From c1f6d25ecd278d1173357717ce4ac677ceb3fa31 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 29 Jan 2016 17:09:51 -0800 Subject: [PATCH] contrib: Organize dnsmasq ACI and Docker under contrib --- Documentation/physical-hardware.md | 4 +- Documentation/rkt.md | 4 +- Documentation/virtual-hardware.md | 6 +- contrib/.gitignore | 2 - contrib/dnsmasq/.gitignore | 2 + {dockerfiles => contrib}/dnsmasq/Dockerfile | 0 contrib/dnsmasq/README.md | 58 +++++++++++++++++++ contrib/{acifile => dnsmasq/build-aci} | 22 ++++--- .../dnsmasq/build-docker | 0 dockerfiles/dnsmasq/README.md | 21 ------- 10 files changed, 74 insertions(+), 45 deletions(-) delete mode 100644 contrib/.gitignore create mode 100644 contrib/dnsmasq/.gitignore rename {dockerfiles => contrib}/dnsmasq/Dockerfile (100%) create mode 100644 contrib/dnsmasq/README.md rename contrib/{acifile => dnsmasq/build-aci} (68%) rename dockerfiles/dnsmasq/docker-build => contrib/dnsmasq/build-docker (100%) delete mode 100644 dockerfiles/dnsmasq/README.md diff --git a/Documentation/physical-hardware.md b/Documentation/physical-hardware.md index 2069547d..e6845175 100644 --- a/Documentation/physical-hardware.md +++ b/Documentation/physical-hardware.md @@ -29,9 +29,7 @@ Note, the kernel options in the `Spec` [examples](../examples) reference 172.17. Your network may already have a configurable PXE or iPXE server, configurable DHCP, a DHCP server you cannot modify, or no DHCP server at all. We'll show how to setup each network environment to talk to `bootcfg`, depending on your circumstances. -The [quay.io/coreos/dnsmasq](https://quay.io/repository/coreos/dnsmasq) image can be used to run DHCP, proxy DHCP, and TFTP. It can be built from the [dockerfiles](../dockerfiles/dnsmasq) or pulled from Quay. - - docker pull quay.io/coreos/dnsmasq +Otherwise create a PXE, iPXE, or Pixiecore network boot environment using the CoreOS [dnsmasq](../contrib/dnsmasq) container image which can run DHCP, proxyDHCP, TFTP, and/or DNS with `dnsmasq`. Use `--net=host` to run the services on the host and use `--dhcp-boot` to point clients to the config service. ### Configurable iPXE diff --git a/Documentation/rkt.md b/Documentation/rkt.md index 77bfe909..50a00562 100644 --- a/Documentation/rkt.md +++ b/Documentation/rkt.md @@ -61,8 +61,8 @@ In your firewall settings, configure the `metal0` interface as trusted. Build an dnsmasq ACI and run it to create a DNS server, TFTP server, and DHCP server which points network boot clients to the config server started above. - cd contrib - sudo ./acifile + cd contrib/dnsmasq + sudo ./build-aci Run `dnsmasq.aci` to create a DHCP and TFTP server pointing to config server. diff --git a/Documentation/virtual-hardware.md b/Documentation/virtual-hardware.md index 117d2d36..dccd46cc 100644 --- a/Documentation/virtual-hardware.md +++ b/Documentation/virtual-hardware.md @@ -22,11 +22,7 @@ Note, the kernel options in the `Spec` [examples](../examples) reference 172.17. ## Network Setups -We'll show how to setup PXE, iPXE, or Pixiecore network boot environments on the `docker0` bridge and configure them to use `bootcfg`. - -The [quay.io/coreos/dnsmasq](https://quay.io/repository/coreos/dnsmasq) image can be used to run DHCP, proxyDHCP, and TFTP. It can be built from the [dockerfiles](../dockerfiles/dnsmasq) or pulled from Quay. - - docker pull quay.io/coreos/dnsmasq +Create a PXE, iPXE, or Pixiecore network boot environment using the CoreOS [dnsmasq](../contrib/dnsmasq) container image which can run DHCP, proxyDHCP, TFTP, and/or DNS with `dnsmasq`. Use `--net` to specify a virtual bridge and `--dhcp-boot` to point clients to the config service. ### PXE diff --git a/contrib/.gitignore b/contrib/.gitignore deleted file mode 100644 index c2daced8..00000000 --- a/contrib/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -tftpboot -dnsmasq.aci \ No newline at end of file diff --git a/contrib/dnsmasq/.gitignore b/contrib/dnsmasq/.gitignore new file mode 100644 index 00000000..b28be21c --- /dev/null +++ b/contrib/dnsmasq/.gitignore @@ -0,0 +1,2 @@ +tftpboot +*.aci \ No newline at end of file diff --git a/dockerfiles/dnsmasq/Dockerfile b/contrib/dnsmasq/Dockerfile similarity index 100% rename from dockerfiles/dnsmasq/Dockerfile rename to contrib/dnsmasq/Dockerfile diff --git a/contrib/dnsmasq/README.md b/contrib/dnsmasq/README.md new file mode 100644 index 00000000..0fe4b9f9 --- /dev/null +++ b/contrib/dnsmasq/README.md @@ -0,0 +1,58 @@ + +# dnsmasq + +[![Docker Repository on Quay](https://quay.io/repository/coreos/dnsmasq/status "Docker Repository on Quay")](https://quay.io/repository/coreos/dnsmasq) + +`dnsmasq` provides an App Container Image (ACI) or Docker image for running DHCP, proxy DHCP, DNS, and/or TFTP with [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) in a container/pod. Use it to test different network setups with clusters of network bootable machines. + +The image bundles `undionly.kpxe` which chainloads PXE clients to iPXE. + +## Usage + +Build the ACI as described below. Run the ACI with [rkt](https://github.com/coreos/rkt). + + sudo rkt --insecure-options=image run dnsmasq.aci + +Press ^] three times to kill the container. + +Alternately, Docker can be used. + + docker pull quay.io/coreos/dnsmasq + docker run quay.io/coreos/dnsmasq --cap-add=NET_ADMIN + +## Configuration Flags + +Configuration arguments can be provided as arguments. Check the dnsmasq [man pages]](http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html) for a complete list, but here are some important options. + +| flag | description | example | +|----------|-------------|---------| +| -dhcp-range | Enable DHCP, lease given range | `172.15,0.50,172.15.0.99`, `192.168.1.1,proxy,255.255.255.0` | +| --dhcp-boot | DHCP next server option | `http://bootcfg.foo:8080/boot.ipxe` | +| --enable-tftp | Enable serving from tftp-root over TFTP | NA | +| --address | IP address for a domain name | /bootcfg.foo/172.15.0.2 | + +## ACI + +Build a `dnsmasq` ACI with the build script which uses [acbuild](https://github.com/appc/acbuild). + + cd contrib/dnsmasq + ./build-aci + +Run `dnsmasq.aci` with rkt to run DHCP/proxyDHCP/TFTP/DNS services. + +DHCP+TFTP+DNS on the `metal0` bridge: + + sudo rkt --insecure-options=image run dnsmasq.aci --net=metal0 -- -d -q --dhcp-range=172.15.0.50,172.15.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.15.0.1 --address=/bootcfg.foo/172.15.0.2 + +## Docker + +Build a Docker image locally using the tag `latest`. + + cd contrib/dnsmasq + sudo ./build-docker + +Run the Docker image to run DHCP/proxyDHCP/TFTP/DNS services. + +DHCP+TFTP+DNS on the `docker0` bridge: + + sudo docker run --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=172.17.0.43,172.17.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.17.0.1 --address=/bootcfg.foo/172.17.0.2 diff --git a/contrib/acifile b/contrib/dnsmasq/build-aci similarity index 68% rename from contrib/acifile rename to contrib/dnsmasq/build-aci index bb197f9a..d73a6bf3 100755 --- a/contrib/acifile +++ b/contrib/dnsmasq/build-aci @@ -1,11 +1,12 @@ -#!/usr/bin/bash -e +#!/usr/bin/env bash +set -e if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit 1 fi -# Start the build with an empty ACI +# Start with an empty ACI acbuild --debug begin # In the event of the script exiting, end the build @@ -14,14 +15,14 @@ trap "{ export EXT=$?; acbuild --debug end && exit $EXT; }" EXIT # Name the ACI acbuild --debug set-name coreos/dnsmasq -# Based on alpine +# Add alpine base dependency acbuild --debug dep add quay.io/coreos/alpine-sh # Install dnsmasq and curl acbuild --debug run apk update acbuild --debug run apk add dnsmasq curl -# Get the PXE->iPXE chainloader +# Copy the PXE->iPXE chainloader if [ ! -d "tftpboot" ]; then mkdir tftpboot curl -s -o tftpboot/undionly.kpxe http://boot.ipxe.org/undionly.kpxe @@ -29,18 +30,15 @@ if [ ! -d "tftpboot" ]; then fi acbuild --debug copy tftpboot /var/lib/tftpboot -# Add a port for dhcp discover traffic +# Add DHCP and DNS ports for dnsmasq acbuild --debug port add dhcp udp 67 -acbuild --debug port add dhcp udp 53 +acbuild --debug port add dns udp 53 # Elevate network admin capabilities -echo "{\"set\": [\"CAP_NET_ADMIN\"]}" | acbuild isolator add os/linux/capabilities-retain-set - +echo "{\"set\": [\"CAP_NET_ADMIN\"]}" | acbuild --debug isolator add os/linux/capabilities-retain-set - -# Run dnsmasq +# Set the exec command acbuild --debug set-exec -- /usr/sbin/dnsmasq -d -# Check that the manifest looks ok -acbuild --debug cat-manifest - -# Save the ACI +# Save and override any older ACI acbuild --debug write --overwrite dnsmasq.aci \ No newline at end of file diff --git a/dockerfiles/dnsmasq/docker-build b/contrib/dnsmasq/build-docker similarity index 100% rename from dockerfiles/dnsmasq/docker-build rename to contrib/dnsmasq/build-docker diff --git a/dockerfiles/dnsmasq/README.md b/dockerfiles/dnsmasq/README.md deleted file mode 100644 index c4a0e81f..00000000 --- a/dockerfiles/dnsmasq/README.md +++ /dev/null @@ -1,21 +0,0 @@ - -# coreos/dnsmasq - -[coreos/dnsmasq](https://quay.io/repository/coreos/dnsmasq) is a convenience entrypoint to [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) for running DHCP, proxy DHCP, and TFTP without making changes to the host `/etc/dnsmasq.conf`. - -The image bundles `undionly.kpxe` which chainloads PXE clients to iPXE. - -## Usage - -Build the image - - cd dockerfiles/dnsmasq - ./docker-build - -Run `dnsmasq` on a host in proxyDHCP mode to chainload iPXE. - - docker run --net=host --rm --cap-add=NET_ADMIN coreos/dnsmasq -d -i enp0s25 --dhcp-range=192.168.86.0,proxy,255.255.255.0 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --pxe-service=tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe - - - -