rollctl

Langue: en

Autres versions - même langue

Version: 2010-06-30 (fedora - 01/12/10)

Section: 1 (Commandes utilisateur)

Sommaire

NAME

rollctl - Send commands to the DNSSEC-Tools rollover daemon

SYNOPSIS

   rollctl [options]

DESCRIPTION

The rollctl command sends commands to the DNSSEC-Tools rollover daemon, rollerd. Only one option may be specified on a command line.

In most cases, rollerd will send a response to rollctl. rollctl will print a success or failure message, as appropriate.

If rollctl is run as a PAR-packed command, it will use its own local copy of the dnssec-tools.conf file. This file will be found in the package directory.

OPTIONS

The following options are handled by rollctl.
-display
Starts the rollover status GUI.
-dspub zone
Indicates that zone's parent has published a new DS record for zone.

Multiple zones can be specified on the command line. For instance, this command will send the dspub command to rollerd for three zones.

     $ rollctl -dspub example1.com example2.com example3.com
-dspuball
Indicates that DS records have been published for all zones in phase 6 of KSK rollover.
-halt
Cleanly halts rollerd execution.
-logfile logfile
Sets the rollerd log file to logfile. This must be a valid logging file, meaning that if logfile already exists, it must be a regular file. The only exceptions to this are if logfile is /dev/stdout or /dev/tty.
-loglevel loglevel
Sets the rollerd logging level to loglevel. This must be one of the valid logging levels defined in rollmgr.pm(3).

If a logging level is not specified, then the list of valid levels will be printed and rollctl will exit. The list is given in both text and numeric forms.

-nodisplay
Stops the rollover status GUI.
-rollallzsks
Initiates ZSK rollover for all the zones defined in the current rollrec file.
-rollksk zone
Initiates KSK rollover for the zone named by zone.

Multiple zones can be specified on the command line. For instance, this command will send the rollksk command to rollerd for three zones.

     $ rollctl -rollksk example1.com example2.com example3.com
-rollrec rollrec_file
Sets the rollrec file to be processed by rollerd to rollrec_file.
-rollzsk zone
Initiates rollover for the zone named by zone.

Multiple zones can be specified on the command line. For instance, this command will send the rollzsk command to rollerd for three zones.

     $ rollctl -rollzsk example1.com example2.com example3.com
-runqueue
Wakes up rollerd and has it run its queue of rollrec entries.
-shutdown
Synonym for -halt.
-skipall
Stops rollover for all zones in the current rollrec file.
-skipzone zone
Stops rollover for the zone named by zone.

Multiple zones can be specified on the command line. For instance, this command will send the skipzone command to rollerd for three zones.

     $ rollctl -rollzsk example1.com example2.com example3.com
-sleeptime seconds
Sets rollerd's sleep time to seconds seconds. sleeptime must be an integer at least as large as the $MIN_SLEEP value in rollerd.
-status
Has rollerd write several of its operational parameters to its log file. The parameters are also reported to rollctl, which prints them to the screen.
-zonelog
Set the logging level for the specified zone. The new logging level is only for the current execution of rollerd and is not saved to the active rollrec file.

The arguments for this command must be in the format ``zone:loglevel''. For example, this command will send the zonelog command to rollerd for three zones.

     $ rollctl -zonelog example1.com:info example2.com:6 example3.com:err
-zonestatus
Has rollerd write the status of zones in the current rollrec file to the rollerd log file. The status is also reported to rollctl, which prints it to the screen. rollctl prints it in columnar fashion to enhance readability. The columns, in order, are: rollrec name, zone name, roll/skip state, and rollover phase.

Example:
    anothersub                      anothersub.example.com  skip  KSK 1
    example.com                     example.com             roll  KSK 1
    site1.in.subzone.example.com    subzone.example.com     roll  KSK 3
    site1.subzone.example.com       subzone.example.com     roll  KSK 3

-zsargs arglist zones
Provides additional zonesigner arguments for a given set of zones. These arguments will override the arguments in the DNSSEC-Tools defaults file, the DNSSEC-Tools configuration file, and the zones' keyrec files.

The zonesigner argument list is given in arglist. Given the rollctl argument processing, the new arguments for zonesigner cannot be specified as expected. Instead, the arguments should be given in the following manner. The leading dash should be replaced with an equals sign. If the option takes an argument, the space that would separate the option from the option's argument should also be replaced by an equals sign. rollerd translates these arguments to the appropriate format for zonesigner. These examples should clarify the modifications:

     normal zonesigner option            -zsargs options
     ------------------------            ---------------
         -nokrfile                          =nokrfile
         -zskcount 5                        =zskcount=5

The zones list is a space-separated list of zones. All the new zonesigner arguments will be applied to all the listed zones.

The ``=clear'' argument is special. rollerd translates it to ``-clear'', which is not a normal zonesigner option. Instead, rollerd recognizes ``-clear'' as an indicator that it should remove the zsargs field from the rollrec records for the specified zones.

The following are valid uses of -zsargs:

     # rollctl -zsargs =ksklength=2048 example.com
     # rollctl -zsargs =ksklen=2048 =zsklen=2048 example.com test.com
-Version
Displays the version information for rollctl and the DNSSEC-Tools package.
-quiet
Prevents output from being given. Both error and non-error output is stopped.
-help
Displays a usage message.

FUTURE

The following modifications may be made in the future:
command execution order
The commands will be executed in the order given on the command line rather than in alphabetical order.
Copyright 2006-2010 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.

AUTHOR

Wayne Morrison, tewok@users.sourceforge.net

SEE ALSO

Net::DNS::SEC::Tools::rollmgr.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3)

rollerd(8)