[Opendnssec-develop] ksmutil

Jakob Schlyter jakob at kirei.se
Wed Jul 1 11:22:28 UTC 2009 

On 1 jul 2009, at 07.16, sion at nominet.org.uk wrote:

> I'm getting on with ksmutil now (the replacement for kaspimport and  
> all of
> its perl dependencies). My question is, what do people expect from it?
>
> Currently the usage reports:
>
> usage: ksmutil [-f config_dir] setup [path_to_kasp.xml]
>        Import config_dir into a database (deletes current contents)
> usage: ksmutil [-f config_dir] update [path_to_kasp.xml]
>        Update database from config_dir
> usage: ksmutil [-f config_dir] addzone zone [policy]
> [path_to_signerconf.xml] [input] [output]
>        Add a zone to the config_dir and database
> usage: ksmutil [-f config_dir] delzone zone
>        Delete a zone from the config_dir and database
> usage: ksmutil [-f config_dir] rollzone zone [KSK|ZSK]
>        Rollover a zone (may roll all zones on that policy)
> usage: ksmutil [-f config_dir] rollpolicy policy [KSK|ZSK]
>        Rollover all zones on a policy

-f config_dir is more like [-f config] for the main config file I  
hope. all other params can be derived from it.

>
> (don't get excited, it doesn't do all of this yet)
>
> So, what else do we need it to do? Some ideas:
>
> "backup done"

yes.

> "add repository"
> "remove repository"

these are all done by editing the main config file.

> "add policy"
> "remove policy"

these are done by editing the KASP and reimported. IMHO, import should  
REPLACE all existing policies, i.e. the import is more of a one-way  
replace.

> "copy policy"

where to?

"export policy", dumping the database as KASP, would be nice. as well.

> "edit policy" might need some sort of interactive command line  
> interface,
> the code for which is lurking around out of subversion.

yes, we can do that later I believe. it might even be a separate  
program (or a rails app).

> "import keys" (keys created somewhere other than keygend)

yes, that is important. import should take a CKA_ID, a zone and a key  
type and state?

> "list [keys|policies|etc]"

yes, please.

> Hmm, the more I think about it, the more 5 pivotal points doesn't seem
> anywhere near enough... I'll stop thinking.

just add additional stories - it's usually a bad idea to try to  
squeeze to much into one story. make one story per feature instead and  
you also get the feeling your're getting somewhere :-)

	jakob

More information about the Opendnssec-develop mailing list