From ca8095780a0647efd8d6c5f4287f1de45ac71fb2 Mon Sep 17 00:00:00 2001 From: Johan Bloemberg Date: Mon, 2 Dec 2024 20:06:00 +0100 Subject: [PATCH] Move connection test zone signing cron into cron-docker container --- docker/Dockerfile | 4 ---- docker/compose.integration-tests.yaml | 2 ++ docker/cron-docker/periodic/weekly/unbound_signzones | 6 ++++++ docker/unbound/entrypoint.sh | 3 --- integration_tests/conftest.py | 2 +- integration_tests/integration/test_unbound.py | 8 +------- 6 files changed, 10 insertions(+), 15 deletions(-) create mode 100755 docker/cron-docker/periodic/weekly/unbound_signzones diff --git a/docker/Dockerfile b/docker/Dockerfile index af8cda93e..435d86ea2 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -93,8 +93,6 @@ RUN apt update && \ expat \ # for envsubst gettext \ - # cron for ldns-signzones - busybox-static \ # since this stage ends up in the final image we care about size and remove cache files && rm -rf /var/lib/apt/lists/* @@ -114,8 +112,6 @@ RUN unbound-anchor || test $? -eq 1 # add entrypoint and configuration for the connection test unbound service ADD docker/unbound/entrypoint.sh / ADD docker/unbound/signzones.sh / -RUN mkdir -p /var/spool/cron/crontabs; echo "0 3 * * 6 run-parts /etc/periodic/weekly" > /var/spool/cron/crontabs/root -RUN mkdir -p /etc/periodic/weekly; ln -s /signzones.sh /etc/periodic/weekly/signzones ADD docker/unbound/unbound.conf.template /opt/unbound/etc/unbound/ # add configuration files for the validating and permissive internal resolver services ADD docker/resolver/entrypoint-resolver.sh / diff --git a/docker/compose.integration-tests.yaml b/docker/compose.integration-tests.yaml index cbee2cf43..7fb457493 100644 --- a/docker/compose.integration-tests.yaml +++ b/docker/compose.integration-tests.yaml @@ -76,6 +76,8 @@ services: condition: service_healthy cron: condition: service_healthy + cron-docker: + condition: service_started mock-resolver: condition: service_healthy grafana: diff --git a/docker/cron-docker/periodic/weekly/unbound_signzones b/docker/cron-docker/periodic/weekly/unbound_signzones new file mode 100755 index 000000000..9468b62f7 --- /dev/null +++ b/docker/cron-docker/periodic/weekly/unbound_signzones @@ -0,0 +1,6 @@ +#!/bin/sh + +set -e + +# resign zones for connection test +docker ps --filter label=com.docker.compose.service=unbound --quiet | xargs -I% --no-run-if-empty docker exec % /signzones.sh diff --git a/docker/unbound/entrypoint.sh b/docker/unbound/entrypoint.sh index c71cba089..d915f2d4c 100755 --- a/docker/unbound/entrypoint.sh +++ b/docker/unbound/entrypoint.sh @@ -42,8 +42,5 @@ echo "Please add the following DS records for domain $CONN_TEST_DOMAIN:" cat /opt/unbound/etc/unbound/zones/$ns_keytag.ds cat /opt/unbound/etc/unbound/zones/$ns6_keytag.ds -# run cron daemon for weekly zone resign -busybox crond -l7 - # start unbound /opt/unbound/sbin/unbound -d diff --git a/integration_tests/conftest.py b/integration_tests/conftest.py index 9423fe149..6691412bd 100644 --- a/integration_tests/conftest.py +++ b/integration_tests/conftest.py @@ -128,7 +128,7 @@ def docker_compose_exec(): def trigger_cron(docker_compose_exec): """Trigger specific cron job manually""" - yield lambda cron, service="cron": docker_compose_exec(service, f"/etc/periodic/{cron}") + yield lambda cron, service="cron", suffix="": docker_compose_exec(service, f"/etc/periodic{suffix}/{cron}") @pytest.fixture(scope="session") diff --git a/integration_tests/integration/test_unbound.py b/integration_tests/integration/test_unbound.py index 0cc35cf21..51e801841 100644 --- a/integration_tests/integration/test_unbound.py +++ b/integration_tests/integration/test_unbound.py @@ -21,7 +21,7 @@ def get_rrsig_expiry(): assert expiry == new_expiry, "sanity check" # resign zones via cron script - print(trigger_cron("weekly/signzones", service="unbound")) + print(trigger_cron("weekly/unbound_signzones", service="cron-docker", suffix="-docker")) time.sleep(1) @@ -29,9 +29,3 @@ def get_rrsig_expiry(): new_expiry = get_rrsig_expiry() assert int(expiry) < int(new_expiry) - - -def test_unbound_cron_running(docker_compose_exec): - """Ensure cron daemon is running""" - - docker_compose_exec("unbound", "pgrep -f 'busybox crond'")