You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by zr...@apache.org on 2021/09/21 22:09:00 UTC

[trafficcontrol] 09/09: Compile ToDnssecRefresh binary into TO rpm, update cron job to use it (#6224)

This is an automated email from the ASF dual-hosted git repository.

zrhoffman pushed a commit to branch 6.0.x
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git

commit c97f45a1a8502e0e31c4f538f6a5a2a93869b35c
Author: Rawlin Peters <ra...@apache.org>
AuthorDate: Tue Sep 21 14:06:15 2021 -0600

    Compile ToDnssecRefresh binary into TO rpm, update cron job to use it (#6224)
    
    Closes: #6179
    (cherry picked from commit 23ee354a1e871d6bb5670f50fe47c16006767b11)
---
 CHANGELOG.md                                  |  1 +
 traffic_ops/build/build_rpm.sh                |  5 +++++
 traffic_ops/build/traffic_ops.spec            | 13 +++++++++++++
 traffic_ops/etc/cron.d/trafops_dnssec_refresh |  3 ++-
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1fd6704..f060218 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -132,6 +132,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - CDN in a Box now uses Apache Traffic Server 8.1.
 - Customer names in payloads sent to the `/deliveryservices/request` Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &amp;, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.
 - Go version 1.17 is used to compile Traffic Ops, T3C, Traffic Monitor, Traffic Stats, and Grove.
+- [#6179](https://github.com/apache/trafficcontrol/issues/6179) Updated the Traffic Ops rpm to include the `ToDnssecRefresh` binary and make the `trafops_dnssec_refresh` cron job use it
 
 ### Deprecated
 - The Riak Traffic Vault backend is now deprecated and its support may be removed in a future release. It is highly recommended to use the new PostgreSQL backend instead.
diff --git a/traffic_ops/build/build_rpm.sh b/traffic_ops/build/build_rpm.sh
index bdae8f4..e035df2 100755
--- a/traffic_ops/build/build_rpm.sh
+++ b/traffic_ops/build/build_rpm.sh
@@ -75,6 +75,11 @@ initBuildArea() {
 	go build -v -o admin -gcflags "$gcflags" -ldflags "$ldflags" -tags "$tags" || \
 								{ echo "Could not build db/admin binary"; return 1;})
 
+	# compile ToDnssecRefresh.go
+	(cd app/bin/checks/DnssecRefresh
+	go build -v -o ToDnssecRefresh -gcflags "$gcflags" -ldflags "$ldflags" -tags "$tags" || \
+								{ echo "Could not build ToDnssecRefresh binary"; return 1;})
+
 	# compile db/reencrypt
 		(cd app/db/reencrypt
 	go build -v -o reencrypt || \
diff --git a/traffic_ops/build/traffic_ops.spec b/traffic_ops/build/traffic_ops.spec
index fc427ba..ae487a6 100644
--- a/traffic_ops/build/traffic_ops.spec
+++ b/traffic_ops/build/traffic_ops.spec
@@ -81,6 +81,13 @@ db_admin_dir=src/github.com/apache/trafficcontrol/traffic_ops/app/db
 	cp "$TC_DIR"/traffic_ops/app/db/admin .
 ) || { echo "Could not copy go db admin at $(pwd): $!"; exit 1; };
 
+# copy ToDnssecRefresh
+to_dnssec_refresh_dir=src/github.com/apache/trafficcontrol/traffic_ops/app/bin/checks/DnssecRefresh
+( mkdir -p "$to_dnssec_refresh_dir" && \
+	cd "$to_dnssec_refresh_dir" && \
+	cp "$TC_DIR"/traffic_ops/app/bin/checks/DnssecRefresh/ToDnssecRefresh .
+) || { echo "Could not copy ToDnssecRefresh at $(pwd): $!"; exit 1; };
+
 # copy TV DB reencrypt
 reencrypt_dir=src/github.com/apache/trafficcontrol/traffic_ops/app/db/reencrypt
 ( mkdir -p "$reencrypt_dir" && \
@@ -133,6 +140,11 @@ db_admin_src=src/github.com/apache/trafficcontrol/traffic_ops/app/db
 %__rm $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/db/*.go
 %__rm -r $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/db/trafficvault/test
 
+to_dnssec_refresh_src=src/github.com/apache/trafficcontrol/traffic_ops/app/bin/checks/DnssecRefresh
+%__cp -p  "$to_dnssec_refresh_src"/ToDnssecRefresh           "${RPM_BUILD_ROOT}"/opt/traffic_ops/app/bin/checks/DnssecRefresh/ToDnssecRefresh
+%__rm $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/bin/checks/DnssecRefresh/*.go
+%__rm -r $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/bin/checks/DnssecRefresh/config
+
 reencrypt_src=src/github.com/apache/trafficcontrol/traffic_ops/app/db/reencrypt
 %__cp -p  "$reencrypt_src"/reencrypt           "${RPM_BUILD_ROOT}"/opt/traffic_ops/app/db/reencrypt/reencrypt
 %__rm $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/db/reencrypt/*.go
@@ -239,6 +251,7 @@ fi
 %exclude %{PACKAGEDIR}/app/db/SQUASH.md
 %exclude %{PACKAGEDIR}/app/db/squash_migrations.sh
 %attr(755, %{TRAFFIC_OPS_USER},%{TRAFFIC_OPS_GROUP}) %{PACKAGEDIR}/install/bin/convert_profile/convert_profile
+%attr(755, %{TRAFFIC_OPS_USER},%{TRAFFIC_OPS_GROUP}) %{PACKAGEDIR}/app/bin/checks/DnssecRefresh/ToDnssecRefresh
 %attr(755, %{TRAFFIC_OPS_USER},%{TRAFFIC_OPS_GROUP}) %{PACKAGEDIR}/app/db/reencrypt/reencrypt
 %attr(755, %{TRAFFIC_OPS_USER},%{TRAFFIC_OPS_GROUP}) %{PACKAGEDIR}/app/db/traffic_vault_migrate/traffic_vault_migrate
 %{PACKAGEDIR}/etc
diff --git a/traffic_ops/etc/cron.d/trafops_dnssec_refresh b/traffic_ops/etc/cron.d/trafops_dnssec_refresh
index f6114b8..435b805 100644
--- a/traffic_ops/etc/cron.d/trafops_dnssec_refresh
+++ b/traffic_ops/etc/cron.d/trafops_dnssec_refresh
@@ -15,4 +15,5 @@
 # specific language governing permissions and limitations
 # under the License.
 #
-*/5 * * * * trafops export PERL5LIB=/opt/traffic_ops/app/local/lib/perl5:/opt/traffic_ops/app/lib; /opt/traffic_ops/app/bin/checks/ToDnssecRefresh.pl -c '{ "base_url": "https://127.0.0.1" }' -l 1 > /var/log/traffic_ops/trafops_dnssec_refresh.log 2>&1
+*/5 * * * * trafops /opt/traffic_ops/app/bin/checks/DnssecRefresh/ToDnssecRefresh --traffic-ops-url https://localhost --traffic-ops-user admin --traffic-ops-password twelve --log-location-error /var/log/traffic_ops/trafops_dnssec_refresh.log --log-location-warning /var/log/traffic_ops/trafops_dnssec_refresh.log --log-location-info /var/log/traffic_ops/trafops_dnssec_refresh.log
+