Do not forget that cron does not use the root environment, such as
$PATH. You need to set up the exect environment you need in the
beginning of the crontab file. It would be helpful to see your crontab
file to know what environment it has set up.
Also the /var/log/cron log file should contain error information that
might be helpful.
On 02/01/2017 05:04 AM, Tony Mountifield wrote:
In article <86827d81f1944333ae213f2d3f198...@2sic.com>,
Daniel Reich <daniel.re...@2sic.com> wrote:
Hi
I have a script to resign all DNS zones every two weeks. When i run the script
from bash, it works like it should. But
when it is executed in cron not. Its starting normal as cronjob:
Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh
/opt/dnssec/resign_dnssec_zones.sh)
But after i get a mail that everything is finsihed, but it isn't.
03:04:28 DNSSEC-Signierung abgeschlossen
The script deletes the old signed zones, but don't resign it. The mail is also
sent.
Below the script.
Anybody an idea why it doesn't work in cron?^
I cannot find any error in any log.
After the first line, add a line saying: set -x
Then set cron to run it and examine the output that gets mailed to you.
The -x tells it to echo each command it is about to execute. That will help
you to see how far it is getting.
Further comments below.
Cheers
Tony
Best regards
Daniel
#!/bin/bash
KSKDIR="/etc/named/KSK"
ZSKDIR="/etc/named/ZSK"
ZONEDIR="/var/named/chroot/var/named"
LOG="/var/named/chroot/var/log/dnssec_resign.log"
MAILREC="monitor@xx"
#delete old signed files
rm -rf $ZONEDIR/*.signed
#delete the old log
rm -rf $LOG
#read the zonefiles
ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
for FILES in $ZONEFILES; do
#remove the .zone at the end
ZONE=$(echo "${FILES%.*}")
Why not just: ZONE=${FILES%.*}
#remove the old signed zone
rm -rf $ZONEDIR/$ZONE.signed
You deleted them all further up.
#Sign the zone
cd $ZONEDIR
Why not do this before the loop? Then you also don't need $ZONEDIR/ everywhere.
dnssec-signzone -o $ZONE -k $KSKDIR/K$ZONE.*.key -e +3024000 -f
$ZONE.signed $ZONEDIR/$ZONE.zone
$ZSKDIR/K$ZONE.*.key >> $LOG
#Set the correct permissions
chown named.named $ZONEDIR/*.signed
chmod 755 $ZONEDIR/*.signed
sleep 5
done
rm -rf $ZONEDIR/named.zone
echo $(date +"%T")"DNSSEC-Signierung abgeschlossen - Neustart des Servers" >>
$LOG
echo "$(cat $LOG)" | mail -s "DNSSEC-Signierung abgeschlossen auf xxx" $MAILREC
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
--
*********************************************************
David P. Both, RHCE
Millennium Technology Consulting LLC
Raleigh, NC, USA
919-389-8678
db...@millennium-technology.com
www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*********************************************************
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not consent to the
retrieving or storing of this communication and any related metadata, as well as
printing, copying, re-transmitting, disseminating, or otherwise using it. If you
believe you have received this communication in error, please delete it
immediately.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
