14 Led
2016
14 Led
'16
10:34
Hello,
Knot 2.1.0-rc1 made its way to the debian repository. I installed it as
part of today's upgrade, but it seems to not like my configuration :
For each zone I got these messages :
2016-01-14T10:07:00 error: [durel.org] DNSSEC, failed to initialize
(invalid parameter)
2016-01-14T10:07:00 error: [durel.org] failed to store changes into
journal (invalid parameter)
2016-01-14T10:07:00 error: [durel.org] zone load failed (invalid
parameter)
I log zone events up to notice level.
my default template is :
template:
- id: "default"
storage: "/var/lib/knot/external"
ixfr-from-differences: "on"
dnssec-signing: "on"
kasp-db: "keys"
serial-policy: "increment"
And this zone is defined as :
- domain: "durel.org."
file: "durel.org"
notify: "corrin"
acl: "acl_corrin"
Which is this "invalid parameter ?"
Thanks,
--
Bastien
14 Led
14 Led
10:40
Hi Bastie,
the code to upgrade your KASB DB should be in the postinst script, but could you try
manually running:
/usr/sbin/knotc conf-read | \
sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
and send the output back?
Then try running full script with debug output, whether this gets executed?
#!/bin/bash -x
/usr/sbin/knotc conf-read | \
sed -n 's/.*kasp-db = "\(.*\)"/\1/p' | \
while read KASPDB; do
su --shell /bin/bash --command "/usr/sbin/keymgr --dir '$KASPDB'
init" knot;
done
Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Bastien Durel"
<bastien(a)durel.org>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, January 14, 2016 10:34:13 AM
Subject: [knot-dns-users] Knot 2.1.0-rc1
Hello,
Knot 2.1.0-rc1 made its way to the debian repository. I installed it as
part of today's upgrade, but it seems to not like my configuration :
For each zone I got these messages :
2016-01-14T10:07:00 error: [durel.org] DNSSEC, failed to initialize
(invalid parameter)
2016-01-14T10:07:00 error: [durel.org] failed to store changes into
journal (invalid parameter)
2016-01-14T10:07:00 error: [durel.org] zone load failed (invalid
parameter)
I log zone events up to notice level.
my default template is :
template:
- id: "default"
storage: "/var/lib/knot/external"
ixfr-from-differences: "on"
dnssec-signing: "on"
kasp-db: "keys"
serial-policy: "increment"
And this zone is defined as :
- domain: "durel.org."
file: "durel.org"
notify: "corrin"
acl: "acl_corrin"
Which is this "invalid parameter ?"
Thanks,
--
Bastien
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
11:19
Le jeudi 14 janvier 2016 à 10:40 +0100, Ondřej Surý a écrit :
Hi Bastie,
the code to upgrade your KASB DB should be in the postinst script,
but could you try manually running:
/usr/sbin/knotc conf-read | \
sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
and send the output back?
root@arrakeen:/tmp# /usr/sbin/knotc conf-read | sed -n 's/.*kasp-db =
"\(.*\)"/\1/p'
keys
root@arrakeen:/tmp#
Then try running full script with debug output,
whether this gets
executed?
#!/bin/bash -x
/usr/sbin/knotc conf-read | \
sed -n 's/.*kasp-db = "\(.*\)"/\1/p' | \
while read KASPDB; do
su --shell /bin/bash --command "/usr/sbin/keymgr --dir
'$KASPDB' init" knot;
done
root@arrakeen:/tmp# ./test.sh
+ /usr/sbin/knotc conf-read
+ sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
+ read KASPDB
+ su --shell /bin/bash --command '/usr/sbin/keymgr --dir
'\''keys'\''
init' knot
+ read KASPDB
Then I ran it from my storage dir :
root@arrakeen:/var/lib/knot/external# /tmp/test.sh
+ /usr/sbin/knotc conf-read
+ sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
+ read KASPDB
+ su --shell /bin/bash --command '/usr/sbin/keymgr --dir
'\''keys'\''
init' knot
+ read KASPDB
I had to restart knot before "/usr/sbin/knotc conf-read" returned
anything, I guess it's the reason why the postinst script didn't do
anything
Regards,
Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Bastien
From: "Bastien Durel"
<bastien(a)durel.org>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, January 14, 2016 10:34:13 AM
Subject: [knot-dns-users] Knot 2.1.0-rc1
Hello,
Knot 2.1.0-rc1 made its way to the debian repository. I installed
it as
part of today's upgrade, but it seems to not like my configuration
:
For each zone I got these messages :
2016-01-14T10:07:00 error: [durel.org] DNSSEC, failed to initialize
(invalid parameter)
2016-01-14T10:07:00 error: [durel.org] failed to store changes into
journal (invalid parameter)
2016-01-14T10:07:00 error: [durel.org] zone load failed (invalid
parameter)
I log zone events up to notice level.
my default template is :
template:
- id: "default"
storage: "/var/lib/knot/external"
ixfr-from-differences: "on"
dnssec-signing: "on"
kasp-db: "keys"
serial-policy: "increment"
And this zone is defined as :
- domain: "durel.org."
file: "durel.org"
notify: "corrin"
acl: "acl_corrin"
Which is this "invalid parameter ?"
Thanks,
--
Bastien
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
11:26
Le jeudi 14 janvier 2016 à 11:19 +0100, Bastien Durel a écrit :
Le jeudi 14 janvier 2016 à 10:40 +0100, Ondřej Surý a
écrit :
I forgot to say that after running fro storage dir, zone loading is
working again ;)
Thanks !
--
Bastien
Hi Bastie,
the code to upgrade your KASB DB should be in the postinst script,
but could you try manually running:
/usr/sbin/knotc conf-read | \
sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
and send the output back?
root@arrakeen:/tmp# /usr/sbin/knotc conf-read | sed -n 's/.*kasp-db =
"\(.*\)"/\1/p'
keys
root@arrakeen:/tmp#
Then try running full script with debug output,
whether this gets
executed?
#!/bin/bash -x
/usr/sbin/knotc conf-read | \
sed -n 's/.*kasp-db = "\(.*\)"/\1/p' | \
while read KASPDB; do
su --shell /bin/bash --command "/usr/sbin/keymgr --dir
'$KASPDB' init" knot;
done
root@arrakeen:/tmp# ./test.sh
+ /usr/sbin/knotc conf-read
+ sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
+ read KASPDB
+ su --shell /bin/bash --command '/usr/sbin/keymgr --dir
'\''keys'\''
init' knot
+ read KASPDB
Then I ran it from my storage dir :
root@arrakeen:/var/lib/knot/external# /tmp/test.sh
+ /usr/sbin/knotc conf-read
+ sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
+ read KASPDB
+ su --shell /bin/bash --command '/usr/sbin/keymgr --dir
'\''keys'\''
init' knot
+ read KASPDB
11:48
Thanks for the output, that helped me to coin the problem. All my installations use
absolute paths, so I forgot to handle the case of kasp-db being relative to storage dir,
here's the updated postinst script for reference:
# (re-)initialize KASP-DB after the server has been started
# since we need to read the runtime configuration when upgrading
# from 2.0.x to 2.1.x
if [ "$1" = "configure" -a -n "$2" ] && dpkg
--compare-versions "$2" lt "2.1.0-2~"; then
KNOT_USER=$(/usr/sbin/knotc conf-read server.user | sed -n 's/server.user =
"\(.*\)"/\1/p' | cut -f 1 -d :)
if [ -z "$KNOT_USER" ]; then
KNOT_USER=knot
fi
/usr/sbin/knotc conf-read template.id | sed -n 's/template.id =
"\(.*\)"/\1/p' | \
while read TEMPLATE; do
KASPDB_CONF=$(/usr/sbin/knotc conf-read "template[$TEMPLATE].kasp-db" |
sed -n "s/template\[$TEMPLATE\].kasp-db = \"\(.*\)\"/\1/p");
if [ "$(echo "$KASPDB_CONF" | cut -b 1)" = "/" ];
then
KASPDB="$KASPDB_CONF"
else
STORAGE=$(/usr/sbin/knotc conf-read "template[$TEMPLATE].storage" |
sed -n "s/template\[$TEMPLATE\].storage = \"\(.*\)\"/\1/p");
KASPDB="$STORAGE/$KASPDB_CONF"
fi
su --shell /bin/bash --command "/usr/sbin/keymgr --dir '$KASPDB'
init" $KNOT_USER;
done
# restart after (re-)initializing KASP-DB
if [ -x "/etc/init.d/knot" ]; then
invoke-rc.d knot restart || exit $?
fi
fi
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
From: "Bastien Durel"
<bastien(a)durel.org>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, January 14, 2016 11:19:21 AM
Subject: Re: [knot-dns-users] Knot 2.1.0-rc1
Le jeudi 14 janvier 2016 à 10:40 +0100, Ondřej Surý a
écrit :
Hi Bastie,
the code to upgrade your KASB DB should be in the postinst script,
but could you try manually running:
/usr/sbin/knotc conf-read | \
sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
and send the output back?
root@arrakeen:/tmp# /usr/sbin/knotc conf-read | sed -n 's/.*kasp-db =
"\(.*\)"/\1/p'
keys
root@arrakeen:/tmp#
Then try running full script with debug output,
whether this gets
executed?
#!/bin/bash -x
/usr/sbin/knotc conf-read | \
sed -n 's/.*kasp-db = "\(.*\)"/\1/p' | \
while read KASPDB; do
su --shell /bin/bash --command "/usr/sbin/keymgr --dir
'$KASPDB' init" knot;
done
root@arrakeen:/tmp# ./test.sh
+ /usr/sbin/knotc conf-read
+ sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
+ read KASPDB
+ su --shell /bin/bash --command '/usr/sbin/keymgr --dir
'\''keys'\''
init' knot
+ read KASPDB
Then I ran it from my storage dir :
root@arrakeen:/var/lib/knot/external# /tmp/test.sh
+ /usr/sbin/knotc conf-read
+ sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
+ read KASPDB
+ su --shell /bin/bash --command '/usr/sbin/keymgr --dir
'\''keys'\''
init' knot
+ read KASPDB
I had to restart knot before "/usr/sbin/knotc conf-read" returned
anything, I guess it's the reason why the postinst script didn't do
anything
Regards,
Cheers,
--
Ondřej Surý -- Technical Fellow
--------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:ondrej.sury@nic.cz https://nic.cz/
--------------------------------------------
----- Original Message -----
--
Bastien
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users From: "Bastien Durel"
<bastien(a)durel.org>
To: knot-dns-users(a)lists.nic.cz
Sent: Thursday, January 14, 2016 10:34:13 AM
Subject: [knot-dns-users] Knot 2.1.0-rc1
Hello,
Knot 2.1.0-rc1 made its way to the debian repository. I installed
it as
part of today's upgrade, but it seems to not like my configuration
:
For each zone I got these messages :
2016-01-14T10:07:00 error: [durel.org] DNSSEC, failed to initialize
(invalid parameter)
2016-01-14T10:07:00 error: [durel.org] failed to store changes into
journal (invalid parameter)
2016-01-14T10:07:00 error: [durel.org] zone load failed (invalid
parameter)
I log zone events up to notice level.
my default template is :
template:
- id: "default"
storage: "/var/lib/knot/external"
ixfr-from-differences: "on"
dnssec-signing: "on"
kasp-db: "keys"
serial-policy: "increment"
And this zone is defined as :
- domain: "durel.org."
file: "durel.org"
notify: "corrin"
acl: "acl_corrin"
Which is this "invalid parameter ?"
Thanks,
--
Bastien
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
3236
days inactive
3236
days old
4 comments
2 participants
participants (2)
-
Bastien Durel -
Ondřej Surý