.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "ROLLCTL 1p" .TH ROLLCTL 1p "2012-06-21" "perl v5.14.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" rollctl \- Send commands to the DNSSEC\-Tools rollover daemon .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& rollctl [options] .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBrollctl\fR command sends commands to the DNSSEC-Tools rollover daemon, \&\fBrollerd\fR. Only one option may be specified on a command line. .PP In most cases, \fBrollerd\fR will send a response to \fBrollctl\fR. \fBrollctl\fR will print a success or failure message, as appropriate. .PP If \fBrollctl\fR is run as a PAR-packed command, it will use its own local copy of the \fBdnssec\-tools.conf\fR file. This file will be found in the package directory. .SH "OPTIONS" .IX Header "OPTIONS" The following options are handled by \fBrollctl\fR. .IP "\fB\-display\fR" 4 .IX Item "-display" Starts the rollover status \s-1GUI\s0. .IP "\fB\-dspub zone\fR" 4 .IX Item "-dspub zone" Indicates that \fIzone\fR's parent has published a new \s-1DS\s0 record for \fIzone\fR. .Sp Multiple zones can be specified on the command line. For instance, this command will send the \fIdspub\fR command to \fBrollerd\fR for three zones. .Sp .Vb 1 \& $ rollctl \-dspub example1.com example2.com example3.com .Ve .IP "\fB\-dspuball\fR" 4 .IX Item "-dspuball" Indicates that \s-1DS\s0 records have been published for all zones in phase 6 of \&\s-1KSK\s0 rollover. .IP "\fB\-group\fR" 4 .IX Item "-group" Indicates that the specified command should apply to a zone group instead of a zone. Consequently, the specified zone must actually be a zone group. This option must be used in conjunction with another command. .Sp This option only applies to the following commands: \fB\-dspub\fR, \fB\-rollksk\fR, \&\fB\-rollzone\fR, \fB\-rollzsk\fR, and \fB\-skipzone\fR. This command will have no effect if it is given to other other commands. .IP "\fB\-halt\fR [now]" 4 .IX Item "-halt [now]" Cleanly halts \fBrollerd\fR execution. If the optional \fInow\fR parameter is given, then \fBrollerd\fR will be halted immediately, rather than allowing it to complete its currently queued operations. .IP "\fB\-logfile logfile\fR" 4 .IX Item "-logfile logfile" Sets the \fBrollerd\fR log file to \fIlogfile\fR. This must be a valid logging file, meaning that if \fIlogfile\fR already exists, it must be a regular file. The only exceptions to this are if \&\fIlogfile\fR is \fB/dev/stdout\fR or \fB/dev/tty\fR. .IP "\fB\-loglevel loglevel\fR" 4 .IX Item "-loglevel loglevel" Sets the \fBrollerd\fR logging level to \fIloglevel\fR. This must be one of the valid logging levels defined in \fB\f(BIrollmgr.pm\fB\|(3)\fR. .Sp If a logging level is not specified, then the list of valid levels will be printed and \fBrollctl\fR will exit. The list is given in both text and numeric forms. .IP "\fB\-logtz logtz\fR" 4 .IX Item "-logtz logtz" Sets the \fBrollerd\fR logging timezone to \fIloglevel\fR. This must be either \&\fIgmt\fR (for Greenwich Mean Time or \fIlocal\fR (for the host's local time.) .IP "\fB\-mergerrfs rollrec0 ... rollrecN\fR" 4 .IX Item "-mergerrfs rollrec0 ... rollrecN" Tells \fBrollerd\fR to merge the specified \fIrollrec\fR files with its active \&\fIrollrec\fR file. The names of the \fIrollrec\fR files must not contain colons. .IP "\fB\-nodisplay\fR" 4 .IX Item "-nodisplay" Stops the rollover status \s-1GUI\s0. .IP "\fB\-phasemsg length\fR" 4 .IX Item "-phasemsg length" \&\fBlength\fR is the default length of phase-related log messages used by \&\fBrollerd\fR. The valid levels are \*(L"long\*(R" and \*(L"short\*(R", with \*(L"long\*(R" being the default value. .Sp The long message length means that a phase description will be included with some log messages. For example, the long form of a message about \s-1ZSK\s0 rollover phase 3 will look like this: \*(L"\s-1ZSK\s0 phase 3 (Waiting for old zone data to expire from caches)\*(R". .Sp The short message length means that a phase description will not be included with some log messages. For example, the short form of a message about \s-1ZSK\s0 rollover phase 3 will look like this: \*(L"\s-1ZSK\s0 phase 3\*(R". .IP "\fB\-rollall\fR" 4 .IX Item "-rollall" Resumes rollover for all zones in the current \fIrollrec\fR file that have been suspended. (\*(L"skip\*(R" zones are suspended.) .IP "\fB\-rollallksks\fR" 4 .IX Item "-rollallksks" Initiates \s-1KSK\s0 rollover for all the zones defined in the current \fIrollrec\fR file that aren't currently in rollover. .IP "\fB\-rollallzsks\fR" 4 .IX Item "-rollallzsks" Initiates \s-1ZSK\s0 rollover for all the zones defined in the current \fIrollrec\fR file that aren't currently in rollover. .IP "\fB\-rollksk zone\fR" 4 .IX Item "-rollksk zone" Initiates \s-1KSK\s0 rollover for the zone named by \fIzone\fR. .Sp Multiple zones can be specified on the command line. For instance, this command will send the \fIrollksk\fR command to \fBrollerd\fR for three zones. .Sp .Vb 1 \& $ rollctl \-rollksk example1.com example2.com example3.com .Ve .IP "\fB\-rollrec rollrec_file\fR" 4 .IX Item "-rollrec rollrec_file" Sets the \fIrollrec\fR file to be processed by \fBrollerd\fR to \fIrollrec_file\fR. .IP "\fB\-rollzone zone\fR" 4 .IX Item "-rollzone zone" Resumes rollover for the suspended zone named by \fIzone\fR. .Sp Multiple zones can be specified on the command line. For instance, this command will send the \fIrollzone\fR command to \fBrollerd\fR for three zones. .Sp .Vb 1 \& $ rollctl \-rollzone example1.com example2.com example3.com .Ve .IP "\fB\-rollzsk zone\fR" 4 .IX Item "-rollzsk zone" Initiates rollover for the zone named by \fIzone\fR. .Sp Multiple zones can be specified on the command line. For instance, this command will send the \fIrollzsk\fR command to \fBrollerd\fR for three zones. .Sp .Vb 1 \& $ rollctl \-rollzsk example1.com example2.com example3.com .Ve .IP "\fB\-runqueue\fR" 4 .IX Item "-runqueue" Wakes up \fBrollerd\fR and has it run its queue of \fIrollrec\fR entries. .IP "\fB\-shutdown\fR" 4 .IX Item "-shutdown" Synonym for \fB\-halt\fR. .IP "\fB\-signzone zone\fR" 4 .IX Item "-signzone zone" Signs \fIzone\fR's zonefile without performing any rollover actions. The zone is signed with the keys most recently used to sign the zone. No new keys will be generated. .IP "\fB\-signzones [all | active]\fR" 4 .IX Item "-signzones [all | active]" Signs the zonefiles of zones managed by \fBrollerd\fR, without performing any rollover actions. If the \fBall\fR option is given, then all of \fBrollerd\fR's zones will be signed. If the \fBactive\fR option is given, then only those zones which aren't in the \fIskip\fR stage will be signed. The zones are signed with the keys most recently used to sign each zone. No new keys will be generated. .IP "\fB\-skipall\fR" 4 .IX Item "-skipall" Suspends rollover for all zones in the current \fIrollrec\fR file. .IP "\fB\-skipzone zone\fR" 4 .IX Item "-skipzone zone" Suspends rollover for the zone named by \fIzone\fR. .Sp Multiple zones can be specified on the command line. For instance, this command will send the \fIskipzone\fR command to \fBrollerd\fR for three zones. .Sp .Vb 1 \& $ rollctl \-skipzone example1.com example2.com example3.com .Ve .IP "\fB\-sleeptime seconds\fR" 4 .IX Item "-sleeptime seconds" Sets \fBrollerd\fR's sleep time to \fIseconds\fR seconds. \fIsleeptime\fR must be an integer at least as large as the \fB\f(CB$MIN_SLEEP\fB\fR value in \fBrollerd\fR. .IP "\fB\-splitrrf new-rrf zone0 ... zoneN\fR" 4 .IX Item "-splitrrf new-rrf zone0 ... zoneN" Tells \fBrollerd\fR to move a set of \fIrollrec\fR entries from the current \&\fIrollrec\fR file into a new file. The new file is named in the \fInew-rrf\fR parameter. The \fIrollrec\fR entries whose names correspond to the \fIzone0\fR to \&\fIzoneN\fR list are moved to the new file. The name of the new \fIrollrec\fR file and the zone names must not contain colons. .IP "\fB\-status\fR" 4 .IX Item "-status" Has \fBrollerd\fR write several of its operational parameters to its log file. The parameters are also reported to \fBrollctl\fR, which prints them to the screen. .IP "\fB\-zonegroup\fR \fI[zone\-group]\fR" 4 .IX Item "-zonegroup [zone-group]" Requests information about zone groups from \fBrollerd\fR. If the optional \&\fIzone-group\fR argument is not given, then \fBrollerd\fR will return a list of the defined zone groups and the number of zones in each. If a \fIzone-group\fR is specified, then \fBrollerd\fR will return a list of the zones in that group. .Sp (While this is using the term \*(L"zone\*(R", it is actually referring to the name of the \fIrollrec\fR entries. For a particular \fIrollrec\fR entry, the \fIrollrec\fR name is usually the same as the zone name, but this is not a requirement.) .IP "\fB\-zonelog\fR" 4 .IX Item "-zonelog" Set the logging level for the specified zone. The new logging level is only for the current execution of \fBrollerd\fR and is not saved to the active \&\fIrollrec\fR file. .Sp The arguments for this command must be in the format \*(L"zone:loglevel\*(R". For example, this command will send the \fIzonelog\fR command to \fBrollerd\fR for three zones. .Sp .Vb 1 \& $ rollctl \-zonelog example1.com:info example2.com:6 example3.com:err .Ve .IP "\fB\-zonestatus\fR" 4 .IX Item "-zonestatus" Has \fBrollerd\fR write the status of zones in the current \fIrollrec\fR file to the \&\fBrollerd\fR log file. The status is also reported to \fBrollctl\fR, which prints it to the screen. \fBrollctl\fR prints it in columnar fashion to enhance readability. The columns, in order, are: rollrec name, zone name, roll/skip state, and rollover phase. .Sp Example: anothersub anothersub.example.com skip \s-1KSK\s0 1 example.com example.com roll \s-1KSK\s0 1 site1.in.subzone.example.com subzone.example.com roll \s-1KSK\s0 3 site1.subzone.example.com subzone.example.com roll \s-1KSK\s0 3 .IP "\fB\-zsargs arglist zones\fR" 4 .IX Item "-zsargs arglist zones" Provides additional \fBzonesigner\fR arguments for a given set of zones. These arguments will override the arguments in the DNSSEC-Tools defaults file, the DNSSEC-Tools configuration file, and the zones' \fIkeyrec\fR files. .Sp The \fBzonesigner\fR argument list is given in \fIarglist\fR. Given the \fBrollctl\fR argument processing, the new arguments for \fBzonesigner\fR cannot be specified as expected. Instead, the arguments should be given in the following manner. The leading dash should be replaced with an equals sign. If the option takes an argument, the space that would separate the option from the option's argument should also be replaced by an equals sign. \fBrollerd\fR translates these arguments to the appropriate format for \fBzonesigner\fR. These examples should clarify the modifications: .Sp .Vb 4 \& normal zonesigner option \-zsargs options \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& \-nokrfile =nokrfile \& \-zskcount 5 =zskcount=5 .Ve .Sp The \fIzones\fR list is a space-separated list of zones. \fBAll\fR the new \&\fBzonesigner\fR arguments will be applied to \fBall\fR the listed zones. .Sp The \*(L"=clear\*(R" argument is special. \fBrollerd\fR translates it to \*(L"\-clear\*(R", which is not a normal \fBzonesigner\fR option. Instead, \fBrollerd\fR recognizes \&\*(L"\-clear\*(R" as an indicator that it should remove the \fIzsargs\fR field from the \&\fIrollrec\fR records for the specified zones. .Sp The following are valid uses of \fB\-zsargs\fR: .Sp .Vb 2 \& # rollctl \-zsargs =ksklength=2048 example.com \& # rollctl \-zsargs =ksklen=2048 =zsklen=2048 example.com test.com .Ve .IP "\fB\-Version\fR" 4 .IX Item "-Version" Displays the version information for \fBrollctl\fR and the DNSSEC-Tools package. .IP "\fB\-quiet\fR" 4 .IX Item "-quiet" Prevents output from being given. Both error and non-error output is stopped. .IP "\fB\-help\fR" 4 .IX Item "-help" Displays a usage message. .SH "EXIT CODES" .IX Header "EXIT CODES" \&\fBrollctl\fR may give the following exit codes: .IP "0 \- Successful execution" 4 .IX Item "0 - Successful execution" .PD 0 .IP "1 \- Error sending the command to \fBrollerd\fR." 4 .IX Item "1 - Error sending the command to rollerd." .IP "2 \- Missing argument." 4 .IX Item "2 - Missing argument." .IP "3 \- Too many commands specified." 4 .IX Item "3 - Too many commands specified." .IP "200 \- Rollerd is not running." 4 .IX Item "200 - Rollerd is not running." .IP "201 \- Configuration file checks failed." 4 .IX Item "201 - Configuration file checks failed." .PD .SH "FUTURE" .IX Header "FUTURE" The following modifications may be made in the future: .IP "command execution order" 4 .IX Item "command execution order" The commands will be executed in the order given on the command line rather than in alphabetical order. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2006\-2012 \s-1SPARTA\s0, Inc. All rights reserved. See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details. .SH "AUTHOR" .IX Header "AUTHOR" Wayne Morrison, tewok@tislabs.com .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fB\f(BINet::DNS::SEC::Tools::rollmgr.pm\fB\|(3)\fR, \&\fB\f(BINet::DNS::SEC::Tools::rollrec.pm\fB\|(3)\fR .PP \&\fB\f(BIrollerd\fB\|(8)\fR