07e3b5cf5444d.pem
-rw-r----- 1 knot knot 916 Dez 8 20:21
1fb3900b2e5ac72d30f927016ea4546ca561a5da.pem
2 keys are missing.
Hhmm ok, there is an error in the log:
2020-12-08T20:26:43+0000 info: control, received command 'zone-backup'
2020-12-08T20:26:43+0000 warning: [xxx.] zone backup failed (not exists)
2020-12-08T20:26:43+0000 error: [xxx.] zone event 'backup/restore'
failed (not exists)
2020-12-08T20:26:43+0000 warning: [yyy.] zone backup failed (not exists)
2020-12-08T20:26:43+0000 error: [yyy.] zone event 'backup/restore'
failed (not exists)
I'm using the latest knot version.
Best regards,
Thomas
Am 08.12.20 um 16:56 schrieb libor.peltan:
> Hi Thomas,
>
> could you be more specific about "half of private keys were in the
> backup" ? How many were, how many weren't, and was there some obvious
> difference between them?
>
> Could you share the log snippets covering the backup and the restore
> procedures?
>
> Thanks,
>
> Libor
>
> Dne 08. 12. 20 v 16:48 Thomas E. napsal(a):
>> Hi (again),
>>
>> I was trying to backup and restore a server with the new knotc
>> zone-backup/restore command.
>>
>> I recognized that only half of the private keys were in the backup,
>> which leads to an error:
>>
>> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load private
>> keys (not exists)
>> 2020-12-08T14:44:00+0100 error: [xxx.] DNSSEC, failed to load keys (not
>> exists)
>>
>> Shouldn't the backup contain all private keys?
>>
>>
>> Thanks,
>> Thomas