move keepalived here from BMO repo

This commit:
 - Moves the project used to build the Metal3 keepalived container from
   the BMO repository to this repository
 - Adds support for customizable config file location for the keepalived
   container

These changes were needed for two related reasons.
 - The community has decided that there is no reason to keep the keepalived
   files in BMO and they much better fit for the utility-images repository.
 - There is ongoing work to turn the ironic pod compatible with the K8s pod
   security option that enforces the use of read only mode for the container
   file system and the current containers deployed as part of the Ironic pod
   such as keepalived are not compatible without modification.

Signed-off-by: Adam Rozman <[email protected]>

README.md

@@ -74,3 +74,21 @@ FakeIPA simulate the IPA by:
   a queue of fake agents.
 - Faking the sync/async commands needed by ironic to inspect,
   clean and provision a node.
+
+## Keepalived
+
+Keepalived container used in Ironic deployments. Keepalived is used to
+provide fix IP address for Ironic in such a manner that even after pivoting
+operations the IP of Ironic stays persistent.
+
+Keeplaived documentation: https://www.keepalived.org/manpage.html
+
+Deployment configuration options:
+
+- `CUSTOM_CONF_DIR` - when specified, the config files will be moved to the
+  specified directory and the variable substitution will happen there
+- 'PROVISIONING_IP' - the fix IP provided by keepalived
+- 'PROVISIONING_INTERFACE' - The name of the interface that will be used
+  to "host" the fixed IP (keepalived is used in a pod that is attached to
+  host network, thus the interface names are the same as the interface names
+  on the host)

keepalived/Dockerfile

@@ -0,0 +1,16 @@
+# Support FROM override
+ARG BASE_IMAGE=ubuntu:22.04
+
+FROM $BASE_IMAGE
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get -y update && \
+    apt-get -y install keepalived && \
+    apt-get -y clean
+
+COPY sample.keepalived.conf /etc/keepalived/keepalived.conf
+COPY manage-keepalived.sh configure-nonroot.sh /bin/
+
+RUN /bin/configure-nonroot.sh && rm /bin/configure-nonroot.sh
+
+CMD ["/bin/bash", "/bin/manage-keepalived.sh"]

keepalived/configure-nonroot.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/bash
+
+set -eux
+
+# create nonroot image matching the keepalived manifest
+NONROOT_USER="nonroot"
+NONROOT_GROUP="nonroot"
+NONROOT_UID=65532
+NONROOT_GID=65532
+
+# run as non-root, allow editing the keepalived.conf during startup
+groupadd -g "${NONROOT_GID}" "${NONROOT_GROUP}"
+useradd -u "${NONROOT_UID}" -g "${NONROOT_GID}" -m "${NONROOT_USER}"
+
+mkdir -p /run/keepalived
+chown -R root:"${NONROOT_GROUP}" /etc/keepalived /run/keepalived
+chmod 2775 /etc/keepalived /run/keepalived
+chmod 664 /etc/keepalived/keepalived.conf
+
+setcap "cap_net_raw,cap_net_broadcast,cap_net_admin=+eip" /usr/sbin/keepalived

keepalived/manage-keepalived.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/bash
+
+set -eux
+CUSTOM_CONF_DIR="${CUSTOM_CONF_DIR:-}"
+KEEPALIVED_DEFAULT_CONF='/etc/keepalived/keepalived.conf'
+if [[ -z "${CUSTOM_CONF_DIR}" ]]; then
+    KEEAPLIVED_CONF="${KEEPALIVED_DEFAULT_CONF}"
+else
+    KEEAPLIVED_CONF="${KEEPALIVED_DEFAULT_CONF}/keepalived.conf"
+    cp "${KEEPALIVED_DEFAULT_CONF}" "${KEEAPLIVED_CONF}"
+
+fi
+export assignedIP="${PROVISIONING_IP}/32"
+export interface="${PROVISIONING_INTERFACE}"
+
+sed -i "s~INTERFACE~${interface}~g" "${KEEAPLIVED_CONF}"
+sed -i "s~CHANGEIP~${assignedIP}~g" "${KEEAPLIVED_CONF}"
+
+exec /usr/sbin/keepalived --dont-fork --log-console \
+    --pid='/run/keepalived/keepalived.pid' \
+    --vrrp_pid='/run/keepalived/vrrp.pid' \
+    --use-file="${KEEAPLIVED_CONF}"

keepalived/sample.keepalived.conf

@@ -0,0 +1,20 @@
+! Configuration File for keepalived
+global_defs {
+    notification_email {
+    [email protected]
+    [email protected]
+    }
+    notification_email_from [email protected]
+    smtp_server localhost
+    smtp_connect_timeout 30
+}
+vrrp_instance VI_1 {
+    state MASTER
+    interface INTERFACE
+    virtual_router_id 1
+    priority 101
+    advert_int 1
+    virtual_ipaddress {
+        CHANGEIP
+    }
+}