[Opendnssec-develop] done with backup done
Rick van Rein
rick at openfortress.nl
Fri Oct 19 10:25:49 UTC 2012
Wow, you are fast, Sion!
> I have marked the "backup done" command as deprecated and added a
> user confirmation step (plus a force flag for anyone using scripts).
> See svn r6745.
I've documented the change, as promised, on
I wasn't aware that this change had never reached the Wiki, otherwise
I would have volunteered documenting it much sooner. It's good that
you at least checked, Sara!
> Is this too much? Is the risk of causing existing scripts to hang
> greater than the potential damage of keys being incorrectly marked
> as backed up?
Hmm, yeah, that is indeed a concern. Hanging backup scripts might
not be very friendly if your goal is to protect users from doing
something that could hurt them. If scripts take their input from
/dev/null then the scripts might not even hang, but simply fail
to confirm the backup -- and proceed.
I suppose the question is -- what changes would someone notice for
sure? Backup processes themselves are not usually monitored as
closely as their importance warrants, but what you are creating
here is different and actually makes sense to me: the Enforcer
will never learn about successful backups, and stop to rollover.
That is something people should notice, and chase down to the
log entries that say DEPRECATED -- ARE YOU SURE and so on.
It's a pretty strong mechanism though. Effectively this would
happen if 2.0.0 is brought out without "backup done" and then
no keys are rolling. By then, there would be no DEPRECATED
reports anymore, but some form of "unknown command" message that
the sysop would find when rolling doesn't take place. The key
question is if that stop-to-roll-if-I-leave-my-scripts-in-
place should happen when switching to 1.4.0 or 2.0.0 -- IMHO,
the sooner the better.
More information about the Opendnssec-develop