[Kea-users] kea-2.2.0 - HA cluster - communication between stork and dhcp4 gets lost

Stefan G. Weichinger lists at xunil.at
Fri Jun 23 08:20:49 UTC 2023 

Am 22.06.23 um 19:35 schrieb Eric Graham:
> Check the permissions of the control socket on your server:
> 
> * Confirm that the Kea control agent can read it * Confirm that
> SELinux is not denying the attempt

Eric, thanks for your help.

If it works most of the time ... why wouldn't the permissions be OK then?

OK:

root at adc1:/etc/kea# ls -l /tmp/kea4*
srwxr-xr-x 1 _kea _kea 0 22. Jun 07:35 /tmp/kea4-ctrl-socket
-rw------- 1 _kea _kea 0 22. Jun 07:35 /tmp/kea4-ctrl-socket.lock


root at adc2:/etc/kea# ls -l /tmp/kea4*
srwxr-xr-x 1 _kea _kea 0 17. Mai 08:18 /tmp/kea4-ctrl-socket
-rw------- 1 _kea _kea 0 17. Mai 08:18 /tmp/kea4-ctrl-socket.lock

SElinux: don't know how to check that right now ...


> Your control agent on the other server isn't configured to connect to
>  the socket for dhcp4 on your primary server, correct?

As far as I understand, no.

I add the whole file just to be safe here:

root at adc1:/etc/kea# cat kea-ctrl-agent.conf
// This is a basic configuration for the Kea Control Agent.
//
// This is just a very basic configuration. Kea comes with large suite 
(over 30)
// of configuration examples and extensive Kea User's Guide. Please refer to
// those materials to get better understanding of what this software is 
able to
// do. Comments in this configuration file sometimes refer to sections 
for more
// details. These are section numbers in Kea User's Guide. The version 
matching
// your software should come with your Kea package, but it is also available
// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
// the stable version is https://kea.readthedocs.io/).
//
// This configuration file contains only Control Agent's configuration.
// If configurations for other Kea services are also included in this 
file they
// are ignored by the Control Agent.
{

// This is a basic configuration for the Kea Control Agent.
// RESTful interface to be available at http://127.0.0.1:8000/
"Control-agent": {
     "http-host": "10.0.0.231",
     // If enabling HA and multi-threading, the 8000 port is used by the HA
     // hook library http listener. When using HA hook library with
     // multi-threading to function, make sure the port used by dedicated
     // listener is different (e.g. 8001) than the one used by CA. Note
     // the commands should still be sent via CA. The dedicated listener
     // is specifically for HA updates only.
     "http-port": 8000,

	"authentication": {
             "type": "basic",
             "realm": "kea-control-agent",
             "clients": [
             {
                 "user": "admin",
                 "password": "X-dEldmfRz"
             } ]
         },

     // Specify location of the files to which the Control Agent
     // should connect to forward commands to the DHCPv4, DHCPv6
     // and D2 servers via unix domain sockets.
     "control-sockets": {
         "dhcp4": {
             "socket-type": "unix",
             "socket-name": "/tmp/kea4-ctrl-socket"
         }
     #    "dhcp6": {
     #        "socket-type": "unix",
     #        "socket-name": "/tmp/kea6-ctrl-socket"
     #    },
     #    "d2": {
     #        "socket-type": "unix",
     #        "socket-name": "/tmp/kea-ddns-ctrl-socket"
     #    }
     },

     // Specify hooks libraries that are attached to the Control Agent.
     // Such hooks libraries should support 'control_command_receive'
     // hook point. This is currently commented out because it has to
     // point to the existing hooks library. Otherwise the Control
     // Agent will fail to start.
     "hooks-libraries": [
//  {
//      "library": 
"/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so",
//      "parameters": {
//          "param1": "foo"
//      }
//  }
     ],

// Logging configuration starts here. Kea uses different loggers to log 
various
// activities. For details (e.g. names of loggers), see Chapter 18.
     "loggers": [
     {
         // This specifies the logging for Control Agent daemon.
         "name": "kea-ctrl-agent",
         "output_options": [
             {
                 // Specifies the output file. There are several special 
values
                 // supported:
                 // - stdout (prints on standard output)
                 // - stderr (prints on standard error)
                 // - syslog (logs to syslog)
                 // - syslog:name (logs to syslog using specified name)
                 // Any other value is considered a name of the file
                 "output": "stdout",

                 // Shorter log pattern suitable for use with systemd,
                 // avoids redundant information
                 "pattern": "%-5p %m\n"

                 // This governs whether the log output is flushed to 
disk after
                 // every write.
                 // "flush": false,

                 // This specifies the maximum size of the file before it is
                 // rotated.
                 // "maxsize": 1048576,

                 // This specifies the maximum number of rotated files 
to keep.
                 // "maxver": 8
             }
         ],
         // This specifies the severity of log messages to keep. 
Supported values
         // are: FATAL, ERROR, WARN, INFO, DEBUG
         "severity": "INFO",

         // If DEBUG level is specified, this value is used. 0 is least 
verbose,
         // 99 is most verbose. Be cautious, Kea can generate lots and lots
         // of logs if told to do so.
         "debuglevel": 0
     }
   ]
}
}


It looks at the local socket in /tmp, right?

More information about the Kea-users mailing list