rollctl(1)

1ROLLCTL(1)            User Contributed Perl Documentation           ROLLCTL(1)
2
3
4

NAME

6       rollctl - Send commands to the DNSSEC-Tools rollover daemon
7

SYNOPSIS

9         rollctl [options]
10

DESCRIPTION

12       The rollctl command sends commands to the DNSSEC-Tools rollover daemon,
13       rollerd.  Only one option may be specified on a command line.
14
15       In most cases, rollerd will send a response to rollctl.  rollctl will
16       print a success or failure message, as appropriate.
17
18       If rollctl is run as a PAR-packed command, it will use its own local
19       copy of the dnssec-tools.conf file.  This file will be found in the
20       package directory.
21

OPTIONS

23       The following options are handled by rollctl.
24
25       -display
26           Starts the rollover status GUI.
27
28       -dspub zone
29           Indicates that zone's parent has published a new DS record for
30           zone.
31
32           Multiple zones can be specified on the command line.  For instance,
33           this command will send the dspub command to rollerd for three
34           zones.
35
36               $ rollctl -dspub example1.com example2.com example3.com
37
38       -dspuball
39           Indicates that DS records have been published for all zones in
40           phase 6 of KSK rollover.
41
42       -halt
43           Cleanly halts rollerd execution.
44
45       -logfile logfile
46           Sets the rollerd log file to logfile.  This must be a valid logging
47           file, meaning that if logfile already exists, it must be a regular
48           file.  The only exceptions to this are if logfile is /dev/stdout or
49           /dev/tty.
50
51       -loglevel loglevel
52           Sets the rollerd logging level to loglevel.  This must be one of
53           the valid logging levels defined in rollmgr.pm(3).
54
55           If a logging level is not specified, then the list of valid levels
56           will be printed and rollctl will exit.  The list is given in both
57           text and numeric forms.
58
59       -logtz logtz
60           Sets the rollerd logging timezone to loglevel.  This must be either
61           gmt (for Greenwich Mean Time or local (for the host's local time.)
62
63       -mergerrfs rollrec0 ... rollrecN
64           Tells rollerd to merge the specified rollrec files with its active
65           rollrec file.  The names of the rollrec files must not contain
66           colons.
67
68       -nodisplay
69           Stops the rollover status GUI.
70
71       -phasemsg length
72           length is the default length of phase-related log messages used by
73           rollerd.  The valid levels are "long" and "short", with "long"
74           being the default value.
75
76           The long message length means that a phase description will be
77           included with some log messages.  For example, the long form of a
78           message about ZSK rollover phase 3 will look like this:  "ZSK phase
79           3 (Waiting for old zone data to expire from caches)".
80
81           The short message length means that a phase description will not be
82           included with some log messages.  For example, the short form of a
83           message about ZSK rollover phase 3 will look like this:  "ZSK phase
84           3".
85
86       -rollall
87           Resumes rollover for all zones in the current rollrec file that
88           have been suspended.  ("skip" zones are suspended.)
89
90       -rollallzsks
91           Initiates ZSK rollover for all the zones defined in the current
92           rollrec file.
93
94       -rollksk zone
95           Initiates KSK rollover for the zone named by zone.
96
97           Multiple zones can be specified on the command line.  For instance,
98           this command will send the rollksk command to rollerd for three
99           zones.
100
101               $ rollctl -rollksk example1.com example2.com example3.com
102
103       -rollrec rollrec_file
104           Sets the rollrec file to be processed by rollerd to rollrec_file.
105
106       -rollzone zone
107           Resumes rollover for the suspended zone named by zone.
108
109           Multiple zones can be specified on the command line.  For instance,
110           this command will send the rollzone command to rollerd for three
111           zones.
112
113               $ rollctl -rollzone example1.com example2.com example3.com
114
115       -rollzsk zone
116           Initiates rollover for the zone named by zone.
117
118           Multiple zones can be specified on the command line.  For instance,
119           this command will send the rollzsk command to rollerd for three
120           zones.
121
122               $ rollctl -rollzsk example1.com example2.com example3.com
123
124       -runqueue
125           Wakes up rollerd and has it run its queue of rollrec entries.
126
127       -shutdown
128           Synonym for -halt.
129
130       -skipall
131           Suspends rollover for all zones in the current rollrec file.
132
133       -skipzone zone
134           Suspends rollover for the zone named by zone.
135
136           Multiple zones can be specified on the command line.  For instance,
137           this command will send the skipzone command to rollerd for three
138           zones.
139
140               $ rollctl -skipzone example1.com example2.com example3.com
141
142       -sleeptime seconds
143           Sets rollerd's sleep time to seconds seconds.  sleeptime must be an
144           integer at least as large as the $MIN_SLEEP value in rollerd.
145
146       -status
147           Has rollerd write several of its operational parameters to its log
148           file.  The parameters are also reported to rollctl, which prints
149           them to the screen.
150
151       -zonelog
152           Set the logging level for the specified zone.  The new logging
153           level is only for the current execution of rollerd and is not saved
154           to the active rollrec file.
155
156           The arguments for this command must be in the format
157           "zone:loglevel".  For example, this command will send the zonelog
158           command to rollerd for three zones.
159
160               $ rollctl -zonelog example1.com:info example2.com:6 example3.com:err
161
162       -zonestatus
163           Has rollerd write the status of zones in the current rollrec file
164           to the rollerd log file.  The status is also reported to rollctl,
165           which prints it to the screen.  rollctl prints it in columnar
166           fashion to enhance readability.  The columns, in order, are:
167           rollrec name, zone name, roll/skip state, and rollover phase.
168
169           Example:
170               anothersub                      anothersub.example.com  skip
171           KSK 1
172               example.com                     example.com             roll
173           KSK 1
174               site1.in.subzone.example.com    subzone.example.com     roll
175           KSK 3
176               site1.subzone.example.com       subzone.example.com     roll
177           KSK 3
178
179       -zsargs arglist zones
180           Provides additional zonesigner arguments for a given set of zones.
181           These arguments will override the arguments in the DNSSEC-Tools
182           defaults file, the DNSSEC-Tools configuration file, and the zones'
183           keyrec files.
184
185           The zonesigner argument list is given in arglist.  Given the
186           rollctl argument processing, the new arguments for zonesigner
187           cannot be specified as expected.  Instead, the arguments should be
188           given in the following manner.  The leading dash should be replaced
189           with an equals sign.  If the option takes an argument, the space
190           that would separate the option from the option's argument should
191           also be replaced by an equals sign.  rollerd translates these
192           arguments to the appropriate format for zonesigner.  These examples
193           should clarify the modifications:
194
195               normal zonesigner option            -zsargs options
196               ------------------------            ---------------
197                   -nokrfile                          =nokrfile
198                   -zskcount 5                        =zskcount=5
199
200           The zones list is a space-separated list of zones.  All the new
201           zonesigner arguments will be applied to all the listed zones.
202
203           The "=clear" argument is special.  rollerd translates it to
204           "-clear", which is not a normal zonesigner option.  Instead,
205           rollerd recognizes "-clear" as an indicator that it should remove
206           the zsargs field from the rollrec records for the specified zones.
207
208           The following are valid uses of -zsargs:
209
210               # rollctl -zsargs =ksklength=2048 example.com
211               # rollctl -zsargs =ksklen=2048 =zsklen=2048 example.com test.com
212
213       -Version
214           Displays the version information for rollctl and the DNSSEC-Tools
215           package.
216
217       -quiet
218           Prevents output from being given.  Both error and non-error output
219           is stopped.
220
221       -help
222           Displays a usage message.
223

EXIT CODES

225       rollctl may give the following exit codes:
226
227       0 - Successful execution
228       1 - Error sending the command to rollerd.
229       2 - Missing argument.
230       3 - Too many commands specified.
231       200 - Rollerd is not running.
232       201 - Configuration file checks failed.
233

FUTURE

235       The following modifications may be made in the future:
236
237       command execution order
238           The commands will be executed in the order given on the command
239           line rather than in alphabetical order.
240

COPYRIGHT

242       Copyright 2006-2011 SPARTA, Inc.  All rights reserved.  See the COPYING
243       file included with the DNSSEC-Tools package for details.
244

AUTHOR

246       Wayne Morrison, tewok@users.sourceforge.net
247