[Kea-users] kea-2.2.0 - HA cluster - communication between stork and dhcp4 gets lost
Eric Graham
eric.graham at vantagepnt.com
Thu Jun 29 14:56:30 UTC 2023
My deployments have a single CA that's used as trust-anchor on both machines, and then the certificates are signed by the CA. The CA is further added to the systems' trust stores. I haven't tried what you're doing (sorry).
Eric Graham
DevOps Specialist
Direct: 605.990.1859
Eric.Graham at vantagepnt.com<mailto:eric.graham at vantagepnt.com>
[cid:ff23e65c-e61f-497c-bea5-91f13f197392]
________________________________
From: Stefan G. Weichinger <lists at xunil.at>
Sent: Thursday, June 29, 2023 9:04 AM
To: Eric Graham <eric.graham at vantagepnt.com>; kea-users at lists.isc.org <kea-users at lists.isc.org>
Subject: Re: [Kea-users] kea-2.2.0 - HA cluster - communication between stork and dhcp4 gets lost
CAUTION: This email originated outside the organization. Do not click any links or attachments unless you have verified the sender.
Am 29.06.23 um 15:34 schrieb Eric Graham:
> Stefan,
>
> I think so, but I'm not sure if it's best practice to share that
> certificate with Kea since you'd need to open up permissions a little
> and allow Kea to read the private key. If you have no qualms with that
> note, then it's probably worth an attempt, at least. Since Kea shouldn't
> be running as root, you may need to change group ownership of the certs
> or use fACLs.
I could copy them over to /var/lib/kea and adjust things.
Prepared that already
As far as I understand the CAs have to be placed "cross-wise":
server1 has to use ca_server2.pem as trust-anchor
server2 has to use ca_server1.pem as trust-anchor
Right?
I haven't started editing things yet, can't risk downtime while people
are working there.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230629/de999521/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-b4dilhqh.png
Type: image/png
Size: 16388 bytes
Desc: Outlook-b4dilhqh.png
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230629/de999521/attachment-0001.png>
More information about the Kea-users
mailing list