migrate cronjob to systemd timer unit (#1177285)

- change the period for unbound-anchor from monthly to daily (#1180267)
- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza 2015-04-27 13:44:47 +02:00
parent 6dd75a137f
commit 2a169a866b
5 changed files with 48 additions and 13 deletions

9
unbound-anchor.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=update of the root trust anchor for DNSSEC validation in unbound
Documentation=man:unbound-anchor(8)
[Service]
Type=oneshot
User=unbound
ExecStart=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
SuccessExitStatus=1

14
unbound-anchor.timer Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=daily update of the root trust anchor for DNSSEC
Documentation=man:unbound-anchor(8)
[Timer]
# Current DNSKEY TTL in root zone is 172800 seconds, i.e. 172800/60/60/24 = 2 days.
# It means that unboud-anchor should be run at least once a day.
OnCalendar=daily
Persistent=true
AccuracySec=24h
[Install]
WantedBy=timers.target

View File

@ -1,3 +0,0 @@
# Look to see if the DNSSEC Root key got rolled, if so check trust and update
10 3 1 * * unbound /usr/sbin/unbound-anchor -a /var/lib/unbound/root.anchor -c /etc/unbound/icannbundle.pem

View File

@ -3,13 +3,14 @@ Description=Unbound recursive Domain Name Server
After=syslog.target network.target
After=unbound-keygen.service
Wants=unbound-keygen.service
After=unbound-anchor.service
Wants=unbound-anchor.service
Before=nss-lookup.target
Wants=nss-lookup.target
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/unbound
ExecStartPre=/sbin/runuser --shell /bin/sh -c "/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem" unbound
ExecStartPre=/usr/sbin/unbound-checkconf
ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS

View File

@ -21,7 +21,7 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound
Version: 1.5.3
Release: 2%{?extra_version:.%{extra_version}}%{?dist}
Release: 3%{?extra_version:.%{extra_version}}%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/unbound/
Source: http://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz
@ -40,8 +40,9 @@ Source11: block-example.com.conf
Source12: icannbundle.pem
Source13: root.anchor
Source14: unbound.sysconfig
Source15: unbound.cron
Source15: unbound-anchor.timer
Source16: unbound-munin.README
Source17: unbound-anchor.service
# https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=664
Patch0: 0001-Use-print_function-also-for-Python2.patch
@ -107,7 +108,6 @@ Group: Applications/System
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
Requires: openssl >= 0.9.8g-12
Requires: crontabs
%description libs
Contains libraries used by the unbound server and client applications
@ -224,12 +224,12 @@ popd
install -d -m 0755 %{buildroot}%{_unitdir} %{buildroot}%{_sysconfdir}/sysconfig
install -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/unbound.service
install -p -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/unbound-keygen.service
install -p -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/unbound-anchor.timer
install -p -m 0644 %{SOURCE17} %{buildroot}%{_unitdir}/unbound-anchor.service
install -p -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound
install -p -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/unbound
install -p -m 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/sysconfig/unbound
install -p -m 0644 %{SOURCE16} .
install -d -m 0755 %{buildroot}%{_sysconfdir}/cron.d
install -p -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/cron.d/unbound-anchor
%if %{with_munin}
# Install munin plugin and its softlinks
install -d -m 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d
@ -306,16 +306,24 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
%post libs
/sbin/ldconfig
%{_sbindir}/runuser --command="%{_sbindir}/unbound-anchor -a %{_sharedstatedir}/unbound/root.anchor -c %{_sysconfdir}/unbound/icannbundle.pem" --shell /bin/sh unbound ||:
%systemd_post unbound-anchor.timer
# the Unit is in presets, but would be started afte reboot
systemctl start unbound-anchor.timer
%preun
%systemd_preun unbound.service
%systemd_preun unbound-keygen.service
%preun libs
%systemd_preun unbound-anchor.timer
%postun
%systemd_postun_with_restart unbound.service
%systemd_postun unbound-keygen.service
%postun libs -p /sbin/ldconfig
%postun libs
/sbin/ldconfig
%systemd_postun_with_restart unbound-anchor.timer
%triggerun -- unbound < 1.4.12-4
# Save the current service runlevel info
@ -413,7 +421,8 @@ popd
%{_sbindir}/unbound-anchor
%{_libdir}/libunbound.so.*
%{_sysconfdir}/%{name}/icannbundle.pem
%attr(0644,root,root) %{_sysconfdir}/cron.d/unbound-anchor
%{_unitdir}/unbound-anchor.timer
%{_unitdir}/unbound-anchor.service
%dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
%attr(0644,unbound,unbound) %config(noreplace) %{_sharedstatedir}/%{name}/root.key
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
@ -422,6 +431,11 @@ popd
%changelog
* Mon Apr 27 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-3
- migrate cronjob to systemd timer unit (#1177285)
- change the period for unbound-anchor from monthly to daily (#1180267)
- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch
* Thu Apr 16 2015 Tomas Hozza <thozza@redhat.com> - 1.5.3-2
- Fix FTBFS (#1206129)
- Build python3-unbound and python-unbound bindings for Python 3 and 2 (#1188080)