use alpine

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 ## 1.3.6
   - Fix startup.sh and finish.sh ip address removal
+  - Use linux alpine
+  - Add keepalived_script script user
 
 ## 1.3.5
   - Keepalived version 1.3.5

image/Dockerfile

@@ -1,25 +1,29 @@
 # Use osixia/light-baseimage
 # sources: https://github.com/osixia/docker-light-baseimage
-FROM osixia/light-baseimage:0.2.6
+FROM osixia/alpine-light-baseimage:0.1.2
 MAINTAINER Bertrand Gouny <bertrand.gouny@osixia.net>
 
 # Keepalived version
 ENV KEEPALIVED_VERSION 1.3.5
 
+RUN addgroup -S keepalived_script && adduser -D -S -G keepalived_script keepalived_script
+
 # Download, build and install Keepalived
-RUN apt-get -y update \
-    && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+RUN apk --no-cache add \
        curl \
        gcc \
+       ipset \
+       ipset-dev \
+       iptables \
        iptables-dev \
-       libipset-dev \
-       libnl-3-dev \
-       libnl-genl-3-dev \
-       libnl-route-3-dev \
+       libnfnetlink \
        libnfnetlink-dev \
-       libssl-dev \
+       libnl3 \
+       libnl3-dev \
        make \
-       pkg-config \
+       musl-dev \
+       openssl \
+       openssl-dev \
     && curl -o keepalived.tar.gz -SL http://keepalived.org/software/keepalived-${KEEPALIVED_VERSION}.tar.gz \
     && mkdir -p /container/keepalived-sources \
     && tar -xzf keepalived.tar.gz --strip 1 -C /container/keepalived-sources \
@@ -27,11 +31,18 @@ RUN apt-get -y update \
     && ./configure --disable-dynamic-linking \
     && make && make install \
     && cd - && mkdir -p /etc/keepalived \
-    && apt-get remove -y --purge --auto-remove curl make gcc pkg-config \
     && rm -f keepalived.tar.gz \
     && rm -rf /container/keepalived-sources \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+    && apk --no-cache del \
+        gcc \
+        ipset-dev \
+        iptables-dev \
+        libnfnetlink-dev \
+        libnl3-dev \
+        make \
+        musl-dev \
+        openssl-dev
+
 
 # Add service directory to /container/service
 ADD service /container/service

image/environment/default.startup.yaml

@@ -1,16 +0,0 @@
-KEEPALIVED_INTERFACE: eth0
-KEEPALIVED_PASSWORD: d0cker
-
-# For electing MASTER, highest priority wins.
-# to be MASTER, make 50 more than other machines
-KEEPALIVED_PRIORITY: 150
-
-KEEPALIVED_UNICAST_PEERS:
-  - 192.168.1.10
-  - 192.168.1.11
-
-KEEPALIVED_VIRTUAL_IPS:
-  - 192.168.1.231
-  - 192.168.1.232
-
-KEEPALIVED_NOTIFY: /container/service/keepalived/assets/notify.sh

image/environment/default.yaml

@@ -1 +1,18 @@
 KEEPALIVED_COMMAND_LINE_ARGUMENTS: --log-detail --dump-conf
+
+KEEPALIVED_INTERFACE: eth0
+KEEPALIVED_PASSWORD: d0cker
+
+# For electing MASTER, highest priority wins.
+# to be MASTER, make 50 more than other machines
+KEEPALIVED_PRIORITY: 150
+
+KEEPALIVED_UNICAST_PEERS:
+  - 192.168.1.10
+  - 192.168.1.11
+
+KEEPALIVED_VIRTUAL_IPS:
+  - 192.168.1.231
+  - 192.168.1.232
+
+KEEPALIVED_NOTIFY: /container/service/keepalived/assets/notify.sh

image/service/keepalived/finish.sh

@@ -7,7 +7,20 @@ log-helper level eq trace && set -x
 # try to delete virtual ips from interface
 for vip in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
 do
-  ip addr del ${!vip}/32 dev ${KEEPALIVED_INTERFACE} || true
+  IP_INFO=$(ip addr list | grep ${!vip}) || continue
+  IP_V6=$(echo "${IP_INFO}" | grep "inet6")
+  IP_IP=$(echo "${IP_INFO}" |  awk '{print $2}')
+
+  # ipv4
+  if [ -z "${IP_V6}" ]; then
+    IP_INTERFACE=$(echo "${IP_INFO}" |  awk '{print $5}')
+  # ipv6
+  else
+    echo "skipping address: ${IP_IP} - ipv6 not supported yet :("
+    continue
+  fi
+
+  ip addr del ${IP_IP} dev ${IP_INTERFACE} || true
 done
 
 exit 0

image/service/keepalived/process.sh

@@ -4,4 +4,4 @@
 # https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper
 log-helper level eq trace && set -x
 
-exec /usr/local/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork --log-console ${KEEPALIVED_COMMAND_LINE_ARGUMENTS}
+exec /usr/local/sbin/keepalived -f /usr/local/etc/keepalived/keepalived.conf --dont-fork --log-console ${KEEPALIVED_COMMAND_LINE_ARGUMENTS}

image/service/keepalived/startup.sh

@@ -11,30 +11,31 @@ if [ ! -e "$FIRST_START_DONE" ]; then
   #
   # bootstrap config
   #
-  sed -i --follow-symlinks "s|{{ KEEPALIVED_INTERFACE }}|$KEEPALIVED_INTERFACE|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
-  sed -i --follow-symlinks "s|{{ KEEPALIVED_PRIORITY }}|$KEEPALIVED_PRIORITY|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
-  sed -i --follow-symlinks "s|{{ KEEPALIVED_PASSWORD }}|$KEEPALIVED_PASSWORD|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+  sed -i "s|{{ KEEPALIVED_INTERFACE }}|$KEEPALIVED_INTERFACE|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+  sed -i "s|{{ KEEPALIVED_PRIORITY }}|$KEEPALIVED_PRIORITY|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+  sed -i "s|{{ KEEPALIVED_PASSWORD }}|$KEEPALIVED_PASSWORD|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
 
   if [ -n "$KEEPALIVED_NOTIFY" ]; then
-    sed -i --follow-symlinks "s|{{ KEEPALIVED_NOTIFY }}|notify \"$KEEPALIVED_NOTIFY\"|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+    sed -i "s|{{ KEEPALIVED_NOTIFY }}|notify \"$KEEPALIVED_NOTIFY\"|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+    chown keepalived_script:keepalived_script $KEEPALIVED_NOTIFY
     chmod +x $KEEPALIVED_NOTIFY
   else
-    sed -i --follow-symlinks "/{{ KEEPALIVED_NOTIFY }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+    sed -i "/{{ KEEPALIVED_NOTIFY }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
   fi
 
   # unicast peers
   for peer in $(complex-bash-env iterate KEEPALIVED_UNICAST_PEERS)
   do
-    sed -i --follow-symlinks "s|{{ KEEPALIVED_UNICAST_PEERS }}|${!peer}\n    {{ KEEPALIVED_UNICAST_PEERS }}|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+    sed -i "s|{{ KEEPALIVED_UNICAST_PEERS }}|${!peer}\n    {{ KEEPALIVED_UNICAST_PEERS }}|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
   done
-  sed -i --follow-symlinks "/{{ KEEPALIVED_UNICAST_PEERS }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+  sed -i "/{{ KEEPALIVED_UNICAST_PEERS }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
 
   # virtual ips
   for vip in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
   do
-    sed -i --follow-symlinks "s|{{ KEEPALIVED_VIRTUAL_IPS }}|${!vip}\n    {{ KEEPALIVED_VIRTUAL_IPS }}|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+    sed -i "s|{{ KEEPALIVED_VIRTUAL_IPS }}|${!vip}\n    {{ KEEPALIVED_VIRTUAL_IPS }}|g" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
   done
-  sed -i --follow-symlinks "/{{ KEEPALIVED_VIRTUAL_IPS }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
+  sed -i "/{{ KEEPALIVED_VIRTUAL_IPS }}/d" ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf
 
   touch $FIRST_START_DONE
 fi
@@ -42,11 +43,24 @@ fi
 # try to delete virtual ips from interface
 for vip in $(complex-bash-env iterate KEEPALIVED_VIRTUAL_IPS)
 do
-  ip addr del ${!vip}/32 dev ${KEEPALIVED_INTERFACE} || true
+  IP_INFO=$(ip addr list | grep ${!vip}) || continue
+  IP_V6=$(echo "${IP_INFO}" | grep "inet6")
+  IP_IP=$(echo "${IP_INFO}" |  awk '{print $2}')
+
+  # ipv4
+  if [ -z "${IP_V6}" ]; then
+    IP_INTERFACE=$(echo "${IP_INFO}" |  awk '{print $5}')
+  # ipv6
+  else
+    echo "skipping address: ${IP_IP} - ipv6 not supported yet :("
+    continue
+  fi
+
+  ip addr del ${IP_IP} dev ${IP_INTERFACE} || true
 done
 
-if [ ! -e "/etc/keepalived/keepalived.conf" ]; then
-  ln -sf ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf /etc/keepalived/keepalived.conf
+if [ ! -e "/usr/local/etc/keepalived/keepalived.conf" ]; then
+  ln -sf ${CONTAINER_SERVICE_DIR}/keepalived/assets/keepalived.conf /usr/local/etc/keepalived/keepalived.conf
 fi
 
 exit 0