build kea Docker image

Author: sorah

.github/workflows/docker-kea.jsonnet

@@ -0,0 +1,54 @@
+{
+  name: 'docker-kea',
+  on: {
+    push: {
+      branches: ['master', 'test'],
+      paths: ['docker/kea/**'],
+    },
+  },
+  jobs: {
+    build: {
+      name: 'build',
+      'runs-on': 'ubuntu-latest',
+      permissions: { 'id-token': 'write', contents: 'read' },
+      steps: [
+        { uses: 'actions/checkout@v3' },
+        {
+          name: 'setup docker multiarch',
+          run: |||
+            mkdir -p ~/.docker
+            sudo docker run --rm --privileged multiarch/qemu-user-static --reset --persistent yes --credential yes
+          |||,
+        },
+        {
+          uses: 'docker/setup-buildx-action@v2',
+          with: { install: true },
+        },
+        {
+          uses: 'aws-actions/configure-aws-credentials@v1',
+          with: {
+            'aws-region': 'ap-northeast-1',
+            'role-to-assume': 'arn:aws:iam::005216166247:role/GhaDockerPush',
+            'role-skip-session-tagging': true,
+          },
+        },
+        {
+          uses: 'aws-actions/amazon-ecr-login@v1',
+          id: 'login-ecr',
+        },
+        {
+          uses: 'docker/build-push-action@v3',
+          with: {
+            context: 'docker/kea',
+            platforms: std.join(',', ['linux/arm64']),
+            tags: std.join(',', [
+              '${{ steps.login-ecr.outputs.registry }}/kea:${{ github.sha }}',
+              '${{ steps.login-ecr.outputs.registry }}/kea:latest',
+            ]),
+            push: true,
+          },
+        },
+      ],
+    },
+  },
+}

.github/workflows/docker-kea.yml

@@ -0,0 +1,60 @@
+{
+   "jobs": {
+      "build": {
+         "name": "build",
+         "permissions": {
+            "contents": "read",
+            "id-token": "write"
+         },
+         "runs-on": "ubuntu-latest",
+         "steps": [
+            {
+               "uses": "actions/checkout@v3"
+            },
+            {
+               "name": "setup docker multiarch",
+               "run": "mkdir -p ~/.docker\nsudo docker run --rm --privileged multiarch/qemu-user-static --reset --persistent yes --credential yes\n"
+            },
+            {
+               "uses": "docker/setup-buildx-action@v2",
+               "with": {
+                  "install": true
+               }
+            },
+            {
+               "uses": "aws-actions/configure-aws-credentials@v1",
+               "with": {
+                  "aws-region": "ap-northeast-1",
+                  "role-skip-session-tagging": true,
+                  "role-to-assume": "arn:aws:iam::005216166247:role/GhaDockerPush"
+               }
+            },
+            {
+               "id": "login-ecr",
+               "uses": "aws-actions/amazon-ecr-login@v1"
+            },
+            {
+               "uses": "docker/build-push-action@v3",
+               "with": {
+                  "context": "docker/kea",
+                  "platforms": "linux/arm64",
+                  "push": true,
+                  "tags": "${{ steps.login-ecr.outputs.registry }}/kea:${{ github.sha }},${{ steps.login-ecr.outputs.registry }}/kea:latest"
+               }
+            }
+         ]
+      }
+   },
+   "name": "docker-kea",
+   "on": {
+      "push": {
+         "branches": [
+            "master",
+            "test"
+         ],
+         "paths": [
+            "docker/kea/**"
+         ]
+      }
+   }
+}

gen-workflows.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+require 'fileutils'
+require 'json'
+
+Dir.chdir(__dir__)
+
+Dir["./.github/workflows/*.jsonnet"].each do |src|
+  dst = src.sub(/\.jsonnet$/, '.yml')
+  p [src => dst]
+  FileUtils.mkdir_p File.dirname(dst)
+
+  File.open(dst, 'w') do |io|
+    system('jsonnet', src, out: io, exception: true)
+  end
+end

kea/Dockerfile

@@ -0,0 +1,37 @@
+FROM public.ecr.aws/ubuntu/ubuntu:22.04 as config
+RUN apt-get update && apt-get install -y jsonnet
+WORKDIR /app
+COPY kea-ctrl-agent.jsonnet /tmp/
+RUN jsonnet /tmp/kea-ctrl-agent.jsonnet > /app/kea-ctrl-agent.json
+
+FROM public.ecr.aws/ubuntu/ubuntu:22.04
+
+RUN mkdir -p /run/kea /app
+VOLUME /run/kea
+
+RUN apt-get update && apt-get install -y \
+      ca-certificates \
+      dumb-init \
+      ruby3.0 \
+      iproute2 \
+      curl \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+ARG KEA_VERSION=2.0.2-1
+RUN apt-get update && apt-get install -y --no-install-recommends \
+      kea-dhcp4-server=${KEA_VERSION} \
+      kea-admin=${KEA_VERSION} \
+      kea-ctrl-agent=${KEA_VERSION} \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+RUN curl -Ssf -o /tmp/stork.deb 'https://sorah-pkg.s3.dualstack.ap-northeast-1.amazonaws.com/misc/isc-stork-agent_1.5.0.220824140136_arm64.deb' \
+ && ( echo '1e8b67f2afe4404ea3091cbef14e93a23186633a3d571f9cb141d162350d2fe6235d7679e89bed5c2235433f203d706d /tmp/stork.deb' | sha384sum -c --strict ) \
+ && dpkg -i /tmp/stork.deb && rm /tmp/stork.deb
+
+COPY run.sh /app/run.sh
+COPY choose_dhcp_server_id.rb /app/choose_dhcp_server_id.rb
+COPY --from=config /app/kea-ctrl-agent.json /app/kea-ctrl-agent.json
+
+RUN kea-ctrl-agent -t /app/kea-ctrl-agent.json 
+
+CMD /app/run.sh

kea/choose_dhcp_server_id.rb

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+require 'ipaddr'
+
+dev = IO.popen(%w(ip -o route get 8.8.8.8), 'r', &:read).match(/dev ([^ ]+)/)[1].chomp
+addr = IO.popen([*%w(ip -o address show dev), dev], 'r', &:read).match(/inet ([^ ]+)/)[1].chomp
+net = IPAddr.new(addr)
+
+candidates = ENV.fetch('DHCP_SERVER_IDS', '').split(',')
+
+candidates.each do |candidate|
+  if net.include?(IPAddr.new(candidate))
+    puts candidate
+    exit
+  end
+end
+
+puts addr.split(?/)[0]

kea/kea-ctrl-agent.jsonnet

@@ -0,0 +1,34 @@
+{
+  'Control-agent': {
+    'http-host': '127.0.0.1',
+    'http-port': 10080,
+    'control-sockets': {
+      dhcp4: {
+        comment: 'main server',
+        'socket-type': 'unix',
+        'socket-name': '/run/kea/dhcp4.sock',
+      },
+      // dhcp6: {
+      //   'socket-type': 'unix',
+      //   'socket-name': '/path/to/the/unix/socket-v6',
+      //   'user-context': { version: 3 },
+      // },
+    },
+    'hooks-libraries': [
+      // {
+      //   library: '/opt/local/control-agent-commands.so',
+      //   parameters: {
+      //     param1: 'foo',
+      //   },
+      // },
+    ],
+    loggers: [
+      {
+        name: 'kea-ctrl-agent',
+        severity: 'WARN',
+        output_options: [{ output: 'stdout' }],
+      },
+    ],
+  },
+
+}

kea/run.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/dumb-init /bin/bash
+mkdir /work
+cd /work
+
+SERVER_ID=$(/app/choose_dhcp_server_id.rb)
+if [ -z "${SERVER_ID}" ]; then
+  if grep -q __SERVER_ID__ /config/kea-dhcp4.json; then
+    echo "Failed to choose server id"
+    exit 1
+  fi
+fi
+echo "SERVER_ID=${SERVER_ID}"
+
+(
+  umask 077
+  sed \
+    -e "s|__LEASE_DATABASE_NAME__|${LEASE_DATABASE_NAME}|g" \
+    -e "s|__LEASE_DATABASE_HOST__|${LEASE_DATABASE_HOST}|g" \
+    -e "s|__LEASE_DATABASE_USER__|${LEASE_DATABASE_USER}|g" \
+    -e "s|__LEASE_DATABASE_PASSWORD__|${LEASE_DATABASE_PASSWORD}|g" \
+    -e "s|__HOSTS_DATABASE_NAME__|${HOSTS_DATABASE_NAME}|g" \
+    -e "s|__HOSTS_DATABASE_HOST__|${HOSTS_DATABASE_HOST}|g" \
+    -e "s|__HOSTS_DATABASE_USER__|${HOSTS_DATABASE_USER}|g" \
+    -e "s|__HOSTS_DATABASE_PASSWORD__|${HOSTS_DATABASE_PASSWORD}|g" \
+    -e "s|__SERVER_ID__|${SERVER_ID}|g" \
+    /config/kea-dhcp4.json > /work/kea-dhcp4.json
+)
+
+kea-ctrl-agent -c /app/kea-ctrl-agent.json &
+stork-agent &
+
+kea-dhcp4 -c /work/kea-dhcp4.json