Разработка электроники,

Систем автоматики,

Программного обеспечения

ООО "Антех ПСБ",
Санкт-Петербург

+79811865082

anteh@bk.ru

ООО Антех ПСБ примеры

Обновление порта с opendnssec-1.4.7 до opendnssec-1.4.8.2

https://anteh.ru

Если, в логе opendnssec, наблюдаем нижеприведённые ошибки. Лог с ошибками не мой, скрипт обновления запускал заранее, согласно рекомендациям. 

When setting up policies:

Oct 5 12:59:08 KVIVS13 ods-enforcerd: ERROR: no such parameter with name 
revoked
Oct 5 12:59:08 KVIVS13 ods-enforcerd: Could not predict ksk requirement for 
next interval for POLICY1
Oct 5 12:59:08 KVIVS13 ods-enforcerd: ERROR: no such parameter with name 
revoked
Oct 5 12:59:08 KVIVS13 ods-enforcerd: Could not count current ksk numbers 
for policy POLICY1

When setting up zones:

Oct 5 12:59:08 KVIVS13 ods-enforcerd: ERROR: no such parameter with name 
revoked
Oct 5 12:59:08 KVIVS13 ods-enforcerd: Error allocating zsks to zone a.b.c.d

При обновлении порта с opendnssec-1.4.7 до opendnssec-1.4.8.2 нужно внести изменения в базу данных mysql или sqlite3. Используется база данных mysql name: "kasp". Перед запуском скрипта делаем резервную копию "kasp": 

===>>> pkg-message for opendnssec-1.4.8.2
Always:
This file gives you instructions on how to migrate from one version of
OpenDNSSEC to another.

*** Migrating from 1.4.X to 1.4.8 ***

As of 1.4.8 the database has changes slightly. To migrate between databases
run the SQL statements given in:

enforcer/utils/migrate_1_4_8.sqlite3
or
enforcer/utils/migrate_1_4_8.mysql

against your existing database.

*** Fix for MySQL zone delete issue ***

As reported in:
https://issues.opendnssec.org/browse/OPENDNSSEC-338

This effects MySQL databases created after 1.4.0a3 or 1.3.9 where zone deletion was changed.

If you wish to fix this without losing any existing information then run the sql statements
given in:

enforcer/utils/migrate_zone_delete.mysql

against your database.

Note that sqlite is not effected as we do not enforce any constraints.

Делаем резервную копию "kasp": 

# mysqldump -u ksuser -p --databases kasp > /некий путь<���������������������

�� в базу данных kasp нужно скриптом /usr/local/share/opendnssec/migrate_1_4_8.mysql внести соответствующие изменения: 

# mysql -u root -p
Enter password:
...
mysql> use kasp
...
mysql> show TABLES;
+-----------------------------+
| Tables_in_kasp              |
+-----------------------------+
| INT_KEYALLOC_VIEW_FOR_MYSQL |
| KEYALLOC_VIEW               |
| KEYDATA_VIEW                |
| PARAMETER_LIST              |
| PARAMETER_VIEW              |
| categories                  |
| dbadmin                     |
| dnsseckeys                  |
| keypairs                    |
| parameters                  |
| parameters_policies         |
| policies                    |
| securitymodules             |
| serialmodes                 |
| zones                       |
+-----------------------------+
15 rows in set (0.00 sec)

mysql> SHOW COLUMNS FROM dnsseckeys;
+------------+--------------+------+-----+---------+----------------+
| Field      | Type         | Null | Key | Default | Extra          |
+------------+--------------+------+-----+---------+----------------+
| id         | int(11)      | NO   | PRI | NULL    | auto_increment |
| keypair_id | int(11)      | YES  | MUL | NULL    |                |
| zone_id    | mediumint(9) | YES  |     | NULL    |                |
| keytype    | smallint(6)  | NO   |     | NULL    |                |
| state      | tinyint(4)   | YES  |     | NULL    |                |
| publish    | timestamp    | YES  |     | NULL    |                |
| ready      | timestamp    | YES  |     | NULL    |                |
| active     | timestamp    | YES  |     | NULL    |                |
| retire     | timestamp    | YES  |     | NULL    |                |
| dead       | timestamp    | YES  |     | NULL    |                |
+------------+--------------+------+-----+---------+----------------+
10 rows in set (0.00 sec)

mysql> source /usr/local/share/opendnssec/migrate_1_4_8.mysql
Query OK, 4 rows affected (0.16 sec)
Records: 4  Duplicates: 0  Warnings: 0

Query OK, 4 rows affected (0.03 sec)
Records: 4  Duplicates: 0  Warnings: 0

Query OK, 0 rows affected (0.01 sec)

Query OK, 0 rows affected (0.01 sec)

Query OK, 1 row affected (0.01 sec)
Records: 1  Duplicates: 0  Warnings: 0

Query OK, 1 row affected (0.01 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> SHOW COLUMNS FROM dnsseckeys;
+------------+--------------+------+-----+---------+----------------+
| Field      | Type         | Null | Key | Default | Extra          |
+------------+--------------+------+-----+---------+----------------+
| id         | int(11)      | NO   | PRI | NULL    | auto_increment |
| keypair_id | int(11)      | YES  | MUL | NULL    |                |
| zone_id    | mediumint(9) | YES  |     | NULL    |                |
| keytype    | smallint(6)  | NO   |     | NULL    |                |
| state      | tinyint(4)   | YES  |     | NULL    |                |
| publish    | timestamp    | YES  |     | NULL    |                |
| ready      | timestamp    | YES  |     | NULL    |                |
| active     | timestamp    | YES  |     | NULL    |                |
| retire     | timestamp    | YES  |     | NULL    |                |
| dead       | timestamp    | YES  |     | NULL    |                |
| rfc5011    | tinyint(4)   | YES  |     | 0       |                |
| revoked    | tinyint(4)   | YES  |     | 0       |                |
+------------+--------------+------+-----+---------+----------------+
12 rows in set (0.00 sec)

mysql> quit
Bye
#

Изменения внесены

Copyright ©Новиков Алексей Александрович,

2023 Санкт-Петербург, 197372, ООО "Антех ПСБ",

anteh собака bk.ru