Skip to end of metadata
Go to start of metadata


Based on feedback from users there are a number of usability requirements that very desirable from the user perspective. This page is to collect the ideas discussed so that a set of JIRA issues can be created to cover these requirements.



SummaryJIRA issueDetailsComments
ods-control status108Provide a simple tool to check the status of the deamons 

ods-control enforcer summary [--verbose]

ods-control signer summary [--verbose]

ods-control summary


Command line tool that will generate a summary report from each component (or both)

Enforcer summary:

  • Time enforcer last ran and interval setting
  • Number of zones
  • Number of policies
  • List of policies and number of zones
    • [--verbose] List of zones on each policy
  • Number of keys and count in different states
    • [--verbose] List of active keys with rollover date

Signer summary

  • Count of zones, list of failed ones
    • [--verbose] Status of zone (last successful signing, last failed signing, signing stats)
Output 'ods-control summary' to syslog daily Output this at midnight each night? This will allow users to track back in time when something as gone wrong. i.e. when was a zone/policy added, when did the signing first start failingdaily or other periodic events can be achieved with cronjobs
Notification mechanism for key events A generic notification framework should be provided for key events that can then be used to trigger e.g. email/xmpp (This will require an extension to the xml.) 
Improvements to logging 

Clearer logging of

  • start and stop of daemons
  • important events
  • command utilities should also log information (This will allow users to track back in time to see what operations were performed when.)


DS handling

SummaryJIRA issueDetailsComments
ods-ksmutil ds-seen --all Add and –all option to the existing command 
Hook for DS generation Maybe just notifying of this event is enough and less risky? 
Control of DS reaching ready state   


API improvements

ods-checkzone: A tool to sanity check an unsigned zone before providing it to the signer engine296  
Port DB migration scripts to 1.3434  
Review use of return codes and --force flag in all commands   
Provide documentation for config files (e.g. man pages)   
Hook on key generation (when backup required) May be covered by generic notification framework item above 




  • No labels