-
-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathDockerfile-alpine
206 lines (176 loc) · 6.5 KB
/
Dockerfile-alpine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
#
# Define the base OS image in a single place.
#
FROM alpine:3.21 AS base
#
# The builder step is where Kea is compiled.
#
FROM base AS builder
# Install all packages needed to build Kea.
RUN set -e && apk add --no-cache \
ca-certificates \
curl \
gnupg \
&& apk add --no-cache \
procps \
file \
g++ \
make \
boost-dev \
openssl-dev \
krb5-dev \
log4cplus-dev \
mariadb-dev \
postgresql-dev
ARG KEA_VERSION
# Download and unpack the correct tarball (also verify the signature).
RUN curl -LOR "https://ftp.isc.org/isc/kea/${KEA_VERSION}/kea-${KEA_VERSION}.tar.gz{,.asc}" && \
install -m 0700 -o root -g root -d /root/.gnupg && \
curl -L "https://www.isc.org/docs/isc-keyblock.asc" | gpg2 --import && \
gpg2 --no-options --verbose --keyid-format 0xlong --keyserver-options auto-key-retrieve=true \
--verify kea-${KEA_VERSION}.tar.gz.asc kea-${KEA_VERSION}.tar.gz
# For some reason tar hangs if we do not do it in its own RUN...
# Investigate this later.
RUN tar xzpf kea-${KEA_VERSION}.tar.gz
# Set the extracted location as our new workdir.
WORKDIR /kea-${KEA_VERSION}
# Configure with all the settings we want, and then build it.
# This will take >7 hours for arm/v7 on an average 4 core desktop.
RUN ./configure --with-openssl --with-mysql --with-pgsql --with-gssapi --enable-static=no && \
make -j$(nproc)
# Having this in its own step makes it easier to experiment.
RUN make install
# Let's reduce the files needed to be copied later by removing stuff we don't
# seem to need.
RUN ls -ahl /usr/local/ && cd /usr/local/lib/ && \
rm -v *.la && \
rm -v kea/hooks/*.la
# Strip debug symbols to reduce file size of binaries
RUN find /usr/local/sbin/ /usr/local/lib/ -type f -exec strip --strip-unneeded {} \;
# There are a couple additional "hook" features located in this folder which
# will most likely not be needed by the average user, so let's exclude them
# from the first COPY step later so we can make a "slim" image.
RUN mv "/usr/local/lib/kea/hooks" / && mkdir "/usr/local/lib/kea/hooks"
#
# All the services basically need the same stuff so let's make a common layer.
#
FROM base AS common
# In Alpine the APK package installs the user "kea", with uid 100 and gid 101,
# and while I think it is stupid that the numbers are not identical it is the
# same as for the Bind9 package so let's keep it for consistency.
# Currently this does not make Kea run as this user, but we prepare for it.
ENV KEA_USER=kea
RUN addgroup -S -g 101 ${KEA_USER} && \
adduser -S -D -G ${KEA_USER} -H -g "Kea user" -s /sbin/nologin -u 101 ${KEA_USER} && \
# We then need to install all the runtime dependencies of Kea.
# This is not identical to what is pulled in when doing an apk add of the
# official package, but it appears to work fine.
apk add --no-cache \
procps \
file \
boost \
krb5-libs \
log4cplus \
mariadb-connector-c \
libbz2 \
libgcc \
libstdc++ \
libpq \
openssl \
&& \
# Make sure some directories mentioned in the documentation are present and
# owned by the Kea user.
install -m 0775 -o ${KEA_USER} -g ${KEA_USER} -d \
/opt/kea \
/usr/local/var/log/kea \
/usr/local/var/lib/kea \
/usr/local/var/run/kea \
&& \
# Create directories we want available for easy configuration management.
install -m 0775 -o ${KEA_USER} -g ${KEA_USER} -d \
/kea \
/kea/config \
/kea/leases \
/kea/logs \
/kea/sockets \
&& \
mkdir /entrypoint.d
# From the build stage we copy the library files from "lib", and then all the
# C++ header files in the "include" folder. There are a couple of folders used
# during runtime in "var" as well, but we created them above with the Kea user
# as the owner instead.
COPY --from=builder /usr/local/lib /usr/local/lib
COPY --from=builder /usr/local/include/kea /usr/local/include/kea
# As a final step we will need to run ldconfig to make sure that all the Kea
# libraries that we copied are correctly linked.
# The ldconfig program in Alpine is weird in that it requires a path as
# argument, else it exits with code 1, but I cannot find info about that this
# path should point to so I just use the folder we want added.
#
# NOTE: The hooks folder is empty right now, to save some space, but it may be
# populated by the user later.
RUN echo "/lib:/usr/local/lib:/usr/lib:/usr/local/lib/kea/hooks" > "/etc/ld-musl-$(uname -m).path" && \
ldconfig /usr/local/lib/kea/hooks
# Finally we copy the common entrypoint script which will read an environment
# variable in order to later launch the correct service.
COPY entrypoint.sh /
ENTRYPOINT [ "/entrypoint.sh" ]
#
# The DHCP4 service image without any hook libraries.
#
FROM common AS dhcp4-slim
ENV KEA_EXECUTABLE=dhcp4
COPY --from=builder /usr/local/sbin/kea-dhcp4 /usr/local/sbin/kea-lfc /usr/local/sbin/
#
# The DHCP4 service image with all relevant hooks included.
#
# The libdhcp_mysql_cb.so and libdhcp_pgsql_cb.so libraries depend on the paid
# libdhcp_cb_cmds.so library, so they are excluded.
FROM dhcp4-slim AS dhcp4
COPY --from=builder \
/hooks/libdhcp_bootp.so \
/hooks/libdhcp_flex_option.so \
/hooks/libdhcp_ha.so \
/hooks/libdhcp_lease_cmds.so \
/hooks/libdhcp_perfmon.so \
/hooks/libdhcp_run_script.so \
/hooks/libdhcp_stat_cmds.so \
/usr/local/lib/kea/hooks/
#
# The DHCP6 service image without any hook libraries.
#
FROM common AS dhcp6-slim
ENV KEA_EXECUTABLE=dhcp6
COPY --from=builder /usr/local/sbin/kea-dhcp6 /usr/local/sbin/kea-lfc /usr/local/sbin/
#
# The DHCP6 service image with all relevant hooks included.
#
# The libdhcp_mysql_cb.so and libdhcp_pgsql_cb.so libraries depend on the paid
# libdhcp_cb_cmds.so library, so they are excluded.
FROM dhcp6-slim AS dhcp6
COPY --from=builder \
/hooks/libdhcp_flex_option.so \
/hooks/libdhcp_ha.so \
/hooks/libdhcp_lease_cmds.so \
/hooks/libdhcp_perfmon.so \
/hooks/libdhcp_run_script.so \
/hooks/libdhcp_stat_cmds.so \
/usr/local/lib/kea/hooks/
#
# The Kea DHCP DDNS service image.
#
FROM common AS dhcp-ddns
ENV KEA_EXECUTABLE=dhcp-ddns
COPY --from=builder /usr/local/sbin/kea-dhcp-ddns /usr/local/sbin/
#
# The Kea Control Agent service image.
#
FROM common AS ctrl-agent
ENV KEA_EXECUTABLE=ctrl-agent
COPY --from=builder /usr/local/sbin/kea-ctrl-agent /usr/local/sbin/
#
# The Hooks image
#
FROM base AS hooks
COPY --from=builder /hooks /hooks
CMD [ "ls", "-ahl", "/hooks" ]