Add db migrations to CV2 db

ext/central-controller-docker/Dockerfile

@@ -1,11 +1,16 @@
 # Dockerfile for ZeroTier Central Controllers
-FROM registry.zerotier.com/zerotier/ctlbuild:latest as builder
-MAINTAINER Adam Ierymekno <[email protected]>, Grant Limberg <[email protected]>
+FROM registry.zerotier.com/zerotier/ctlbuild:2025-05-13-01 AS builder
 ADD . /ZeroTierOne
 RUN export PATH=$PATH:~/.cargo/bin && cd ZeroTierOne && make clean && make central-controller -j8
 
-FROM registry.zerotier.com/zerotier/ctlrun:latest
+FROM golang:bookworm AS go_base
+RUN go install github.com/golang-migrate/migrate/v4/cmd/migrate@latest
+
+FROM registry.zerotier.com/zerotier/ctlrun:2025-05-13-01
 COPY --from=builder /ZeroTierOne/zerotier-one /usr/local/bin/zerotier-one
+COPY --from=go_base /go/bin/migrate /usr/local/bin/migrate
+COPY ext/central-controller-docker/migrations /migrations
+
 RUN chmod a+x /usr/local/bin/zerotier-one
 RUN echo "/usr/local/lib64" > /etc/ld.so.conf.d/usr-local-lib64.conf && ldconfig
 

ext/central-controller-docker/Dockerfile.builder

@@ -1,8 +1,5 @@
 # Dockerfile for building ZeroTier Central Controllers
-FROM ubuntu:jammy as builder
-MAINTAINER Adam Ierymekno <[email protected]>, Grant Limberg <[email protected]>
-
-ARG git_branch=master
+FROM debian:bookworm
 
 RUN apt update && apt upgrade -y
 RUN apt -y install \

ext/central-controller-docker/Dockerfile.run_base

@@ -1,15 +1,17 @@
-FROM ubuntu:jammy
+FROM debian:bookworm
+
 
-RUN apt update && apt upgrade -y
 
+RUN apt update && apt upgrade -y
 RUN apt -y install \
-    netcat \
+    netcat-traditional \
     postgresql-client \
     postgresql-client-common \
     libjemalloc2 \
     libpq5 \
     curl \
     binutils \
-    linux-tools-gke \
     perf-tools-unstable \
-    google-perftools 
+    google-perftools \
+    gnupg
+

ext/central-controller-docker/main.sh

@@ -21,7 +21,7 @@ if [ -z "$ZT_DB_PASSWORD" ]; then
     exit 1
 fi
 if [ -z "$ZT_DB_TYPE" ]; then
-    ZT_DB="postgres"
+    ZT_DB_TYPE="postgres"
 fi
 
 REDIS=""
@@ -103,6 +103,11 @@ else
     done
 fi
 
+if [ "$ZT_DB_TYPE" == "cv2" ]; then
+    echo "Migrating database (if needed)..."
+    /usr/local/bin/migrate -source /migrations -database "postgres://$ZT_DB_USER:$ZT_DB_PASSWORD@$ZT_DB_HOST:$ZT_DB_PORT/$ZT_DB_NAME?x-migrations-table=controller_migrations" up
+fi
+
 if [ -n "$ZT_TEMPORAL_HOST" ] && [ -n "$ZT_TEMPORAL_PORT" ]; then
     echo "waiting for temporal..."
     while ! nc -z ${ZT_TEMPORAL_HOST} ${ZT_TEMPORAL_PORT}; do

ext/central-controller-docker/migrations/0001_init.down.sql

@@ -0,0 +1,3 @@
+DROP TABLE IF EXISTS network_memberships_ctl;
+DROP TABLE IF EXISTS networks_ctl;
+DROP TABLE IF EXISTS controllers_ctl;

ext/central-controller-docker/migrations/0001_init.up.sql

@@ -0,0 +1,47 @@
+-- inits controller db schema
+
+CREATE TABLE IF NOT EXISTS controllers_ctl (
+    id text NOT NULL PRIMARY KEY,
+    hostname text,
+    last_heartbeat timestamp with time zone,
+    public_identity text NOT NULL,
+    version text
+);
+
+CREATE TABLE IF NOT EXISTS networks_ctl (
+    id character varying(22) NOT NULL PRIMARY KEY,
+    name text NOT NULL,
+    configuration jsonb DEFAULT '{}'::jsonb NOT NULL,
+    controller_id text REFERENCES controllers_ctl(id),
+    revision integer DEFAULT 0 NOT NULL,
+    last_modified timestamp with time zone DEFAULT now(),
+    creation_time timestamp with time zone DEFAULT now()
+);
+
+CREATE TABLE IF NOT EXISTS network_memberships_ctl (
+    device_id character varying(22) NOT NULL,
+    network_id character varying(22) NOT NULL REFERENCES networks_ctl(id),
+    authorized boolean,
+    active_bridge boolean,
+    ip_assignments text[],
+    no_auto_assign_ips boolean,
+    sso_exempt boolean,
+    authentication_expiry_time timestamp with time zone,
+    capabilities jsonb,
+    creation_time timestamp with time zone DEFAULT now(),
+    last_modified timestamp with time zone DEFAULT now(),
+    identity text DEFAULT ''::text,
+    last_authorized_credential text,
+    last_authorized_time timestamp with time zone,
+    last_deauthorized_time timestamp with time zone,
+    last_seen jsonb DEFAULT '{}'::jsonb NOT NULL, -- in the context of the network
+    remote_trace_level integer DEFAULT 0 NOT NULL,
+    remote_trace_target text DEFAULT ''::text NOT NULL,
+    revision integer DEFAULT 0 NOT NULL,
+    tags jsonb,
+    version_major integer DEFAULT 0 NOT NULL,
+    version_minor integer DEFAULT 0 NOT NULL,
+    version_revision integer DEFAULT 0 NOT NULL,
+    version_protocol integer DEFAULT 0 NOT NULL,
+    PRIMARY KEY (device_id, network_id)
+);