From 3b0d7490f32499a8ae1dd2f404ba77ae24ac7f37 Mon Sep 17 00:00:00 2001
From: Adam Rozman <adam.rozman@est.tech>
Date: Fri, 31 Jan 2025 12:39:41 +0200
Subject: [PATCH] move keepalived here from BMO repo

This commit:
 - Moves the project used to build the Metal3 keepalived container from
   the BMO repository to this repository
 - Adds support for customizable config file location for the keepalived
   container

These changes were needed for two related reasons.
 - The community has decided that there is no reason to keep the keepalived
   files in BMO and they much better fit for the utility-images repository.
 - There is ongoing work to turn the ironic pod compatible with the K8s pod
   security option that enforces the use of read only mode for the container
   file system and the current containers deployed as part of the Ironic pod
   such as keepalived are not compatible without modification.

Signed-off-by: Adam Rozman <adam.rozman@est.tech>
---
 README.md                         | 18 ++++++++++++++++++
 keepalived/Dockerfile             | 16 ++++++++++++++++
 keepalived/configure-nonroot.sh   | 20 ++++++++++++++++++++
 keepalived/manage-keepalived.sh   | 22 ++++++++++++++++++++++
 keepalived/sample.keepalived.conf | 20 ++++++++++++++++++++
 5 files changed, 96 insertions(+)
 create mode 100644 keepalived/Dockerfile
 create mode 100755 keepalived/configure-nonroot.sh
 create mode 100644 keepalived/manage-keepalived.sh
 create mode 100644 keepalived/sample.keepalived.conf

diff --git a/README.md b/README.md
index bc1b7ac..d8b2e35 100644
--- a/README.md
+++ b/README.md
@@ -74,3 +74,21 @@ FakeIPA simulate the IPA by:
   a queue of fake agents.
 - Faking the sync/async commands needed by ironic to inspect,
   clean and provision a node.
+
+## Keepalived
+
+Keepalived container used in Ironic deployments. Keepalived is used to
+provide fix IP address for Ironic in such a manner that even after pivoting
+operations the IP of Ironic stays persistent.
+
+[Keeplaived documentation](https://www.keepalived.org/manpage.html)
+
+Deployment configuration options:
+
+- `CUSTOM_CONF_DIR` - when specified, the config files will be moved to the
+  specified directory and the variable substitution will happen there
+- 'PROVISIONING_IP' - the fix IP provided by keepalived
+- 'PROVISIONING_INTERFACE' - The name of the interface that will be used
+  to "host" the fixed IP (keepalived is used in a pod that is attached to
+  host network, thus the interface names are the same as the interface names
+  on the host)
diff --git a/keepalived/Dockerfile b/keepalived/Dockerfile
new file mode 100644
index 0000000..f7c752c
--- /dev/null
+++ b/keepalived/Dockerfile
@@ -0,0 +1,16 @@
+# Support FROM override
+ARG BASE_IMAGE=ubuntu:22.04
+
+FROM $BASE_IMAGE
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get -y update && \
+    apt-get -y install keepalived && \
+    apt-get -y clean
+
+COPY sample.keepalived.conf /etc/keepalived/keepalived.conf
+COPY manage-keepalived.sh configure-nonroot.sh /bin/
+
+RUN /bin/configure-nonroot.sh && rm /bin/configure-nonroot.sh
+
+CMD ["/bin/bash", "/bin/manage-keepalived.sh"]
diff --git a/keepalived/configure-nonroot.sh b/keepalived/configure-nonroot.sh
new file mode 100755
index 0000000..6bebd78
--- /dev/null
+++ b/keepalived/configure-nonroot.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/bash
+
+set -eux
+
+# create nonroot image matching the keepalived manifest
+NONROOT_USER="nonroot"
+NONROOT_GROUP="nonroot"
+NONROOT_UID=65532
+NONROOT_GID=65532
+
+# run as non-root, allow editing the keepalived.conf during startup
+groupadd -g "${NONROOT_GID}" "${NONROOT_GROUP}"
+useradd -u "${NONROOT_UID}" -g "${NONROOT_GID}" -m "${NONROOT_USER}"
+
+mkdir -p /run/keepalived
+chown -R root:"${NONROOT_GROUP}" /etc/keepalived /run/keepalived
+chmod 2775 /etc/keepalived /run/keepalived
+chmod 664 /etc/keepalived/keepalived.conf
+
+setcap "cap_net_raw,cap_net_broadcast,cap_net_admin=+eip" /usr/sbin/keepalived
diff --git a/keepalived/manage-keepalived.sh b/keepalived/manage-keepalived.sh
new file mode 100644
index 0000000..ee0f714
--- /dev/null
+++ b/keepalived/manage-keepalived.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/bash
+
+set -eux
+CUSTOM_CONF_DIR="${CUSTOM_CONF_DIR:-}"
+KEEPALIVED_DEFAULT_CONF='/etc/keepalived/keepalived.conf'
+if [[ -z "${CUSTOM_CONF_DIR}" ]]; then
+    KEEAPLIVED_CONF="${KEEPALIVED_DEFAULT_CONF}"
+else
+    KEEAPLIVED_CONF="${KEEPALIVED_DEFAULT_CONF}/keepalived.conf"
+    cp "${KEEPALIVED_DEFAULT_CONF}" "${KEEAPLIVED_CONF}"
+
+fi
+export assignedIP="${PROVISIONING_IP}/32"
+export interface="${PROVISIONING_INTERFACE}"
+
+sed -i "s~INTERFACE~${interface}~g" "${KEEAPLIVED_CONF}"
+sed -i "s~CHANGEIP~${assignedIP}~g" "${KEEAPLIVED_CONF}"
+
+exec /usr/sbin/keepalived --dont-fork --log-console \
+    --pid='/run/keepalived/keepalived.pid' \
+    --vrrp_pid='/run/keepalived/vrrp.pid' \
+    --use-file="${KEEAPLIVED_CONF}"
diff --git a/keepalived/sample.keepalived.conf b/keepalived/sample.keepalived.conf
new file mode 100644
index 0000000..c1c4469
--- /dev/null
+++ b/keepalived/sample.keepalived.conf
@@ -0,0 +1,20 @@
+! Configuration File for keepalived
+global_defs {
+    notification_email {
+    sysadmin@example.com
+    support@example.com
+    }
+    notification_email_from lb@example.com
+    smtp_server localhost
+    smtp_connect_timeout 30
+}
+vrrp_instance VI_1 {
+    state MASTER
+    interface INTERFACE
+    virtual_router_id 1
+    priority 101
+    advert_int 1
+    virtual_ipaddress {
+        CHANGEIP
+    }
+}