Kea DHCP

.github/workflows/docker.yaml

@@ -3,13 +3,10 @@ name: Docker Build Action
 on:
   pull_request:
     branches:
-      - master
+      - gigabyte
   release:
     types:
       - published
-  push:
-    branches:
-      - master
 
 env:
   REGISTRY: ghcr.io

docker-compose.yaml

@@ -8,11 +8,10 @@ services:
     image: metalstack/metal-bmc:latest
     network_mode: host
     volumes:
-      - ${PWD}/dhcpd.leases:/dhcpd.leases
+      - ${PWD}/kea-leases.csv:/kea-leases.csv
     environment:
-      METAL_BMC_LEASE_FILE: /dhcpd.leases
+      METAL_BMC_LEASE_FILE: /kea-leases.csv
       METAL_BMC_PARTITION_ID: partition
       METAL_BMC_METAL_API_URL: http://localhost:8080
       METAL_BMC_METAL_API_HMAC_KEY: test
       METAL_BMC_IGNORE_MACS: "aa:aa:aa:aa:aa:aa"
-

internal/bmc/console.go

@@ -1,13 +1,11 @@
 package bmc
 
 import (
-	"crypto/tls"
-	"crypto/x509"
 	"errors"
 	"fmt"
 	"io"
 	"log/slog"
-	"os"
+	"net"
 	"strconv"
 	"strings"
 
@@ -18,54 +16,20 @@ import (
 	"github.com/metal-stack/metal-go/api/client/machine"
 
 	"github.com/gliderlabs/ssh"
-	gossh "golang.org/x/crypto/ssh"
 )
 
 type console struct {
-	log       *slog.Logger
-	tlsConfig *tls.Config
-	port      int
-	hostKey   gossh.Signer
-	client    metalgo.Client
+	log    *slog.Logger
+	port   int
+	client metalgo.Client
 }
 
 func NewConsole(log *slog.Logger, client metalgo.Client, c config.Config) (*console, error) {
 
-	caCert, err := os.ReadFile(c.ConsoleCACertFile)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load cert: %w", err)
-	}
-
-	caCertPool := x509.NewCertPool()
-	caCertPool.AppendCertsFromPEM(caCert)
-
-	cert, err := tls.LoadX509KeyPair(c.ConsoleCertFile, c.ConsoleKeyFile)
-	if err != nil {
-		return nil, err
-	}
-
-	tlsConfig := &tls.Config{
-		Certificates: []tls.Certificate{cert},        // server certificate which is validated by the client
-		ClientCAs:    caCertPool,                     // used to verify the client cert is signed by the CA and is therefore valid
-		ClientAuth:   tls.RequireAndVerifyClientCert, // this requires a valid client certificate to be supplied during handshake
-		MinVersion:   tls.VersionTLS13,
-	}
-
-	bb, err := os.ReadFile(c.ConsoleKeyFile)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load ssh server key:%w", err)
-	}
-	hostKey, err := gossh.ParsePrivateKey(bb)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse ssh server key:%w", err)
-	}
-
 	return &console{
-		log:       log,
-		tlsConfig: tlsConfig,
-		port:      c.ConsolePort,
-		hostKey:   hostKey,
-		client:    client,
+		log:    log,
+		port:   c.ConsolePort,
+		client: client,
 	}, nil
 }
 
@@ -74,9 +38,8 @@ func (c *console) ListenAndServe() error {
 	s := &ssh.Server{
 		Handler: c.sessionHandler,
 	}
-	s.AddHostKey(c.hostKey)
 	addr := fmt.Sprintf(":%d", c.port)
-	listener, err := tls.Listen("tcp", addr, c.tlsConfig)
+	listener, err := net.Listen("tcp", addr)
 	if err != nil {
 		return fmt.Errorf("failed to create listener: %w", err)
 	}

internal/bmc/nsq.go

@@ -1,51 +1,21 @@
 package bmc
 
 import (
-	"crypto/tls"
-	"crypto/x509"
 	"encoding/json"
 	"fmt"
-	"os"
 	"time"
 
-	"github.com/metal-stack/go-hal"
 	"github.com/nsqio/go-nsq"
+
+	"github.com/metal-stack/go-hal"
 )
 
 const (
 	mqChannel = "core"
 )
 
 func (b *BMCService) InitConsumer() error {
-	caCertRaw, err := os.ReadFile(b.mqCACertFile)
-	if err != nil {
-		return fmt.Errorf("failed to read ca cert: %w", err)
-	}
-
-	caCertPool, err := x509.SystemCertPool()
-	if err != nil {
-		return err
-	}
-
-	ok := caCertPool.AppendCertsFromPEM(caCertRaw)
-	if !ok {
-		return fmt.Errorf("unable to add ca to cert pool")
-	}
-
-	cert, err := tls.LoadX509KeyPair(b.mqClientCertFile, b.mqClientCertKeyFile)
-	if err != nil {
-		return err
-	}
-
 	config := nsq.NewConfig()
-	config.TlsConfig = &tls.Config{
-		Certificates: []tls.Certificate{cert},
-		ClientCAs:    caCertPool,
-		RootCAs:      caCertPool,
-		ClientAuth:   tls.RequireAndVerifyClientCert,
-		MinVersion:   tls.VersionTLS12,
-	}
-	config.TlsV1 = true
 
 	// Deadlines for network reads and writes
 	config.ReadTimeout = 10 * time.Second
@@ -131,7 +101,11 @@ func (b *BMCService) HandleMessage(message *nsq.Message) error {
 			}
 			return outBand.PowerCycle()
 		case ChassisIdentifyLEDOnCmd:
-			return outBand.IdentifyLEDOn()
+			err := outBand.IdentifyLEDOn()
+			if err != nil {
+				return err
+			}
+			return nil
 		case ChassisIdentifyLEDOffCmd:
 			return outBand.IdentifyLEDOff()
 		case UpdateFirmwareCmd:

internal/leases/leases.go

@@ -29,10 +29,13 @@ func (l Leases) LatestByMac() map[string]Lease {
 	return byMac
 }
 
-func ReadLeases(leaseFile string) (Leases, error) {
-	leasesContent, err := os.ReadFile(leaseFile)
+func ReadLeases(filename string) (Leases, error) {
+	file, err := os.Open(filename)
 	if err != nil {
 		return nil, err
 	}
-	return parse(string(leasesContent))
+	defer func(file *os.File) {
+		_ = file.Close()
+	}(file)
+	return parse(file)
 }

internal/leases/leases_test.go

@@ -1,6 +1,7 @@
 package leases
 
 import (
+	"strings"
 	"testing"
 	"time"
 
@@ -9,7 +10,7 @@ import (
 )
 
 func TestFilterActive(t *testing.T) {
-	l, err := parse(sampleLeaseContent)
+	l, err := parse(strings.NewReader(sampleLeaseContent))
 	require.NoError(t, err)
 	assert.Equal(t, Leases{}, l.FilterActive())
 }

internal/leases/parser.go

@@ -1,47 +1,80 @@
 package leases
 
 import (
+	"encoding/csv"
 	"errors"
-	"regexp"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
 	"time"
 )
 
-const (
-	leaseDateFormat = "2006/01/02 15:04:05"
-	leaseRegex      = `(?ms)lease\s+(?P<ip>[^\s]+)\s+{.*?starts\s\d+\s(?P<begin>[\d\/]+\s[\d\:]+);.*?ends\s\d+\s(?P<end>[\d\/]+\s[\d\:]+);.*?hardware\sethernet\s(?P<mac>[\w\:]+);.*?}`
-)
+func parse(r io.Reader) (Leases, error) {
+	reader := csv.NewReader(r)
+
+	header, err := reader.Read()
+	if err != nil {
+		return nil, fmt.Errorf("failed to read header: %w", err)
+	}
+
+	if len(header) < 5 || header[0] != "address" || header[1] != "hwaddr" {
+		return nil, fmt.Errorf("invalid Kea lease file format")
+	}
 
-func parse(contents string) (Leases, error) {
-	leases := Leases{}
-	var re = regexp.MustCompile(leaseRegex)
-	matches := re.FindAllStringSubmatch(contents, -1)
+	var leases Leases
 	var errs []error
-	for _, m := range matches {
-		rm := make(map[string]string)
-		for i, name := range re.SubexpNames() {
-			if i != 0 && name != "" {
-				rm[name] = m[i]
-			}
+
+	for {
+		record, err := reader.Read()
+		if err == io.EOF {
+			break
 		}
-		begin, err := time.Parse(leaseDateFormat, rm["begin"])
 		if err != nil {
-			errs = append(errs, err)
+			line, _ := reader.FieldPos(0)
+			errs = append(errs, fmt.Errorf("line %d: failed to read CSV record: %v", line, err))
+			continue
+		}
+
+		if len(record) < 5 {
+			line, _ := reader.FieldPos(0)
+			errs = append(errs, fmt.Errorf("line %d: incomplete record, expected at least 5 fields, got %d", line, len(record)))
+			continue
 		}
-		end, err := time.Parse(leaseDateFormat, rm["end"])
+
+		expireStr := strings.TrimSpace(record[4])
+		expireTs, err := strconv.ParseInt(expireStr, 10, 64)
 		if err != nil {
-			errs = append(errs, err)
+			line, col := reader.FieldPos(4)
+			errs = append(errs, fmt.Errorf("line %d, column %d: invalid expire timestamp '%s': %v", line, col, expireStr, err))
+			continue
+		}
+
+		ip := strings.TrimSpace(record[0])
+		if ip == "" {
+			line, col := reader.FieldPos(0)
+			errs = append(errs, fmt.Errorf("line %d, column %d: empty Ip address", line, col))
+			continue
 		}
 
-		l := Lease{
-			Mac:   rm["mac"],
-			Ip:    rm["ip"],
-			Begin: begin,
-			End:   end,
+		mac := strings.TrimSpace(record[1])
+		if mac == "" {
+			line, col := reader.FieldPos(1)
+			errs = append(errs, fmt.Errorf("line %d, column %d: empty Mac address", line, col))
+			continue
 		}
-		leases = append(leases, l)
+
+		lease := Lease{
+			Mac: mac,
+			Ip:  ip,
+			End: time.Unix(expireTs, 0),
+		}
+		leases = append(leases, lease)
 	}
+
 	if len(errs) > 0 {
 		return leases, errors.Join(errs...)
 	}
+
 	return leases, nil
 }