Compile ToDnssecRefresh binary into TO rpm, update cron job to use it (…

…#6224) Closes: #6179 (cherry picked from commit 23ee354)
apache · Sep 21, 2021 · c97f45a · c97f45a
1 parent a19cf75
commit c97f45a
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -132,6 +132,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - CDN in a Box now uses Apache Traffic Server 8.1.
 - Customer names in payloads sent to the `/deliveryservices/request` Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &amp;, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.
 - Go version 1.17 is used to compile Traffic Ops, T3C, Traffic Monitor, Traffic Stats, and Grove.
+- [#6179](https://github.com/apache/trafficcontrol/issues/6179) Updated the Traffic Ops rpm to include the `ToDnssecRefresh` binary and make the `trafops_dnssec_refresh` cron job use it
 
 ### Deprecated
 - The Riak Traffic Vault backend is now deprecated and its support may be removed in a future release. It is highly recommended to use the new PostgreSQL backend instead.

diff --git a/traffic_ops/build/build_rpm.sh b/traffic_ops/build/build_rpm.sh
@@ -75,6 +75,11 @@ initBuildArea() {
 	go build -v -o admin -gcflags "$gcflags" -ldflags "$ldflags" -tags "$tags" || \
 								{ echo "Could not build db/admin binary"; return 1;})
 
+	# compile ToDnssecRefresh.go
+	(cd app/bin/checks/DnssecRefresh
+	go build -v -o ToDnssecRefresh -gcflags "$gcflags" -ldflags "$ldflags" -tags "$tags" || \
+								{ echo "Could not build ToDnssecRefresh binary"; return 1;})
+
 	# compile db/reencrypt
 		(cd app/db/reencrypt
 	go build -v -o reencrypt || \

diff --git a/traffic_ops/build/traffic_ops.spec b/traffic_ops/build/traffic_ops.spec
@@ -81,6 +81,13 @@ db_admin_dir=src/github.com/apache/trafficcontrol/traffic_ops/app/db
 	cp "$TC_DIR"/traffic_ops/app/db/admin .
 ) || { echo "Could not copy go db admin at $(pwd): $!"; exit 1; };
 
+# copy ToDnssecRefresh
+to_dnssec_refresh_dir=src/github.com/apache/trafficcontrol/traffic_ops/app/bin/checks/DnssecRefresh
+( mkdir -p "$to_dnssec_refresh_dir" && \
+	cd "$to_dnssec_refresh_dir" && \
+	cp "$TC_DIR"/traffic_ops/app/bin/checks/DnssecRefresh/ToDnssecRefresh .
+) || { echo "Could not copy ToDnssecRefresh at $(pwd): $!"; exit 1; };
+
 # copy TV DB reencrypt
 reencrypt_dir=src/github.com/apache/trafficcontrol/traffic_ops/app/db/reencrypt
 ( mkdir -p "$reencrypt_dir" && \
@@ -133,6 +140,11 @@ db_admin_src=src/github.com/apache/trafficcontrol/traffic_ops/app/db
 %__rm $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/db/*.go
 %__rm -r $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/db/trafficvault/test
 
+to_dnssec_refresh_src=src/github.com/apache/trafficcontrol/traffic_ops/app/bin/checks/DnssecRefresh
+%__cp -p  "$to_dnssec_refresh_src"/ToDnssecRefresh           "${RPM_BUILD_ROOT}"/opt/traffic_ops/app/bin/checks/DnssecRefresh/ToDnssecRefresh
+%__rm $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/bin/checks/DnssecRefresh/*.go
+%__rm -r $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/bin/checks/DnssecRefresh/config
+
 reencrypt_src=src/github.com/apache/trafficcontrol/traffic_ops/app/db/reencrypt
 %__cp -p  "$reencrypt_src"/reencrypt           "${RPM_BUILD_ROOT}"/opt/traffic_ops/app/db/reencrypt/reencrypt
 %__rm $RPM_BUILD_ROOT/%{PACKAGEDIR}/app/db/reencrypt/*.go
@@ -239,6 +251,7 @@ fi
 %exclude %{PACKAGEDIR}/app/db/SQUASH.md
 %exclude %{PACKAGEDIR}/app/db/squash_migrations.sh
 %attr(755, %{TRAFFIC_OPS_USER},%{TRAFFIC_OPS_GROUP}) %{PACKAGEDIR}/install/bin/convert_profile/convert_profile
+%attr(755, %{TRAFFIC_OPS_USER},%{TRAFFIC_OPS_GROUP}) %{PACKAGEDIR}/app/bin/checks/DnssecRefresh/ToDnssecRefresh
 %attr(755, %{TRAFFIC_OPS_USER},%{TRAFFIC_OPS_GROUP}) %{PACKAGEDIR}/app/db/reencrypt/reencrypt
 %attr(755, %{TRAFFIC_OPS_USER},%{TRAFFIC_OPS_GROUP}) %{PACKAGEDIR}/app/db/traffic_vault_migrate/traffic_vault_migrate
 %{PACKAGEDIR}/etc

diff --git a/traffic_ops/etc/cron.d/trafops_dnssec_refresh b/traffic_ops/etc/cron.d/trafops_dnssec_refresh
@@ -15,4 +15,5 @@
 # specific language governing permissions and limitations
 # under the License.
 #
-*/5 * * * * trafops export PERL5LIB=/opt/traffic_ops/app/local/lib/perl5:/opt/traffic_ops/app/lib; /opt/traffic_ops/app/bin/checks/ToDnssecRefresh.pl -c '{ "base_url": "https://127.0.0.1" }' -l 1 > /var/log/traffic_ops/trafops_dnssec_refresh.log 2>&1
+*/5 * * * * trafops /opt/traffic_ops/app/bin/checks/DnssecRefresh/ToDnssecRefresh --traffic-ops-url https://localhost --traffic-ops-user admin --traffic-ops-password twelve --log-location-error /var/log/traffic_ops/trafops_dnssec_refresh.log --log-location-warning /var/log/traffic_ops/trafops_dnssec_refresh.log --log-location-info /var/log/traffic_ops/trafops_dnssec_refresh.log
+