Hi, i want to know if the container support dual stack?? I mean ipv4 and ipv6 in the same container?

According to Docker best practices, you should not do upgrade or dist-upgrade in your Dockerfile.

The following information is useful for everybody who is using macvlan-interfaces and dhcpd ...

To get network-boot/docker-dhcpd working with macvlan-interfaces in a setup like this:

    version: "3"
    networks:
       macvlan-network1:
         external:
             name: macvlan-network1
       macvlan-network2:
         external:
             name: macvlan-network2
       macvlan-network3:
         external:
             name: macvlan-network3
    services:
      dhcpd:
        cap_add:
        - NET_ADMIN
        container_name: dhcpd
        hostname: dhcpd
        image: networkboot/dhcpd:latest
        networks:
            macvlan-network1:
                aliases:
                - dhcpd_network1
                ipv4_address: 10.0.0.7
            macvlan-network2:
                aliases:
                - dhcpd_network2
                ipv4_address: 10.1.0.7
            macvlan-network3:
                aliases:
                - dhcpd_network3
                ipv4_address: 192.168.132.7

the entrypoint.sh script should be extended by:

for i in /sys/class/net/eth*
do 
  echo "### Enabling promiscous mode for network-interface $${i##*/net/}"
  ip link set $${i##*/net/} promisc on || ifconfig $${i##*/net/} promisc
done

I don't know exactly why this is needed for macvlan, but with promiscuous-mode enabled interfaces, the dhcpd works fine in the above setup. Without promisc-mode, the dhcpd is not answering to broadcast-requests at all. To get the interfaces in the promisc-mode NET_ADMIN-capability is needed and the docker-image should be extended by iproute2 (ip-command) or net-tools (ifconfig-command). Maybe together with an environment-variable which signalize
entrypoint.sh to put the interfaces in promiscuous mode ...

At least this case should be mentioned in the documentation ...

Currently attempting to utilize this image to test for a production use. When I try to start it though, I get an error in the startup:

`Internet Systems Consortium DHCP Server 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /data/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Can't open lease database /var/lib/dhcp/dhcpd.leases: No such file or directory --
check for failed database rewrite attempt!
Please read the dhcpd.leases manual page if you
don't know what to do about this.

If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..

exiting.`

Seems it's not creating the lease file thus stops. Any hints or clues would be useful in this, thanks!

Now that we have GitHub actions to build the DockerHub images, we should figure out a way to rebuild the latest and ldap-latest images on a schedule, or when the parent image (ubuntu:22.04) is rebuilt. This is to ensure security vulnerabilities in the base image is handled without us needing to do anything.

I was trying to migrate my DHCP server from an old laptop running Ubuntu server 20.04.1 to a Raspberry Pi 4 and when I try to start the image I get the following error

[FATAL tini (6)] exec /entrypoint.sh failed: Exec format error

As far as I can tell this is related to a difference in the architecture of the images. Is there an arm64 version of the image? If not I guess I'll have to build one from scratch.

Possibly an issue with my docker (1.12.2) , but changing the COPY and the ENTRYPOINT resolved this error:

ubuntu@ubuntu:~/ra_training/tester$ ./build
Sending build context to Docker daemon 153.6 kB
Step 1 : FROM ubuntu:xenial
 ---> f753707788c5
Step 2 : MAINTAINER Robin Smidsrød <[email protected]>
 ---> Using cache
 ---> a84ade841be3
Step 3 : ARG DEBIAN_FRONTEND=noninteractive
 ---> Using cache
 ---> e7e1708f98d2
Step 4 : RUN apt-get -q -y update  && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" install apt-utils  && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" dist-upgrade  && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" install isc-dhcp-server man python3  && apt-get -q -y autoremove  && apt-get -q -y clean  && rm -rf /var/lib/apt/lists/*
 ---> Using cache
 ---> ee660a5aaecc
Step 5 : COPY util/my_init.py /sbin/my_init
 ---> b49c9eab1310
Removing intermediate container cd9d90c708f0
Step 6 : COPY util/entrypoint.sh /entrypoint.sh
stat /var/lib/docker/aufs/mnt/fa23bc5aa628b9b22c64e63d941f8305b3523e5add5cb323a87049388c9c63f3/entrypoint.sh: no such file or directory

FROM ubuntu:xenial

MAINTAINER Robin Smidsrød <[email protected]>

ARG DEBIAN_FRONTEND=noninteractive

RUN apt-get -q -y update \
 && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" install apt-utils \
 && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" dist-upgrade \
 && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" install isc-dhcp-server man python3 \
 && apt-get -q -y autoremove \
 && apt-get -q -y clean \
 && rm -rf /var/lib/apt/lists/*

COPY util/my_init.py /sbin/my_init
COPY util/entrypoint.sh /sbin/entrypoint.sh
# OLD: COPY util/entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/sbin/entrypoint.sh"]
# OLD: ENTRYPOINT ["/entrypoint.sh"]

I see that the Dockerfile simply copies an amd64 build of dumb-init to /usr/bin/dumb-init
This of course fails when using networkboot/dhcpd on other architectures such as armhf.
Running the container on such platforms results in output:

/entrypoint.sh: line 66: /usr/bin/dumb-init: cannot execute binary file: Exec format error
/entrypoint.sh: line 66: /usr/bin/dumb-init: Success

This is discussed here: Yelp/dumb-init issue 138.
I've used the workaround of:

wget http://ftp.us.debian.org/debian/pool/main/d/dumb-init/dumb-init_1.2.0-1_armhf.deb
ar -x *.deb
tar -xvf data.tar.xz
cp usr/bin/dumb-init util/dumb-init_1.2.0_armhf

... and then editing the Dockerfile to use this binary.
A nice solution won't be easy.

Trying to "docker run" this project and I get:

You must add the 'docker run' option '--net=host' if you want to provide DHCP service to the host network.

Does anybody else see this?
cc @robinsmidsrod

Hello. Please help me make sense of the following.

Summary

Although the dhcpd process is supposed to run as the dhcpd user¹ --- so created files (e.g. .leases) are coherent with the file ownershiup of /data --- it appears dhcpd always runs as root and create files owned by root.

¹ networkboot/docker-dhcpd/blob/master/README.md §Notes

The entrypoint script in the docker image takes care of running the DHCP server as the same user that owns the data folder. This ensures that the permissions on the files inside the data folder is kept consistent. If the data folder is owned by root, dhcpd is run as the normal dhcpd user.

Description

Context

• Product version: 1.2.0
• Pulled from: https://hub.docker.com/r/networkboot/dhcpd
• System: Ubuntu Server LTS 20.04
• Docker version: 20.10.12

Test

1. In an empty directory /tmp/issue-wrong-user, create data/dhcpd.conf:

subnet 192.168.1.0 netmask 255.255.255.0 {
    option routers                  192.168.1.254;
    option subnet-mask              255.255.255.0;
    option domain-name-servers      1.1.1.1;
    range                           192.168.1.1 192.168.1.253;
}

2. Handle file ownership:

sudo chown --recursive 666:666 /tmp/issue-wrong-user/data #note: user and group #666 do not have to exist

3. Start dhcpd

cd /tmp/issue-wrong-user
docker run -d --rm --name dhcpd --init --net host -v "$(pwd)/data":/data networkboot/dhcpd:1.2.0

4. Check file created

find . -exec ls -l {} \;

5. Check user running dhcpd

docker exec dhcpd ps -ef

Observed Behaviour

• Some files are owned by root (step 4).
• dhcpd runs as root (step 5).

❯ find . -exec ls -l {} \;
total 4
drwxrwxr-x 2 666 666 4096 juil.  5 16:27 data
total 8
-rw-rw-r-- 1  666  666 256 juil.  5 16:26 dhcpd.conf
-rw-r--r-- 1 root root 277 juil.  5 16:27 dhcpd.leases
-rw-r--r-- 1  666  666   0 juil.  5 16:27 dhcpd.leases~
-rw-rw-r-- 1 666 666 256 juil.  5 16:26 ./data/dhcpd.conf
-rw-r--r-- 1 666 666 0 juil.  5 16:27 ./data/dhcpd.leases~
-rw-r--r-- 1 root root 277 juil.  5 16:27 ./data/dhcpd.leases

❯ docker exec dhcpd ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 14:27 ?        00:00:00 /sbin/docker-init -- /entrypoint.sh
root           7       1  0 14:27 ?        00:00:00 /usr/bin/dumb-init -- /usr/sbin/dhcpd -4 -f -d --no-pid -cf /data/dhcpd.conf -lf /data/dhcpd.leases
root          32       7  0 14:27 ?        00:00:00 /usr/sbin/dhcpd -4 -f -d --no-pid -cf /data/dhcpd.conf -lf /data/dhcpd.leases
root          36       0  0 14:28 ?        00:00:00 ps -ef

Expected Behaviour

• All files are owned by 666:666 (step 4).
• dhcpd runs as dhcpd (step 5).

Preliminary Analysis

entrypoint.sh does indeed make sure the dhcpd user has the same numeric ids as the owner of /data:

    data_dir="/data"
    # [...]
    uid=$(stat -c%u "$data_dir")
    gid=$(stat -c%g "$data_dir")
    if [ $gid -ne 0 ]; then
        groupmod -g $gid dhcpd
    fi
    if [ $uid -ne 0 ]; then
        usermod -u $uid dhcpd
    fi

taken from: util/entrypoint.sh:38

But as dhcpd runs as root (no USER in Dockerfile) nor any su in entrypoint.sh, the fact that dhcpd has those correct ids is useless.

Note: One can check dhcpd is correctly set:

docker exec dhcpd grep ^dhcpd /etc/passwd

The dhcp server stops serving IP addresses when the Ethernet interface becomes unavailable for a second or so. I don't want to go into the kernel to fix the issue as its a problem from the vendor but I would like the DHCP server to know that the Ethernet interface is available and start serving IP addresses.

I know this description is a bit vague, but any help would be highly appreciated.

For more details, see here:
https://revolutionpi.de/forum/viewtopic.php?p=12904#p12904

When I try to run this image, either with docker-compose up or docker run, I get the following:

/entrypoint.sh: /sbin/my_init: /usr/bin/python3: bad interpreter: No such file or directory
/entrypoint.sh: line 55: /sbin/my_init: Success

I modified the entrypoint to give me a bash shell and tried run the entrypoint.sh script manually with the same result.

Sure enough, there is no /usr/bin/python3.

I noticed that you're doing a dist-upgrade as part of the Dockerfile. Is this possibly using a new version of python than you were expecting?

The GitHub Actions workflows we have are currently using automation steps from unknown/non-verified authors, which can potentially inject malicious code into our image, or perform malicious behavior during build.

To improve this we should use verified build steps, like this one:

https://github.com/marketplace/actions/build-and-push-docker-images

It seems like the upgrade to Ubuntu 18.04 broke the man page lookup feature that is mentioned in the README. Most likely it is an APT configuration setting that needs to be tweaked, because the actual man files in /usr/share/man are not present. They were present when we used Ubuntu 14.04. I can't recall if they worked with 16.04, but it should be fixed.

If anyone knows how to enable installation of man pages for APT then please provide some feedback.

Hello, I have a small problem with DHCP V6.
I put the configuration in data/dhcpd.conf. When I run with DHCPD_PROTOCOL=6 this it shows me subnet_number():inet.c:45: Addr/mask length mismatch.
No problem with the v4 version
Do you have a solution ?
Cordially

Thanks for this repo!

I am trying to run docker from powershell windows 10 and I am getting this error

groupmod: GID '50' already exists

My run script is a bit different on windows.

docker run -it --rm --net=host -v //c/Users/test/data:/data networkboot/dhcpd eth0

I tried with different dhcpd.conf option but all have same error.

Am I correct in saying that there is still no way to run as a docker service due to security(?) limitations imposed when running as a service?

it would be great if this docker image could be pushed to Dockerhub with a multi-arch manifest.
this would be very useful, because it allows us to run docker pull networkboot/docker-dhcpd on, e.g., a raspi running hypriot, and it would run out of the box (currently that doesn't work because there are only amd64 builds on Dockerhub, and starting the container fails as expected).

There are multiple ways to create multi-arch images from an x86 machine. One way is using the buildx plugin 1.
Another (I think outdated way) is to use qemu have multiple Dockerfiles for each arch and then building a manifest manually 2, which I saw was removed in d58f435.

any chance we can get arm32 & aarch64 builds into Dockerhub?

Now there's only :latest, which adds risk to our production environment.

Change #11 added support for building an arm image; however, the run script wasn't changed.