NAME
Lim::Plugin::OpenDNSSEC - OpenDNSSEC management plugin for Lim
VERSION
Version 0.14
SYNOPSIS
use Lim::Plugin::OpenDNSSEC;
# Create a Server object
$server = Lim::Plugin::OpenDNSSEC->Server;
# Create a Client object
$client = Lim::Plugin::OpenDNSSEC->Client;
# Create a CLI object
$cli = Lim::Plugin::OpenDNSSEC->CLI;
DESCRIPTION
This plugin lets you manage a OpenDNSSEC installation via Lim.
METHODS
- $plugin_name = Lim::Plugin::OpenDNSSEC->Name
-
Returns the plugin's name.
- $plugin_description = Lim::Plugin::OpenDNSSEC->Description
-
Returns the plugin's description.
- $call_hash_ref = Lim::Plugin::OpenDNSSEC->Calls
-
Returns a hash reference to the calls that can be made to this plugin, used both in Server and Client to verify input and output arguments.
See CALLS for list of calls and arguments.
- $command_hash_ref = Lim::Plugin::OpenDNSSEC->Commands
-
Returns a hash reference to the CLI commands that can be made by this plugin.
See COMMANDS for list of commands and arguments.
CALLS
See Lim::Component::Client on how calls and callback functions should be used.
- $client->ReadVersion(sub { my ($call) = @_; })
-
Get the version of the plugin and version of OpenDNSSEC found.
$response = { version => string, # Version of the plugin program => # Single hash or an array of hashes as below: { name => string, # Program name version => string, # Program version } };
- $client->ReadConfigs(sub { my ($call) = @_; })
-
Get a list of all config files that can be managed by this plugin.
$response = { file => # Single hash or an array of hashes as below: { name => string, # Full path file name read => integer, # True if readable write => integer, # True if writable } };
- $client->CreateConfig($input, sub { my ($call) = @_; })
-
Create a new config file, returns an error if it failed to create the config file otherwise there is no response.
$input = { file => # Single hash or an array of hashes as below: { name => string, # Full path file name content => string, # Configuration content } };
- $client->ReadConfig($input, sub { my ($call) = @_; })
-
Returns a config file as a content.
$input = { file => # Single hash or an array of hashes as below: { name => string, # Full path file name } }; $response = { file => # Single hash or an array of hashes as below: { name => string, # Full path file name content => string, # Configuration content } };
- $client->UpdateConfig($input, sub { my ($call) = @_; })
-
Update a config file, this will overwrite the file. Returns an error if it failed to update the config file otherwise there is no reponse.
$input = { file => # Single hash or an array of hashes as below: { content => string, # ... name => string, # ... } };
- $client->DeleteConfig($input, sub { my ($call) = @_; })
-
Delete a config file, returns an error if it failed to delete the config file otherwise there is no reponse.
$input = { file => # Single hash or an array of hashes as below: { name => string, # ... } };
- $client->UpdateControlStart($input, sub { my ($call) = @_; })
-
Start the specified OpenDNSSEC program (enforcer or signer) or all of them. Returns an error if it failed to start otherwise there is no response.
$input = { program => # (optional) Single hash or an array of hashes as below: { name => string, # ... } };
- $client->UpdateControlStop($input, sub { my ($call) = @_; })
-
Stop the specified OpenDNSSEC program (enforcer or signer) or all of them. Returns an error if it failed to stop otherwise there is no response.
$input = { program => # (optional) Single hash or an array of hashes as below: { name => string, # ... } };
- $client->CreateEnforcerSetup(sub { my ($call) = @_; })
-
Setup the Enforcer database by importing configurations, this will delete any existing information. Returns an error if it failed to setup otherwise there is no response.
- $client->UpdateEnforcerUpdate($input, sub { my ($call) = @_; })
-
Update the specified configuration section (conf, kasp or zonelist) or all of them. Returns an error if it failed to update otherwise there is no response.
$input = { update => # (optional) Single hash or an array of hashes as below: { section => string, # ... } };
- $client->CreateEnforcerZone($input, sub { my ($call) = @_; })
-
Add a new zone into OpenDNSSEC, returns an error if it failed to add the zone otherwise there is no response.
$input = { zone => # Single hash or an array of hashes as below: { input => string, # ... name => string, # ... no_xml => bool, # ... (optional) output => string, # ... policy => string, # ... signerconf => string, # ... } };
- $client->ReadEnforcerZoneList(sub { my ($call) = @_; })
-
Get a list of zones and related policies.
$response = { zone => # Single hash or an array of hashes as below: { name => string, # ... policy => string, # ... } };
- $client->DeleteEnforcerZone($input, sub { my ($call) = @_; })
-
Remove a zone from OpenDNSSEC, returns an error if it failed to remove the zone otherwise there is no response.
$input = { zone => # Single hash or an array of hashes as below: { all => bool, # ... (optional) name => string, # ... (optional) no_xml => bool, # ... (optional) } };
- $client->ReadEnforcerRepositoryList(sub { my ($call) = @_; })
-
Get a list of available repositories.
$response = { repository => # Single hash or an array of hashes as below: { capacity => integer, # ... name => string, # ... require_backup => bool, # ... } };
- $client->ReadEnforcerPolicyList(sub { my ($call) = @_; })
-
Get a list of available policies.
$response = { policy => # Single hash or an array of hashes as below: { description => string, # ... name => string, # ... } };
- $client->ReadEnforcerPolicyExport($input, sub { my ($call) = @_; })
-
Export the specified policy or all. Returns an error if it failed to export.
$input = { policy => # (optional) Single hash or an array of hashes as below: { name => string, # ... } }; $response = { kasp => string, # ... (optional) policy => # Single hash or an array of hashes as below: { kasp => string, # ... name => string, # ... } };
- $client->DeleteEnforcerPolicyPurge(sub { my ($call) = @_; })
-
Undocumented
- $client->ReadEnforcerKeyList($input, sub { my ($call) = @_; })
-
Get a list of keys for the specified zone or all. Returns an error if it failed to get the list of keys.
$input = { verbose => bool, # ... (optional) zone => # (optional) Single hash or an array of hashes as below: { name => string, # ... } }; $response = { zone => # Single hash or an array of hashes as below: { name => string, # ... key => # Single hash or an array of hashes as below: { cka_id => string, # ... (optional) keytag => string, # ... (optional) next_transaction => string, # ... repository => string, # ... (optional) state => string, # ... type => string, # ... } } };
- $client->ReadEnforcerKeyExport($input, sub { my ($call) = @_; })
-
Export the specified keys
$input = { ds => bool, # ... (optional) keystate => string, # ... (optional) keytype => string, # ... (optional) zone => # (optional) Single hash or an array of hashes as below: { ds => bool, # ... (optional) keystate => string, # ... (optional) keytype => string, # ... (optional) name => string, # ... } }; $response = { rr => # Single hash or an array of hashes as below: { class => string, # ... name => string, # ... rdata => string, # ... ttl => integer, # ... type => string, # ... } };
- $client->CreateEnforcerKeyImport($input, sub { my ($call) = @_; })
-
...
$input = { key => # Single hash or an array of hashes as below: { algorithm => integer, # ... bits => integer, # ... cka_id => string, # ... keystate => string, # ... keytype => string, # ... repository => string, # ... retire => string, # ... (optional) time => string, # ... zone => string, # ... } };
- $client->UpdateEnforcerKeyRollover($input, sub { my ($call) = @_; })
-
...
$input = { policy => # (optional) Single hash or an array of hashes as below: { keytype => string, # ... (optional) name => string, # ... }, zone => # (optional) Single hash or an array of hashes as below: { keytype => string, # ... (optional) name => string, # ... } };
- $client->DeleteEnforcerKeyPurge($input, sub { my ($call) = @_; })
-
...
$input = { policy => # (optional) Single hash or an array of hashes as below: { name => string, # ... }, zone => # (optional) Single hash or an array of hashes as below: { name => string, # ... } }; $response = { key => # Single hash or an array of hashes as below: { cka_id => string, # ... } };
- $client->CreateEnforcerKeyGenerate($input, sub { my ($call) = @_; })
-
...
$input = { policy => # Single hash or an array of hashes as below: { interval => string, # ... name => string, # ... } }; $response = { key => # Single hash or an array of hashes as below: { algorithm => integer, # ... bits => integer, # ... cka_id => string, # ... keytype => string, # ... repository => string, # ... } };
- $client->UpdateEnforcerKeyKskRetire($input, sub { my ($call) = @_; })
-
...
$input = { zone => # Single hash or an array of hashes as below: { cka_id => string, # ... (optional) keytag => string, # ... (optional) name => string, # ... } };
- $client->UpdateEnforcerKeyDsSeen($input, sub { my ($call) = @_; })
-
...
$input = { zone => # Single hash or an array of hashes as below: { cka_id => string, # ... (optional) keytag => string, # ... (optional) name => string, # ... no_retire => bool, # ... (optional) } };
- $client->UpdateEnforcerBackupPrepare($input, sub { my ($call) = @_; })
-
...
$input = { repository => # (optional) Single hash or an array of hashes as below: { name => string, # ... } };
- $client->UpdateEnforcerBackupCommit($input, sub { my ($call) = @_; })
-
...
$input = { repository => # (optional) Single hash or an array of hashes as below: { name => string, # ... } };
- $client->UpdateEnforcerBackupRollback($input, sub { my ($call) = @_; })
-
...
$input = { repository => # (optional) Single hash or an array of hashes as below: { name => string, # ... } };
- $client->UpdateEnforcerBackupDone($input, sub { my ($call) = @_; })
-
...
$input = { repository => # (optional) Single hash or an array of hashes as below: { name => string, # ... } };
- $client->ReadEnforcerBackupList($input, sub { my ($call) = @_; })
-
...
$input = { repository => # (optional) Single hash or an array of hashes as below: { name => string, # ... } }; $response = { repository => # Single hash or an array of hashes as below: { name => string, # ... prepared_keys => bool, # ... (optional) unbacked_up_keys => bool, # ... (optional) backup => # Single hash or an array of hashes as below: { date => string, # ... } } };
- $client->ReadEnforcerRolloverList($input, sub { my ($call) = @_; })
-
...
$input = { zone => # (optional) Single hash or an array of hashes as below: { name => string, # ... } }; $response = { zone => # Single hash or an array of hashes as below: { keytype => string, # ... name => string, # ... rollover_expected => string, # ... } };
- $client->CreateEnforcerDatabaseBackup(sub { my ($call) = @_; })
-
...
- $client->ReadEnforcerZonelistExport(sub { my ($call) = @_; })
-
...
$response = { zonelist => string, # ... };
- $client->ReadSignerZones(sub { my ($call) = @_; })
-
...
$response = { zone => # Single hash or an array of hashes as below: { name => string, # ... } };
- $client->UpdateSignerSign($input, sub { my ($call) = @_; })
-
...
$input = { zone => # (optional) Single hash or an array of hashes as below: { name => string, # ... } };
- $client->UpdateSignerClear($input, sub { my ($call) = @_; })
-
...
$input = { zone => # Single hash or an array of hashes as below: { name => string, # ... } };
- $client->ReadSignerQueue(sub { my ($call) = @_; })
-
...
$response = { now => string, # ... (optional) task => # Single hash or an array of hashes as below: { date => string, # ... type => string, # ... zone => string, # ... } };
- $client->UpdateSignerFlush(sub { my ($call) = @_; })
-
...
- $client->UpdateSignerUpdate($input, sub { my ($call) = @_; })
-
...
$input = { zone => # (optional) Single hash or an array of hashes as below: { name => string, # ... } };
- $client->ReadSignerRunning(sub { my ($call) = @_; })
-
...
$response = { running => bool, # ... };
- $client->UpdateSignerReload(sub { my ($call) = @_; })
-
...
- $client->UpdateSignerVerbosity($input, sub { my ($call) = @_; })
-
...
$input = { verbosity => integer, # ... };
- $client->ReadHsmList($input, sub { my ($call) = @_; })
-
...
$input = { repository => # (optional) Single hash or an array of hashes as below: { name => string, # ... } }; $response = { key => # Single hash or an array of hashes as below: { id => string, # ... keysize => integer, # ... keytype => string, # ... repository => string, # ... } };
- $client->CreateHsmGenerate($input, sub { my ($call) = @_; })
-
...
$input = { key => # Single hash or an array of hashes as below: { keysize => integer, # ... repository => string, # ... } }; $response = { key => # Single hash or an array of hashes as below: { id => string, # ... keysize => integer, # ... keytype => string, # ... repository => string, # ... } };
- $client->DeleteHsmRemove($input, sub { my ($call) = @_; })
-
...
$input = { key => # Single hash or an array of hashes as below: { id => string, # ... } };
- $client->DeleteHsmPurge($input, sub { my ($call) = @_; })
-
...
$input = { repository => # Single hash or an array of hashes as below: { name => string, # ... } };
- $client->CreateHsmDnskey($input, sub { my ($call) = @_; })
-
...
$input = { key => # Single hash or an array of hashes as below: { id => string, # ... name => string, # ... } }; $response = { key => # Single hash or an array of hashes as below: { id => string, # ... name => string, # ... rr => string, # ... } };
- $client->ReadHsmTest($input, sub { my ($call) = @_; })
-
...
$input = { repository => # Single hash or an array of hashes as below: { name => string, # ... } };
- $client->ReadHsmInfo(sub { my ($call) = @_; })
-
...
$response = { repository => # Single hash or an array of hashes as below: { manufacturer => string, # ... model => string, # ... module => string, # ... name => string, # ... serial => string, # ... slot => integer, # ... token_label => string, # ... } };
COMMANDS
- version
-
Show version of the plugin and OpenDNSSEC.
- configs
-
List configuration files.
- config view <file>
-
Display the content of a configuration file.
- config edit <file>
-
Edit a configuration file.
- start enforcer
-
Start Enforcer.
- start signer
-
Start Signer.
- stop enforcer
-
Stop Enforcer.
- stop signer
-
Stop Signer.
- setup
-
Import configuration into the database and delete existing information.
- update all
-
Update datebase with all configurations.
- update kasp
-
Update database with the KASP configuration.
- update zonelist
-
Update database with the zonelist configuration.
- update conf
-
Update database with the configuration.
- zone add [--no-xml] <zone> <policy> <signconf> <input file> <output file>
-
Add a zone.
- zone list
-
List zones.
- zone delete [--no-xml] <zone>
-
Delete a zone.
- repository list
-
List repositories.
- policy list
-
List policies.
- policy export <policies ... >
-
Export the specified policies and display them.
- key list [--verbose] [<zones ... >]
-
List keys for specified zones or all keys.
- key export [--keytype <key type>] [--keystate <key state>] [--ds] [<zones ... >]
-
Export keys for specified zones or all keys as resource records.
- key import --cka_id <CKA_ID> --repository <repository> --bits <bits> --algorithm <algorithm> --keystate <key state> --keytype <key type> --time <time> [--retire-time <retire_time>] --zone <zone>
-
Import a key into a zone.
- key rollover zone [--keytype <key type>] <zones ... >
-
Do a key rollover for the specified zones.
- key rollover policy [--keytype <key type>] <policies ... >
-
Do a key rollover for the specified policies.
- key purge zone [--keytype <key type>] <zones ... >
-
Purge keys from the specified zones.
- key purge policy [--keytype <key type>] <policies ... >
-
Purge keys from the specified policies.
- key generate <policy> <interval>
-
Generate keys for the specified policy and interval.
- key ksk retire [--cka_id <CKA_ID>] [--keytag <key tag>] <zone>
-
Retire the KSK for the specified zone.
- key ds seen [--cka_id <CKA_ID>] [--keytag <key tag>] [--no-retrie] <zone>
-
Mark the DS seen for the specified zone.
- backup prepare [<repositories ... >]
-
Prepare for backup on specified repositories or all.
- backup commit [<repositories ... >]
-
Commit the backup on specified repositories or all.
- backup rollback [<repositories ... >]
-
Rollback the backup on specified repositories or all.
- backup done [<repositories ... >]
-
Notify OpenDNSSEC that a backup has been done on specified repositories or all.
- backup list [<repositories ... >]
-
List backup for the specified repositories or all.
- rollover list [<zones ... >]
-
List schedualed rollover for specified zones or all.
- database backup
-
Create a database backup.
- zonelist export
-
Export the zonelist and display it.
- signer zones
-
List zones.
- signer sign [<zones ... >]
-
Schedual specified zones or all for signing.
- signer clear <zones ... >
-
Clear the internal state for the specified zones.
- signer queue
-
Display the task queue.
- signer flush
-
Flush all tasks on queue, executing them immediately.
- signer update [<zones ... >]
-
Issue an update for the specified zones or all.
- signer running
-
Check if the Signer is running.
- signer reload
-
Tell the Signer to reload.
- signer verbosity <verbosity>
-
Change the verbosity.
- hsm list [<repositories ... >]
-
List repositories information for the specified one or all.
- hsm generate <repository> <key size>
-
Generate a key in the specified repository.
- hsm remove <key ids ... >
-
Remove the specified keys.
- hsm purge <repositories ... >
-
Purge the specified repositories.
- hsm dnskey <key id> <owner name>
-
Create a DNSKEY.
- hsm test <repositories ... >
-
Test the specified repositories.
- hsm info
-
Display HSM information.
AUTHOR
Jerry Lundström, <lundstrom.jerry at gmail.com>
BUGS
Please report any bugs or feature requests to https://github.com/jelu/lim-plugin-opendnssec/issues.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Lim::Plugin::OpenDNSSEC
You can also look for information at:
Lim issue tracker (report bugs here)
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
Copyright 2012-2013 Jerry Lundström.
This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.
See http://dev.perl.org/licenses/ for more information.