[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r3764 - in branches/OpenDNSSEC-sion/enforcer: ksm ksm/include/ksm utils

Sion Lloyd sion at nominet.org.uk
Fri Aug 20 10:19:48 CEST 2010


Author: sion
Date: 2010-08-20 10:19:48 +0200 (Fri, 20 Aug 2010)
New Revision: 3764

Modified:
   branches/OpenDNSSEC-sion/enforcer/ksm/include/ksm/ksm.h
   branches/OpenDNSSEC-sion/enforcer/ksm/ksm_import.c
   branches/OpenDNSSEC-sion/enforcer/utils/database_create.mysql
   branches/OpenDNSSEC-sion/enforcer/utils/database_create.sqlite3
   branches/OpenDNSSEC-sion/enforcer/utils/ksmutil.c
   branches/OpenDNSSEC-sion/enforcer/utils/migrate_keyshare_mysql.pl
   branches/OpenDNSSEC-sion/enforcer/utils/migrate_keyshare_sqlite3.pl
   branches/OpenDNSSEC-sion/enforcer/utils/ods-ksmutil.1.in
Log:
Add 2-step backup, not updated list to indicate new states yet.


Modified: branches/OpenDNSSEC-sion/enforcer/ksm/include/ksm/ksm.h
===================================================================
--- branches/OpenDNSSEC-sion/enforcer/ksm/include/ksm/ksm.h	2010-08-20 06:51:46 UTC (rev 3763)
+++ branches/OpenDNSSEC-sion/enforcer/ksm/include/ksm/ksm.h	2010-08-20 08:19:48 UTC (rev 3764)
@@ -611,6 +611,8 @@
 int KsmSmIdFromName(const char* name, int *id);
 int KsmSerialIdFromName(const char* name, int *id);
 int KsmPolicyIdFromName(const char* name, int *id);
+int KsmMarkPreBackup(int repo_id, const char* datetime);
+int KsmRollbackMarkPreBackup(int repo_id);
 int KsmMarkBackup(int repo_id, const char* datetime);
 int KsmCheckHSMkeyID(int repo_id, const char* cka_id, int *exists);
 

Modified: branches/OpenDNSSEC-sion/enforcer/ksm/ksm_import.c
===================================================================
--- branches/OpenDNSSEC-sion/enforcer/ksm/ksm_import.c	2010-08-20 06:51:46 UTC (rev 3763)
+++ branches/OpenDNSSEC-sion/enforcer/ksm/ksm_import.c	2010-08-20 08:19:48 UTC (rev 3764)
@@ -473,6 +473,85 @@
 }
 
 /*+
+ * KsmMarkPreBackup - Mark a backup as having been prepared
+ *
+ *
+ * Arguments:
+ *
+ *      int repo_id
+ *          ID of the repository (-1 for all)
+ *
+ *      const char* datetime
+ *          When the pre backup was done
+ *
+ * Returns:
+ *      int
+ *          Status return.  0 on success.
+ *                          other on fail
+ */
+
+int KsmMarkPreBackup(int repo_id, const char* datetime)
+{
+    char*       sql = NULL;     /* SQL query */
+    int         status = 0;     /* Status return */
+
+    /* Update rows */
+    sql = DusInit("keypairs");
+    DusSetString(&sql, "PRE_BACKUP", datetime, 0);
+    if (repo_id != -1) {
+        DusConditionInt(&sql, "securitymodule_id", DQS_COMPARE_EQ, repo_id, 0);
+        StrAppend(&sql, " and pre_backup is null");
+    } else {
+        StrAppend(&sql, " where pre_backup is null");
+    }
+    DusEnd(&sql);
+
+    status = DbExecuteSqlNoResult(DbHandle(), sql);
+    DusFree(sql);
+
+    return status;
+}
+
+/*+
+ * KsmRollbackPreBackup - Rollback a backup prepare step
+ *
+ *
+ * Arguments:
+ *
+ *      int repo_id
+ *          ID of the repository (-1 for all)
+ *
+ * Returns:
+ *      int
+ *          Status return.  0 on success.
+ *                          other on fail
+ */
+
+int KsmRollbackMarkPreBackup(int repo_id)
+{
+    char*       sql = NULL;     /* SQL query */
+    int         status = 0;     /* Status return */
+
+    /* Update rows */
+    sql = DusInit("keypairs");
+    DusSetString(&sql, "PRE_BACKUP", NULL, 0);
+    if (repo_id != -1) {
+        DusConditionInt(&sql, "securitymodule_id", DQS_COMPARE_EQ, repo_id, 0);
+        StrAppend(&sql, " and pre_backup is not null");
+        StrAppend(&sql, " and backup is null");
+    } else {
+        StrAppend(&sql, " where pre_backup is null");
+        StrAppend(&sql, " and backup is null");
+    }
+    DusEnd(&sql);
+
+    status = DbExecuteSqlNoResult(DbHandle(), sql);
+    DusFree(sql);
+
+    return status;
+}
+
+/*+
  * KsmMarkBackup - Mark a backup as having been done
  *
  *
@@ -501,8 +580,10 @@
     if (repo_id != -1) {
         DusConditionInt(&sql, "securitymodule_id", DQS_COMPARE_EQ, repo_id, 0);
         StrAppend(&sql, " and backup is null");
+        StrAppend(&sql, " and pre_backup is not null");
     } else {
         StrAppend(&sql, " where backup is null");
+        StrAppend(&sql, " and pre_backup is not null");
     }
     DusEnd(&sql);
 

Modified: branches/OpenDNSSEC-sion/enforcer/utils/database_create.mysql
===================================================================
--- branches/OpenDNSSEC-sion/enforcer/utils/database_create.mysql	2010-08-20 06:51:46 UTC (rev 3763)
+++ branches/OpenDNSSEC-sion/enforcer/utils/database_create.mysql	2010-08-20 08:19:48 UTC (rev 3764)
@@ -90,16 +90,17 @@
 
 # stores the private key info
 create table keypairs(
-  id     smallint not null auto_increment,
-  HSMkey_id  varchar(255) not null,
+  id            smallint not null auto_increment,
+  HSMkey_id     varchar(255) not null,
   algorithm     tinyint not null,             # algorithm code
   size          smallint,
   securitymodule_id          tinyint,                      # where the key is stored
   generate      timestamp null default null,  # time key inserted into database
-  policy_id        mediumint,
+  policy_id     mediumint,
   compromisedflag tinyint,
   publickey     varchar(1024),                # public key data
-  backup        timestamp null default null,  # time when backup was performed
+  pre_backup    timestamp null default null,  # time when backup was started
+  backup        timestamp null default null,  # time when backup was finished
   fixedDate     tinyint default 0,            # Set to 1 to stop dates from being set according to the policy timings        
   
   constraint primary key (id),

Modified: branches/OpenDNSSEC-sion/enforcer/utils/database_create.sqlite3
===================================================================
--- branches/OpenDNSSEC-sion/enforcer/utils/database_create.sqlite3	2010-08-20 06:51:46 UTC (rev 3763)
+++ branches/OpenDNSSEC-sion/enforcer/utils/database_create.sqlite3	2010-08-20 08:19:48 UTC (rev 3764)
@@ -90,7 +90,8 @@
   policy_id        mediumint,
   compromisedflag tinyint,
   publickey     varchar(1024),                -- public key data
-  backup        varchar(64) null default null,  -- time when backup was performed
+  pre_backup    varchar(64) null default null,  -- time when backup was started
+  backup        varchar(64) null default null,  -- time when backup was finished
   fixedDate     tinyint default 0,            -- Set to 1 to stop dates from being set according to the policy timings        
   
   foreign key (securitymodule_id) references securitymodules (id),

Modified: branches/OpenDNSSEC-sion/enforcer/utils/ksmutil.c
===================================================================
--- branches/OpenDNSSEC-sion/enforcer/utils/ksmutil.c	2010-08-20 06:51:46 UTC (rev 3763)
+++ branches/OpenDNSSEC-sion/enforcer/utils/ksmutil.c	2010-08-20 08:19:48 UTC (rev 3764)
@@ -308,9 +308,15 @@
 usage_backup ()
 {
     fprintf(stderr,
-            "  backup done\n"
+            "  backup prepare\n"
             "\t--repository <repository>                aka -r\n"
+            "  backup commit\n"
+            "\t--repository <repository>                aka -r\n"
+            "  backup rollback\n"
+            "\t--repository <repository>                aka -r\n"
             "  backup list\n"
+            "\t--repository <repository>                aka -r\n"
+            "  backup done\n"
             "\t--repository <repository>                aka -r\n");
 }
 
@@ -1667,7 +1673,7 @@
  * note that fact that a backup has been performed
  */
     int
-cmd_backup ()
+cmd_backup (const char* qualifier)
 {
     int status = 0;
 
@@ -1705,20 +1711,59 @@
         }
     }
 
-    status = KsmMarkBackup(repo_id, datetime);
-    if (status != 0) {
-        printf("Error: failed to mark backup as done\n");
-        db_disconnect(lock_fd);
-        StrFree(datetime);
-        return status;
+    /* Do Pre first */
+    if (strncmp(qualifier, "PREPARE", 7) == 0 ||
+            strncmp(qualifier, "DONE", 4) == 0 ) {
+        status = KsmMarkPreBackup(repo_id, datetime);
+        if (status != 0) {
+            printf("Error: failed to mark pre_backup as done\n");
+            db_disconnect(lock_fd);
+            StrFree(datetime);
+            return status;
+        }
+        if (strncmp(qualifier, "PREPARE", 7) == 0) {
+            if (o_repository != NULL) {
+                printf("Marked repository %s as pre-backed up at %s\n", o_repository, datetime);
+            } else {
+                printf("Marked all repositories as pre-backed up at %s\n", datetime);
+            }
+        }
     }
 
-    if (o_repository != NULL) {
-        printf("Marked repository %s as backed up at %s\n", o_repository, datetime);
-    } else {
-        printf("Marked all repositories as backed up at %s\n", datetime);
+    /* Then commit */
+    if (strncmp(qualifier, "COMMIT", 6) == 0 ||
+            strncmp(qualifier, "DONE", 4) == 0 ) {
+        status = KsmMarkBackup(repo_id, datetime);
+        if (status != 0) {
+            printf("Error: failed to mark backup as done\n");
+            db_disconnect(lock_fd);
+            StrFree(datetime);
+            return status;
+        }
+
+        if (o_repository != NULL) {
+            printf("Marked repository %s as backed up at %s\n", o_repository, datetime);
+        } else {
+            printf("Marked all repositories as backed up at %s\n", datetime);
+        }
     }
 
+    /* Finally rollback */
+    if (strncmp(qualifier, "ROLLBACK", 6) == 0 ) {
+        status = KsmRollbackMarkPreBackup(repo_id);
+        if (status != 0) {
+            printf("Error: failed to mark backup as done\n");
+            db_disconnect(lock_fd);
+            StrFree(datetime);
+            return status;
+        }
+        if (o_repository != NULL) {
+            printf("Rolled back pre-backup of repository %s\n", o_repository);
+        } else {
+            printf("Rolled back pre-backup of all repositories\n");
+        }
+    }
+
     StrFree(datetime);
     /* Release sqlite lock file (if we have it) */
     db_disconnect(lock_fd);
@@ -2970,9 +3015,12 @@
     } else if (!strncmp(case_command, "BACKUP", 6)) {
         argc --; argc --;
         argv ++; argv ++;
-        /* verb should be done or list */
-        if (!strncmp(case_verb, "DONE", 4)) {
-            result = cmd_backup();
+        /* verb should be done, prepare, commit, rollback or list */
+        if (!strncmp(case_verb, "DONE", 4) ||
+                !strncmp(case_verb, "PREPARE", 7) ||
+                !strncmp(case_verb, "COMMIT", 6) ||
+                !strncmp(case_verb, "ROLLBACK", 8)) {
+            result = cmd_backup(case_verb);
         }
         else if (!strncmp(case_verb, "LIST", 4)) {
             result = cmd_listbackups();

Modified: branches/OpenDNSSEC-sion/enforcer/utils/migrate_keyshare_mysql.pl
===================================================================
--- branches/OpenDNSSEC-sion/enforcer/utils/migrate_keyshare_mysql.pl	2010-08-20 06:51:46 UTC (rev 3763)
+++ branches/OpenDNSSEC-sion/enforcer/utils/migrate_keyshare_mysql.pl	2010-08-20 08:19:48 UTC (rev 3764)
@@ -78,15 +78,15 @@
 # Create new columns
 $dbh->do("alter table dnsseckeys add column state tinyint")
     or die "Couldn't add column state: $!";
-$dbh->do("alter table dnsseckeys add column publish varchar(64) null default null")
+$dbh->do("alter table dnsseckeys add column publish timestamp null default null")
     or die "Couldn't add column publish: $!";
-$dbh->do("alter table dnsseckeys add column ready varchar(64) null default null")
+$dbh->do("alter table dnsseckeys add column ready timestamp null default null")
     or die "Couldn't add column ready: $!";
-$dbh->do("alter table dnsseckeys add column active varchar(64) null default null")
+$dbh->do("alter table dnsseckeys add column active timestamp null default null")
     or die "Couldn't add column active: $!";
-$dbh->do("alter table dnsseckeys add column retire varchar(64) null default null")
+$dbh->do("alter table dnsseckeys add column retire timestamp null default null")
     or die "Couldn't add column retire: $!";
-$dbh->do("alter table dnsseckeys add column dead varchar(64) null default null")
+$dbh->do("alter table dnsseckeys add column dead timestamp null default null")
     or die "Couldn't add column dead: $!";
 
 ###
@@ -179,6 +179,11 @@
 }
 
 ###
+# Add new pre_backup column
+$dbh->do("alter table keypairs add column pre_backup timestamp null default null")
+    or die "Couldn't add column pre_backup: $!";
+
+###
 # Update DB version number
 $dbh->do("update dbadmin set version = 2")
     or die "Couldn't update dbadmin: $!";

Modified: branches/OpenDNSSEC-sion/enforcer/utils/migrate_keyshare_sqlite3.pl
===================================================================
--- branches/OpenDNSSEC-sion/enforcer/utils/migrate_keyshare_sqlite3.pl	2010-08-20 06:51:46 UTC (rev 3763)
+++ branches/OpenDNSSEC-sion/enforcer/utils/migrate_keyshare_sqlite3.pl	2010-08-20 08:19:48 UTC (rev 3764)
@@ -116,7 +116,8 @@
   policy_id        mediumint,
   compromisedflag tinyint,
   publickey     varchar(1024),                -- public key data
-  backup        varchar(64) null default null,  -- time when backup was performed
+  pre_backup    varchar(64) null default null,  -- time when backup was started
+  backup        varchar(64) null default null,  -- time when backup was finished
   fixedDate     tinyint default 0,            -- Set to 1 to stop dates from being set according to the policy timings        
   
   foreign key (securitymodule_id) references securitymodules (id),

Modified: branches/OpenDNSSEC-sion/enforcer/utils/ods-ksmutil.1.in
===================================================================
--- branches/OpenDNSSEC-sion/enforcer/utils/ods-ksmutil.1.in	2010-08-20 06:51:46 UTC (rev 3763)
+++ branches/OpenDNSSEC-sion/enforcer/utils/ods-ksmutil.1.in	2010-08-20 08:19:48 UTC (rev 3764)
@@ -25,7 +25,7 @@
 .B ods-ksmutil repository list
 .RB ...
 .br
-.B ods-ksmutil backup list|done
+.B ods-ksmutil backup list|prepare|commit|rollback|done
 .br
 .B ods-ksmutil database backup
 .RB ...
@@ -242,23 +242,42 @@
 List the backups that have been made on the given repository.
 The \-\-repository option specifies what repository to list.
 .TP
+.B backup prepare \-\-repository|\-r name 
+Start a two-phase key backup procedure. 
+Prepare the keys generated up to here for backup.  Any keys generated 
+automatically by OpenDNSSEC after this command are not guaranteed to be 
+backed up, and will therefore not be taken into account when committing 
+the prepared keys for use by OpenDNSSEC.  The next command is usually 
+either \fBbackup commit\fR or, in case of failure of the key backup 
+itself, \fBbackup rollback\fR.  This sequence works reliably if the 
+KASP Enforcer is running.  If it is not, the single-phase backup of 
+\fBbackup done\fR provides a one-phase backup alternative. 
+.TP 
+.B backup commit \-\-repository|\-r name 
+Successfully end a two-phase key backup procedure. 
+After a key backup has succeeded, release all previously prepared keys 
+for service by OpenDNSSEC.  Any keys that were generated since the last 
+issued preparation will not be released as it is uncertain whether these 
+are actually backed up. 
+.TP 
+.B backup rollback \-\-repository|\-r name 
+Safely end a failed two-phase key backup procedure. 
+After a key backup has failed, rollback all previously prepapared keys 
+to the state where they are generated, but not yet available for service 
+by OpenDNSSEC.  After fixing this problem, a new attempt to backup the 
+keys can be made. 
+.TP
 .B backup done \-\-repository|\-r name
 Indicate that a backup of the given repository has been done, all non-backed up keys will now be marked as backed up.
 The \-\-repository option specifies what repository to list.
 This is a necessary step for repositories that have the RequireBackup flag set.
 
 Note that the KASP Enforcer may take the initiative to generate keys after
-the backup has started and before the backup is done.  In the current version
-of OpenDNSSEC, it is therefore needed to stop the KASP Enforcer to be assured
-that all keys are backed up.  The sequence would therefore be:
-.br
-1. Issue \fBods-control ksm stop\fR
-.br
-2. Make a backup of the repository
-.br
-3. Issue \fBods-ksmutil backup done\fR
-.br
-4. Issue \fBods-control ksm start\fR
+the backup has started and before the backup is done.  This single-phase 
+backup command waives that, which is safe when the KASP Enforcer is not 
+running.  If you intend to keep the Enforcer running, you will instead 
+want to use the two-phase \fBbackup prepare\fR followed by either 
+\fBbackup commit\fR or \fBbackup rollback\fR.
 .TP
 .B database backup [\-\-output|\-o output]
 Make a copy of the database of the KASP Enforcer (if using sqlite).




More information about the Opendnssec-commits mailing list