[Kea-users] kea-2.2.0 - HA cluster - communication between stork and dhcp4 gets lost
Eric Graham
eric.graham at vantagepnt.com
Fri Jun 23 15:34:32 UTC 2023
Stefan,
Please be aware that you posted a password in your control agent config. I strongly recommend replacing it.
You may prefer to put the socket in /var. Cleaning of /tmp is distro-dependent behavior. You'll need to make that change (to the socket path) in the control agent and DHCP configs on both servers. Stork will pick up the change automatically (without any config changes), but the agent may need a restart, as well as all Kea services.
Eric Graham
DevOps Specialist
Direct: 605.990.1859
Eric.Graham at vantagepnt.com<mailto:eric.graham at vantagepnt.com>
[cid:17380953-0d73-4ca6-97ae-ed624e23c4b6]
________________________________
From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of Darren Ankney <darren.ankney at gmail.com>
Sent: Friday, June 23, 2023 6:01 AM
To: kea-users at lists.isc.org <kea-users at lists.isc.org>
Subject: Re: [Kea-users] kea-2.2.0 - HA cluster - communication between stork and dhcp4 gets lost
CAUTION: This email originated outside the organization. Do not click any links or attachments unless you have verified the sender.
Hi Stefan,
I imagine your socket file is being removed during routine OS cleaning
of /tmp/ I would not store it there in production (I do often do that
in testing, however). If the socket file gets removed, Kea will not
recreate it until a restart.
Thank you,
Darren Ankney
On Fri, Jun 23, 2023 at 4:21 AM Stefan G. Weichinger <lists at xunil.at> wrote:
>
> Am 22.06.23 um 19:35 schrieb Eric Graham:
> > Check the permissions of the control socket on your server:
> >
> > * Confirm that the Kea control agent can read it * Confirm that
> > SELinux is not denying the attempt
>
> Eric, thanks for your help.
>
> If it works most of the time ... why wouldn't the permissions be OK then?
>
> OK:
>
> root at adc1:/etc/kea# ls -l /tmp/kea4*
> srwxr-xr-x 1 _kea _kea 0 22. Jun 07:35 /tmp/kea4-ctrl-socket
> -rw------- 1 _kea _kea 0 22. Jun 07:35 /tmp/kea4-ctrl-socket.lock
>
>
> root at adc2:/etc/kea# ls -l /tmp/kea4*
> srwxr-xr-x 1 _kea _kea 0 17. Mai 08:18 /tmp/kea4-ctrl-socket
> -rw------- 1 _kea _kea 0 17. Mai 08:18 /tmp/kea4-ctrl-socket.lock
>
> SElinux: don't know how to check that right now ...
>
>
> > Your control agent on the other server isn't configured to connect to
> > the socket for dhcp4 on your primary server, correct?
>
> As far as I understand, no.
>
> I add the whole file just to be safe here:
>
> root at adc1:/etc/kea# cat kea-ctrl-agent.conf
> // This is a basic configuration for the Kea Control Agent.
> //
> // This is just a very basic configuration. Kea comes with large suite
> (over 30)
> // of configuration examples and extensive Kea User's Guide. Please refer to
> // those materials to get better understanding of what this software is
> able to
> // do. Comments in this configuration file sometimes refer to sections
> for more
> // details. These are section numbers in Kea User's Guide. The version
> matching
> // your software should come with your Kea package, but it is also available
> // in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
> // the stable version is https://kea.readthedocs.io/).
> //
> // This configuration file contains only Control Agent's configuration.
> // If configurations for other Kea services are also included in this
> file they
> // are ignored by the Control Agent.
> {
>
> // This is a basic configuration for the Kea Control Agent.
> // RESTful interface to be available at http://127.0.0.1:8000/
> "Control-agent": {
> "http-host": "10.0.0.231",
> // If enabling HA and multi-threading, the 8000 port is used by the HA
> // hook library http listener. When using HA hook library with
> // multi-threading to function, make sure the port used by dedicated
> // listener is different (e.g. 8001) than the one used by CA. Note
> // the commands should still be sent via CA. The dedicated listener
> // is specifically for HA updates only.
> "http-port": 8000,
>
> "authentication": {
> "type": "basic",
> "realm": "kea-control-agent",
> "clients": [
> {
> "user": "admin",
> "password": "X-dEldmfRz"
> } ]
> },
>
> // Specify location of the files to which the Control Agent
> // should connect to forward commands to the DHCPv4, DHCPv6
> // and D2 servers via unix domain sockets.
> "control-sockets": {
> "dhcp4": {
> "socket-type": "unix",
> "socket-name": "/tmp/kea4-ctrl-socket"
> }
> # "dhcp6": {
> # "socket-type": "unix",
> # "socket-name": "/tmp/kea6-ctrl-socket"
> # },
> # "d2": {
> # "socket-type": "unix",
> # "socket-name": "/tmp/kea-ddns-ctrl-socket"
> # }
> },
>
> // Specify hooks libraries that are attached to the Control Agent.
> // Such hooks libraries should support 'control_command_receive'
> // hook point. This is currently commented out because it has to
> // point to the existing hooks library. Otherwise the Control
> // Agent will fail to start.
> "hooks-libraries": [
> // {
> // "library":
> "/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so",
> // "parameters": {
> // "param1": "foo"
> // }
> // }
> ],
>
> // Logging configuration starts here. Kea uses different loggers to log
> various
> // activities. For details (e.g. names of loggers), see Chapter 18.
> "loggers": [
> {
> // This specifies the logging for Control Agent daemon.
> "name": "kea-ctrl-agent",
> "output_options": [
> {
> // Specifies the output file. There are several special
> values
> // supported:
> // - stdout (prints on standard output)
> // - stderr (prints on standard error)
> // - syslog (logs to syslog)
> // - syslog:name (logs to syslog using specified name)
> // Any other value is considered a name of the file
> "output": "stdout",
>
> // Shorter log pattern suitable for use with systemd,
> // avoids redundant information
> "pattern": "%-5p %m\n"
>
> // This governs whether the log output is flushed to
> disk after
> // every write.
> // "flush": false,
>
> // This specifies the maximum size of the file before it is
> // rotated.
> // "maxsize": 1048576,
>
> // This specifies the maximum number of rotated files
> to keep.
> // "maxver": 8
> }
> ],
> // This specifies the severity of log messages to keep.
> Supported values
> // are: FATAL, ERROR, WARN, INFO, DEBUG
> "severity": "INFO",
>
> // If DEBUG level is specified, this value is used. 0 is least
> verbose,
> // 99 is most verbose. Be cautious, Kea can generate lots and lots
> // of logs if told to do so.
> "debuglevel": 0
> }
> ]
> }
> }
>
>
> It looks at the local socket in /tmp, right?
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230623/ec9cf0f9/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-zc4k5yti.png
Type: image/png
Size: 16388 bytes
Desc: Outlook-zc4k5yti.png
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230623/ec9cf0f9/attachment-0001.png>
More information about the Kea-users
mailing list