[Opendnssec-develop] from xml to DB

John Dickinson jad at jadickinson.co.UK
Mon Apr 20 14:48:07 UTC 2009


On 20 Apr 2009, at 15:29, Jakob Schlyter wrote:

> On 20 apr 2009, at 16.15, John Dickinson wrote:
>
>> 6. Since the repository information is now in config.xml and that  
>> is read by all applications it doesn't need to be in the DB. So the  
>> security modules table could be dropped. However, the policies need  
>> to refer to the repository to use for ksk's or zsk's. As things  
>> stand we either add
>>
>> a) a repository field to the policies table,
>> b) an integer ID to the config.xml or
>> c) have kaspimporter read the config.xml repository info into the  
>> securitymodules table in the DB (not the PIN).
>>
>> I am not sure which I favour - I think c. Thoughts?
>
> anything that doesn't make me run the kaspimporter when I've changed  
> config.xml would be nice, so I think (a) is nice.

Well you would still have to update the policy and DB some how so that  
policies start using the new hsm. Options (a) and (b) are really two  
different ways to reference the repository in config.xml (a) allows us  
to use the current <Name> element (b) would allow the referring entry  
in the DB to be a regular parameter like the rest of the policy (key -  
integer value pair). Option (c) is just how I imagined it would work  
originally :)

BTW does relax-ng allow us to state that <Name> must be unique?

>
>> BTW - I really think that each repository needs to have a specified  
>> capacity, even if it is effectively constrained by the size of disk  
>> you can buy. This was/is in the DB and should be in config.xml
>
> <Capacity> commited after discussion with JAD on jabber.


Thanks

John
---
John Dickinson
http://www.jadickinson.co.uk

I am riding from Lands end to John O'Groats to raise money for  
Parkinson's Disease Research. Please sponsor me here http://justgiving.com/pedalforparkinsons2009






More information about the Opendnssec-develop mailing list