/usr/share/opendnssec/database_create.mysql is in opendnssec-common 1:1.4.9-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 | # database_create - Create Database
#
# Description:
# This script creates the tables required for the KASP database.
# Matches kaspimport.pl at 12/03/2009
# Get rid of tables in reverse order
drop table if exists parameters_policies;
drop table if exists serialmodes;
drop table if exists parameters;
drop table if exists categories;
drop table if exists dnsseckeys;
drop table if exists zones;
drop table if exists keypairs;
drop table if exists securitymodules;
drop table if exists policies;
drop table if exists dbadmin;
# now create the tables
# dbadmin - holds the version of the database
CREATE TABLE dbadmin (
version INTEGER NOT NULL,
description varchar(255)
);
insert into dbadmin values (4, "This needs to be in sync with the version defined in database.h");
# security modules - store information about all the sms used
create table securitymodules (
id tinyint not null auto_increment, # id for sm
name varchar(30) not null, # name of the sm
capacity mediumint not null,
requirebackup tinyint default 1,
constraint primary key (id)
)ENGINE=InnoDB;
# categories - stores the possible categories (or uses) of parameters
create table categories (
id tinyint not null auto_increment, # id for category_id
name varchar(30) not null, # name of the category_id
constraint primary key (id)
)ENGINE=InnoDB;
# parameters - stores the types of parameters available
create table parameters (
id mediumint not null auto_increment, # id for parameters
name varchar(30) not null, # name of the parameter
description varchar(255), # description of the paramter
category_id tinyint not null, # category_id of the parameter
constraint primary key (id),
constraint unique (name, category_id),
constraint foreign key (category_id) references categories (id)
)ENGINE=InnoDB;
create table serialmodes (
id tinyint auto_increment, # id for serial mode
name varchar(30), # name of the serial mode
description varchar(255), # description of the serial mode
constraint primary key (id)
)ENGINE=InnoDB;
# policies -
create table policies (
id mediumint not null auto_increment, # id
name varchar(30) not null, # name of the policy
description varchar(255), # description of the
salt varchar(512), # value of the salt
salt_stamp timestamp, # when the salt was generated
audit varchar(1024), # contents of <Audit>
constraint primary key (id),
constraint unique (name)
)ENGINE=InnoDB;
# zones - stores the zones
create table zones(
id mediumint not null auto_increment, # id
name varchar(300) not null , # name of the parameter
policy_id mediumint not null,
signconf varchar(4096), # where is the signconf
input varchar(4096), # where is the input
output varchar(4096), # where is the output
in_type varchar(512), # input adapter type
out_type varchar(512), # output adapter type
constraint primary key (id),
constraint foreign key (policy_id) references policies (id)
)ENGINE=InnoDB;
# stores the private key info
create table keypairs(
id int not null auto_increment,
HSMkey_id varchar(255) not null,
algorithm tinyint not null, # algorithm code
size smallint,
securitymodule_id tinyint, # where the key is stored
generate timestamp null default null, # time key inserted into database
policy_id mediumint,
compromisedflag tinyint,
publickey varchar(1024), # public key data
pre_backup timestamp null default null, # time when backup was started
backup timestamp null default null, # time when backup was finished
fixedDate tinyint default 0, # Set to 1 to stop dates from being set according to the policy timings
constraint primary key (id),
constraint foreign key (securitymodule_id) references securitymodules (id),
constraint foreign key (policy_id) references policies (id)
)ENGINE=InnoDB;
# stores meta data about keys (actual keys are in a (soft)hsm)
create table dnsseckeys (
id int not null auto_increment, # unique id of the key
keypair_id int,
zone_id mediumint,
keytype smallint not null, # zsk or ksk (use code in dnskey record)
state tinyint, # state of the key (defines valid fields)
publish timestamp null default null, # time when key published into the zone
ready timestamp null default null, # time when the key is ready for use
active timestamp null default null, # time when the key was made active
retire timestamp null default null, # time when the key retires
dead timestamp null default null, # time when key is slated for removal
rfc5011 tinyint default 0,
revoked tinyint default 0,
constraint primary key (id),
constraint dnsseckeys_keypairs_id foreign key (keypair_id) references keypairs (id)
)ENGINE=InnoDB;
# parameters_policies - join table to hold the values of parameters
create table parameters_policies (
id mediumint auto_increment, # id
parameter_id mediumint not null,
policy_id mediumint not null,
value int, # integer value of this key
constraint primary key (id),
constraint foreign key (parameter_id) references parameters (id),
constraint foreign key (policy_id) references policies (id)
)ENGINE=InnoDB;
# The VIEWS
create or replace view PARAMETER_VIEW as
select p.name, c.name as category, pp.parameter_id, pp.value, pp.policy_id
from parameters_policies pp, parameters p, categories c
where pp.parameter_id = p.id
and p.category_id = c.id;
create or replace view PARAMETER_LIST as
select p.name, c.name as category, p.id as parameter_id
from parameters p, categories c
where p.category_id = c.id;
create or replace view KEYDATA_VIEW as
select k.id, d.state, k.generate, d.publish, d.ready, d.active, d.retire,
d.dead, d.keytype, k.algorithm, k.HSMkey_id as location, d.zone_id,
k.policy_id, k.securitymodule_id, k.size, k.compromisedflag,
k.fixedDate, d.rfc5011, d.revoked
from keypairs k left outer join dnsseckeys d
on k.id = d.keypair_id;
create or replace view INT_KEYALLOC_VIEW_FOR_MYSQL as
select k.id as id, k.HSMkey_id as location, z.id as zone_id, k.algorithm as algorithm, k.policy_id as policy_id, k.securitymodule_id as securitymodule_id, k.size as size,
k.compromisedflag as compromisedflag
from keypairs k left join zones z
on k.policy_id = z.policy_id;
create or replace view KEYALLOC_VIEW as
select v.id as id, location, algorithm, policy_id, securitymodule_id, size, compromisedflag, d.zone_id as zone_id from
INT_KEYALLOC_VIEW_FOR_MYSQL v left outer join dnsseckeys d
on d.zone_id = v.zone_id
and d.keypair_id = v.id;
# insert default data
# default categories
insert into categories (id, name) values (1, "signature");
insert into categories (id, name) values (2, "denial");
insert into categories (id, name) values (3, "ksk");
insert into categories (id, name) values (4, "zsk");
insert into categories (id, name) values (5, "keys");
insert into categories (id, name) values (6, "enforcer");
insert into categories (id, name) values (7, "zone");
insert into categories (id, name) values (8, "parent");
insert into categories (id, name) values (9, "audit");
# default serial number modes
insert into serialmodes (id, name, description) values (1, "unixtime", "seconds since 1 Jan 1970");
insert into serialmodes (id, name, description) values (2, "counter", "add one everytime updated");
insert into serialmodes (id, name, description) values (3, "datecounter", "YYYYMMDDXX");
insert into serialmodes (id, name, description) values (4, "keep", "Signer should not change the serial");
# default parameters
insert into parameters (name, description, category_id) select "resign", "re-signing interval", id from categories where name="signature";
insert into parameters (name, description, category_id) select "refresh", "how old a signature may become before it needs to be re-signed",id from categories where name="signature";
insert into parameters (name, description, category_id) select "jitter", "jitter to use in signature inception and expiration times", id from categories where name="signature";
insert into parameters (name, description, category_id) select "clockskew", "estimated max clockskew expected in clients", id from categories where name="signature";
insert into parameters (name, description, category_id) select "ttl", "ttl for RRSIGS", id from categories where name="signature";
insert into parameters (name, description, category_id) select "valdefault", "signature validity period", id from categories where name="signature";
insert into parameters (name, description, category_id) select "valdenial", "nsec(3) validity period", id from categories where name="signature";
insert into parameters (name, description, category_id) select "ttl", "ttl for nsec(3) rrs", id from categories where name="denial";
insert into parameters (name, description, category_id) select "version", "nsec version (0 or 3)", id from categories where name="denial";
insert into parameters (name, description, category_id) select "optout", "opt out flag for nsec3", id from categories where name="denial";
insert into parameters (name, description, category_id) select "resalt", "re-salting interval", id from categories where name="denial";
insert into parameters (name, description, category_id) select "algorithm", "nsec3 algorithm", id from categories where name="denial";
insert into parameters (name, description, category_id) select "iterations", "nsec3 iterations", id from categories where name="denial";
insert into parameters (name, description, category_id) select "saltlength", "nsec3 salt length", id from categories where name="denial";
insert into parameters (name, description, category_id) select "ttl", "ttl for ksk rrs", id from categories where name="keys";
insert into parameters (name, description, category_id) select "retiresafety", "ksk retirement safety factor", id from categories where name="keys";
insert into parameters (name, description, category_id) select "publishsafety", "ksk publish safety factor", id from categories where name="keys";
insert into parameters (name, description, category_id) select "algorithm", "ksk algorithm", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "bits", "ksk key size", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "lifetime", "ksk lifetime", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "standby", "number of ksks is use at any one time", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "repository", "default ksk sm (for newly generated keys)", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "rfc5011", "are we doing rfc5011?", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "revoked", "key is revoked?", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "algorithm", "zsk algorithm", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "bits", "zsk key size", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "lifetime", "zsk lifetime", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "standby", "number of zsks is use at any one time", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "repository", "default zsk sm (for newly generated keys)", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "propagationdelay", "Dp", id from categories where name="zone";
insert into parameters (name, description, category_id) select "ttl", "ttl of the soa", id from categories where name="zone";
insert into parameters (name, description, category_id) select "min", "min of the soa", id from categories where name="zone";
insert into parameters (name, description, category_id) select "serial", "how serial no are changed", id from categories where name="zone";
insert into parameters (name, description, category_id) select "propagationdelay", "Dp", id from categories where name="parent";
insert into parameters (name, description, category_id) select "ttl", "ttl of the soa", id from categories where name="parent";
insert into parameters (name, description, category_id) select "min", "min of the soa", id from categories where name="parent";
insert into parameters (name, description, category_id) select "ttlds", "ttl of the ds", id from categories where name="parent";
#insert into parameters (name, description, category_id) select "keycreate", "policy for key creation 0=fill the hsm, 1=only generate minimum needed", id from categories where name="enforcer";
insert into parameters (name, description, category_id) select "interval", "run interval", id from categories where name="enforcer";
insert into parameters (name, description, category_id) select "keygeninterval", "interval between key generation runs", id from categories where name="enforcer";
insert into parameters (name, description, category_id) select "backupdelay", "how old must a new key be before it can be assumed to have been backed up", id from categories where name="enforcer";
insert into parameters (name, description, category_id) select "zones_share_keys", "do all zones on this policy share the same keys", id from categories where name="keys";
insert into parameters (name, description, category_id) select "registrationdelay", "Dr", id from categories where name="parent";
insert into parameters (name, description, category_id) select "manual_rollover", "Do not automatically roll ksks when their time is up", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "manual_rollover", "Do not automatically roll zsks when their time is up", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "audit", "placeholder for audit tag", id from categories where name="audit";
insert into parameters (name, description, category_id) select "purge", "interval that dead keys can stay in the database", id from categories where name="keys";
COMMIT;
|