[Kea-users] Kea HA Heartbeat Failure

[duluxoz]

Yeah, the curl didn't work - it connected ok, but the auth failed - see 
my next post for more information - and thanks for helping us out  :-)


On 26/01/2023 21:57, Veronique Lefebure wrote:
> Hi,
> Have you tried to run a manual curl command from one of the two 
> servers to its partner ?
>
> ------------------------------------------------------------------------
> *From:* Kea-users <kea-users-bounces at lists.isc.org> on behalf of 
> duluxoz <duluxoz at gmail.com>
> *Sent:* Thursday, January 26, 2023 9:26 AM
> *To:* kea-users at lists.isc.org <kea-users at lists.isc.org>
> *Subject:* [Kea-users] Kea HA Heartbeat Failure
>
> Hi All,
>
> Looking for some pointers on an issue we've got.
>
> TL:DR: Our Kea HA Servers' Heartbeat not connecting - permissions issue.
>
> So we've got to Kea servers (v2.2) running on two Rocky Linux v9.1 
> servers. Clients are getting IP Addresses (both dynamic and reserved) 
> and keactrl works fine, etc. But we're getting the following error 
> messages showing up in the logs:
>
> ~~~
>
> 2023-01-26 16:20:37.013 WARN  
> [kea-dhcp4.ha-hooks/7896.140594097562496] HA_HEARTBEAT_FAILED 
> heartbeat to kea_dhcp_2 (http://192.168.1.3:8000/ 
> <http://192.168.1.3:8000/>) failed: Unauthorized, error code 1
> 2023-01-26 16:20:37.013 WARN [kea-dhcp4.ha-hooks/7896.140594097562496] 
> HA_COMMUNICATION_INTERRUPTED communication with kea_dhcp_2 is interrupted
> ~~~
>
> Its not SELinux (we turned off SELinux and the problem persisted).
>
> Its not firewalld (we think) - ie the ports are opened, confirmed by 
> netstat.
>
> We are using the default port of 8000 for keactrl and the heartbeat (I 
> assume this is OK, as the doco seems to imply that it is).
>
> keactrl is using a basic authentication with a pre-shared key, and 
> we've checked that its the same on both servers.
>
> We've bound port 8000 to the actual IPv4 address of the server (not 
> 127.0.0.1). We originally had it bound to the loopback address, and we 
> were getting "connection refused" errors, so we bound it to the real 
> IP Address and not we're getting the above error.
>
> The two servers' IP Addresses are in the correct "allow" statement, 
> and when we removed the allow statement from the config (ie opened up 
> connection to all) we still had the same problem.
>
> Finally, our config files are practically the same as those shown on 
> numerous websites and in the official doco and sample files - with the 
> relevant details changed (ie IP Addresses, etc) - I can post them here 
> if required, but I'm loath to fill up a post with irrelevant info 
> unless requested.  :-)
>
> So, any pointers would be appreciated
>
> Cheers
>
> Dulux-Oz
-- 
Peregrine IT Signature

*Matthew J BLACK*
   M.Inf.Tech.(Data Comms)
   MBA
   B.Sc.
   MACS (Snr), CP, IP3P

When you want it done /right/ ‒ the first time!

Phone: 	+61 4 0411 0089
Email: 	matthew at peregrineit.net <mailto:matthew at peregrineit.net>
Web: 	www.peregrineit.net <http://www.peregrineit.net>

View Matthew J BLACK's profile on LinkedIn 
<http://au.linkedin.com/in/mjblack>

This Email is intended only for the addressee.  Its use is limited to 
that intended by the author at the time and it is not to be distributed 
without the author’s consent.  You must not use or disclose the contents 
of this Email, or add the sender’s Email address to any database, list 
or mailing list unless you are expressly authorised to do so.  Unless 
otherwise stated, Peregrine I.T. Pty Ltd accepts no liability for the 
contents of this Email except where subsequently confirmed in 
writing.  The opinions expressed in this Email are those of the author 
and do not necessarily represent the views of Peregrine I.T. Pty 
Ltd.  This Email is confidential and may be subject to a claim of legal 
privilege.

If you have received this Email in error, please notify the author and 
delete this message immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230127/163e7e48/attachment-0001.htm>