NAME¶
dtrealms - Displays defaults defined for DNSSEC-Tools
SYNOPSIS¶
dtrealms [options] <realm-file>
DESCRIPTION¶
dtrealms manages multiple distinct DNSSEC-Tools rollover environments
running simultaneously. Each rollover environment, called a
realm, is
defined in a
realms file.
dtrealms uses this file to determine
how the rollover environment must be initialized such that it can run
independently of the other rollover environments on a particular system. This
is useful for such things as managing very large collections of zones,
segregating customer zones, and software tests.
The
realms file may be created with
realminit. Currently, the
distinct environment for each realm must be created manually. It is hoped that
a tool will soon be available to assist with creating each realm's
environment.
dtrealms isn't necessary for running multiple realms. However, it does
make it easier to manage multiple realms running consecutively.
REALM SETUP¶
A realm is primarily defined by its entry in a
realms file. Four fields
in particular describe where the realm's files are located and how it runs.
These are the realm's configuration directory, state directory, realm
directory, and
rollrec file. These directories are used to set the
DT_STATEDIR and
DT_SYSCONFDIR environment variables, and the
rollrec file defines which zones are managed by the realm's rollover
manager.
https://www.dnssec-tools.org/wiki/index.php/Rollover_Realms:_Multiple,_Simultaneous,_Independent_Rollover_Environments
has more information on creating realms.
- configdir
- The configdir field of the realms file
contains the name of the realm's configuration directory. This file gives
command paths and configuration values for running the DNSSEC-Tools. The
DNSSEC-Tools modules expects this directory hierarchy to contain a
dnssec-tools subdirectory, and a dnssec-tools.conf file
within that subdirectory. The path fields in the configuration file point
to various things, such as commands and key archives. It is recommended
that these paths only point within the configdir hierarchy, other
than for system utilities.
The DT_SYSCONFDIR environment variable is set to the configdir
field. This will tell the DNSSEC-Tools programs and modules where to find
their required data.
- statedir
- The statedir field of the realms file
contains the name of the realm's state directory. This directory contains
such files as the rollrec lock file and the rollerd
communications socket. If a realm definition does not contain a
statedir field, then that realm will use the configdir field
as its statedir field.
The DT_STATEDIR environment variable is set to the statedir
field. This will tell the DNSSEC-Tools programs and modules where to find
these files.
- realmdir
- The realmdir field of the realms file
contains the name of the directory in which the realm executes. This is
where the realm's zone, key, and other files are located.
- rollrec
- The rollrec field of the realms file is the
name of the file that controls zone rollover. This file points to the
various keyrec files that define the locations of the zone files
and their associated key files. A realm's rollrec file can locate
these files anywhere on the system, but it is strongly recommended
that they all remain within the realm's realmdir hierarchy.
While the DNSSEC-Tools programs will work fine if a realm's configuration,
state, and realm directories are actually one directory, it is recommended
that at the least the
realmdir files be separated from the
configdir and
statedir files.
It is further recommended that the files for the various realms be segregated
from each other.
OPTIONS¶
The following options are handled by
dtrealms.
- -directory
- Directory in which dtrealms will be executed. Any
relative paths given in realms configuration files will use this directory
as their base.
- -display
- Start the grandvizier display program to give a
graphical indication of realm status.
- -foreground
- Run dtrealms in the foreground instead of as a
daemon.
- -logfile
- Logging file to use.
- -loglevel
- Logging level to use when writing to the log file. See
rolllog(3) for more details.
- -logtz
- Time zone to use with the log file. This must be either
"gmt" or "local".
- -Version
- Displays the version information for dtrealms and
the DNSSEC-Tools package.
- -help
- Displays a help message and exits.
WARNING¶
This is an early prototype. Consider it to be beta quality.
COPYRIGHT¶
Copyright 2011-2012 SPARTA, Inc. All rights reserved. See the COPYING file
included with the DNSSEC-Tools package for details.
AUTHOR¶
Wayne Morrison, tewok@tislabs.com
SEE ALSO¶
grandvizier(8),
lsrealm(8),
realminit(8),
realmset(8)
Net::DNS::SEC::Tools::realm.pm(3),
Net::DNS::SEC::Tools::realmmgr.pm (3),
Net::DNS::SEC::Tools::rolllog.pm(3)