In article 86827d81f1944333ae213f2d3f19856a@2sic.com, Daniel Reich Daniel.Reich@2sic.com wrote:
Hi
I have a script to resign all DNS zones every two weeks. When i run the script from bash, it works like it should. But when it is executed in cron not. Its starting normal as cronjob: Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh /opt/dnssec/resign_dnssec_zones.sh)
But after i get a mail that everything is finsihed, but it isn't. 03:04:28 DNSSEC-Signierung abgeschlossen
The script deletes the old signed zones, but don't resign it. The mail is also sent. Below the script.
Anybody an idea why it doesn't work in cron?^ I cannot find any error in any log.
After the first line, add a line saying: set -x
Then set cron to run it and examine the output that gets mailed to you.
The -x tells it to echo each command it is about to execute. That will help you to see how far it is getting.
Further comments below.
Cheers Tony
Best regards Daniel
#!/bin/bash KSKDIR="/etc/named/KSK" ZSKDIR="/etc/named/ZSK" ZONEDIR="/var/named/chroot/var/named" LOG="/var/named/chroot/var/log/dnssec_resign.log" MAILREC="monitor@xx"
#delete old signed files rm -rf $ZONEDIR/*.signed
#delete the old log rm -rf $LOG
#read the zonefiles ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
for FILES in $ZONEFILES; do #remove the .zone at the end ZONE=$(echo "${FILES%.*}")
Why not just: ZONE=${FILES%.*}
#remove the old signed zone rm -rf $ZONEDIR/$ZONE.signed
You deleted them all further up.
#Sign the zone cd $ZONEDIR
Why not do this before the loop? Then you also don't need $ZONEDIR/ everywhere.
dnssec-signzone -o $ZONE -k $KSKDIR/K$ZONE.*.key -e +3024000 -f $ZONE.signed $ZONEDIR/$ZONE.zone$ZSKDIR/K$ZONE.*.key >> $LOG
#Set the correct permissions chown named.named $ZONEDIR/*.signed chmod 755 $ZONEDIR/*.signed sleep 5 done rm -rf $ZONEDIR/named.zone
echo $(date +"%T")"DNSSEC-Signierung abgeschlossen - Neustart des Servers" >> $LOG echo "$(cat $LOG)" | mail -s "DNSSEC-Signierung abgeschlossen auf xxx" $MAILREC
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos