Skip to content
Snippets Groups Projects

keymgr uses zone: section storage: when importing keys when it should use global storage:

    • Closed Issue created by Tuomo Soini @bleve

    When keymgr imports keys it creates new keys directory and uses the zone: section storage setting which should only apply to zone files. This happens at least when storage is specified in template.

    Designs

      Child items 0

      2. No child items are currently assigned. Use child items to break down this issue into smaller parts.

      Activity

      • Jan Hák
        Jan Hák @jhak ·
        Maintainer

        I'm not sure I fully understand your problem.

        I've tried to reproduce your report, but it seems like legitimate behavior. If you only have template[default].storage set, the keys will be stored there (it is implemented this way for backward compatibility with older versions of Knot). To store keys elsewhere, you should set database.storage in the configuration file.

        But it's possible that I misunderstood your problem. Could you provide some configuration snippet and/or keymgr command to reproduce your problem?

        Edited by Jan Hák
      • David Vasek
        David Vasek @dvasek ·
        Maintainer

        Hello, I tried to verify the issue independently and wasn't able to reproduce it either. If the template storage directory and the zone storage directory are different, then keymgr creates the keys directory containing the keys etc. in the template storage directory.

        If you are sure the reported problem really happens, please provide us the information that @jhak has asked for.

      • Tuomo Soini
        Tuomo Soini @bleve ·
        Author

        How that works now is not logical at all.

        https://www.knot-dns.cz/docs/3.0/singlehtml/index.html#zone-storage

        When I change storage at zone level it should only affect to zone file location like documentation shows.

        It is not at all logical that I'd need to create another section and configure storge setting for database to prevent moving database.

        https://www.knot-dns.cz/docs/3.0/singlehtml/index.html#storage

        Documentation clearly shows that storage in datbase section only affects location of kaspdb. Not zone location.

        I found out that I can work around the issue by setting:

        database: storage: "/var/lib/knot"

        But that should not be required.

        Edited by Tuomo Soini
      • Daniel Salzman
        Daniel Salzman @dsalzman ·
        Owner

        @bleve Please keep in mind that the possible illogicality is caused by the backward compatibility with versions < 2.9, which don't have the database section!

        Knot DNS >= 2.9:

        database:
 storage: path0    # Base directory for databases.

template:
 - id: default     # Default zone file storage.
   storage: path1

        Knot DNS < 2.9:

        template:
 - id: default
   storage: path1  # Default zone file storage AND base directory for databases!

        So if you have explicitly configured template[default].storage and not database.storage, the backward compatibility considers template[default].storage as a base directory for databases.

      • Daniel Salzman
        Daniel Salzman @dsalzman ·
        Owner

        It's not that easy to get rid of the history ;-)

      • Tuomo Soini
        Tuomo Soini @bleve ·
        Author

        Yes, but all of the logics should be in doucumentation.

      • Daniel Salzman
        Daniel Salzman @dsalzman ·
        Owner

        Sure, patches welcome :-)

      • Daniel Salzman added compatibility documentation labels

        added compatibility documentation labels

      • Daniel Salzman closed with commit 5172fb00

        closed with commit 5172fb00

      • Daniel Salzman mentioned in commit 856190c6

        mentioned in commit 856190c6

      • Daniel Salzman mentioned in commit 5172fb00

        mentioned in commit 5172fb00

      Please register or sign in to reply