Move connection test zone signing cron into cron-docker container

bwbroersma · Dec 2, 2024 · ca80957 · ca80957
1 parent 33f628c
commit ca80957
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 15 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -93,8 +93,6 @@ RUN apt update && \
     expat \
     # for envsubst
     gettext \
-    # cron for ldns-signzones
-    busybox-static \
     # since this stage ends up in the final image we care about size and remove cache files
     && rm -rf /var/lib/apt/lists/*
 
@@ -114,8 +112,6 @@ RUN unbound-anchor || test $? -eq 1
 # add entrypoint and configuration for the connection test unbound service
 ADD docker/unbound/entrypoint.sh /
 ADD docker/unbound/signzones.sh /
-RUN mkdir -p /var/spool/cron/crontabs; echo "0	3	*	*	6	run-parts /etc/periodic/weekly" > /var/spool/cron/crontabs/root
-RUN mkdir -p /etc/periodic/weekly; ln -s /signzones.sh /etc/periodic/weekly/signzones
 ADD docker/unbound/unbound.conf.template /opt/unbound/etc/unbound/
 # add configuration files for the validating and permissive internal resolver services
 ADD docker/resolver/entrypoint-resolver.sh /

diff --git a/docker/compose.integration-tests.yaml b/docker/compose.integration-tests.yaml
@@ -76,6 +76,8 @@ services:
         condition: service_healthy
       cron:
         condition: service_healthy
+      cron-docker:
+        condition: service_started
       mock-resolver:
         condition: service_healthy
       grafana:

diff --git a/docker/cron-docker/periodic/weekly/unbound_signzones b/docker/cron-docker/periodic/weekly/unbound_signzones
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -e
+
+# resign zones for connection test
+docker ps --filter label=com.docker.compose.service=unbound --quiet | xargs -I% --no-run-if-empty docker exec % /signzones.sh
diff --git a/docker/unbound/entrypoint.sh b/docker/unbound/entrypoint.sh
@@ -42,8 +42,5 @@ echo "Please add the following DS records for domain $CONN_TEST_DOMAIN:"
 cat /opt/unbound/etc/unbound/zones/$ns_keytag.ds
 cat /opt/unbound/etc/unbound/zones/$ns6_keytag.ds
 
-# run cron daemon for weekly zone resign
-busybox crond -l7
-
 # start unbound
 /opt/unbound/sbin/unbound -d
diff --git a/integration_tests/conftest.py b/integration_tests/conftest.py
@@ -128,7 +128,7 @@ def docker_compose_exec():
 def trigger_cron(docker_compose_exec):
     """Trigger specific cron job manually"""
 
-    yield lambda cron, service="cron": docker_compose_exec(service, f"/etc/periodic/{cron}")
+    yield lambda cron, service="cron", suffix="": docker_compose_exec(service, f"/etc/periodic{suffix}/{cron}")
 
 
 @pytest.fixture(scope="session")

diff --git a/integration_tests/integration/test_unbound.py b/integration_tests/integration/test_unbound.py
@@ -21,17 +21,11 @@ def get_rrsig_expiry():
     assert expiry == new_expiry, "sanity check"
 
     # resign zones via cron script
-    print(trigger_cron("weekly/signzones", service="unbound"))
+    print(trigger_cron("weekly/unbound_signzones", service="cron-docker", suffix="-docker"))
 
     time.sleep(1)
 
     # get expiry time field from RRSIG record
     new_expiry = get_rrsig_expiry()
 
     assert int(expiry) < int(new_expiry)
-
-
-def test_unbound_cron_running(docker_compose_exec):
-    """Ensure cron daemon is running"""
-
-    docker_compose_exec("unbound", "pgrep -f 'busybox crond'")