From d2fdc8bfab645ff8bca685e9667af39d6bad193c Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Tue, 18 Apr 2017 00:16:17 -0700
Subject: [PATCH] contrib/dnsmasq: Add dnsmasq Makefile, v0.4.0 bump

* Add grub.efi to get-tftp-files script. This matches prior
dnsmasq images, but was not part of a repeatable build
* Switch rkt run examples to pull from quay.io
* Remove script using acbuild to create ACIs
---
 contrib/dnsmasq/Makefile       | 23 +++++++++++
 contrib/dnsmasq/README.md      | 72 ++++++++++++++++------------------
 contrib/dnsmasq/build-aci      | 42 --------------------
 contrib/dnsmasq/build-docker   |  5 ---
 contrib/dnsmasq/get-tftp-files |  8 +++-
 scripts/devnet                 |  2 +-
 6 files changed, 64 insertions(+), 88 deletions(-)
 create mode 100644 contrib/dnsmasq/Makefile
 delete mode 100755 contrib/dnsmasq/build-aci
 delete mode 100755 contrib/dnsmasq/build-docker

diff --git a/contrib/dnsmasq/Makefile b/contrib/dnsmasq/Makefile
new file mode 100644
index 00000000..c0297011
--- /dev/null
+++ b/contrib/dnsmasq/Makefile
@@ -0,0 +1,23 @@
+VERSION=v0.4.0
+
+IMAGE_REPO=coreos/dnsmasq
+QUAY_REPO=quay.io/coreos/dnsmasq
+
+.PHONY: all
+all: docker-image
+
+.PHONY: undionly
+undionly:
+	@./get-tftp-files
+
+.PHONY: docker-image
+docker-image: undionly
+	sudo docker build --rm=true -t $(IMAGE_REPO):$(VERSION) .
+	sudo docker tag $(IMAGE_REPO):$(VERSION) $(IMAGE_REPO):latest
+
+.PHONY: docker-push
+docker-push:
+	@sudo docker tag $(IMAGE_REPO):$(VERSION) $(QUAY_REPO):latest
+	@sudo docker tag $(IMAGE_REPO):$(VERSION) $(QUAY_REPO):$(VERSION)
+	@sudo docker push $(QUAY_REPO):latest
+	@sudo docker push $(QUAY_REPO):$(VERSION)
diff --git a/contrib/dnsmasq/README.md b/contrib/dnsmasq/README.md
index 354ccb06..b182aaa0 100644
--- a/contrib/dnsmasq/README.md
+++ b/contrib/dnsmasq/README.md
@@ -1,30 +1,44 @@
+# dnsmasq [![Docker Repository on Quay](https://quay.io/repository/coreos/dnsmasq/status "Docker Repository on Quay")](https://quay.io/repository/coreos/dnsmasq)
 
-# dnsmasq
-
-[![Docker Repository on Quay](https://quay.io/repository/coreos/dnsmasq/status "Docker Repository on Quay")](https://quay.io/repository/coreos/dnsmasq)
-
-`dnsmasq` provides an App Container Image (ACI) or Docker image for running DHCP, proxy DHCP, DNS, and/or TFTP with [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) in a container/pod. Use it to test different network setups with clusters of network bootable machines.
+`dnsmasq` provides a container image for running DHCP, proxy DHCP, DNS, and/or TFTP with [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html). Use it to test different network setups with clusters of network bootable machines.
 
 The image bundles `undionly.kpxe` which chainloads PXE clients to iPXE and `grub.efi` (experimental) which chainloads UEFI architectures to GRUB2.
 
 ## Usage
 
-Run the `coreos.com/dnsmasq` ACI with rkt.
+Run the container image as a DHCP, DNS, and TFTP service.
 
-    sudo rkt trust --prefix coreos.com/dnsmasq
-    # gpg key fingerprint is: 18AD 5014 C99E F7E3 BA5F  6CE9 50BD D3E0 FC8A 365E
-    sudo rkt run coreos.com/dnsmasq:v0.3.0
+```sh
+sudo rkt run --net=host quay.io/coreos/dnsmasq -- -d -q \
+  --dhcp-range=192.168.1.3,192.168.1.254 \
+  --enable-tftp \
+  --tftp-root=/var/lib/tftpboot \
+  --dhcp-userclass=set:ipxe,iPXE \
+  --dhcp-boot=tag:#ipxe,undionly.kpxe \
+  --dhcp-boot=tag:ipxe,http://matchbox.example.com:8080/boot.ipxe \
+  --address=/matchbox.example.com/192.168.1.2 \
+  --log-queries \
+  --log-dhcp
+```
 
-Press ^] three times to kill the container.
+```sh
+sudo docker run --rm --cap-add=NET_ADMIN --net=host quay.io/coreos/dnsmasq \
+  -d -q \
+  --dhcp-range=192.168.1.3,192.168.1.254 \
+  --enable-tftp --tftp-root=/var/lib/tftpboot \
+  --dhcp-userclass=set:ipxe,iPXE \
+  --dhcp-boot=tag:#ipxe,undionly.kpxe \
+  --dhcp-boot=tag:ipxe,http://matchbox.example.com:8080/boot.ipxe \
+  --address=/matchbox.example/192.168.1.2 \
+  --log-queries \
+  --log-dhcp
+```
 
-Alternately, Docker can be used.
-
-    docker pull quay.io/coreos/dnsmasq
-    docker run --cap-add NET_ADMIN quay.io/coreos/dnsmasq
+Press ^] three times to stop the rkt pod. Press ctrl-C to stop the Docker container.
 
 ## Configuration Flags
 
-Configuration arguments can be provided at the command line. Check the dnsmasq [man pages](http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html) for a complete list, but here are some important flags.
+Configuration arguments can be provided as flags. Check the dnsmasq [man pages](http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html) for a complete list.
 
 | flag     | description | example |
 |----------|-------------|---------|
@@ -33,30 +47,12 @@ Configuration arguments can be provided at the command line. Check the dnsmasq [
 | --enable-tftp | Enable serving from tftp-root over TFTP | NA |
 | --address | IP address for a domain name | /matchbox.foo/172.18.0.2 |
 
-## ACI
+## Development
 
-Build a `dnsmasq` ACI with the build script which uses [acbuild](https://github.com/appc/acbuild).
+Build a container image locally.
 
-    cd contrib/dnsmasq
-    ./get-tftp-files
-    sudo ./build-aci
+    make docker-image
 
-Run `dnsmasq.aci` with rkt to run DHCP/proxyDHCP/TFTP/DNS services.
+Run the image with Docker on the `docker0` bridge (default).
 
-DHCP+TFTP+DNS on the `metal0` bridge:
-
-    sudo rkt --insecure-options=image run dnsmasq.aci --net=metal0 -- -d -q --dhcp-range=172.18.0.50,172.18.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.18.0.1 --address=/matchbox.foo/172.18.0.2
-
-## Docker
-
-Build a Docker image locally using the tag `latest`.
-
-    cd contrib/dnsmasq
-    ./get-tftp-files
-    sudo ./build-docker
-
-Run the Docker image to run DHCP/proxyDHCP/TFTP/DNS services.
-
-DHCP+TFTP+DNS on the `docker0` bridge:
-
-    sudo docker run --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=172.17.0.43,172.17.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.17.0.1 --address=/matchbox.foo/172.17.0.2
+    sudo docker run --rm --cap-add=NET_ADMIN coreos/dnsmasq -d -q
diff --git a/contrib/dnsmasq/build-aci b/contrib/dnsmasq/build-aci
deleted file mode 100755
index 685ad608..00000000
--- a/contrib/dnsmasq/build-aci
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-if [ "$EUID" -ne 0 ]; then
-  echo "Please run as root"
-  exit 1
-fi
-
-# Start with an empty ACI
-acbuild --debug begin
-
-# In the event of the script exiting, end the build
-trap "{ export EXT=$?; acbuild --debug end && exit $EXT; }" EXIT
-
-# Name the ACI
-acbuild --debug set-name coreos.com/dnsmasq
-
-# Add a version label
-acbuild --debug label add version v0.3.0
-
-# Add alpine base dependency
-acbuild --debug dep add quay.io/coreos/alpine-sh
-
-# Install dnsmasq and curl
-acbuild --debug run apk update
-acbuild --debug run apk add dnsmasq curl
-
-# Copy the PXE->iPXE chainloader
-acbuild --debug copy tftpboot /var/lib/tftpboot
-
-# Add DHCP and DNS ports for dnsmasq
-acbuild --debug port add dhcp udp 67
-acbuild --debug port add dns udp 53
-
-# Elevate network admin capabilities
-echo "{\"set\": [\"CAP_NET_ADMIN\", \"CAP_NET_BIND_SERVICE\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_NET_RAW\"]}" | acbuild --debug isolator add os/linux/capabilities-retain-set -
-
-# Set the exec command
-acbuild --debug set-exec -- /usr/sbin/dnsmasq -d
-
-# Save and override any older ACI
-acbuild --debug write --overwrite dnsmasq.aci
\ No newline at end of file
diff --git a/contrib/dnsmasq/build-docker b/contrib/dnsmasq/build-docker
deleted file mode 100755
index 9851287e..00000000
--- a/contrib/dnsmasq/build-docker
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash -e
-
-REPO=coreos/dnsmasq
-
-docker build -q --rm=true -t $REPO:latest .
\ No newline at end of file
diff --git a/contrib/dnsmasq/get-tftp-files b/contrib/dnsmasq/get-tftp-files
index 6f0ef403..24ef8952 100755
--- a/contrib/dnsmasq/get-tftp-files
+++ b/contrib/dnsmasq/get-tftp-files
@@ -1,6 +1,7 @@
-#!/bin/bash -e
+#!/usr/bin/env bash
+set -eu
 
-DEST=tftpboot
+DEST=${1:-"tftpboot"}
 
 if [ ! -d $DEST ]; then
   echo "Creating directory $DEST"
@@ -9,3 +10,6 @@ fi
 
 curl -s -o $DEST/undionly.kpxe http://boot.ipxe.org/undionly.kpxe
 cp $DEST/undionly.kpxe $DEST/undionly.kpxe.0
+
+# Any vaguely recent CoreOS grub.efi is fine
+curl -s -o $DEST/grub.efi https://stable.release.core-os.net/amd64-usr/1298.7.0/coreos_production_pxe_grub.efi
diff --git a/scripts/devnet b/scripts/devnet
index 5cb84fc7..18ee8eb1 100755
--- a/scripts/devnet
+++ b/scripts/devnet
@@ -101,7 +101,7 @@ function create {
     --net=metal0:IP=172.18.0.3 \
     --mount volume=config,target=/etc/dnsmasq.conf \
     --volume config,kind=host,source=$DIR/../contrib/dnsmasq/metal0.conf \
-    coreos.com/dnsmasq:v0.3.0
+    quay.io/coreos/dnsmasq:v0.3.0
 
   status
 }