[Opendnssec-user] Exprimental operations
Mattias Andersson
mattias at nonetwork.se
Wed Aug 12 14:22:20 UTC 2009
Hi, just want to let you know that I have got it running smooth now.
Using it live on a exprimental domain.
I wrote a little rsyslog filter to separate the logs and a init-script
to start it all up.
It's not very nice but maybe some one else could find it usefull until
there is a proper package available.
This is tested on a FC10 dist but should probably work fine from at
least FC8 and RHEL5 or similar.
No guarantees etcetera, but it works for me(TM).
Close to the top (start of global directives) in my /etc/rsyslog.conf I
have:
# Include package specific logs (including rsyslog itself)
$IncludeConfig /etc/rsyslog.d/*.conf
Then I put a
cat /etc/rsyslog.d/opendnssec.conf
if $syslogfacility-text == 'local0' and ($programname startswith
'OpenDNSSEC' or $programname == 'communicated' or $programname ==
'keygend')then /var/log/opendnssec.log
if $syslogfacility-text == 'local0' and ($programname startswith
'OpenDNSSEC' or $programname == 'communicated' or $programname ==
'keygend')then ~
To separate to opendnssec related log messages in a log file on its own
The init script looks like:
cat /etc/init.d/opendnssec
-----
#!/bin/sh
# init file for opendnssec
#
# chkconfig: 2345 82 18
# description: Starts and stops the OpenDNSSEC daemons \
# signer_engine, keygend and communicated.
#
# processname: /usr/local/opendnssec/lib/opendnssec/signer/Engine.py
# processname: /usr/local/opendnssec/sbin/keygend
# processname: /usr/local/opendnssec/sbin/communicated
# config: /etc/opendnssec/conf.xml
# config: /etc/opendnssec/kasp.xml
# config: /etc/opendnssec/zonelist.xml
# pidfile: /var/run/opendnssec/engine.pid
# pidfile: /var/run/opendnssec/keygend.pid
# pidfile: /var/run/opendnssec/communicated.pid
### BEGIN INIT INFO
# Provides: opendnssec
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Should-Start:
# Should-Stop:
# Default-Start:
# Default-Stop:
# Short-Description: start and stop OpenDNSSEC daemons
# Description: OpenDNSSEC Daemons
### END INIT INFO
INSTALLDIR=/usr/local/opendnssec/sbin
ENGINEPID=/var/run/opendnssec/engine.pid
KEYGENDPID=/var/run/opendnssec/keygend.pid
COMMUNICATEDPID=/var/run/opendnssec/communicated.pid
# Source function library.
if [ -f /etc/init.d/functions ] ; then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
else
exit 1
fi
# Avoid using root's TMPDIR
unset TMPDIR
# Check that conf.xml exists.
[ -f /etc/opendnssec/conf.xml ] || exit 6
# Check that kasp.xml exists.
[ -f /etc/opendnssec/kasp.xml ] || exit 6
# Check that zonelist.xml exists.
[ -f /etc/opendnssec/zonelist.xml ] || exit 6
RETVAL=0
TOTRETVAL=0
start() {
KIND="OpenDNSSEC"
echo $"Starting $KIND services: "
echo $"Starting signer_engine: "
daemon --pidfile=$ENGINEPID $INSTALLDIR/signer_engine
RETVAL=$?
echo
( [ $RETVAL -eq 0 ] && touch /var/lock/subsys/signer_engine )||
( RETVAL=1 && TOTRETVAL=1)
ps ax | grep "python
/usr/local/opendnssec/lib/opendnssec/signer/Engine.py" | grep -v grep
-m1 | awk '{print $1}'\; > $ENGINEPID
echo -n $"Starting keygend: "
daemon --pidfile=$KEYGENDPID $INSTALLDIR/keygend
RETVAL=$?
echo
( [ $RETVAL -eq 0 ] && touch /var/lock/subsys/keygend )|| (
RETVAL=1 && TOTRETVAL=1)
echo -n $"Starting communicated: "
daemon --pidfile=$COMMUNICATEDPID $INSTALLDIR/communicated
RETVAL=$?
echo
( [ $RETVAL -eq 0 ] && touch /var/lock/subsys/communicated )|| (
RETVAL=1 && TOTRETVAL=1)
return $TOTRETVAL
}
stop() {
KIND="OpenDNSSEC"
echo $"Shutting down $KIND services: "
echo $"Shutting down signer_engine: "
killproc -p $ENGINEPID $INSTALLDIR/signer_engine
RETVAL=$?
echo
([ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/signer_engine) ||
TOTRETVAL=1
echo $"Shutting down keygend: "
killproc -p $KEYGENDPID $INSTALLDIR/keygend
RETVAL=$?
echo
([ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/keygend) || TOTRETVAL=1
echo $"Shutting down communicated: "
killproc -p $COMMUNICATEDPID $INSTALLDIR/communicated
RETVAL=$?
echo
([ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/communicated) ||
TOTRETVAL=1
return $TOTRETVAL
}
restart() {
stop
start
}
reload() {
echo $"Reloading opendnssec configuration: "
/usr/local/opendnssec/bin/signer_engine_cli restart
RETVAL=$?
[ $RETVAL -eq 0 ] || TOTRETVAL=1
/usr/local/opendnssec/bin/ksmutil update
RETVAL=$?
[ $RETVAL -eq 0 ] || TOTRETVAL=1
killproc -p $KEYGENDPID $INSTALLDIR/keygend -HUP
RETVAL=$?
[ $RETVAL -eq 0 ] || TOTRETVAL=1
killproc -p $COMMUNICATEDPID $INSTALLDIR/communicated -HUP
RETVAL=$?
[ $RETVAL -eq 0 ] || TOTRETVAL=1
echo
return $RETVAL
}
rhstatus() {
status -p $ENGINEPID $INSTALLDIR/signer_engine
RETVAL=$?
[ $RETVAL -eq 0 ] || TOTRETVAL=1
status -p $KEYGENDPID $INSTALLDIR/keygend
RETVAL=$?
[ $RETVAL -eq 0 ] || TOTRETVAL=1
status -p $COMMUNICATEDPID $INSTALLDIR/communicated
RETVAL=$?
[ $RETVAL -eq 0 ] || TOTRETVAL=1
return $TOTRETVAL
}
# Allow status as non-root.
if [ "$1" = status ]; then
rhstatus
exit $?
fi
# Check that we can write to it... so non-root users stop here
[ -w /etc/opendnssec/conf.xml ] || exit 4
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/signer_engine ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|status|condrestart}"
exit 2
esac
exit $?
---
A happy user
/Mattias
More information about the Opendnssec-user
mailing list