[Opendnssec-develop] from xml to DB
jad at jadickinson.co.UK
Mon Apr 20 14:48:07 UTC 2009
On 20 Apr 2009, at 15:29, Jakob Schlyter wrote:
> On 20 apr 2009, at 16.15, John Dickinson wrote:
>> 6. Since the repository information is now in config.xml and that
>> is read by all applications it doesn't need to be in the DB. So the
>> security modules table could be dropped. However, the policies need
>> to refer to the repository to use for ksk's or zsk's. As things
>> stand we either add
>> a) a repository field to the policies table,
>> b) an integer ID to the config.xml or
>> c) have kaspimporter read the config.xml repository info into the
>> securitymodules table in the DB (not the PIN).
>> I am not sure which I favour - I think c. Thoughts?
> anything that doesn't make me run the kaspimporter when I've changed
> config.xml would be nice, so I think (a) is nice.
Well you would still have to update the policy and DB some how so that
policies start using the new hsm. Options (a) and (b) are really two
different ways to reference the repository in config.xml (a) allows us
to use the current <Name> element (b) would allow the referring entry
in the DB to be a regular parameter like the rest of the policy (key -
integer value pair). Option (c) is just how I imagined it would work
BTW does relax-ng allow us to state that <Name> must be unique?
>> BTW - I really think that each repository needs to have a specified
>> capacity, even if it is effectively constrained by the size of disk
>> you can buy. This was/is in the DB and should be in config.xml
> <Capacity> commited after discussion with JAD on jabber.
I am riding from Lands end to John O'Groats to raise money for
Parkinson's Disease Research. Please sponsor me here http://justgiving.com/pedalforparkinsons2009
More information about the Opendnssec-develop