[Kea-users] Using kea-shell
Darren Ankney
darren.ankney at gmail.com
Tue Jan 9 10:55:03 UTC 2024
Hi,
You may also want to start at the Kea server and work backwards. You
can talk directly to the Kea server as described here:
https://kea.readthedocs.io/en/kea-2.4.1/arm/ctrl-channel.html#using-the-control-channel
by doing something like:
echo '{"command": "config-get"}' | sudo socat
UNIX:/path/to/the/kea/socket -,ignoreeof | jq
The "jq" portion is optional but nicely formats the json result.
"/path/to/the/kea/socket" would be the socket as specified in your
dhcp4 configuration file.
If that works, then you can try sending the same thing to the control
agent using curl. Something like this:
curl -X POST -H "Content-Type: application/json" -d '{ "command":
"config-get", "service": [ "dhcp4" ] }' http://ca.example.org:8000/
replace "http://ca.example.org:8000/" with the correct url (e.g.,
https://127.0.0.1:8000/). You may need to consult the curl
documentation if using ssl.
curl might give a more descriptive error message.
Thank you,
Darren Ankney
On Mon, Jan 8, 2024 at 11:00 PM Rick Frey <gribnut at gmail.com> wrote:
>
> Connection refused would indicate that kea-shell is unable to connect to specified address and port. First step would be to verify the CA is listening on the address and port you are specifying as args to kea-shell. Is the CA listening on localhost (127.0.0.1 or ::1 if IPv6) and port 8000?
> In an earlier thread around CA connectivity issues, your redacted config for the CA indicated you were specifying an address using directive http-address. See Kea Docs (https://kea.readthedocs.io/en/kea-2.4.1/arm/agent.html#configuration for info on CA http-address and http-port. If you are specifying http-address and/or http-port for CA, the kea-shell args for —host and —port must match.
>
> Note that if you configure your CA to use TLS, you will also need to specify —ca arg to kea-shell (see https://kea.readthedocs.io/en/kea-2.4.1/arm/shell.html#tls-support ). I don’t believe there is means to ignore a cert hostname mismatch for kea-shell (would require using a cert that contains an SAN that matches the hostname or IP adddress used for —host arg). Mainly mentioning since your earlier threads indicated you may be using TLS for CA as well.
>
>
> On Jan 8, 2024, at 2:30 PM, CS <cs.temp.mail at gmail.com> wrote:
>
> Still trying to get my deployment to play nice with micetro. Everything it up and working as far as I know. Good status on the CA and DHCP4 daemons and logging heartbeats between my HA servers leads me to believe so.
> But trying to touch the kea control agent
>
> sudo kea-shell --host localhost --port 8000 --auth-user keauser --auth-password "bad password" --service dhcp4 list-commands
>
> <ctrl+d>
>
> Failed to run: <urlopen error [Errno 111] Connection refused>
>
>
> makes me think otherwise. Nothing gets logged to the CA or DHCP4 verbose logs either. Just refuses the connection... am I missing something simple?
>
> CS, cs.Temp.Mail at gMail.com
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
More information about the Kea-users
mailing list