[knot-dns-users] Knot 2.1.0-rc1

Ondřej Surý ondrej.sury at nic.cz
Thu Jan 14 11:48:29 CET 2016


Thanks for the output, that helped me to coin the problem.  All my installations use absolute paths, so I forgot to handle the case of kasp-db being relative to storage dir, here's the updated postinst script for reference:

# (re-)initialize KASP-DB after the server has been started
# since we need to read the runtime configuration when upgrading
# from 2.0.x to 2.1.x
if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt "2.1.0-2~"; then
    KNOT_USER=$(/usr/sbin/knotc conf-read server.user | sed -n 's/server.user = "\(.*\)"/\1/p' | cut -f 1 -d :)
    if [ -z "$KNOT_USER" ]; then
        KNOT_USER=knot
    fi
    
    /usr/sbin/knotc conf-read template.id | sed -n 's/template.id = "\(.*\)"/\1/p' | \
    while read TEMPLATE; do
        KASPDB_CONF=$(/usr/sbin/knotc conf-read "template[$TEMPLATE].kasp-db" | sed -n "s/template\[$TEMPLATE\].kasp-db = \"\(.*\)\"/\1/p");
        if [ "$(echo "$KASPDB_CONF" | cut -b 1)" = "/" ]; then
            KASPDB="$KASPDB_CONF"
        else
            STORAGE=$(/usr/sbin/knotc conf-read "template[$TEMPLATE].storage" | sed -n "s/template\[$TEMPLATE\].storage = \"\(.*\)\"/\1/p");
            KASPDB="$STORAGE/$KASPDB_CONF"
        fi
        su --shell /bin/bash --command "/usr/sbin/keymgr --dir '$KASPDB' init" $KNOT_USER;
    done
    # restart after (re-)initializing KASP-DB
    if [ -x "/etc/init.d/knot" ]; then
        invoke-rc.d knot restart || exit $?
    fi
fi

--
 Ondřej Surý -- Technical Fellow
 --------------------------------------------
 CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
 Milesovska 5, 130 00 Praha 3, Czech Republic
 mailto:ondrej.sury at nic.cz    https://nic.cz/
 --------------------------------------------

----- Original Message -----
> From: "Bastien Durel" <bastien at durel.org>
> To: knot-dns-users at lists.nic.cz
> Sent: Thursday, January 14, 2016 11:19:21 AM
> Subject: Re: [knot-dns-users] Knot 2.1.0-rc1

> Le jeudi 14 janvier 2016 à 10:40 +0100, Ondřej Surý a écrit :
>> Hi Bastie,
>> 
>> the code to upgrade your KASB DB should be in the postinst script,
>> but could you try manually running:
>> 
>>     /usr/sbin/knotc conf-read | \
>>         sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
>> 
>> and send the output back?
>> 
> 
> root at arrakeen:/tmp# /usr/sbin/knotc conf-read | sed -n 's/.*kasp-db =
> "\(.*\)"/\1/p'
> keys
> root at arrakeen:/tmp#
> 
>> Then try running full script with debug output, whether this gets
>> executed?
>> 
>> #!/bin/bash -x
>>     /usr/sbin/knotc conf-read | \
>>         sed -n 's/.*kasp-db = "\(.*\)"/\1/p' | \
>>         while read KASPDB; do
>>             su --shell /bin/bash --command "/usr/sbin/keymgr --dir
>> '$KASPDB' init" knot;
>>         done
>> 
> 
> root at arrakeen:/tmp# ./test.sh
> + /usr/sbin/knotc conf-read
> + sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
> + read KASPDB
> + su --shell /bin/bash --command '/usr/sbin/keymgr --dir '\''keys'\''
> init' knot
> + read KASPDB
> 
> Then I ran it from my storage dir :
> root at arrakeen:/var/lib/knot/external# /tmp/test.sh
> + /usr/sbin/knotc conf-read
> + sed -n 's/.*kasp-db = "\(.*\)"/\1/p'
> + read KASPDB
> + su --shell /bin/bash --command '/usr/sbin/keymgr --dir '\''keys'\''
> init' knot
> + read KASPDB
> 
> I had to restart knot before "/usr/sbin/knotc conf-read" returned
> anything, I guess it's the reason why the postinst script didn't do
> anything
> 
> Regards,
> 
>> 
>> Cheers,
>> --
>>  Ondřej Surý -- Technical Fellow
>>  --------------------------------------------
>>  CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
>>  Milesovska 5, 130 00 Praha 3, Czech Republic
>>  mailto:ondrej.sury at nic.cz    https://nic.cz/
>>  --------------------------------------------
>> 
>> ----- Original Message -----
>> > From: "Bastien Durel" <bastien at durel.org>
>> > To: knot-dns-users at lists.nic.cz
>> > Sent: Thursday, January 14, 2016 10:34:13 AM
>> > Subject: [knot-dns-users] Knot 2.1.0-rc1
>> 
>> > Hello,
>> > 
>> > Knot 2.1.0-rc1 made its way to the debian repository. I installed
>> > it as
>> > part of today's upgrade, but it seems to not like my configuration
>> > :
>> > 
>> > For each zone I got these messages :
>> > 
>> > 2016-01-14T10:07:00 error: [durel.org] DNSSEC, failed to initialize
>> > (invalid parameter)
>> > 2016-01-14T10:07:00 error: [durel.org] failed to store changes into
>> > journal (invalid parameter)
>> > 2016-01-14T10:07:00 error: [durel.org] zone load failed (invalid
>> > parameter)
>> > 
>> > I log zone events up to notice level.
>> > 
>> > my default template is :
>> > template:
>> >   - id: "default"
>> >     storage: "/var/lib/knot/external"
>> >     ixfr-from-differences: "on"
>> >     dnssec-signing: "on"
>> >     kasp-db: "keys"
>> >     serial-policy: "increment"
>> > 
>> > And this zone is defined as :
>> >   - domain: "durel.org."
>> >     file: "durel.org"
>> >     notify: "corrin"
>> >     acl: "acl_corrin"
>> > 
>> > Which is this "invalid parameter ?"
>> > 
>> > Thanks,
>> > 
>> > --
>> > Bastien
>> > 
>> > 
>> > _______________________________________________
>> > knot-dns-users mailing list
>> > knot-dns-users at lists.nic.cz
>> > https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>> _______________________________________________
>> knot-dns-users mailing list
>> knot-dns-users at lists.nic.cz
>> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
> --
> Bastien
> 
> 
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users at lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users


More information about the knot-dns-users mailing list