diff --git a/kea/Dockerfile b/kea/Dockerfile index f71b2a6..30abf01 100644 --- a/kea/Dockerfile +++ b/kea/Dockerfile @@ -34,6 +34,21 @@ RUN --mount=type=cache,dst=/build/stork/tools \ ### +FROM $BASE as bundler +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y \ + ruby \ + ruby-bundler +COPY Gemfile* /app/ +ENV BUNDLE_GEMFILE /app/Gemfile +ENV BUNDLE_PATH /app/vendor/bundle +ENV BUNDLE_DEPLOYMENT 1 +ENV BUNDLE_JOBS 16 +ENV BUNDLE_WITHOUT development:test +RUN bundle install + +### + FROM --platform=$BUILDPLATFORM $BASE as config RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y jsonnet WORKDIR /app @@ -50,9 +65,10 @@ VOLUME /run/kea RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt/lists apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y \ + curl \ ca-certificates \ dumb-init \ - ruby \ + ruby ruby-bundler \ iproute2 \ mysql-client @@ -65,11 +81,24 @@ RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib isc-kea-dhcp4-server \ isc-kea-mysql \ isc-kea-ctrl-agent \ - isc-kea-admin + isc-kea-admin \ + isc-kea-hooks COPY --from=build-healthz /app/bin/healthz /app/healthzd COPY --from=build-stork /build/go/bin/stork-agent /app/stork-agent + +COPY Gemfile* /app/ +COPY --from=bundler /app/vendor/bundle /app/vendor/bundle +ENV BUNDLE_GEMFILE /app/Gemfile +ENV BUNDLE_PATH /app/vendor/bundle +ENV BUNDLE_DEPLOYMENT 1 +ENV BUNDLE_JOBS 16 +ENV BUNDLE_WITHOUT development:test + +RUN ln -s /usr/lib/$(uname -m)-linux-gnu/kea/hooks /app/kea-hooks + COPY run.sh /app/run.sh +COPY db-upgrade.rb /app/db-upgrade.rb COPY choose_dhcp_server_id.rb /app/choose_dhcp_server_id.rb COPY --from=config /app/kea-ctrl-agent.json /app/kea-ctrl-agent.json diff --git a/kea/Gemfile b/kea/Gemfile new file mode 100644 index 0000000..d580f3f --- /dev/null +++ b/kea/Gemfile @@ -0,0 +1,3 @@ +source 'https://rubygems.org' +gem 'aws-sdk-rds' +gem 'rexml' diff --git a/kea/Gemfile.lock b/kea/Gemfile.lock new file mode 100644 index 0000000..0384be0 --- /dev/null +++ b/kea/Gemfile.lock @@ -0,0 +1,29 @@ +GEM + remote: https://rubygems.org/ + specs: + aws-eventstream (1.3.2) + aws-partitions (1.1065.0) + aws-sdk-core (3.220.1) + aws-eventstream (~> 1, >= 1.3.0) + aws-partitions (~> 1, >= 1.992.0) + aws-sigv4 (~> 1.9) + base64 + jmespath (~> 1, >= 1.6.1) + aws-sdk-rds (1.272.0) + aws-sdk-core (~> 3, >= 3.216.0) + aws-sigv4 (~> 1.5) + aws-sigv4 (1.11.0) + aws-eventstream (~> 1, >= 1.0.2) + base64 (0.2.0) + jmespath (1.6.2) + rexml (3.4.1) + +PLATFORMS + ruby + +DEPENDENCIES + aws-sdk-rds + rexml + +BUNDLED WITH + 2.6.3 diff --git a/kea/db-upgrade.rb b/kea/db-upgrade.rb new file mode 100755 index 0000000..4fb725f --- /dev/null +++ b/kea/db-upgrade.rb @@ -0,0 +1,28 @@ +#!/usr/bin/env ruby +require 'bundler/setup' +require 'aws-sdk-rds' +require 'open-uri' +require 'resolv' + +REGION = ENV.fetch('AWS_REGION') +File.write '/app/rds-ca-bundle.pem', URI.open("https://truststore.pki.rds.amazonaws.com/#{REGION}/#{REGION}-bundle.pem", 'r', &:read) +@auth = Aws::RDS::AuthTokenGenerator.new(credentials: Aws::CredentialProviderChain.new.resolve) + +def run(host:, name:) + actual_host = Resolv::DNS.new.getresource(host, Resolv::DNS::Resource::IN::CNAME).name.to_s rescue host + user_name = ENV.fetch('KEA_ADMIN_DB_USER') + token = @auth.generate_auth_token(region: REGION, endpoint: "#{actual_host}:3306", expires_in: 900, user_name: user_name) + ENV['KEA_ADMIN_DB_PASSWORD'] = token + puts ">>>> kea-admin db-upgrade mysql -n #{name} -h #{actual_host}" + system( + *%w(kea-admin db-upgrade mysql), + '-h', actual_host, + '-u', user_name, + '-n', name, + '-x', "--enable-cleartext-plugin --ssl-ca /app/rds-ca-bundle.pem", + exception: true + ) +end + +run(host: ENV.fetch('LEASE_DATABASE_HOST'), name: ENV.fetch('LEASE_DATABASE_NAME')) +run(host: ENV.fetch('HOSTS_DATABASE_HOST'), name: ENV.fetch('HOSTS_DATABASE_NAME'))