Skip to content

Ensure keyset warnings are logged and included in zone history.#207

Merged
ximon18 merged 4 commits intomainfrom
log-keyset-errors
Oct 14, 2025
Merged

Ensure keyset warnings are logged and included in zone history.#207
ximon18 merged 4 commits intomainfrom
log-keyset-errors

Conversation

@ximon18
Copy link
Member

@ximon18 ximon18 commented Oct 13, 2025

In #193 we saw that a dnst keyset cron invocation experienced a transient network error resulting in "Something went wrong transferring the zone to be verified." being shown by dnst keyset status. However there was no record of this transient problem anywhere because dnst keyset cron did not fail, it exited with code zero, but DID print to stderr. Capturing of stderr was only done if the exit code was non-zero, so the warning that was output was lost.

Additionally, while dnst keyset commands and errors are recorded in zone history, and logged as executed, if the command fails the error is not logged. only recorded in history.

This PR addresses these shortcomings.

Specifically it:

  • Moves all dnst execution into KeyManager.
    • Merges KeyRollResult and KeyRemoveResult into new KeySetCommandResult.
    • Merges KeyRollError and KeyRollResult into new KetSetCommandError.
    • Adds new ApplicationCommand::KeySetStatus which KeyManager responds to.
    • Uses new ApplicationCommand::KeySetStatus from http_server instead of invoking dnst keyset directly.
  • Captures stderr even for failed dnst keyset commands. Log and store it as a warning.
  • Adds support for "silent" dnst keyset execution so that KeyManager can invoke dnst keyset status and only record it in the zone history of there were warnings or errors, otherwise cascade zone status commands will spam the zone history.

Other:

  • Replaces log:: with imports.

@ximon18
Ensure keyset warnings are logged and included in zone history.
355ab81 
- Move all dnst execution into KeyManager.
  - Merge KeyRollResult and KeyRemoveResult into new
KeySetCommandResult.
  - Merge KeyRollError and KeyRollResult into new KetSetCommandError.
  - Add new ApplicationCommand::KeySetStatus which KeyManager responds
to.
  - Use new ApplicationCommand::KeySetStatus from http_server instead of
    invoking dnst keyset directly.
- Capture stderr even for failed dnst keyset commands. Log and store it
as a warning.
- Add support for "silent" dnst keyset execution so that KeyManager can
  invoke `dnst keyset status` and only record it in the zone history of
there were
  warnings or errors, otherwise `cascade zone status` commands will spam
the zone
  history.

Other:
  - Replace `log::` with imports.
@ximon18 ximon18 requested a review from a team October 13, 2025 13:29
@ximon18 ximon18 added the bug Something isn't working label Oct 13, 2025
@ximon18 ximon18 added this to the 0.1.0-alpha2 milestone Oct 13, 2025
@ximon18 ximon18 mentioned this pull request Oct 13, 2025
Closed
Philip-NLnetLabs
Philip-NLnetLabs reviewed Oct 14, 2025
View reviewed changes
Philip-NLnetLabs
Philip-NLnetLabs reviewed Oct 14, 2025
View reviewed changes
@ximon18 ximon18 merged commit 8ea2603 into main Oct 14, 2025
27 checks passed
@ximon18 ximon18 deleted the log-keyset-errors branch October 14, 2025 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Philip-NLnetLabs Philip-NLnetLabs Philip-NLnetLabs left review comments

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

0.1.0-alpha2

Development

Successfully merging this pull request may close these issues.

2 participants

@ximon18 @Philip-NLnetLabs