diff options
author | Razvan Becheriu <razvan@isc.org> | 2022-08-20 18:36:07 +0200 |
---|---|---|
committer | Razvan Becheriu <razvan@isc.org> | 2022-08-27 09:15:39 +0200 |
commit | 05366c117a28ff6072fe1d8cd7532fa219c0bb27 (patch) | |
tree | b7b2a703498674dffd07500511971598ff54444d /doc/examples/kea6 | |
parent | [#2537] add ChangeLog entry (diff) | |
download | kea-05366c117a28ff6072fe1d8cd7532fa219c0bb27.tar.xz kea-05366c117a28ff6072fe1d8cd7532fa219c0bb27.zip |
[#2441] added HA+MT and HA+MT+TLS examples
Diffstat (limited to 'doc/examples/kea6')
-rw-r--r-- | doc/examples/kea6/ha-hot-standby-server1-with-tls.json | 164 | ||||
-rw-r--r-- | doc/examples/kea6/ha-hot-standby-server2.json (renamed from doc/examples/kea6/ha-hot-standby.json) | 83 |
2 files changed, 209 insertions, 38 deletions
diff --git a/doc/examples/kea6/ha-hot-standby-server1-with-tls.json b/doc/examples/kea6/ha-hot-standby-server1-with-tls.json new file mode 100644 index 0000000000..ac5c63eb74 --- /dev/null +++ b/doc/examples/kea6/ha-hot-standby-server1-with-tls.json @@ -0,0 +1,164 @@ +// This is an example configuration of the Kea DHCPv6 server. It uses High +// Availability hooks library and Lease Commands hooks library to enable +// High Availability function for the DHCP server. Note that almost exactly +// the same configuration must be used on the second server (partner). +// The only difference is that "this-server-name" must be set to "server2" +// on this other server. Also, the interface configuration and location of TLS +// specific files depend on the network settings and configuration of the +// particular machine. +// +// The servers using this configuration work in hot standby mode. +{ + +// DHCPv6 configuration starts here. +"Dhcp6": { + // Add names of your network interfaces to listen on. + "interfaces-config": { + // The DHCPv6 server listens on this interface. + "interfaces": [ "eth0" ] + }, + + // Control socket is required for communication between the Control + // Agent and the DHCP server. High Availability requires Control Agent + // to be running because lease updates are sent over the RESTful + // API between the HA peers. + "control-socket": { + "socket-type": "unix", + "socket-name": "/tmp/kea6-ctrl-socket" + }, + + // Use Memfile lease database backend to store leases in a CSV file. + // Depending on how Kea was compiled, it may also support SQL databases + // (MySQL and/or PostgreSQL). Those database backends require more + // parameters, like name, host and possibly user and password. + // There are dedicated examples for each backend. See Section 7.2.2 "Lease + // Storage" for details. + "lease-database": { + // Memfile is the simplest and easiest backend to use. It's an in-memory + "type": "memfile" + }, + + // HA requires two hooks libraries to be loaded: libdhcp_lease_cmds.so and + // libdhcp_ha.so. The former handles incoming lease updates from the HA peers. + // The latter implements high availability feature for Kea. + "hooks-libraries": [ + // The lease_cmds library must be loaded because HA makes use of it to + // deliver lease updates to the server as well as synchronize the + // lease database after failure. + { + "library": "/opt/lib/kea/hooks/libdhcp_lease_cmds.so", + "parameters": { } + }, + { + // The HA hooks library should be loaded. + "library": "/opt/lib/kea/hooks/libdhcp_ha.so", + "parameters": { + // High Availability configuration is specified for the HA hook library. + // Each server should have the same HA configuration, except for the + // "this-server-name" parameter. + "high-availability": [ { + // This parameter points to this server instance. The respective + // HA peers must have this parameter set to their own names. + "this-server-name": "server1", + // The HA mode is set to hot-standby. This server will receive lease + // updates from the primary. The primary will be responding to all + // DHCP queries. + "mode": "hot-standby", + // Heartbeat is to be sent every 10 seconds if no other control + // commands are transmitted. + "heartbeat-delay": 10000, + // Maximum time for partner's response to a heartbeat, after which + // failure detection is started. This is specified in milliseconds. + "max-response-delay": 60000, + // The following parameters control how the server detects the + // partner's failure. The ACK delay sets the threshold for the + // 'secs' field of the received discovers. This is specified in + // milliseconds. + "max-ack-delay": 5000, + // This specifies the number of clients which send messages to + // the partner but appear to not receive any response. + "max-unacked-clients": 5, + // Trust anchor aka certificate authority file or directory. + "trust-anchor": "/usr/lib/kea/CA.pem", + // Client certificate file name. + "cert-file": "/usr/lib/kea/server_cert.pem", + // Private key file name. + "key-file": "/usr/lib/kea/server_key.pem", + "peers": [ + // This is the configuration of our HA peer. + { + "name": "server1", + // Specifies the URL on which the partner's control + // channel can be reached. The Control Agent is required + // to run on the partner's machine with "http-host" and + // "http-port" values set to the corresponding values. + "url": "http://192.168.56.33:8000/", + // The partner is primary. Our is standby. + "role": "primary" + }, + // This is the configuration of this server instance. + { + "name": "server2", + // This specifies the URL of our server instance. The + // Control Agent must run along with our DHCPv6 server + // instance and the "http-host" and "http-port" must be + // set to the corresponding values. + "url": "http://192.168.56.66:8000/", + // Out server is standby. The partner is primary. + "role": "standby" + } + ] + } ] + } + } + ], + + // The following list defines subnets. Each subnet consists of at + // least subnet and pool entries. + "subnet6": [ + { + "subnet": "2001:db8:1::/64", + + "pools": [ + { + "pool": "2001:db8:1::100 - 2001:db8:1::250" + } + ], + + "interface": "eth0" + } + ], + +// The following configures logging. It assumes that messages with at +// least informational level (info, warn, error and fatal) should be +// logged to stdout. Alternatively, you can specify stderr here, a filename +// or 'syslog', which will store output messages via syslog. + "loggers": [ + { + // This section affects kea-dhcp6, which is the base logger for DHCPv6 + // component. It tells DHCPv6 server to write all log messages (on + // severity INFO or more) to a file. + "name": "kea-dhcp6", + "output_options": [ + { + "output": "stdout" + } + ], + "severity": "INFO", + "debuglevel": 0 + }, + { + // This section specifies configuration of the HA hooks library specific + // logger. + "name": "kea-dhcp6.ha-hooks", + "output_options": [ + { + "output": "stdout" + } + ], + "severity": "INFO", + "debuglevel": 99 + } + ] +} +} diff --git a/doc/examples/kea6/ha-hot-standby.json b/doc/examples/kea6/ha-hot-standby-server2.json index a0752d5e4d..1b9d3dde00 100644 --- a/doc/examples/kea6/ha-hot-standby.json +++ b/doc/examples/kea6/ha-hot-standby-server2.json @@ -6,12 +6,14 @@ // on this other server. Also, the interface configuration depends on the // network settings of the particular machine. // -// The servers using this configuration work in hot standby mode.. -{ "Dhcp6": - +// The servers using this configuration work in hot standby mode. { -// Kea is told to listen on eth0 interface only. + +// DHCPv6 configuration starts here. +"Dhcp6": { + // Add names of your network interfaces to listen on. "interfaces-config": { + // The DHCPv6 server listens on this interface. "interfaces": [ "eth0" ] }, @@ -31,7 +33,7 @@ // There are dedicated examples for each backend. See Section 7.2.2 "Lease // Storage" for details. "lease-database": { - // Memfile is the simplest and easiest backend to use. It's a in-memory + // Memfile is the simplest and easiest backend to use. It's an in-memory "type": "memfile" }, @@ -39,6 +41,9 @@ // libdhcp_ha.so. The former handles incoming lease updates from the HA peers. // The latter implements high availability feature for Kea. "hooks-libraries": [ + // The lease_cmds library must be loaded because HA makes use of it to + // deliver lease updates to the server as well as synchronize the + // lease database after failure. { "library": "/opt/lib/kea/hooks/libdhcp_lease_cmds.so", "parameters": { } @@ -73,30 +78,30 @@ // the partner but appear to not receive any response. "max-unacked-clients": 5, "peers": [ - // This is the configuration of our HA peer. - { - "name": "server1", - // Specifies the URL on which the partner's control - // channel can be reached. The Control Agent is required - // to run on the partner's machine with "http-host" and - // "http-port" values set to the corresponding values. - "url": "http://192.168.56.33:8000/", - // Th partner is primary. Our is standby. - "role": "primary" - }, - // This is the configuration of this server instance. - { - "name": "server2", - // This specifies the URL of our server instance. The - // Control Agent must run along with our DHCPv6 server - // instance and the "http-host" and "http-port" must be - // set to the corresponding values. - "url": "http://192.168.56.66:8000/", - // Out server is standby. The partner is primary. - "role": "standby" - } - ] - } ] + // This is the configuration of our HA peer. + { + "name": "server1", + // Specifies the URL on which the partner's control + // channel can be reached. The Control Agent is required + // to run on the partner's machine with "http-host" and + // "http-port" values set to the corresponding values. + "url": "http://192.168.56.33:8000/", + // The partner is primary. Our is standby. + "role": "primary" + }, + // This is the configuration of this server instance. + { + "name": "server2", + // This specifies the URL of our server instance. The + // Control Agent must run along with our DHCPv6 server + // instance and the "http-host" and "http-port" must be + // set to the corresponding values. + "url": "http://192.168.56.66:8000/", + // Out server is standby. The partner is primary. + "role": "standby" + } + ] + } ] } } ], @@ -105,17 +110,17 @@ // least subnet and pool entries. "subnet6": [ { - "subnet": "2001:db8:1::/64", + "subnet": "2001:db8:1::/64", - "pools": [ + "pools": [ { "pool": "2001:db8:1::100 - 2001:db8:1::250" } - ], + ], "interface": "eth0" - } - ], + } + ], // The following configures logging. It assumes that messages with at // least informational level (info, warn, error and fatal) should be @@ -123,19 +128,22 @@ // or 'syslog', which will store output messages via syslog. "loggers": [ { + // This section affects kea-dhcp6, which is the base logger for DHCPv6 + // component. It tells DHCPv6 server to write all log messages (on + // severity INFO or more) to a file. "name": "kea-dhcp6", "output_options": [ { "output": "stdout" } ], - "debuglevel": 0, - "severity": "INFO" + "severity": "INFO", + "debuglevel": 0 }, { // This section specifies configuration of the HA hooks library specific // logger. - "name": "kea-dhcp4.ha-hooks", + "name": "kea-dhcp6.ha-hooks", "output_options": [ { "output": "stdout" @@ -146,5 +154,4 @@ } ] } - } |