rp-wrapper - Example script for installation-specific rollover program.
rp-wrapper [options] zonename phase rollrec-name rollrec-file [keyrec-file]
rp-wrapper is a wrapper/example script for use as an installation-specific phase command to handle a particular rollover phase. This script is intended to be run by rollerd. These rollover phase commands may be executed in place of the normal rollover actions, or in addition to them.
When executed by rollerd, rp-wrapper is given a standard set of arguments. It validates these arguments to ensure it can properly act on behalf of rollerd. These arguments are described in the next section.
Site-specific arguments and options may be passed to rp-wrapper and other phase commands through the dnssec-tools.conf file. These arguments and options are passed before the standard arguments. The stdargs() subroutine parses and validates the standard arguments from the command line. A subroutine, siteargs(), is called prior to stdargs in order to handle site-specific arguments. The existing siteargs() is very simple and must be expanded as needed.
The zonename argument is the name of the zone under consideration.
The phase argument tells rp-wrapper the rollover phase that the zone has just entered. It may be one of the following values: ksk1, ksk2, ksk3, ksk4, ksk5, ksk6, ksk7, zsk1, zsk2, ksk3, zsk4, or normal,
The rollrec-name argument is the name of the zone's rollrec record.
The rollrec-file argument is the path to the rollrec file that is controlling the zone's rollover actions. It may be absolute or relative.
The keyrec-file argument is the path to the keyrec file that contains key information used in signing the zone's zonefile. It may be absolute or relative. This argument is optional; if it is not specified, then it will be derived by appending .krf to the zone's name and will be assumed to be in the directory in which rp-wrapper is executed.
rp-wrapper takes the following options:
Does not give any output.
Gives verbose output.
Displays the version information for rp-wrapper and the DNSSEC-Tools package and exits.
Displays a usage message and exits.
rp-wrapper gives the following exit codes:
- 0 - rollerd should move the zone to the next rollover phase.
- 1 - rollerd should keep the zone in the same rollover phase. This is not an error condition. It may, for example, be the result of needing to wait an extended time for an external condition, and other zone rollovers should not be held up.
- 2 - An error was found in the arguments given to rp-wrapper.
- 3 - An error was encountered during execution.
Copyright 2011-2014 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
Wayne Morrison, tewok@tislabs.com
rollerd(8), zonesigner(8)
Net::DNS::SEC::Tools::keyrec.pm(3), Net::DNS::SEC::Tools::rollrec.pm(3),
file-keyrec(5), file-rollrec(5), file-dnssec-tools.conf(5)