[Kea-users] Kea-DHCP HA
Kevin P. Fleming
lists.kea-users at kevin.km6g.us
Mon Apr 3 10:03:10 UTC 2023
On Mon, Apr 3, 2023, at 03:12, Kraishak Mahtha wrote:
> Hi,
>
> While I am checking for the failover section in the kea guide under the section
>
> https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?highlight=trust-anchor#https-support it says
>
> The three parameters must be either all not specified (HTTPS disabled) or all specified (HTTPS enabled)
> --> I tried the case with empty files
> Tried empty values for the fields trust-anchor,cert-file,key-file in kea-dhcpd.conf in both primary and secondary but It didn't work then later I made empty the fields also in kea-ctrl-agent.conf but still didn't work, tried setting the param value require-client-certs and cert-required to false but still didn't work
> Again When I replaced it with a certificate file it worked, so I doubt if the certificates are mandatory for kea-HA(2.2.0) in the latest version.
'not specified' means 'not specified'; it doesn't mean 'specified but the file is empty'. That isn't a valid configuration. Certificates are mandatory for TLS support, and are not used at all if TLS support is not enabled.
>
> And also do we need to run the kea-control agent on both the primary and failover servers?
If the control agent is being used for HA support, it has to be running on every server in the HA group (primary, secondary, and backup).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230403/6e1566bb/attachment.htm>
More information about the Kea-users
mailing list