On Arch you can build using the provided PKGBUILD in the packaging directory or from the AUR. All git tags are signed with [email protected] key which is available via WKD or download from https://www.sapience.com/tech. Add the key to your package builder gpg keyring. The key is included in the Arch package and the source= line with ?signed at the end can be used to verify the git tag. You can also manually verify the signature
Add output option "calculate-tee-times" : true (replaces explicit renew-timer, rebind-timer)
Add output option: "offer-lifetime": 60
Add global input options: "min-valid-lifetime", "valid-lifetime", "max-valid-lifetime"
These can be overriden at the subnet level
If some lifetimes are set, missing ones are imputed using:
min-valid-lifetime = valid-lifetime / 2
max-valid-lifetime = valid-lifetime * 2
reservations : use FQDN for hostname. Hostname must be requested by client for kea to send it.
kea has deprecated the option reservation-mode for versions of kea newer than 2.4. These new versions will error if this option is used.
We have now removed this option from kea-config generated output.
Please re-run kea-config to generate fresh configs. These new configs are compatible with version of kea newer than 2.4 as well as version 2.4.
Existing file /etc/kea/kea-dhcp4.conf can also be edited to remove the line with the deprecated option.
What is kea?
kea is a modern dhcp server from ISC (<https://www.isc.org/kea>) which supercedes its older dhcp software.
kea offers a nice feature set including the ability to have a hot standby server to pick up in case the primary is unavailable. Its power also lurks behind a complicated configuration suite that, at least for me, is not terribly human friendly.
Most notably each server requires it's own separate config and keeping them all synchronized can be a bit of a chore and which naturally is prone to human error.
What is kea-config?
kea-config provides a tool which takes a single configuration file as its input and it then generates the native kea configuration files needed from that single source of truth. By using a single configuration we can be assured that the configs for the primary, standby and backup servers are consistent with one other.
It also provides the convenience of doing the DNS lookups for any host reservations, meaning the reservation is specified using hostname only not IP as expected by kea.
At the moment kea-config supports kea-dhcp4 and its companion control agent.
Contents
- Installation
- Using kea-config
- Summary of config variables
- Discussion and Next Steps
- Available on
On Arch you can build using the PKGBUILD provided in packaging directory or from the AUR package.
rm -f dist/* /usr/bin/python -m build --wheel --no-isolation root_dest="/" ./scripts/do-install $root_dest
When running as non-root then set root_dest a user writable directory This will install the executable /usr/bin/kea-config along with a sample config in /usr/share/kea_config
kea-config is written in python and that is its sole dependency, hence python must be installed.
You can install it or run it out of the cloned repo (src/kea_config/kea-config.py)
Once installed, to use it, copy the sample config file in the configs dir, modify for your own setup and simply run it:
kea-config -c <your.conf>
This will generate pairs of files, one kea config and one control agent config for each of primary, standby and backup - or whatever subset you used in the conf file.
e.g. it will create kea configs in the <conf_dir> which is defined config being used:
kea-ctrl-agent-primary.conf kea-dhcp4-primary.conf
and similarly for standby and/or backup if requested. Each pair of files is to be used on the corresponding server. e.g The 2 primary files are used on the kea-dhcp4 primary server.
One simple way to manage these is to copy the entire <conf_dir> to each kea server /etc/kea then use sym links for kea config - linking to appropriate primary, standby or backup.
e.g. /etc/kea on primary would have
kea-dhcp4.conf -> <conf_dir>/kea-dhcp4-primary.conf kea-ctrl-agent.conf -> <conf_dir>/kea-ctrl-agent-primary.conf
Comments begin with '#' and are ignored. The conf file in standard TOML format and as usual sections are denoted by square brackets. e.g.:
some_variable = 'xxx' [section_1] a_variable = 'hi' a_list = ['1', 'two', 'three']
See the sample config for additional details. We summarize the main pieces here:
title
For human use only - not used by kea-config.
conf_dir
Directory where generated kea configs reside. What I do is rsync this directory to /etc/kea/ on each kea server. Each server then has a soft link to its own specific config. For example on my primary server I have
ln -s <conf_dir>/kea-ctrl-agent-primary.conf kea-ctrl-agent.conf
ln -s <conf_dir>//kea-dhcp4-primary.conf kea-dhcp4.conf
And similarly for standby and backup.
server_types
The list of servers used - should contain at least 'primary'. e.g. server_types = ['primary', 'standby', 'backup']
[global_options]
This section has some common dhcp information shared with dhcp clients:
- domain-name-servers - list of DNS server IPs
- domain-name - what is sounds like
- domain-search - list of (sub)domains to search (if any)
- ntp-servers - list of local ntp server IPs (if any)
[server.primary]
Provides the information needed for the primary server interface, hostname, port, auth_user and auth_password
[server.standby] [server.backup]
Same format as primary server section. Optional and only used if turned on in server_types list.
[net]
This section describes the standard dhcp information including host IP reservations.
dns_net
internal domain, used to lookup IP for host reservations.
pools
list of IP ranges to use
subnet
what it sounds like
max-valid-lifetime
as usual in seconds
[net.option-data]
sub section with:
broadcast-address
routers
default gateway / route
ntp-servers
A list
[net.reserved.XXX]
host XXX hardware-address = "mac address"
Will reserve the IP for XXX based on dns lookup of XXX. Have as many of these as needed.
This version is for kea-dhcp4 (IPv4).
Not all kea options are supported by kea-config. For example the high availibilty component of kea allows for either hot-standby or load balancing. At moment we only support hot standby. Hot standby has one server at a time actively serving clients, whereas in load balancing case both servers are servicing clients at same time.
To create a version for kea-dhcp6, for example where a firewall is responsible for passing prefix delegation to the internal hosts, one needs an IPV6 internet connection; I am unable to work on this at the moment.
While kea-config is distro agnostic, I do provide an Archlinux package available on the AUR.
- Run time
- python
- Building Package:
- git
- poetry (aka python-poetry)
- wheel (aka python-wheel)
- build (aka python-build)
- installer (aka python-installer)
- rsync
- Optional for building docs:
- sphinx
- texlive-latexextra (archlinux packaguing of texlive tools)
We follow the live at head commit philosophy. This means we recommend using the latest commit on git master branch. We also provide git tags.
This approach is also taken by Google [1] [2].
Created by Gene C. and licensed under the terms of the MIT license.
- SPDX-License-Identifier: MIT
- Copyright (c) 2022-present Gene C
[1] | https://github.com/google/googletest |
[2] | https://abseil.io/about/philosophy#upgrade-support |