[Kea-users] kea-2.2.0 - HA cluster - communication between stork and dhcp4 gets lost
Stefan G. Weichinger
lists at xunil.at
Fri Jun 30 09:17:22 UTC 2023
Am 29.06.23 um 16:56 schrieb Eric Graham:
> My deployments have a single CA that's used as trust-anchor on both
> machines, and then the certificates are signed by the CA. The CA is
> further added to the systems' trust stores. I haven't tried what you're
> doing (sorry).
I decided to set up a small local CA and generate 2 server certs with it.
Imported the CA to the debian keystore as well.
I have a working communication now between the kea-dhcp4-daemons using
these TLS-certs: great.
-> the DHCP-cluster works
But my setup with the stork-agents and the stork-server is broken now.
The agents seem to contact the kea-control-agents by IP, so the certs
(which don't contain IP SANs according to the ugly error messages) don't
match.
* Do I have to put anything into: /var/lib/stork-agent/certs ?
* I set (in /etc/stork/agent.env):
STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true
doesn't help.
* I tried in /etc/kea/kea-ctrl-agent.conf:
"cert-required": false
A bit lost currently, sorry.
More information about the Kea-users
mailing list