Skip to content

NLnetLabs/ods2cascade

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

111 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
test-data
test-data
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ods2cascade

A tool for assisting operators with migration from OpenDNSSEC to Cascade.

ods2cascade:

  • Reads OpenDNSSEC files and the Enforcer Database.
  • Does NOT modify any existing Cascade or OpenDNSSEC instances.
  • Outputs generated files for use with Cascade to a user-specified directory.

Status

Not yet working, very early prototype.

Progress:

  • Read well-formed OpenDNSSEC conf.xml, kasp.xml, addns.xml, zonelist.xml, zones.xml and signconf.xml files.
  • Read well-formed Cascade config TOML file.
  • Read well-formed SQLite/MySQL Enforcer database fields.
  • Determine the set of PKCS#11 keys to import.
  • Read HSM configuration from OpenDNSSEC configuration.
  • Read database configuration from OpenDNSSEC configuration.
  • Determine the OpenDNSSEC source of truth to use for each Cascade setting to be configured.
  • Determine how to map any concepts in OpenDNSSEC that have exactly corresponding counterparts in Cascade.
    • Handle the 2:1 mapping of separate but related OpenDNSSEC KASP policy and ADDNS XML files onto single Cascade policy files.
  • Generate Cascade policy files by serializing Cascade data types.
  • Generate kmip2pkcs11 configuration for each OpenDNSSEC "Repository".
  • Generate Cascade configuration.
  • Generate a shell script containing the sequence of commands needed to:
    • Install generated Cascade policy files.
    • Instruct Cascade to reload policy.
    • Instruct Cascade to add HSMs.
    • Instruct Cascade to add zones
      • Using the correct policy.
      • Using the correct HSM.
      • Using the correct keys.

Usage

ods2cascade requires that both Cascade and kmip2pkcs11 (if needed, see #22) already be installed.

ods2cascade requires three filesystem paths as input:

  1. The path to the config file of your new Cascade instance.
  2. The path to the config file of the OpenDNSSEC instance to migrate.
  3. The path to a directory to create that will contain generated policy files and a migration shell script.

When invoked ods2cascade will:

  • Read the specified Cascade configuration file.
  • Read the specified OpenDNSSEC configuration and any files that references.
  • Query the specified OpenDNSSEC Enforcer database using the connection details specified in the OpenDNSSEC configuration.
  • Generate Cascade policy, configuration and migration shell script files in the specified output directory.

About

Exploring ideas for assisting with migration from OpenDNSSEC to Cascade.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages