Thank you for the hints
I modified like you described.
I also moved the permission part out of the loop (once at the end of the script is enough).
Now with the "set -x" the script is working also in cron.
Best regards
Daniel
-----Original Message-----
From: CentOS [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Tony Mountifield
Sent: Wednesday, February 1, 2017 11:04 AM
To: centos@xxxxxxxxxx
Subject: Re: Script not running correctly as cronjob
In article <86827d81f1944333ae213f2d3f19856a@xxxxxxxx>,
Daniel Reich <Daniel.Reich@xxxxxxxx> wrote:
> Hi
>
> I have a script to resign all DNS zones every two weeks. When i run
> the script from bash, it works like it should. But when it is executed in cron not. Its starting normal as cronjob:
> Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh
> /opt/dnssec/resign_dnssec_zones.sh)
>
> But after i get a mail that everything is finsihed, but it isn't.
> 03:04:28 DNSSEC-Signierung abgeschlossen
>
> The script deletes the old signed zones, but don't resign it. The mail is also sent.
> Below the script.
>
> Anybody an idea why it doesn't work in cron?^ I cannot find any error
> in any log.
After the first line, add a line saying: set -x
Then set cron to run it and examine the output that gets mailed to you.
The -x tells it to echo each command it is about to execute. That will help you to see how far it is getting.
Further comments below.
Cheers
Tony
> Best regards
> Daniel
>
>
> #!/bin/bash
> KSKDIR="/etc/named/KSK"
> ZSKDIR="/etc/named/ZSK"
> ZONEDIR="/var/named/chroot/var/named"
> LOG="/var/named/chroot/var/log/dnssec_resign.log"
> MAILREC="monitor@xx"
>
> #delete old signed files
> rm -rf $ZONEDIR/*.signed
>
> #delete the old log
> rm -rf $LOG
>
> #read the zonefiles
> ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
>
> for FILES in $ZONEFILES; do
> #remove the .zone at the end
> ZONE=$(echo "${FILES%.*}")
Why not just: ZONE=${FILES%.*}
> #remove the old signed zone
> rm -rf $ZONEDIR/$ZONE.signed
You deleted them all further up.
> #Sign the zone
> cd $ZONEDIR
Why not do this before the loop? Then you also don't need $ZONEDIR/ everywhere.
> dnssec-signzone -o $ZONE -k $KSKDIR/K$ZONE.*.key -e +3024000
> -f $ZONE.signed $ZONEDIR/$ZONE.zone $ZSKDIR/K$ZONE.*.key >> $LOG
>
> #Set the correct permissions
> chown named.named $ZONEDIR/*.signed
> chmod 755 $ZONEDIR/*.signed
> sleep 5
> done
> rm -rf $ZONEDIR/named.zone
>
> echo $(date +"%T")"DNSSEC-Signierung abgeschlossen - Neustart des
> Servers" >> $LOG echo "$(cat $LOG)" | mail -s "DNSSEC-Signierung
> abgeschlossen auf xxx" $MAILREC
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
--
Tony Mountifield
Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org _______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
