New cookbook: fb_dhcprelay (facebook#291)

Summary:
Very simple cookbook to manage ISC DHCP Relay

Signed-off-by: Phil Dibowitz <phil@ipom.com>

Pull Request resolved: facebook#291

Test Plan: It's an API example cookbook, no plans to use in prod.

Differential Revision: D70408624

fbshipit-source-id: 1b3ae3553eac040bf997e77ab04a1724339a1488

Author: jaymzh

cookbooks/fb_dhcprelay/README.md

@@ -0,0 +1,74 @@
+fb_dhcprelay Cookbook
+=====================
+Manage ISC DHCP Relay
+
+Requirements
+------------
+
+Attributes
+----------
+* node['fb_dhcprelay']['manage_packages']
+* node['fb_dhcprelay']['sysconfig']
+
+Usage
+-----
+
+ISC DHCP Relay is a very simple package which forwards DHCP requests and
+responses across a router. It does not have a configuration file and is
+configured purely through command-line options.
+
+### Configuration (sysconfig)
+
+The sysconfig hash is how you can configure dhcprelay. There are two values
+here: `servers`, and `options`. On Debian-derived OSes, there is also
+`interfaces`. All 3 are arrays.
+
+**NOTE**: You must use all-lowercase keys in the `sysconfig` hash, this
+cookbook will upcase them for you. Using non-all-lowercase keys will cause the
+run to fail.
+
+You must point `servers` to the list of DHCP servers to forward requests to.
+Then, on Debian systems you'll want to specify which interface or interfaces to
+listen to in 'interfaces`. Finally, you'll want to specify, at a minimum the
+`-iu` and `-id` options to specify upstream and downstream interface(s). For
+example, let's say you have a 3-legged router with `eth0` being WAN, `eth1`
+being the internal network that has a DHCP server and `eth2` being the internal
+network without a DHCP server. On Debian-derived OSes you would do:
+
+```ruby
+{
+  'servers' => ['10.0.0.200'], # whatever your DHCP server is
+  'interfaces' => ['eth2'],
+  'options' => ['-iu eth1', '-id eth2'],
+}.each do |key, val|
+  node.default['fb_dhcprelay']['sysconfig'][key] = val
+end
+```
+
+Or on Fedora-derived OSes:
+
+```ruby
+{
+  'servers' => ['10.0.0.200'], # whatever your DHCP server is
+  'options' => ['-iu eth1', '-id eth2', '-i eth2'],
+}.each do |key, val|
+  node.default['fb_dhcprelay']['sysconfig'][key] = val
+end
+```
+
+*NOTE*: Fedora's package does not include a sysconfig file or a way to specify
+options, so this cookbook adds a drop-in unit file to add such functionality
+and a sysconfig file. You can see
+[bz#2348883](https://bugzilla.redhat.com/show_bug.cgi?id=2348883) for details.
+
+### Packages
+
+By default this cookbook will install the appropriate package(s). To disable
+this set `node['fb_dhcprelay']['manage_packages']` to `false`.
+
+### A note on EOL
+
+Technically, ISC has deprecated DHCP Relay. However, it is still currently the
+primary DHCP Relay used in the world and the only one widely packaged. OpenBSD
+has forked it, but that fork is not yet available for other OSes. You can see
+[this page](https://www.isc.org/blogs/dhcp-client-relay-eom/) for details.

cookbooks/fb_dhcprelay/attributes/default.rb

@@ -0,0 +1,32 @@
+#
+# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2
+#
+# Copyright (c) 2025-present, Meta Platforms, Inc.
+# Copyright (c) 2025-present, Phil Dibowitz
+# All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+sysconfig = {
+  'servers' => [],
+  'options' => [],
+}
+if ::ChefUtils.debian?
+  sysconfig['interfaces'] = []
+end
+
+default['fb_dhcprelay'] = {
+  'manage_packages' => true,
+  'sysconfig' => sysconfig,
+}

cookbooks/fb_dhcprelay/metadata.rb

@@ -0,0 +1,7 @@
+name 'fb_dhcprelay'
+maintainer 'Meta Platforms, Inc.'
+maintainer_email 'noreply@meta.com'
+license 'Apache-2.0'
+description 'Installs/Configures ISC DHCP Relay'
+version '0.1.0'
+depends 'fb_systemd'

cookbooks/fb_dhcprelay/recipes/default.rb

@@ -0,0 +1,81 @@
+#
+# Cookbook:: fb_dhcprelay
+# Recipe:: default
+#
+# Copyright (c) 2025-present, Meta Platforms, Inc.
+# Copyright (c) 2025-present, Phil Dibowitz
+# All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# When RHEL10 dropped ISC, they also dropped replay, which is a bummer.
+# Requested EPEL10 branch in
+# https://bugzilla.redhat.com/show_bug.cgi?id=2348940
+if node.el_min_version?(10)
+  fail 'fb_dhcprelay: RHEL/CentOS 10+ no longer includes DHCP Relay'
+end
+
+if fedora_derived?
+  pkgs = %w{dhcp-relay}
+  svc = 'dhcrelay'
+  sysconfig = "/etc/sysconfig/#{svc}"
+elsif debian?
+  pkgs = %w{isc-dhcp-relay}
+  svc = 'isc-dhcp-relay'
+  sysconfig = "/etc/default/#{svc}"
+end
+
+package 'dhcp-relay packages' do
+  only_if { node['fb_dhcprelay']['manage_packages'] }
+  package_name pkgs
+  action :upgrade
+  notifies :restart, 'service[dhcprelay]'
+end
+
+whyrun_safe_ruby_block 'validate sysconfig' do
+  block do
+    node['fb_dhcprelay']['sysconfig'].each_key do |key|
+      if key != key.downcase
+        fail "fb_dhcprelay: Non-lowercase key #{key} found in " +
+          'node["fb_dhcprelay"]["sysconfig"] - please use lowercase key names'
+      end
+    end
+  end
+end
+
+template sysconfig do
+  source 'sysconfig.erb'
+  owner node.root_user
+  group node.root_user
+  mode '0644'
+  notifies :restart, 'service[dhcprelay]'
+end
+
+if fedora_derived?
+  fb_systemd_override 'add-configurability' do
+    unit_name "#{svc}.service"
+    content <<~UNIT
+      [Service]
+      EnvironmentFile=-#{sysconfig}
+      ExecStart=
+      ExecStart=/usr/sbin/dhcrelay -d --no-pid $OPTIONS $SERVERS
+    UNIT
+    notifies :restart, 'service[dhcprelay]'
+  end
+end
+
+service 'dhcprelay' do
+  service_name svc
+  action [:enable, :start]
+end

cookbooks/fb_dhcprelay/templates/sysconfig.erb

@@ -0,0 +1,4 @@
+# This file is controlled by Chef, do not modify!
+<% node['fb_dhcprelay']['sysconfig'].each do |key, val| %>
+<%=  key.upcase %>="<%= val.join(' ') %>"
+<% end %>

cookbooks/test_services/metadata.rb

@@ -10,6 +10,7 @@
 depends 'fb_apache'
 depends 'fb_apt_cacher'
 depends 'fb_bind'
+depends 'fb_dhcprelay'
 depends 'fb_ejabberd'
 depends 'fb_influxdb'
 depends 'fb_reprepro'

cookbooks/test_services/recipes/default.rb

@@ -20,6 +20,10 @@
 
 include_recipe 'fb_sasl'
 include_recipe 'fb_bind'
+unless node.el_min_version?(10)
+  include_recipe 'fb_dhcprelay'
+end
+node.default['fb_dhcprelay']['sysconfig']['servers'] = ['10.1.1.1']
 
 # Currently fb_vsftpd is broken on debian
 # https://github.com/facebook/chef-cookbooks/issues/149