[ab4fdfc] | 1 | <?xml version="1.0" encoding="UTF-8"?>
|
---|
[c2ab6f4] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
| 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
| 7 | <!ENTITY kea-download-http "https://downloads.isc.org/isc/kea/&kea-dhcp-version;/kea-&kea-dhcp-version;.tar.gz">
|
---|
[e1e58be] | 8 | <!ENTITY kea-download-ftp " ">
|
---|
[5ee7bc5] | 9 | <!ENTITY kea-md5sum "5f4fe79ed29f5ff2802e2961d1827b25">
|
---|
[abd78c3] | 10 | <!ENTITY kea-size "9.9 MB">
|
---|
[4cea957] | 11 | <!ENTITY kea-buildsize "1.5 GB (332 MB installed; add 4 GB for tests)">
|
---|
| 12 | <!ENTITY kea-time "4.1 SBU (with parallelism=4; add 12 SBU for tests)">
|
---|
[3b98d805] | 13 | <!ENTITY kea-arm-vers "&kea-dhcp-version;">
|
---|
[c2ab6f4] | 14 | ]>
|
---|
| 15 |
|
---|
[39aed8fc] | 16 | <sect1 id="kea" xreflabel="Kea-&kea-dhcp-version; DHCP Server">
|
---|
[c2ab6f4] | 17 | <?dbhtml filename="kea.html"?>
|
---|
| 18 |
|
---|
[39aed8fc] | 19 | <title>Kea &kea-dhcp-version; DHCP Server</title>
|
---|
[c2ab6f4] | 20 |
|
---|
| 21 | <indexterm zone="kea">
|
---|
[39aed8fc] | 22 | <primary sortas="a-KEA">Kea DHCP Server</primary>
|
---|
[c2ab6f4] | 23 | </indexterm>
|
---|
| 24 |
|
---|
| 25 | <sect2 role="package">
|
---|
[39aed8fc] | 26 | <title>Introduction to ISC Kea DHCP Server</title>
|
---|
[c2ab6f4] | 27 |
|
---|
| 28 | <para>
|
---|
[ead10d5] | 29 | The <application>ISC Kea</application> package contains the
|
---|
[c2ab6f4] | 30 | server programs for DHCP. It is the successor of the
|
---|
[194d47b] | 31 | old ISC DHCP server which is end-of-life since December 2022.
|
---|
[c2ab6f4] | 32 | </para>
|
---|
| 33 |
|
---|
[3d6c1859] | 34 | &lfs122_checked;
|
---|
[c2ab6f4] | 35 |
|
---|
| 36 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 37 | <itemizedlist spacing="compact">
|
---|
| 38 | <listitem>
|
---|
| 39 | <para>
|
---|
| 40 | Download (HTTP): <ulink url="&kea-download-http;"/>
|
---|
| 41 | </para>
|
---|
| 42 | </listitem>
|
---|
| 43 | <listitem>
|
---|
| 44 | <para>
|
---|
| 45 | Download (FTP): <ulink url="&kea-download-ftp;"/>
|
---|
| 46 | </para>
|
---|
| 47 | </listitem>
|
---|
| 48 | <listitem>
|
---|
| 49 | <para>
|
---|
| 50 | Download MD5 sum: &kea-md5sum;
|
---|
| 51 | </para>
|
---|
| 52 | </listitem>
|
---|
| 53 | <listitem>
|
---|
| 54 | <para>
|
---|
| 55 | Download size: &kea-size;
|
---|
| 56 | </para>
|
---|
| 57 | </listitem>
|
---|
| 58 | <listitem>
|
---|
| 59 | <para>
|
---|
| 60 | Estimated disk space required: &kea-buildsize;
|
---|
| 61 | </para>
|
---|
| 62 | </listitem>
|
---|
| 63 | <listitem>
|
---|
| 64 | <para>
|
---|
| 65 | Estimated build time: &kea-time;
|
---|
| 66 | </para>
|
---|
| 67 | </listitem>
|
---|
| 68 | </itemizedlist>
|
---|
| 69 |
|
---|
| 70 | <bridgehead renderas="sect3">Kea Dependencies</bridgehead>
|
---|
| 71 |
|
---|
| 72 | <bridgehead renderas="sect4">Required</bridgehead>
|
---|
| 73 | <para role="required">
|
---|
[39aed8fc] | 74 | <xref linkend="boost"/> and
|
---|
[c2ab6f4] | 75 | <xref linkend="log4cplus"/>
|
---|
| 76 | </para>
|
---|
[ead10d5] | 77 |
|
---|
[4df5695d] | 78 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[0d3cd5d] | 79 | <para role="optional">
|
---|
[4cea957] | 80 | <xref linkend="mitkrb"/>,
|
---|
| 81 | <xref linkend="valgrind"/>; for documentation:
|
---|
[0d3cd5d] | 82 | <xref linkend="doxygen"/>,
|
---|
[39aed8fc] | 83 | <xref linkend="graphviz"/>, and
|
---|
[4cea957] | 84 | <xref linkend="sphinx_rtd_theme"/>; for tests:
|
---|
| 85 | <ulink url="https://google.github.io/googletest/">GoogleTest</ulink>
|
---|
[0d3cd5d] | 86 | </para>
|
---|
| 87 |
|
---|
| 88 | <bridgehead renderas="sect4">Optional database backends</bridgehead>
|
---|
| 89 | <para role="optional">
|
---|
[39aed8fc] | 90 | <xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>, and
|
---|
[0d3cd5d] | 91 | <xref linkend="postgresql"/>
|
---|
| 92 | </para>
|
---|
[4df5695d] | 93 | <!--
|
---|
| 94 | <para condition="html" role="usernotes">Editor Notes:
|
---|
[c2ab6f4] | 95 | <ulink url="&blfs-wiki;/kea"/>
|
---|
| 96 | </para>
|
---|
[4df5695d] | 97 | -->
|
---|
[c2ab6f4] | 98 | </sect2>
|
---|
| 99 |
|
---|
| 100 | <sect2 role="kernel" id="kea-dhcp-kernel">
|
---|
| 101 | <title>Kernel Configuration</title>
|
---|
| 102 |
|
---|
| 103 | <para>
|
---|
| 104 | You must have Packet Socket support. IPv6 support is optional.
|
---|
| 105 | </para>
|
---|
| 106 |
|
---|
[0add366] | 107 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
---|
| 108 | href="kea-kernel.xml"/>
|
---|
| 109 |
|
---|
[c2ab6f4] | 110 | <indexterm zone="kea kea-dhcp-kernel">
|
---|
[eb0031c] | 111 | <primary sortas="d-KEA">Kea</primary>
|
---|
[c2ab6f4] | 112 | </indexterm>
|
---|
| 113 |
|
---|
| 114 | </sect2>
|
---|
| 115 |
|
---|
| 116 | <sect2 role="installation">
|
---|
[39aed8fc] | 117 | <title>Installation of ISC Kea DHCP Server</title>
|
---|
[c2ab6f4] | 118 |
|
---|
[5ee7bc5] | 119 | <!-- Aug 01, 2024: looks like this tweaks are no longer required
|
---|
| 120 | (were introduced with upgrading to version 2.4.1)
|
---|
| 121 |
|
---|
[4cea957] | 122 | <para>
|
---|
| 123 | First fix detection of Python-3.12 by the build system:
|
---|
| 124 | </para>
|
---|
| 125 |
|
---|
| 126 | <screen><userinput>sed -e 's/:3/:4/' \
|
---|
| 127 | -i configure</userinput></screen>
|
---|
| 128 |
|
---|
| 129 | <para>
|
---|
| 130 | Remove one installation step that uses an obsolete python module:
|
---|
| 131 | </para>
|
---|
| 132 |
|
---|
| 133 | <screen><userinput>sed -e '/dlist="/d' \
|
---|
| 134 | -i src/bin/shell/Makefile.in</userinput></screen>
|
---|
[5ee7bc5] | 135 | -->
|
---|
[c2ab6f4] | 136 | <para>
|
---|
[39aed8fc] | 137 | Install <application>ISC Kea DHCP Server</application> by running
|
---|
[c2ab6f4] | 138 | the following commands:
|
---|
| 139 | </para>
|
---|
| 140 |
|
---|
| 141 | <screen><userinput>./configure --prefix=/usr \
|
---|
| 142 | --sysconfdir=/etc \
|
---|
| 143 | --localstatedir=/var \
|
---|
| 144 | --enable-shell \
|
---|
[0dcde6e] | 145 | --with-openssl \
|
---|
[68dfef54] | 146 | --disable-static \
|
---|
| 147 | --docdir=/usr/share/doc/kea-&kea-dhcp-version; &&
|
---|
[c2ab6f4] | 148 | make</userinput></screen>
|
---|
| 149 |
|
---|
| 150 | <para>
|
---|
[4cea957] | 151 | To test the results, you must have installed GoogleTest and kept
|
---|
| 152 | its source. You should also have passed
|
---|
| 153 | <option>--with-gtest-source=/path/to/googletest/sourcedir</option> to
|
---|
| 154 | <command>configure</command> above. Run the tests with
|
---|
| 155 | <command>make check</command>. Three tests in the TLSTest suite are
|
---|
| 156 | known to fail.
|
---|
[c2ab6f4] | 157 | </para>
|
---|
| 158 |
|
---|
| 159 | <para>
|
---|
[39aed8fc] | 160 | To install the <application>ISC Kea DHCP Server</application> suite,
|
---|
[c2ab6f4] | 161 | issue the following commands as the
|
---|
| 162 | <systemitem class="username">root</systemitem> user:
|
---|
| 163 | </para>
|
---|
| 164 |
|
---|
[4d418ccd] | 165 | <screen role="root"><userinput>make -j1 install</userinput></screen>
|
---|
[c2ab6f4] | 166 |
|
---|
| 167 | </sect2>
|
---|
| 168 |
|
---|
[4d418ccd] | 169 | <sect2 role="commands">
|
---|
| 170 | <title>Command Explanations</title>
|
---|
| 171 |
|
---|
| 172 | <para>
|
---|
[4cea957] | 173 | <parameter>--enable-shell</parameter>: Allows building
|
---|
| 174 | <command>kea-shell</command>, a command line interface for
|
---|
| 175 | the control agent.
|
---|
| 176 | </para>
|
---|
| 177 |
|
---|
| 178 | <para>
|
---|
| 179 | <parameter>--with-openssl</parameter>: Allows using OpenSSL for
|
---|
| 180 | communicating with the control-agent and for DNS updates.
|
---|
| 181 | </para>
|
---|
| 182 |
|
---|
| 183 | <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
|
---|
| 184 | href="../../xincludes/static-libraries.xml"/>
|
---|
| 185 |
|
---|
| 186 | <para>
|
---|
| 187 | <option>--with-pgsql</option> or <option>--with-mysql</option>:
|
---|
[0d3cd5d] | 188 | <application>ISC Kea</application> can store the leases on a
|
---|
| 189 | database. This might be useful in large environments running
|
---|
| 190 | a cluster of DHCP servers. Using the <emphasis>memfile</emphasis>
|
---|
| 191 | backend (which is a CSV file stored locally) is possible anyhow.
|
---|
| 192 | </para>
|
---|
| 193 |
|
---|
[baf6d5a0] | 194 | <para>
|
---|
[4cea957] | 195 | <option>--enable-generate-docs</option>:
|
---|
[baf6d5a0] | 196 | If documentation is to be rebuilt, add that option. Several
|
---|
| 197 | dependencies must be installed for generating the documentation.
|
---|
| 198 | </para>
|
---|
| 199 |
|
---|
[0d3cd5d] | 200 | <para>
|
---|
[4cea957] | 201 | <command>make -j1 install</command>: ISC does not recommend
|
---|
[0d3cd5d] | 202 | any form of parallel or job server options when doing the install.
|
---|
[4d418ccd] | 203 | </para>
|
---|
| 204 |
|
---|
| 205 | </sect2>
|
---|
[ead10d5] | 206 |
|
---|
[c2ab6f4] | 207 | <sect2 role="configuration">
|
---|
[39aed8fc] | 208 | <title>Configuring ISC Kea DHCP Server</title>
|
---|
[c2ab6f4] | 209 |
|
---|
[c320d40] | 210 | <para>
|
---|
| 211 | The support of IPv4, IPv6 and DDNS has been split into
|
---|
| 212 | separate servers which runs independently from each other. Each
|
---|
| 213 | of them has its own configuration file.<phrase revision="sysv">
|
---|
| 214 | Additional configuration files come from the keactrl agent which
|
---|
| 215 | is used to control the servers in an easy way.</phrase>
|
---|
| 216 | </para>
|
---|
| 217 |
|
---|
| 218 | <para>
|
---|
| 219 | Consult the <ulink
|
---|
| 220 | url="https://kea.readthedocs.io/en/kea-&kea-arm-vers;/">
|
---|
| 221 | Kea Administrator Reference Manual</ulink>
|
---|
| 222 | for detailed information about the configuration of
|
---|
| 223 | <application>ISC Kea</application> as it is a quite capable system.
|
---|
| 224 | The configuration shown below is a bare minimum to get a DHCP server
|
---|
| 225 | running but it already includes configuration for DDNS (Dynamic DNS).
|
---|
| 226 | That setup might be working for small networks with a few clients and
|
---|
| 227 | low traffic. For greater installations with thousands of clients,
|
---|
| 228 | <application>ISC Kea</application> can be configured to use databases
|
---|
| 229 | (mariadb or postgresql) to store the leases and build a cluster with
|
---|
| 230 | multiple nodes. It can be integrated to
|
---|
| 231 | <ulink url="https://www.isc.org/categories/stork/">ISC Stork</ulink>
|
---|
| 232 | which is a management dashboard to <application>ISC Kea</application>.
|
---|
| 233 | </para>
|
---|
[ead10d5] | 234 |
|
---|
[0dcde6e] | 235 | <para>
|
---|
| 236 | If you want to start the DHCP Server at boot, install the
|
---|
| 237 | <phrase revision="sysv"><filename>/etc/rc.d/init.d/kea-dhcpd</filename>
|
---|
| 238 | init script</phrase>
|
---|
| 239 | <phrase revision="systemd"><filename>kea-dhcpd.service</filename>
|
---|
| 240 | unit</phrase> included in the
|
---|
| 241 | <xref linkend="bootscripts" revision="sysv"/>
|
---|
| 242 | <xref linkend="systemd-units" revision="systemd"/>
|
---|
| 243 | package:
|
---|
| 244 | </para>
|
---|
| 245 |
|
---|
| 246 | <screen role="root"><userinput>make install-kea-dhcpd</userinput></screen>
|
---|
| 247 |
|
---|
[c2ab6f4] | 248 | <sect3 id="kea-dhcp-config">
|
---|
| 249 | <title>Config Files</title>
|
---|
| 250 |
|
---|
| 251 | <para>
|
---|
[c320d40] | 252 | <phrase revision="sysv">
|
---|
| 253 | <filename>/etc/kea/keactrl.conf</filename>,
|
---|
| 254 | </phrase>
|
---|
[c2ab6f4] | 255 | <filename>/etc/kea/kea-ctrl-agent.conf</filename>,
|
---|
| 256 | <filename>/etc/kea/kea-dhcp4.conf</filename>,
|
---|
[c320d40] | 257 | <filename>/etc/kea/kea-dhcp6.conf</filename>, and
|
---|
[c2ab6f4] | 258 | <filename>/etc/kea/kea-dhcp-ddns.conf</filename>
|
---|
| 259 | </para>
|
---|
[4d418ccd] | 260 |
|
---|
[c320d40] | 261 | <indexterm zone="kea keactrl-config" revision="sysv">
|
---|
[c2ab6f4] | 262 | <primary sortas="e-etc-kea-keactrl.conf">/etc/kea/keactrl.conf</primary>
|
---|
| 263 | </indexterm>
|
---|
[0dcde6e] | 264 |
|
---|
[c2ab6f4] | 265 | <indexterm zone="kea kea-ctrl-agent-config">
|
---|
| 266 | <primary sortas="e-etc-kea-kea-ctrl-agent.conf">/etc/kea/kea-ctrl-agent.conf</primary>
|
---|
| 267 | </indexterm>
|
---|
[0dcde6e] | 268 |
|
---|
[c2ab6f4] | 269 | <indexterm zone="kea kea-dhcp4-config">
|
---|
| 270 | <primary sortas="e-etc-kea-dhcp4.conf">/etc/kea/kea-dhcp4.conf</primary>
|
---|
| 271 | </indexterm>
|
---|
[c320d40] | 272 |
|
---|
[c2ab6f4] | 273 | <indexterm zone="kea kea-dhcp6-config">
|
---|
| 274 | <primary sortas="e-etc-kea-dhcp6.conf">/etc/kea/kea-dhcp6.conf</primary>
|
---|
| 275 | </indexterm>
|
---|
[c320d40] | 276 |
|
---|
[c2ab6f4] | 277 | <indexterm zone="kea kea-dhcp-ddns-config">
|
---|
| 278 | <primary sortas="e-etc-kea-dhcp-ddns.conf">/etc/kea/kea-dhcp-ddns.conf</primary>
|
---|
| 279 | </indexterm>
|
---|
| 280 | </sect3>
|
---|
| 281 |
|
---|
[c320d40] | 282 | <sect3 id="keactrl-config" revision="sysv">
|
---|
[c2ab6f4] | 283 | <title>Kea Control Configuration</title>
|
---|
[4d418ccd] | 284 |
|
---|
[c2ab6f4] | 285 | <para><command>keactrl</command> is used to control the
|
---|
[d908ba4] | 286 | independent servers (IPv4, IPv6, DDNS). Its configuration file
|
---|
[c2ab6f4] | 287 | <filename>/etc/kea/keactrl.conf</filename> is installed by
|
---|
| 288 | default and includes many path settings which are defined
|
---|
| 289 | due to the <command>configure</command> at build time. It also
|
---|
| 290 | includes settings to specify which of the servers should be
|
---|
| 291 | started.</para>
|
---|
| 292 |
|
---|
| 293 | <itemizedlist>
|
---|
[0dcde6e] | 294 | <listitem>
|
---|
| 295 | <para>Control Agent</para>
|
---|
| 296 | <para>The Control Agent is a daemon which allows the
|
---|
| 297 | (re)configuration of the Kea DHCP service via REST API.
|
---|
| 298 | Set <literal>ctrl_agent=yes</literal> to start the
|
---|
| 299 | control agent (service providing a REST API), set
|
---|
| 300 | <literal>ctrl_agent=no</literal> in case the control agent
|
---|
| 301 | is not needed.</para>
|
---|
| 302 | </listitem>
|
---|
[c2ab6f4] | 303 | <listitem>
|
---|
| 304 | <para>IPv4 DHCP server</para>
|
---|
[4d418ccd] | 305 | <para>This daemon handles requests for IPv4 addresses.
|
---|
[ead10d5] | 306 | Set <literal>dhcp4=yes</literal> to start it, set
|
---|
[c2ab6f4] | 307 | <literal>dhcp4=no</literal> in case DHCP service for IPv4
|
---|
| 308 | is not wanted.</para>
|
---|
| 309 | </listitem>
|
---|
| 310 | <listitem>
|
---|
| 311 | <para>IPv6 DHCP server</para>
|
---|
[4d418ccd] | 312 | <para>This daemon handles requests for IPv6 addresses.
|
---|
[ead10d5] | 313 | Set <literal>dhcp6=yes</literal> to start it, set
|
---|
[c2ab6f4] | 314 | <literal>dhcp6=no</literal> in case DHCP service for IPv6
|
---|
| 315 | is not wanted.</para>
|
---|
| 316 | </listitem>
|
---|
| 317 | <listitem>
|
---|
| 318 | <para>Dynamic DNS</para>
|
---|
[4d418ccd] | 319 | <para>This daemon is used to update a DNS server dynamically
|
---|
[6886d51] | 320 | when Kea assigns an IP address to a device.
|
---|
[ead10d5] | 321 | Set <literal>dhcp_ddns=yes</literal> to enable it, set
|
---|
[c2ab6f4] | 322 | <literal>dhcp_ddns=no</literal> in case dynamic DNS updates
|
---|
| 323 | are not wanted.</para>
|
---|
| 324 | </listitem>
|
---|
| 325 | </itemizedlist>
|
---|
| 326 |
|
---|
[c320d40] | 327 | <para>
|
---|
| 328 | The Netconf service is not installed because required
|
---|
| 329 | dependencies are not covered by the current BLFS book.
|
---|
| 330 | . </para>
|
---|
[4d418ccd] | 331 |
|
---|
[c320d40] | 332 | <para>
|
---|
| 333 | With the following command, Kea will be configured to
|
---|
| 334 | start the dhcp service for IPv4 and the
|
---|
| 335 | dynamic DNS update, while the control agent and
|
---|
| 336 | the dhcp service for IPv6 remain down. Tweak the command to
|
---|
| 337 | match your needs on started services and execute as the
|
---|
| 338 | &root; user:
|
---|
| 339 | </para>
|
---|
[4d418ccd] | 340 |
|
---|
[746aa49] | 341 | <screen role="root"><userinput>sed -e "s/^dhcp4=.*/dhcp4=yes/" \
|
---|
[4d418ccd] | 342 | -e "s/^dhcp6=.*/dhcp6=no/" \
|
---|
| 343 | -e "s/^dhcp_ddns=.*/dhcp_ddns=yes/" \
|
---|
| 344 | -e "s/^ctrl_agent=.*/ctrl_agent=no/" \
|
---|
| 345 | -i /etc/kea/keactrl.conf
|
---|
| 346 | </userinput></screen>
|
---|
| 347 |
|
---|
[c2ab6f4] | 348 | </sect3>
|
---|
| 349 |
|
---|
[c320d40] | 350 | <sect3 id="kea-sysd-config" revision="systemd">
|
---|
| 351 | <title>Kea Configuration Using Systemd Units</title>
|
---|
| 352 |
|
---|
| 353 | <para>
|
---|
| 354 | Four service units are used to start various daemons
|
---|
| 355 | provided by Kea:
|
---|
| 356 | </para>
|
---|
| 357 |
|
---|
| 358 | <itemizedlist>
|
---|
| 359 | <listitem>
|
---|
| 360 | <para>Control Agent</para>
|
---|
| 361 | <para>
|
---|
| 362 | The Control Agent is a daemon which allows the
|
---|
| 363 | (re)configuration of the Kea DHCP service via REST API.
|
---|
| 364 | Run <command>systemctl enable kea-ctrl-agent</command>
|
---|
| 365 | if this daemon is needed.
|
---|
| 366 | </para>
|
---|
| 367 | </listitem>
|
---|
| 368 | <listitem>
|
---|
| 369 | <para>IPv4 DHCP server</para>
|
---|
| 370 | <para>
|
---|
| 371 | This daemon handles requests for IPv4 addresses.
|
---|
| 372 | Run <command>systemctl enable kea-dhcp4-server</command> to
|
---|
| 373 | have it started by systemd.
|
---|
| 374 | </para>
|
---|
| 375 | </listitem>
|
---|
| 376 | <listitem>
|
---|
| 377 | <para>IPv6 DHCP server</para>
|
---|
| 378 | <para>
|
---|
| 379 | This daemon handles requests for IPv6 addresses.
|
---|
| 380 | Run <command>systemctl enable kea-dhcp6-server</command> to
|
---|
| 381 | have it started by systemd.
|
---|
| 382 | </para>
|
---|
| 383 | </listitem>
|
---|
| 384 | <listitem>
|
---|
| 385 | <para>Dynamic DNS</para>
|
---|
| 386 | <para>
|
---|
| 387 | This daemon is used to update a DNS server dynamically
|
---|
| 388 | when Kea assigns an IP address to a device.
|
---|
| 389 | Run <command>systemctl enable kea-ddns-server</command> to
|
---|
| 390 | have it started by systemd.
|
---|
| 391 | </para>
|
---|
| 392 | </listitem>
|
---|
| 393 | </itemizedlist>
|
---|
| 394 |
|
---|
| 395 | <para>The Netconf service is not installed because required
|
---|
| 396 | dependencies are not covered by the current BLFS book.</para>
|
---|
| 397 |
|
---|
| 398 | </sect3>
|
---|
| 399 |
|
---|
[0dcde6e] | 400 | <sect3 id="kea-ctrl-agent-config">
|
---|
| 401 | <title>Control Agent Configuration</title>
|
---|
[ead10d5] | 402 |
|
---|
| 403 | <para>
|
---|
[0dcde6e] | 404 | The provided configuration could be used without changes
|
---|
[4cea957] | 405 | but in BLFS, objects like sockets are stored in
|
---|
[0dcde6e] | 406 | <filename class="directory">/run</filename>
|
---|
| 407 | rather than in
|
---|
| 408 | <filename class="directory">/tmp</filename>.
|
---|
[ead10d5] | 409 | </para>
|
---|
| 410 |
|
---|
[4df5695d] | 411 | <screen role="nodump"><userinput>cat > /etc/kea/kea-ctrl-agent.conf << "EOF"
|
---|
[0dcde6e] | 412 | <literal>// Begin /etc/kea/kea-ctrl-agent.conf
|
---|
| 413 | {
|
---|
| 414 | // This is a basic configuration for the Kea Control Agent.
|
---|
| 415 | // RESTful interface to be available at http://127.0.0.1:8000/
|
---|
| 416 | "Control-agent": {
|
---|
| 417 | "http-host": "127.0.0.1",
|
---|
| 418 | "http-port": 8000,
|
---|
| 419 | "control-sockets": {
|
---|
| 420 | "dhcp4": {
|
---|
| 421 | "socket-type": "unix",
|
---|
| 422 | "socket-name": "/run/kea4-ctrl-socket"
|
---|
| 423 | },
|
---|
| 424 | "dhcp6": {
|
---|
| 425 | "socket-type": "unix",
|
---|
| 426 | "socket-name": "/run/kea6-ctrl-socket"
|
---|
| 427 | },
|
---|
| 428 | "d2": {
|
---|
| 429 | "socket-type": "unix",
|
---|
| 430 | "socket-name": "/run/kea-ddns-ctrl-socket"
|
---|
| 431 | }
|
---|
| 432 | },
|
---|
| 433 |
|
---|
| 434 | "loggers": [
|
---|
| 435 | {
|
---|
| 436 | "name": "kea-ctrl-agent",
|
---|
| 437 | "output_options": [
|
---|
| 438 | {
|
---|
[b6a9cf77] | 439 | "output": "/var/log/kea-ctrl-agent.log",
|
---|
[0dcde6e] | 440 | "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
|
---|
| 441 | }
|
---|
| 442 | ],
|
---|
| 443 | "severity": "INFO",
|
---|
| 444 | "debuglevel": 0
|
---|
| 445 | }
|
---|
| 446 | ]
|
---|
| 447 | }
|
---|
| 448 | }
|
---|
| 449 | // End /etc/kea/kea-ctrl-agent.conf</literal>
|
---|
| 450 | EOF</userinput></screen>
|
---|
| 451 |
|
---|
| 452 | </sect3>
|
---|
| 453 |
|
---|
| 454 | <sect3 id="kea-dhcp4-config">
|
---|
| 455 | <title>IPv4 DHCP Server Configuration</title>
|
---|
[c2ab6f4] | 456 |
|
---|
| 457 | <para>
|
---|
[5571805] | 458 | A sample configuration file is created in <filename>/etc/kea/kea-dhcp4.conf</filename>.
|
---|
[4cea957] | 459 | Adjust the file to suit your needs or overwrite it by running
|
---|
| 460 | the following command as the &root; user (you'll need to edit this
|
---|
| 461 | file anyway: at least the <emphasis>interfaces</emphasis> field,
|
---|
| 462 | the <emphasis>ddns-qualifying-suffix</emphasis> field, and almost
|
---|
| 463 | all the fields in <emphasis>Subnet4</emphasis>:
|
---|
[c2ab6f4] | 464 | </para>
|
---|
| 465 |
|
---|
[4df5695d] | 466 | <screen role="nodump"><userinput>cat > /etc/kea/kea-dhcp4.conf << "EOF"
|
---|
[5571805] | 467 | <literal>// Begin /etc/kea/kea-dhcp4.conf
|
---|
[4d418ccd] | 468 | {
|
---|
[0d3cd5d] | 469 | "Dhcp4": {
|
---|
[ead10d5] | 470 | // Add names of your network interfaces to listen on.
|
---|
[c2ab6f4] | 471 | "interfaces-config": {
|
---|
[0d3cd5d] | 472 | "interfaces": [ "eth0", "eth2" ]
|
---|
[c2ab6f4] | 473 | },
|
---|
[ead10d5] | 474 |
|
---|
[c2ab6f4] | 475 | "control-socket": {
|
---|
[0d3cd5d] | 476 | "socket-type": "unix",
|
---|
[0dcde6e] | 477 | "socket-name": "/run/kea4-ctrl-socket"
|
---|
[c2ab6f4] | 478 | },
|
---|
[ead10d5] | 479 |
|
---|
[c2ab6f4] | 480 | "lease-database": {
|
---|
[0d3cd5d] | 481 | "type": "memfile",
|
---|
| 482 | "lfc-interval": 3600
|
---|
[c2ab6f4] | 483 | },
|
---|
[ead10d5] | 484 |
|
---|
| 485 | "expired-leases-processing": {
|
---|
[0d3cd5d] | 486 | "reclaim-timer-wait-time": 10,
|
---|
| 487 | "flush-reclaimed-timer-wait-time": 25,
|
---|
| 488 | "hold-reclaimed-time": 3600,
|
---|
| 489 | "max-reclaim-leases": 100,
|
---|
| 490 | "max-reclaim-time": 250,
|
---|
| 491 | "unwarned-reclaim-cycles": 5
|
---|
[ead10d5] | 492 | },
|
---|
| 493 |
|
---|
[c2ab6f4] | 494 | "renew-timer": 900,
|
---|
| 495 | "rebind-timer": 1800,
|
---|
| 496 | "valid-lifetime": 3600,
|
---|
[ead10d5] | 497 |
|
---|
| 498 | // Enable DDNS - Kea will dynamically update the DNS
|
---|
| 499 | "ddns-send-updates" : true,
|
---|
| 500 | "ddns-qualifying-suffix": "your.domain.tld",
|
---|
| 501 | "dhcp-ddns" : {
|
---|
[0d3cd5d] | 502 | "enable-updates": true
|
---|
[ead10d5] | 503 | },
|
---|
| 504 |
|
---|
[c2ab6f4] | 505 | "subnet4": [
|
---|
[0d3cd5d] | 506 | {
|
---|
[1d9b117] | 507 | "id": 1001, // Each subnet requires a unique numeric id
|
---|
[0d3cd5d] | 508 | "subnet": "192.168.56.0/24",
|
---|
| 509 | "pools": [ { "pool": "192.168.56.16 - 192.168.56.254" } ],
|
---|
| 510 | "option-data": [
|
---|
| 511 | {
|
---|
| 512 | "name": "domain-name",
|
---|
| 513 | "data": "your.domain.tld"
|
---|
| 514 | },
|
---|
| 515 | {
|
---|
| 516 | "name": "domain-name-servers",
|
---|
| 517 | "data": "192.168.56.2, 192.168.3.7"
|
---|
| 518 | },
|
---|
| 519 | {
|
---|
| 520 | "name": "domain-search",
|
---|
| 521 | "data": "your.domain.tld"
|
---|
| 522 | },
|
---|
| 523 | {
|
---|
| 524 | "name": "routers",
|
---|
| 525 | "data": "192.168.56.2"
|
---|
| 526 | }
|
---|
| 527 | ]
|
---|
| 528 | }
|
---|
[ead10d5] | 529 | ],
|
---|
| 530 |
|
---|
| 531 | "loggers": [
|
---|
[0d3cd5d] | 532 | {
|
---|
| 533 | "name": "kea-dhcp4",
|
---|
| 534 | "output_options": [
|
---|
| 535 | {
|
---|
| 536 | "output": "/var/log/kea-dhcp4.log",
|
---|
| 537 | "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
|
---|
| 538 | }
|
---|
| 539 | ],
|
---|
| 540 | "severity": "INFO",
|
---|
| 541 | "debuglevel": 0
|
---|
| 542 | }
|
---|
[c2ab6f4] | 543 | ]
|
---|
[0d3cd5d] | 544 | }
|
---|
[4d418ccd] | 545 | }
|
---|
[5571805] | 546 | // End /etc/kea/kea-dhcp4.conf</literal>
|
---|
[c2ab6f4] | 547 | EOF</userinput></screen>
|
---|
| 548 |
|
---|
[c320d40] | 549 | </sect3>
|
---|
| 550 |
|
---|
| 551 | <sect3 id="kea-dhcp6-config">
|
---|
| 552 | <title>IPv6 DHCP Server Configuration</title>
|
---|
| 553 |
|
---|
[0d3cd5d] | 554 | <para>
|
---|
| 555 | The configuration for IPv6 is similar to the configuration
|
---|
| 556 | of IPv4. The configuration file is
|
---|
[5571805] | 557 | <filename>/etc/kea/kea-dhcp6.conf</filename>.
|
---|
[0d3cd5d] | 558 | </para>
|
---|
[c2ab6f4] | 559 |
|
---|
[ead10d5] | 560 | </sect3>
|
---|
| 561 |
|
---|
| 562 | <sect3 id="kea-dhcp-ddns-config">
|
---|
| 563 | <title>Dynamic DNS Configuration</title>
|
---|
| 564 |
|
---|
[c2ab6f4] | 565 | <para>
|
---|
[0dcde6e] | 566 | If there is a <xref linkend="bind"/> server running,
|
---|
| 567 | <application>ISC Kea</application> can update the DNS when
|
---|
| 568 | it gives an IP address to a client. A sample configuration
|
---|
| 569 | file is created in <filename>/etc/kea/kea-dhcp-ddns.conf</filename>.
|
---|
[4cea957] | 570 | Adjust the file to suit your needs or overwrite it by running
|
---|
| 571 | the following command as the &root; user:
|
---|
[c2ab6f4] | 572 | </para>
|
---|
| 573 |
|
---|
[ead10d5] | 574 | <screen role="nodump" ><userinput>cat > /etc/kea/kea-dhcp-ddns.conf << "EOF"
|
---|
| 575 | <literal>// Begin /etc/kea/kea-dhcp-ddns.conf
|
---|
| 576 | {
|
---|
[0d3cd5d] | 577 | "DhcpDdns": {
|
---|
[ead10d5] | 578 | "ip-address": "127.0.0.1",
|
---|
| 579 | "port": 53001,
|
---|
| 580 | "control-socket": {
|
---|
[0d3cd5d] | 581 | "socket-type": "unix",
|
---|
[0dcde6e] | 582 | "socket-name": "/run/kea-ddns-ctrl-socket"
|
---|
[ead10d5] | 583 | },
|
---|
| 584 |
|
---|
| 585 | "tsig-keys": [
|
---|
[0d3cd5d] | 586 | {
|
---|
| 587 | "name" : "rndc-key",
|
---|
| 588 | "algorithm" : "hmac-sha256",
|
---|
| 589 | "secret" : "1FU5hD7faYaajQCjSdA54JkTPQxbbPrRnzOKqHcD9cM="
|
---|
| 590 | }
|
---|
[ead10d5] | 591 | ],
|
---|
| 592 |
|
---|
| 593 | "forward-ddns" : {
|
---|
[0d3cd5d] | 594 | "ddns-domains" : [
|
---|
| 595 | {
|
---|
| 596 | "name" : "your.domain.tld.",
|
---|
[da1d238] | 597 | "key-name": "rndc-key",
|
---|
[0d3cd5d] | 598 | "dns-servers" : [
|
---|
[ead10d5] | 599 | {
|
---|
[0d3cd5d] | 600 | "ip-address" : "127.0.0.1",
|
---|
| 601 | "port" : 53
|
---|
[ead10d5] | 602 | }
|
---|
[0d3cd5d] | 603 | ]
|
---|
| 604 | }
|
---|
| 605 | ]
|
---|
[ead10d5] | 606 | },
|
---|
| 607 |
|
---|
| 608 | "reverse-ddns" : {
|
---|
[0d3cd5d] | 609 | "ddns-domains" : [
|
---|
| 610 | {
|
---|
| 611 | "name" : "56.168.192.in-addr.arpa.",
|
---|
[da1d238] | 612 | "key-name": "rndc-key",
|
---|
[0d3cd5d] | 613 | "dns-servers" : [
|
---|
[ead10d5] | 614 | {
|
---|
[0d3cd5d] | 615 | "ip-address" : "127.0.0.1",
|
---|
| 616 | "port" : 53
|
---|
[ead10d5] | 617 | }
|
---|
[0d3cd5d] | 618 | ]
|
---|
| 619 | }
|
---|
| 620 | ]
|
---|
[ead10d5] | 621 | },
|
---|
[c2ab6f4] | 622 |
|
---|
[ead10d5] | 623 | "loggers": [
|
---|
[0d3cd5d] | 624 | {
|
---|
| 625 | "name": "kea-dhcp-ddns",
|
---|
| 626 | "output_options": [
|
---|
| 627 | {
|
---|
[057e7a1] | 628 | "output": "/var/log/kea-ddns.log",
|
---|
[0d3cd5d] | 629 | "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
|
---|
| 630 | }
|
---|
| 631 | ],
|
---|
| 632 | "severity": "INFO",
|
---|
| 633 | "debuglevel": 0
|
---|
| 634 | }
|
---|
[ead10d5] | 635 | ]
|
---|
[0d3cd5d] | 636 | }
|
---|
[ead10d5] | 637 | }
|
---|
| 638 | // End /etc/kea/kea-dhcp-ddns.conf</literal>
|
---|
| 639 | EOF</userinput></screen>
|
---|
[0d3cd5d] | 640 |
|
---|
| 641 | <note>
|
---|
| 642 | <para>
|
---|
| 643 | The value of <literal>secret</literal> is just an example.
|
---|
| 644 | Generate the key for your installation by using the
|
---|
| 645 | <command>rndc-confgen -a</command> command or the
|
---|
| 646 | <command>tsig-keygen</command> command which both are
|
---|
| 647 | provided by <xref linkend="bind"/>.
|
---|
| 648 | </para>
|
---|
[0dcde6e] | 649 | <para>
|
---|
[4cea957] | 650 | In this example configuration, it is assumed that the DNS server
|
---|
| 651 | runs on the same machine as Kea does (accessible via
|
---|
[0dcde6e] | 652 | <literal>127.0.0.1</literal>) and that this machine has
|
---|
| 653 | the IP <literal>192.168.56.2</literal>.
|
---|
| 654 | </para>
|
---|
[0d3cd5d] | 655 | </note>
|
---|
| 656 |
|
---|
[c2ab6f4] | 657 | </sect3>
|
---|
| 658 |
|
---|
| 659 | </sect2>
|
---|
| 660 |
|
---|
| 661 | <sect2 role="content">
|
---|
| 662 | <title>Contents</title>
|
---|
| 663 |
|
---|
| 664 | <segmentedlist>
|
---|
| 665 | <segtitle>Installed Programs</segtitle>
|
---|
| 666 | <segtitle>Installed Libraries</segtitle>
|
---|
| 667 | <segtitle>Installed Directories</segtitle>
|
---|
| 668 |
|
---|
| 669 | <seglistitem>
|
---|
| 670 | <seg>
|
---|
| 671 | keactrl, kea-admin, kea-ctrl-agent, kea-dhcp4, kea-dhcp6,
|
---|
| 672 | kea-dhcp-ddns, kea-lfc, kea-shell
|
---|
| 673 | </seg>
|
---|
| 674 | <seg>
|
---|
[4cea957] | 675 | libkea-asiodns.so,
|
---|
| 676 | libkea-asiolink.so,
|
---|
| 677 | libkea-cc.so,
|
---|
| 678 | libkea-cgfclient.so,
|
---|
| 679 | libkea-cryptolink.so,
|
---|
| 680 | libkea-d2srv.so,
|
---|
| 681 | libkea-database.so,
|
---|
| 682 | libkea-dhcp_ddns.so,
|
---|
| 683 | libkea-dhcp++.so,
|
---|
| 684 | libkea-dhcpsrv.so,
|
---|
| 685 | libkea-dns++.so,
|
---|
| 686 | libkea-eval.so,
|
---|
| 687 | libkea-exceptions.so,
|
---|
| 688 | libkea-hooks.so,
|
---|
| 689 | libkea-http.so,
|
---|
| 690 | libkea-log.so,
|
---|
| 691 | libkea-process.so,
|
---|
| 692 | libkea-stats.so,
|
---|
| 693 | libkea-tcp.so,
|
---|
| 694 | libkea-util.so, and
|
---|
| 695 | libkea-util-io.so
|
---|
[c2ab6f4] | 696 | </seg>
|
---|
| 697 | <seg>
|
---|
| 698 | /etc/kea,
|
---|
| 699 | /usr/include/kea,
|
---|
[4cea957] | 700 | /usr/lib/kea,
|
---|
| 701 | /usr/lib/python&python3-majorver;/site-packages/kea,
|
---|
| 702 | /usr/share/kea,
|
---|
[1a6caa9c] | 703 | /usr/share/doc/kea-&kea-dhcp-version;, and
|
---|
[c2ab6f4] | 704 | /var/lib/kea
|
---|
| 705 | </seg>
|
---|
| 706 | </seglistitem>
|
---|
| 707 | </segmentedlist>
|
---|
| 708 |
|
---|
| 709 | <variablelist>
|
---|
| 710 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 711 | <?dbfo list-presentation="list"?>
|
---|
| 712 | <?dbhtml list-presentation="table"?>
|
---|
| 713 |
|
---|
| 714 | <varlistentry id="keactrl">
|
---|
| 715 | <term><command>keactrl</command></term>
|
---|
| 716 | <listitem>
|
---|
| 717 | <para>
|
---|
[ccbeb94] | 718 | Tool to control (start/stop) the server processes.
|
---|
[c2ab6f4] | 719 | </para>
|
---|
| 720 | <indexterm zone="kea keactrl">
|
---|
| 721 | <primary sortas="b-keactrl">keactrl</primary>
|
---|
| 722 | </indexterm>
|
---|
| 723 | </listitem>
|
---|
| 724 | </varlistentry>
|
---|
[ccbeb94] | 725 | <varlistentry id="kea-admin">
|
---|
| 726 | <term><command>kea-admin</command></term>
|
---|
| 727 | <listitem>
|
---|
| 728 | <para>
|
---|
| 729 | kea-admin is a shell script which offers database maintenance.
|
---|
| 730 | </para>
|
---|
| 731 | <indexterm zone="kea kea-admin">
|
---|
| 732 | <primary sortas="b-kea-admin">kea-admin</primary>
|
---|
| 733 | </indexterm>
|
---|
| 734 | </listitem>
|
---|
| 735 | </varlistentry>
|
---|
| 736 | <varlistentry id="kea-ctrl-agent">
|
---|
| 737 | <term><command>kea-ctrl-agent</command></term>
|
---|
| 738 | <listitem>
|
---|
| 739 | <para>
|
---|
| 740 | Daemon which exposes a RESTful control interface for
|
---|
| 741 | managing Kea servers.
|
---|
| 742 | </para>
|
---|
| 743 | <indexterm zone="kea kea-ctrl-agent">
|
---|
| 744 | <primary sortas="b-kea-ctrl-agent">kea-ctrl-agent</primary>
|
---|
| 745 | </indexterm>
|
---|
| 746 | </listitem>
|
---|
| 747 | </varlistentry>
|
---|
| 748 | <varlistentry id="kea-dhcp4">
|
---|
| 749 | <term><command>kea-dhcp4</command></term>
|
---|
| 750 | <listitem>
|
---|
| 751 | <para>
|
---|
| 752 | The server daemon providing IPv4 addresses.
|
---|
| 753 | </para>
|
---|
| 754 | <indexterm zone="kea kea-dhcp4">
|
---|
| 755 | <primary sortas="b-kea-dhcp4">kea-dhcp4</primary>
|
---|
| 756 | </indexterm>
|
---|
| 757 | </listitem>
|
---|
| 758 | </varlistentry>
|
---|
| 759 | <varlistentry id="kea-dhcp6">
|
---|
| 760 | <term><command>kea-dhcp6</command></term>
|
---|
| 761 | <listitem>
|
---|
| 762 | <para>
|
---|
| 763 | The server daemon providing IPv6 addresses.
|
---|
| 764 | </para>
|
---|
| 765 | <indexterm zone="kea kea-dhcp6">
|
---|
| 766 | <primary sortas="b-kea-dhcp6">kea-dhcp6</primary>
|
---|
| 767 | </indexterm>
|
---|
| 768 | </listitem>
|
---|
| 769 | </varlistentry>
|
---|
| 770 | <varlistentry id="kea-dhcp-ddns">
|
---|
| 771 | <term><command>kea-dhcp-ddns</command></term>
|
---|
| 772 | <listitem>
|
---|
| 773 | <para>
|
---|
| 774 | The server daemon performing the dynamic DNS updates.
|
---|
| 775 | </para>
|
---|
| 776 | <indexterm zone="kea kea-dhcp-ddns">
|
---|
| 777 | <primary sortas="b-kea-dhcp-ddns">kea-dhcp-ddns</primary>
|
---|
| 778 | </indexterm>
|
---|
| 779 | </listitem>
|
---|
| 780 | </varlistentry>
|
---|
| 781 | <varlistentry id="kea-lfc">
|
---|
| 782 | <term><command>kea-lfc</command></term>
|
---|
| 783 | <listitem>
|
---|
| 784 | <para>
|
---|
| 785 | The kea-lfc service process removes redundant information
|
---|
| 786 | from the files used to provide persistent storage for the
|
---|
| 787 | memfile database backend. It is run by the Kea DHCP server.
|
---|
| 788 | </para>
|
---|
| 789 | <indexterm zone="kea kea-lfc">
|
---|
| 790 | <primary sortas="b-kea-lfc">kea-lfc</primary>
|
---|
| 791 | </indexterm>
|
---|
| 792 | </listitem>
|
---|
| 793 | </varlistentry>
|
---|
[0dcde6e] | 794 | <varlistentry id="keashell">
|
---|
| 795 | <term><command>keashell</command></term>
|
---|
| 796 | <listitem>
|
---|
| 797 | <para>
|
---|
| 798 | RESTful client to the <application>ISC Kea</application>
|
---|
| 799 | services.
|
---|
| 800 | </para>
|
---|
| 801 | <indexterm zone="kea keashell">
|
---|
| 802 | <primary sortas="b-keashell">keashell</primary>
|
---|
| 803 | </indexterm>
|
---|
| 804 | </listitem>
|
---|
| 805 | </varlistentry>
|
---|
[c2ab6f4] | 806 |
|
---|
| 807 | </variablelist>
|
---|
| 808 |
|
---|
| 809 | </sect2>
|
---|
| 810 |
|
---|
| 811 | </sect1>
|
---|