kea: db-upgrade.rb

Author: sorah

kea/Dockerfile

@@ -34,6 +34,21 @@ RUN --mount=type=cache,dst=/build/stork/tools \
 
 ###
 
+FROM $BASE as bundler
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      ruby \
+      ruby-bundler
+COPY Gemfile* /app/
+ENV BUNDLE_GEMFILE /app/Gemfile
+ENV BUNDLE_PATH /app/vendor/bundle
+ENV BUNDLE_DEPLOYMENT 1
+ENV BUNDLE_JOBS 16
+ENV BUNDLE_WITHOUT development:test
+RUN bundle install
+
+###
+
 FROM --platform=$BUILDPLATFORM $BASE as config
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y jsonnet
 WORKDIR /app
@@ -50,9 +65,10 @@ VOLUME /run/kea
 
 RUN  --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt/lists apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      curl \
       ca-certificates \
       dumb-init \
-      ruby \
+      ruby ruby-bundler \
       iproute2 \
       mysql-client
 
@@ -70,8 +86,19 @@ RUN  --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib
 
 COPY --from=build-healthz /app/bin/healthz /app/healthzd
 COPY --from=build-stork /build/go/bin/stork-agent /app/stork-agent
+
+COPY Gemfile* /app/
+COPY --from=bundler /app/vendor/bundle /app/vendor/bundle
+ENV BUNDLE_GEMFILE /app/Gemfile
+ENV BUNDLE_PATH /app/vendor/bundle
+ENV BUNDLE_DEPLOYMENT 1
+ENV BUNDLE_JOBS 16
+ENV BUNDLE_WITHOUT development:test
+
 RUN ln -s /usr/lib/$(uname -m)-linux-gnu/kea/hooks /app/kea-hooks
+
 COPY run.sh /app/run.sh
+COPY db-upgrade.rb /app/db-upgrade.rb
 COPY choose_dhcp_server_id.rb /app/choose_dhcp_server_id.rb
 COPY --from=config /app/kea-ctrl-agent.json /app/kea-ctrl-agent.json
 

kea/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gem 'aws-sdk-rds'
+gem 'rexml'

kea/Gemfile.lock

@@ -0,0 +1,29 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aws-eventstream (1.3.2)
+    aws-partitions (1.1065.0)
+    aws-sdk-core (3.220.1)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-rds (1.272.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.11.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.2.0)
+    jmespath (1.6.2)
+    rexml (3.4.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  aws-sdk-rds
+  rexml
+
+BUNDLED WITH
+   2.6.3

kea/db-upgrade.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+require 'bundler/setup'
+require 'aws-sdk-rds'
+require 'open-uri'
+require 'resolv'
+
+REGION =  ENV.fetch('AWS_REGION')
+File.write '/app/rds-ca-bundle.pem', URI.open("https://truststore.pki.rds.amazonaws.com/#{REGION}/#{REGION}-bundle.pem", 'r', &:read)
+@auth = Aws::RDS::AuthTokenGenerator.new(credentials: Aws::CredentialProviderChain.new.resolve)
+
+def run(host:, name:)
+  actual_host = Resolv::DNS.new.getresource(host, Resolv::DNS::Resource::IN::CNAME).name.to_s rescue host
+  user_name = ENV.fetch('KEA_ADMIN_DB_USER')
+  token = @auth.generate_auth_token(region: REGION, endpoint: "#{actual_host}:3306", expires_in: 900, user_name: user_name)
+  ENV['KEA_ADMIN_DB_PASSWORD'] = token
+  puts ">>>> kea-admin db-upgrade mysql -n #{name} -h #{actual_host}"
+  system(
+    *%w(kea-admin db-upgrade mysql),
+    '-h', actual_host,
+    '-u', user_name,
+    '-n', name,
+    '-x', "--enable-cleartext-plugin --ssl-ca /app/rds-ca-bundle.pem",
+    exception: true
+  )
+end
+
+run(host: ENV.fetch('LEASE_DATABASE_HOST'), name: ENV.fetch('LEASE_DATABASE_NAME'))
+run(host: ENV.fetch('HOSTS_DATABASE_HOST'), name: ENV.fetch('HOSTS_DATABASE_NAME'))