Merge pull request #7 from ruby-no-kai/kea-2-7-5

install kea from official repo

Author: sorah

kea/Dockerfile

@@ -34,6 +34,21 @@ RUN --mount=type=cache,dst=/build/stork/tools \
 
 ###
 
+FROM $BASE as bundler
+RUN apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      ruby \
+      ruby-bundler
+COPY Gemfile* /app/
+ENV BUNDLE_GEMFILE /app/Gemfile
+ENV BUNDLE_PATH /app/vendor/bundle
+ENV BUNDLE_DEPLOYMENT 1
+ENV BUNDLE_JOBS 16
+ENV BUNDLE_WITHOUT development:test
+RUN bundle install
+
+###
+
 FROM --platform=$BUILDPLATFORM $BASE as config
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y jsonnet
 WORKDIR /app
@@ -44,22 +59,46 @@ RUN jsonnet /tmp/kea-ctrl-agent.jsonnet > /app/kea-ctrl-agent.json
 
 FROM $BASE
 
-RUN mkdir -p /run/kea /app
+RUN mkdir -p /run/kea /app /etc/apt/keyrings
+RUN rm -fv /etc/apt/apt.conf.d/docker-clean
 VOLUME /run/kea
 
-RUN apt-get update \
+RUN  --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt/lists apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      curl \
       ca-certificates \
       dumb-init \
-      ruby \
+      ruby ruby-bundler \
       iproute2 \
-      kea \
-      mysql-client \
-    && apt-get clean && rm -rf /var/lib/apt/lists/*
+      mysql-client
+
+ARG kea_version 2.7.6-isc20250128083638
+COPY kea-dev.asc /etc/apt/keyrings/kea-dev.asc
+RUN echo "deb [signed-by=/etc/apt/keyrings/kea-dev.asc] https://dl.cloudsmith.io/public/isc/kea-dev/deb/ubuntu noble main" > /etc/apt/sources.list.d/kea.list
+RUN echo "Package: src:isc-kea\nPin: version ${kea_version}\nPin-Priority: 999" > /etc/apt/preferences.d/pin-kea
+RUN  --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt/lists apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      isc-kea-dhcp4-server \
+      isc-kea-mysql \
+      isc-kea-ctrl-agent \
+      isc-kea-admin \
+      isc-kea-hooks
 
 COPY --from=build-healthz /app/bin/healthz /app/healthzd
 COPY --from=build-stork /build/go/bin/stork-agent /app/stork-agent
+
+COPY Gemfile* /app/
+COPY --from=bundler /app/vendor/bundle /app/vendor/bundle
+ENV BUNDLE_GEMFILE /app/Gemfile
+ENV BUNDLE_PATH /app/vendor/bundle
+ENV BUNDLE_DEPLOYMENT 1
+ENV BUNDLE_JOBS 16
+ENV BUNDLE_WITHOUT development:test
+
+RUN ln -s /usr/lib/$(uname -m)-linux-gnu/kea/hooks /app/kea-hooks
+
 COPY run.sh /app/run.sh
+COPY db-upgrade.rb /app/db-upgrade.rb
 COPY choose_dhcp_server_id.rb /app/choose_dhcp_server_id.rb
 COPY --from=config /app/kea-ctrl-agent.json /app/kea-ctrl-agent.json
 

kea/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gem 'aws-sdk-rds'
+gem 'rexml'

kea/Gemfile.lock

@@ -0,0 +1,29 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    aws-eventstream (1.3.2)
+    aws-partitions (1.1065.0)
+    aws-sdk-core (3.220.1)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-rds (1.272.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.11.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.2.0)
+    jmespath (1.6.2)
+    rexml (3.4.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  aws-sdk-rds
+  rexml
+
+BUNDLED WITH
+   2.6.3

kea/db-upgrade.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+require 'bundler/setup'
+require 'aws-sdk-rds'
+require 'open-uri'
+require 'resolv'
+
+REGION =  ENV.fetch('AWS_REGION')
+File.write '/app/rds-ca-bundle.pem', URI.open("https://truststore.pki.rds.amazonaws.com/#{REGION}/#{REGION}-bundle.pem", 'r', &:read)
+@auth = Aws::RDS::AuthTokenGenerator.new(credentials: Aws::CredentialProviderChain.new.resolve)
+
+def run(host:, name:)
+  actual_host = Resolv::DNS.new.getresource(host, Resolv::DNS::Resource::IN::CNAME).name.to_s rescue host
+  user_name = ENV.fetch('KEA_ADMIN_DB_USER')
+  token = @auth.generate_auth_token(region: REGION, endpoint: "#{actual_host}:3306", expires_in: 900, user_name: user_name)
+  ENV['KEA_ADMIN_DB_PASSWORD'] = token
+  puts ">>>> kea-admin db-upgrade mysql -n #{name} -h #{actual_host}"
+  system(
+    *%w(kea-admin db-upgrade mysql),
+    '-h', actual_host,
+    '-u', user_name,
+    '-n', name,
+    '-x', "--enable-cleartext-plugin --ssl-ca /app/rds-ca-bundle.pem",
+    exception: true
+  )
+end
+
+run(host: ENV.fetch('LEASE_DATABASE_HOST'), name: ENV.fetch('LEASE_DATABASE_NAME'))
+run(host: ENV.fetch('HOSTS_DATABASE_HOST'), name: ENV.fetch('HOSTS_DATABASE_NAME'))

kea/kea-dev.asc

@@ -0,0 +1,24 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGY+M8YBDADAXYjQZhp0g7VfmetzQl+Bk4KW6KvGK3btt1mMvnZHO6GFvNnF
+7UFgfW637h3DR4SMQDFpcGisqCfDC8lQMiLJHdTDt8SJDZhFCME69QxP/++esj1a
+ey+jln7YaOPfCkvPjAx0Hesdzbqb2hdBUmRJV7V5PMvI293Yzr7qeTptwfacQF9x
+ROFi5ZTQLEcCznqKBFpdo73uRcmfAwCSt8td1Qxf86ORW1uAvEBLMDco8c6PBQvx
+E3VTyEg08aToawSHy8Eqzkib9UWhWlm8v5pAgVm8gECg3ZhdKHCymbBE5usPbc4V
+iGS3zrXxCgUK4YPNjsRP1djIQ43KQIJCE8W8ud4jB1WyUkOhaMVvSEmTy0jcX4x/
+WVsVvx0Ow5HYbwaaaTjnbOq4tYJPDEaB8G//57cj9Jb1cNRyKCKm3OXOcxvKbDOC
+mL85IAeI4uMlE9Zrw3tV3b0t4JcCAU/zycnGhx3ZAe6nNlNdVuteLJd9gfeOX3YK
+HyZIGL0vWyJXm6UAEQEAAbQ4Q2xvdWRzbWl0aCBQYWNrYWdlIChpc2Mva2VhLWRl
+dikgPHN1cHBvcnRAY2xvdWRzbWl0aC5pbz6JAc4EEwEIADgWIQSRetkKdbDgvWcS
+onGYy1lOwOxtOgUCZj4zxgIbLwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCY
+y1lOwOxtOqQJDACNoFvdUgdxHLIpbmOhJtAvfAEU3SxxAE94asLyWxJA26Yi7WGt
+XN8Ibrn82hS72AhNrAEwQBQ1YMzw/bYkNOJlsXHw19xKCpm4o6XItA7dXGvVlGY4
+Gmr7FDErBK3c6m+MnlWHI5/nCM1uL7ipwBK7QyU+jwITj9Sh0r0mDGzKr/u9Ezk7
+PPIeEmadMcfCtKN7ewyt/fpuu/yuiLlN8hBWfKS3dCTkzhiQ4ey9sNvy0HSvRfBw
+/GSsgu/016Kr2LomFpZGVHAqQSj4p0g2zCj6YTxTg6maecZFTfJAQZrFgnxsY0KI
+VF4Tvwch2VlttHARd+dOzBUsqlF+iXqIsFp5fcR8uMiJIRH3jHj7WmZ1oRxNuwWz
+t20jJ/5ecrNvhd+7Mg6qlkl5eW/Td17CPG4qmlNCPX61YYHKXTFkYiP2M8DzfLTf
+zix3xlJaMy33PZUpIDKo6PkNC97Wjo42QjwtrNVZgJxyMt8wP25ikjouF/xtJLWH
+h/TV/q2XXSAJf6k=
+=CXSr
+-----END PGP PUBLIC KEY BLOCK-----