In article <9f43c460b0374ac3951c18dd2d477b14@xxxxxxxx>,
Daniel Reich <Daniel.Reich@xxxxxxxx> wrote:
> Thank you for the hints
>
> I modified like you described.
> I also moved the permission part out of the loop (once at the end of the script is enough).
>
> Now with the "set -x" the script is working also in cron.
The "set -x" would not be not what made it work - it is a debugging aid only.
If it now works, then that is due to one of your other changes and you can
remove the "set -x" again if you wish.
Cheers
Tony
> Best regards
> Daniel
>
>
>
> -----Original Message-----
> From: CentOS [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Tony Mountifield
> Sent: Wednesday, February 1, 2017 11:04 AM
> To: centos@xxxxxxxxxx
> Subject: Re: Script not running correctly as cronjob
>
> In article <86827d81f1944333ae213f2d3f19856a@xxxxxxxx>,
> Daniel Reich <Daniel.Reich@xxxxxxxx> wrote:
> > Hi
> >
> > I have a script to resign all DNS zones every two weeks. When i run
> > the script from bash, it works like it should. But when it is executed in cron not. Its starting normal as cronjob:
> > Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh
> > /opt/dnssec/resign_dnssec_zones.sh)
> >
> > But after i get a mail that everything is finsihed, but it isn't.
> > 03:04:28 DNSSEC-Signierung abgeschlossen
> >
> > The script deletes the old signed zones, but don't resign it. The mail is also sent.
> > Below the script.
> >
> > Anybody an idea why it doesn't work in cron?^ I cannot find any error
> > in any log.
>
> After the first line, add a line saying: set -x
>
> Then set cron to run it and examine the output that gets mailed to you.
>
> The -x tells it to echo each command it is about to execute. That will help you to see how far it is getting.
>
> Further comments below.
>
> Cheers
> Tony
>
> > Best regards
> > Daniel
> >
> >
> > #!/bin/bash
> > KSKDIR="/etc/named/KSK"
> > ZSKDIR="/etc/named/ZSK"
> > ZONEDIR="/var/named/chroot/var/named"
> > LOG="/var/named/chroot/var/log/dnssec_resign.log"
> > MAILREC="monitor@xx"
> >
> > #delete old signed files
> > rm -rf $ZONEDIR/*.signed
> >
> > #delete the old log
> > rm -rf $LOG
> >
> > #read the zonefiles
> > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*')
> >
> > for FILES in $ZONEFILES; do
> > #remove the .zone at the end
> > ZONE=$(echo "${FILES%.*}")
>
> Why not just: ZONE=${FILES%.*}
>
> > #remove the old signed zone
> > rm -rf $ZONEDIR/$ZONE.signed
>
> You deleted them all further up.
>
> > #Sign the zone
> > cd $ZONEDIR
>
> Why not do this before the loop? Then you also don't need $ZONEDIR/ everywhere.
>
> > dnssec-signzone -o $ZONE -k $KSKDIR/K$ZONE.*.key -e +3024000
> > -f $ZONE.signed $ZONEDIR/$ZONE.zone $ZSKDIR/K$ZONE.*.key >> $LOG
> >
> > #Set the correct permissions
> > chown named.named $ZONEDIR/*.signed
> > chmod 755 $ZONEDIR/*.signed
> > sleep 5
> > done
> > rm -rf $ZONEDIR/named.zone
> >
> > echo $(date +"%T")"DNSSEC-Signierung abgeschlossen - Neustart des
> > Servers" >> $LOG echo "$(cat $LOG)" | mail -s "DNSSEC-Signierung
> > abgeschlossen auf xxx" $MAILREC
> >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> --
> Tony Mountifield
> Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
> Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
--
Tony Mountifield
Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
