[Opendnssec-user] upgrade debian Jessie to Stretch: database trouble

Dennis Baaten dennis at baaten.com
Fri Nov 3 08:42:39 UTC 2017


<?xml version="1.0" encoding="UTF-8"?>

<Configuration>

        <RepositoryList>
                <Repository name="SoftHSM">
                        <Module>/usr/lib/softhsm/libsofthsm2.so</Module>
                        <TokenLabel>OpenDNSSEC</TokenLabel>
                        <PIN>*****</PIN>
                        <RequireBackup/>
                </Repository>
        </RepositoryList>

        <Common>
                <Logging>
                        <!-- Command line verbosity will overwrite configure file -->
                        <Verbosity>10</Verbosity>
                        <Syslog><Facility>local0</Facility></Syslog>
                </Logging>
                <PolicyFile>/etc/opendnssec/kasp.xml</PolicyFile>
                <ZoneListFile>/etc/opendnssec/zonelist.xml</ZoneListFile>
        </Common>

        <Enforcer>
                <Privileges>
                        <User>opendnssec</User>
                        <Group>opendnssec</Group>
                </Privileges>

<!-- NOTE: Enforcer worker threads are not used; this option is ignored -->
<!--
                <WorkerThreads>4</WorkerThreads>
-->

                <PidFile>/var/run/opendnssec/enforcerd.pid</PidFile>
                <Datastore>
                        <MySQL>
                                <Host Port="3306">localhost</Host>
                                <Database>opendnssec</Database>
                                <Username>*****</Username>
                                <Password>*****</Password>
                        </MySQL>
                </Datastore>
                <Interval>PT3600S</Interval>
                <!-- <ManualKeyGeneration/> -->
                <RolloverNotification>P14D</RolloverNotification>

                <!-- the <DelegationSignerSubmitCommand> will get all current
                     DNSKEYs (as a RRset) on standard input (with optional CKA_ID)
                -->
                <DelegationSignerSubmitCommand>/etc/opendnssec/simple-dnskey-mailer.sh</DelegationSignerSubmitCommand>
        </Enforcer>

        <Signer>
                <Privileges>
                        <User>opendnssec</User>
                        <Group>opendnssec</Group>
                </Privileges>

                <PidFile>/var/run/opendnssec/signerd.pid</PidFile>
                <SocketFile>/var/run/opendnssec/engine.sock</SocketFile>
                <WorkingDirectory>/var/lib/opendnssec/tmp</WorkingDirectory>
                <WorkerThreads>4</WorkerThreads>
                <SignerThreads>4</SignerThreads>

<!--
                <Listener>
                        <Interface><Port>53</Port></Interface>
                </Listener>
-->

                <!-- the <NotifyCommmand> will expand the following variables:

                     %zone      the name of the zone that was signed
                     %zonefile  the filename of the signed zone
                -->
<!--
                <NotifyCommand>/usr/local/bin/my_nameserver_reload_command</NotifyCommand>
-->

                <NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>
        </Signer>

</Configuration>

--
Dennis




More information about the Opendnssec-user mailing list