Hi Norman,
We do the same.
But we use "-t" instead on "-T" for the validation.
In order to allow kea to run in the gitlab CI/CD, we have added this:
- setcap cap_net_bind_service,cap_net_raw+i /usr/sbin/kea-dhcp4
Hope it helps.
Veronique
________________________________
From: Kea-users <kea-users-boun...@lists.isc.org> on behalf of Elton, Norman N
<wne...@wm.edu>
Sent: Wednesday, January 29, 2025 10:15 PM
To: kea-users@lists.isc.org <kea-users@lists.isc.org>
Subject: [Kea-users] Unable to test configuration in docker - Kea always
opening a raw socket?
We’re storing Kea configurations in GitLab, and would like to use CI/CD to
validate them before pushing out to our servers. I can run “kea-dhcp4 -T
<file>” in a docker container on my desktop fine, but get an “Operation Not
Permitted” error when doing the same through GitLab. It appears that GitLab
CI/CD runners have additional restrictions in place, including dropping the
NET_RAW capability. I can reproduce the error by running docker with
“--cap-drop NET_RAW”.
This all makes sense, CI/CD tasks shouldn’t be opening raw sockets. Except that
we get the same error even after configuring "dhcp-socket-type": "udp". I even
removed all the interfaces from the configuration ("interfaces": []) as an
extra step.
It seems that kea is trying to open a raw socket no matter what. Any reason
why? Any other tricks to prevent this error when testing the configuration?
Thanks!
Norman
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
