-
Type:
Story
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 2.0.0
-
Fix Version/s: 2.0.0
-
Component/s: Configuration, Documentation, Enforcer NG, Signer
-
Epic Link:
-
Sprint:2.0.0a4
During the Enforcer NG teleconference on January 10th 2012 we revisited the "what is leading?" question once again. At the end of the discussion, we concluded that rather than explicitly stating what is leading we could solve this by adding an extra internal configuration file between the enforcer and the signer to sever the dependency that the signer has on zonelist.xml. This would work as follows:
- The enforcer generates a single file with a syntax that is similar to zonelist.xml from the information it has in the database, let's call this file zones_to_sign.xml
- The signer reads the zones_to_sign.xml rather than zonelist.xml and uses that as base input to determine which zones it needs to sign
Now, users can interact with the Enforcer NG in two ways (similar to how they interact with the current Enforcer):
1. They can modify zonelist.xml and tell the Enforcer NG to update the database accordingly
2. They can call addZone and deleteZone commands to update the database; this will NOT result in writing out of a new zonelist.xml file
The documentation should clearly state that mixing these two forms of interaction will lead to unexpected and undesirable results and should be avoided.
- relates to
-
OPENDNSSEC-371 ods-enforcer zonelist import/export need to be implemented
-
- Closed
-
