networkboot / docker-dhcpd Goto Github PK
View Code? Open in Web Editor NEWContainerized version of ISC DHCP server based on latest Ubuntu LTS
Home Page: https://hub.docker.com/r/networkboot/dhcpd/
License: Apache License 2.0
Containerized version of ISC DHCP server based on latest Ubuntu LTS
Home Page: https://hub.docker.com/r/networkboot/dhcpd/
License: Apache License 2.0
Hi, i want to know if the container support dual stack?? I mean ipv4 and ipv6 in the same container?
According to Docker best practices, you should not do upgrade
or dist-upgrade
in your Dockerfile.
The following information is useful for everybody who is using macvlan-interfaces and dhcpd ...
To get network-boot/docker-dhcpd working with macvlan-interfaces in a setup like this:
version: "3"
networks:
macvlan-network1:
external:
name: macvlan-network1
macvlan-network2:
external:
name: macvlan-network2
macvlan-network3:
external:
name: macvlan-network3
services:
dhcpd:
cap_add:
- NET_ADMIN
container_name: dhcpd
hostname: dhcpd
image: networkboot/dhcpd:latest
networks:
macvlan-network1:
aliases:
- dhcpd_network1
ipv4_address: 10.0.0.7
macvlan-network2:
aliases:
- dhcpd_network2
ipv4_address: 10.1.0.7
macvlan-network3:
aliases:
- dhcpd_network3
ipv4_address: 192.168.132.7
the entrypoint.sh script should be extended by:
for i in /sys/class/net/eth*
do
echo "### Enabling promiscous mode for network-interface $${i##*/net/}"
ip link set $${i##*/net/} promisc on || ifconfig $${i##*/net/} promisc
done
I don't know exactly why this is needed for macvlan, but with promiscuous-mode enabled interfaces, the dhcpd works fine in the above setup. Without promisc-mode, the dhcpd is not answering to broadcast-requests at all. To get the interfaces in the promisc-mode NET_ADMIN-capability is needed and the docker-image should be extended by iproute2 (ip-command) or net-tools (ifconfig-command). Maybe together with an environment-variable which signalize
entrypoint.sh to put the interfaces in promiscuous mode ...
At least this case should be mentioned in the documentation ...
Currently attempting to utilize this image to test for a production use. When I try to start it though, I get an error in the startup:
`Internet Systems Consortium DHCP Server 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /data/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Can't open lease database /var/lib/dhcp/dhcpd.leases: No such file or directory --
check for failed database rewrite attempt!
Please read the dhcpd.leases manual page if you
don't know what to do about this.
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..
exiting.`
Seems it's not creating the lease file thus stops. Any hints or clues would be useful in this, thanks!
Now that we have GitHub actions to build the DockerHub images, we should figure out a way to rebuild the latest
and ldap-latest
images on a schedule, or when the parent image (ubuntu:22.04) is rebuilt. This is to ensure security vulnerabilities in the base image is handled without us needing to do anything.
I was trying to migrate my DHCP server from an old laptop running Ubuntu server 20.04.1 to a Raspberry Pi 4 and when I try to start the image I get the following error
[FATAL tini (6)] exec /entrypoint.sh failed: Exec format error
As far as I can tell this is related to a difference in the architecture of the images. Is there an arm64 version of the image? If not I guess I'll have to build one from scratch.
Possibly an issue with my docker (1.12.2) , but changing the COPY and the ENTRYPOINT resolved this error:
ubuntu@ubuntu:~/ra_training/tester$ ./build
Sending build context to Docker daemon 153.6 kB
Step 1 : FROM ubuntu:xenial
---> f753707788c5
Step 2 : MAINTAINER Robin Smidsrød <[email protected]>
---> Using cache
---> a84ade841be3
Step 3 : ARG DEBIAN_FRONTEND=noninteractive
---> Using cache
---> e7e1708f98d2
Step 4 : RUN apt-get -q -y update && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" install apt-utils && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" dist-upgrade && apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" install isc-dhcp-server man python3 && apt-get -q -y autoremove && apt-get -q -y clean && rm -rf /var/lib/apt/lists/*
---> Using cache
---> ee660a5aaecc
Step 5 : COPY util/my_init.py /sbin/my_init
---> b49c9eab1310
Removing intermediate container cd9d90c708f0
Step 6 : COPY util/entrypoint.sh /entrypoint.sh
stat /var/lib/docker/aufs/mnt/fa23bc5aa628b9b22c64e63d941f8305b3523e5add5cb323a87049388c9c63f3/entrypoint.sh: no such file or directory
FROM ubuntu:xenial
MAINTAINER Robin Smidsrød <[email protected]>
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get -q -y update \
&& apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" install apt-utils \
&& apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" dist-upgrade \
&& apt-get -q -y -o "DPkg::Options::=--force-confold" -o "DPkg::Options::=--force-confdef" install isc-dhcp-server man python3 \
&& apt-get -q -y autoremove \
&& apt-get -q -y clean \
&& rm -rf /var/lib/apt/lists/*
COPY util/my_init.py /sbin/my_init
COPY util/entrypoint.sh /sbin/entrypoint.sh
# OLD: COPY util/entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/sbin/entrypoint.sh"]
# OLD: ENTRYPOINT ["/entrypoint.sh"]
I see that the Dockerfile simply copies an amd64 build of dumb-init to /usr/bin/dumb-init
This of course fails when using networkboot/dhcpd on other architectures such as armhf.
Running the container on such platforms results in output:
/entrypoint.sh: line 66: /usr/bin/dumb-init: cannot execute binary file: Exec format error
/entrypoint.sh: line 66: /usr/bin/dumb-init: Success
This is discussed here: Yelp/dumb-init issue 138.
I've used the workaround of:
wget http://ftp.us.debian.org/debian/pool/main/d/dumb-init/dumb-init_1.2.0-1_armhf.deb
ar -x *.deb
tar -xvf data.tar.xz
cp usr/bin/dumb-init util/dumb-init_1.2.0_armhf
... and then editing the Dockerfile to use this binary.
A nice solution won't be easy.
Trying to "docker run" this project and I get:
You must add the 'docker run' option '--net=host' if you want to provide DHCP service to the host network.
Does anybody else see this?
cc @robinsmidsrod
Hello. Please help me make sense of the following.
Although the dhcpd
process is supposed to run as the dhcpd
user1 --- so created files (e.g. .leases
) are coherent with the file ownershiup of /data
--- it appears dhcpd
always runs as root
and create files owned by root
.
1 networkboot/docker-dhcpd/blob/master/README.md §Notes
The entrypoint script in the docker image takes care of running the DHCP server as the same user that owns the data folder. This ensures that the permissions on the files inside the data folder is kept consistent. If the data folder is owned by root, dhcpd is run as the normal dhcpd user.
/tmp/issue-wrong-user
, create data/dhcpd.conf
:subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
option domain-name-servers 1.1.1.1;
range 192.168.1.1 192.168.1.253;
}
sudo chown --recursive 666:666 /tmp/issue-wrong-user/data #note: user and group #666 do not have to exist
cd /tmp/issue-wrong-user
docker run -d --rm --name dhcpd --init --net host -v "$(pwd)/data":/data networkboot/dhcpd:1.2.0
find . -exec ls -l {} \;
dhcpd
docker exec dhcpd ps -ef
root
(step 4).dhcpd
runs as root
(step 5).❯ find . -exec ls -l {} \;
total 4
drwxrwxr-x 2 666 666 4096 juil. 5 16:27 data
total 8
-rw-rw-r-- 1 666 666 256 juil. 5 16:26 dhcpd.conf
-rw-r--r-- 1 root root 277 juil. 5 16:27 dhcpd.leases
-rw-r--r-- 1 666 666 0 juil. 5 16:27 dhcpd.leases~
-rw-rw-r-- 1 666 666 256 juil. 5 16:26 ./data/dhcpd.conf
-rw-r--r-- 1 666 666 0 juil. 5 16:27 ./data/dhcpd.leases~
-rw-r--r-- 1 root root 277 juil. 5 16:27 ./data/dhcpd.leases
❯ docker exec dhcpd ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 14:27 ? 00:00:00 /sbin/docker-init -- /entrypoint.sh
root 7 1 0 14:27 ? 00:00:00 /usr/bin/dumb-init -- /usr/sbin/dhcpd -4 -f -d --no-pid -cf /data/dhcpd.conf -lf /data/dhcpd.leases
root 32 7 0 14:27 ? 00:00:00 /usr/sbin/dhcpd -4 -f -d --no-pid -cf /data/dhcpd.conf -lf /data/dhcpd.leases
root 36 0 0 14:28 ? 00:00:00 ps -ef
666:666
(step 4).dhcpd
runs as dhcpd
(step 5).entrypoint.sh
does indeed make sure the dhcpd
user has the same numeric ids as the owner of /data
:
data_dir="/data"
# [...]
uid=$(stat -c%u "$data_dir")
gid=$(stat -c%g "$data_dir")
if [ $gid -ne 0 ]; then
groupmod -g $gid dhcpd
fi
if [ $uid -ne 0 ]; then
usermod -u $uid dhcpd
fi
taken from: util/entrypoint.sh:38
But as dhcpd
runs as root
(no USER
in Dockerfile
) nor any su
in entrypoint.sh
, the fact that dhcpd
has those correct ids is useless.
Note: One can check dhcpd
is correctly set:
docker exec dhcpd grep ^dhcpd /etc/passwd
The dhcp server stops serving IP addresses when the Ethernet interface becomes unavailable for a second or so. I don't want to go into the kernel to fix the issue as its a problem from the vendor but I would like the DHCP server to know that the Ethernet interface is available and start serving IP addresses.
I know this description is a bit vague, but any help would be highly appreciated.
For more details, see here:
https://revolutionpi.de/forum/viewtopic.php?p=12904#p12904
When I try to run this image, either with docker-compose up or docker run, I get the following:
/entrypoint.sh: /sbin/my_init: /usr/bin/python3: bad interpreter: No such file or directory
/entrypoint.sh: line 55: /sbin/my_init: Success
I modified the entrypoint to give me a bash shell and tried run the entrypoint.sh script manually with the same result.
Sure enough, there is no /usr/bin/python3.
I noticed that you're doing a dist-upgrade as part of the Dockerfile. Is this possibly using a new version of python than you were expecting?
The GitHub Actions workflows we have are currently using automation steps from unknown/non-verified authors, which can potentially inject malicious code into our image, or perform malicious behavior during build.
To improve this we should use verified build steps, like this one:
https://github.com/marketplace/actions/build-and-push-docker-images
It seems like the upgrade to Ubuntu 18.04 broke the man page lookup feature that is mentioned in the README. Most likely it is an APT configuration setting that needs to be tweaked, because the actual man files in /usr/share/man are not present. They were present when we used Ubuntu 14.04. I can't recall if they worked with 16.04, but it should be fixed.
If anyone knows how to enable installation of man pages for APT then please provide some feedback.
Hello, I have a small problem with DHCP V6.
I put the configuration in data/dhcpd.conf. When I run with DHCPD_PROTOCOL=6 this it shows me subnet_number():inet.c:45: Addr/mask length mismatch.
No problem with the v4 version
Do you have a solution ?
Cordially
Thanks for this repo!
I am trying to run docker from powershell windows 10 and I am getting this error
groupmod: GID '50' already exists
My run script is a bit different on windows.
docker run -it --rm --net=host -v //c/Users/test/data:/data networkboot/dhcpd eth0
I tried with different dhcpd.conf option but all have same error.
Am I correct in saying that there is still no way to run as a docker service due to security(?) limitations imposed when running as a service?
it would be great if this docker image could be pushed to Dockerhub with a multi-arch manifest.
this would be very useful, because it allows us to run docker pull networkboot/docker-dhcpd
on, e.g., a raspi running hypriot, and it would run out of the box (currently that doesn't work because there are only amd64 builds on Dockerhub, and starting the container fails as expected).
There are multiple ways to create multi-arch images from an x86 machine. One way is using the buildx
plugin 1.
Another (I think outdated way) is to use qemu have multiple Dockerfiles for each arch and then building a manifest manually 2, which I saw was removed in d58f435.
any chance we can get arm32 & aarch64 builds into Dockerhub?
Now there's only :latest, which adds risk to our production environment.
Change #11 added support for building an arm image; however, the run
script wasn't changed.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.