[Kea-users] HA with kea-dhcp4: beginner questions

Wed Nov 23 11:43:06 UTC 2022

On Wed, Nov 23, 2022 at 6:09 AM Stefan G. Weichinger <lists at xunil.at> wrote:
>
>
> Greetings, I subscribed to this list 5 minutes ago because this morning
> we had a event I can't yet fully explain.
>
> A few weeks ago I set up a kea-HA-cluster of 2 Debian-11 nodes using the
> 2.3.2 packages from the isc-repos.
>
> I run kea-dhcp4 only on the 2 nodes, no DHCPv6 or DDNS. For sure I
> configured the kea-ctrl-agents as well and installed stork-server plus
> agents (server only on one node ...).
>
> We only use memfile, no database for DHCP.
>
> Things looked good so far. 4 subnets in several VLANs, logs quiet.
>
> the 2 nodes are named adc1 and adc2: they are also Samba Domain
> Controllers. Yesterday I upgraded samba on adc2 and had to
> uninstall/upgrade samba-related packages.
>
> adc2 is the primary kea-node.
>
> I didn't look at kea yesterday, and no outage was noticed or reported.
>
> -
>
> This morning I was alarmed because no DHCP leases were served. The local
> admin considered adc2 the reason and wanted to unplug it .. but
> unplugged adc1 instead.
>
> Still no leases ... after maybe 9 minutes he reconnected adc1 and
> unplugged adc2: after that (= adc2 gone) leases worked again.
>
> I browsed the logs etc (could it be that kea logs in UTC and not in my
> local timezone?). Everything quiet in there until the boxes were
> unplugged, so no error visible until that manual intervention.

If clients were attempting to get addresses at what should have been
an elevated pace, there should have been elevated logs in the minutes
leading up to the unplug.  There are many nuanced logging options with
Kea.  Do you normally see detailed logs of clients attempting to
retrieve addresses (successful or unsuccessful)?  If you had no logs
at all, then the logging may be broken, not configured correctly in
the first place, client messages may not have been getting to the
server, or Kea may not have been running.

>
> My assumption:
>
> the samba-installation might have removed or replaced some package kea
> depends on. I don't know what ...

Most likely, Kea would have failed to run at all if some libraries
were unavailable or were incorrect versions (assuming Linux here).

>
> so maybe kea on adc2 was already not working OK anymore yesterday
> evening and in the night ... but that wasn't noticed because the leases
> were still active (?)

That is possible.  Depending on your lease length, you wouldn't
necessarily notice anything until someone complained about being
unable to obtain an IP address.

>
> and today adc2 still was reachable in terms of HA but not fully working
> anymore (the cluster stayed with adc2 as primary ...)
>
> and the mistake with the unplugging lead to even more delay in getting a
> stable HA state again.
>
> -
>
> Sorry for the long description, maybe I hit a beginner issue here.
>
> For sure I am happy to show configs and logs if helpful. I tried to stay
> along the docs for sure, and I don't see any errors really.
>
> adc2 has been rebooted this morning and currently both DHCP-cluster and
> samba-DCs are working fine.
>
> Thanks for any feedback, Stefan

Before you rebooted adc2, did you check if Kea was running?  Is this
DHCPv4, DHCPv6 or both?  What OS is adc2?  Which HA mode did you
choose? If you would share your logging configuration, that would help
too.

> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users