On 02/01/2017 12:23 AM, Yuri Schaeffer wrote: >> Is ODS enforcer polling for a specific trigger to fire each script? > > It decides based on its internal state. When a KSK is ready to be > submitted to the parent the <DelegationSignerSubmitCommand> script > will run. After that it waits for an external signal (ds-ssen). Given > by either the operator of a script. > >> Or do we need to add polling of some sort in the scripts themselves? > > OpenDNSSEC does not poll the parent nameservers to see that DS > availability. So if you fully want to automate a rollover you will need > to do some polling yourself before you call ds-ssen. >
That's helpful. And what are the trigger conditions / different usage for <DelegationSignerRetractCommand> ? Is it triggered automatically based on internal state as well? Which? Or does it fire on a manually executed cmd line trigger? Understood that 'more automation' will come later -- clearer documentation of the current state of triggers & timing, and general usage in an automated process, even if/as it's DIY for now, would be helpful.
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
