[Opendnssec-develop] getting information from the system
olaf at NLnetLabs.nl
Thu Aug 6 14:34:44 UTC 2009
On 6 aug 2009, at 16:21, Jelte Jansen wrote:
> apart from that there can be some very interesting failures that
> aren't directly reported back (a missing communicated process can be
> quite annoying, i've been told, but apparently the only effect one
> sees in the end is that the engine whines about missing
> configurations), an administrator will really want to know when the
> next rollover is. Has this feature been planned yet? (sounds like
> something that could be added to ksmutil) If not, please do, and
> plan it before the release :)
The administrator asking for this was me :-)
The somewhat longer version of the above:
Over the last two days I installed opendnssec and while it was
somewhat of a rough ride the tiny that I ran in where committed faster
than I could compile (good stuff).
1. As a zone maintainer I want to be sure that when a (KSK) rollover
happens, I am around and can take action. In fact I want to be able to
plan in advance (on absolute dates, rather than periods) that I would
like to initiate a rollover and send a set of keys of to the registry.
That way I can go on vacation whenever I want :-)
Currently it is hard to see what the chains of events are, and it is
hard to configure. If it comes to usability knowing what happens when
would be a good thing.
2. I added zones to the zonefilelist and ran ksmutil update. The
signer engine complained about missing config files. That turned out
to be due to a missing comunicated process.
I would think a small wrapper program/script that would start/restart/
stop all other deamons and act as a watchdog would be handy.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 235 bytes
Desc: This is a digitally signed message part
More information about the Opendnssec-develop