[knot-dns-users] Knot 2.1.0-rc1

Bastien Durel bastien at durel.org
Thu Jan 14 11:19:21 CET 2016


Le jeudi 14 janvier 2016 à 10:40 +0100, Ondřej Surý a écrit :
> Hi Bastie,
> 
> the code to upgrade your KASB DB should be in the postinst script,
> but could you try manually running:
> 
>     /usr/sbin/knotc conf-read | \
>         sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
> 
> and send the output back?
> 

root at arrakeen:/tmp# /usr/sbin/knotc conf-read | sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
keys
root at arrakeen:/tmp#

> Then try running full script with debug output, whether this gets
> executed?
> 
> #!/bin/bash -x
>     /usr/sbin/knotc conf-read | \
>         sed -n 's/.*kasp-db = "\(.*\)"/\1/p' | \
>         while read KASPDB; do
>             su --shell /bin/bash --command "/usr/sbin/keymgr --dir
> '$KASPDB' init" knot;
>         done
> 

root at arrakeen:/tmp# ./test.sh 
+ /usr/sbin/knotc conf-read
+ sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
+ read KASPDB
+ su --shell /bin/bash --command '/usr/sbin/keymgr --dir '\''keys'\''
init' knot
+ read KASPDB

Then I ran it from my storage dir :
root at arrakeen:/var/lib/knot/external# /tmp/test.sh 
+ /usr/sbin/knotc conf-read
+ sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
+ read KASPDB
+ su --shell /bin/bash --command '/usr/sbin/keymgr --dir '\''keys'\''
init' knot
+ read KASPDB

I had to restart knot before "/usr/sbin/knotc conf-read" returned
anything, I guess it's the reason why the postinst script didn't do
anything

Regards,

> 
> Cheers,
> --
>  Ondřej Surý -- Technical Fellow
>  --------------------------------------------
>  CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
>  Milesovska 5, 130 00 Praha 3, Czech Republic
>  mailto:ondrej.sury at nic.cz    https://nic.cz/
>  --------------------------------------------
> 
> ----- Original Message -----
> > From: "Bastien Durel" <bastien at durel.org>
> > To: knot-dns-users at lists.nic.cz
> > Sent: Thursday, January 14, 2016 10:34:13 AM
> > Subject: [knot-dns-users] Knot 2.1.0-rc1
> 
> > Hello,
> > 
> > Knot 2.1.0-rc1 made its way to the debian repository. I installed
> > it as
> > part of today's upgrade, but it seems to not like my configuration
> > :
> > 
> > For each zone I got these messages :
> > 
> > 2016-01-14T10:07:00 error: [durel.org] DNSSEC, failed to initialize
> > (invalid parameter)
> > 2016-01-14T10:07:00 error: [durel.org] failed to store changes into
> > journal (invalid parameter)
> > 2016-01-14T10:07:00 error: [durel.org] zone load failed (invalid
> > parameter)
> > 
> > I log zone events up to notice level.
> > 
> > my default template is :
> > template:
> >   - id: "default"
> >     storage: "/var/lib/knot/external"
> >     ixfr-from-differences: "on"
> >     dnssec-signing: "on"
> >     kasp-db: "keys"
> >     serial-policy: "increment"
> > 
> > And this zone is defined as :
> >   - domain: "durel.org."
> >     file: "durel.org"
> >     notify: "corrin"
> >     acl: "acl_corrin"
> > 
> > Which is this "invalid parameter ?"
> > 
> > Thanks,
> > 
> > --
> > Bastien
> > 
> > 
> > _______________________________________________
> > knot-dns-users mailing list
> > knot-dns-users at lists.nic.cz
> > https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users at lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
-- 
Bastien




More information about the knot-dns-users mailing list