In article <9f43c460b0374ac3951c18dd2d477b14@xxxxxxxx>, Daniel Reich <Daniel.Reich@xxxxxxxx> wrote: > Thank you for the hints > > I modified like you described. > I also moved the permission part out of the loop (once at the end of the script is enough). > > Now with the "set -x" the script is working also in cron. The "set -x" would not be not what made it work - it is a debugging aid only. If it now works, then that is due to one of your other changes and you can remove the "set -x" again if you wish. Cheers Tony > Best regards > Daniel > > > > -----Original Message----- > From: CentOS [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Tony Mountifield > Sent: Wednesday, February 1, 2017 11:04 AM > To: centos@xxxxxxxxxx > Subject: Re: Script not running correctly as cronjob > > In article <86827d81f1944333ae213f2d3f19856a@xxxxxxxx>, > Daniel Reich <Daniel.Reich@xxxxxxxx> wrote: > > Hi > > > > I have a script to resign all DNS zones every two weeks. When i run > > the script from bash, it works like it should. But when it is executed in cron not. Its starting normal as cronjob: > > Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh > > /opt/dnssec/resign_dnssec_zones.sh) > > > > But after i get a mail that everything is finsihed, but it isn't. > > 03:04:28 DNSSEC-Signierung abgeschlossen > > > > The script deletes the old signed zones, but don't resign it. The mail is also sent. > > Below the script. > > > > Anybody an idea why it doesn't work in cron?^ I cannot find any error > > in any log. > > After the first line, add a line saying: set -x > > Then set cron to run it and examine the output that gets mailed to you. > > The -x tells it to echo each command it is about to execute. That will help you to see how far it is getting. > > Further comments below. > > Cheers > Tony > > > Best regards > > Daniel > > > > > > #!/bin/bash > > KSKDIR="/etc/named/KSK" > > ZSKDIR="/etc/named/ZSK" > > ZONEDIR="/var/named/chroot/var/named" > > LOG="/var/named/chroot/var/log/dnssec_resign.log" > > MAILREC="monitor@xx" > > > > #delete old signed files > > rm -rf $ZONEDIR/*.signed > > > > #delete the old log > > rm -rf $LOG > > > > #read the zonefiles > > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > > > for FILES in $ZONEFILES; do > > #remove the .zone at the end > > ZONE=$(echo "${FILES%.*}") > > Why not just: ZONE=${FILES%.*} > > > #remove the old signed zone > > rm -rf $ZONEDIR/$ZONE.signed > > You deleted them all further up. > > > #Sign the zone > > cd $ZONEDIR > > Why not do this before the loop? Then you also don't need $ZONEDIR/ everywhere. > > > dnssec-signzone -o $ZONE -k $KSKDIR/K$ZONE.*.key -e +3024000 > > -f $ZONE.signed $ZONEDIR/$ZONE.zone $ZSKDIR/K$ZONE.*.key >> $LOG > > > > #Set the correct permissions > > chown named.named $ZONEDIR/*.signed > > chmod 755 $ZONEDIR/*.signed > > sleep 5 > > done > > rm -rf $ZONEDIR/named.zone > > > > echo $(date +"%T")"DNSSEC-Signierung abgeschlossen - Neustart des > > Servers" >> $LOG echo "$(cat $LOG)" | mail -s "DNSSEC-Signierung > > abgeschlossen auf xxx" $MAILREC > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS@xxxxxxxxxx > > https://lists.centos.org/mailman/listinfo/centos > > > > > -- > Tony Mountifield > Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk > Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos > -- Tony Mountifield Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos