Stork 2.5: Open Source DHCP Management Tool
Stork 2.5 is a new development version, provided for testing and evaluation.
Read post
Stork 2.5 is a new development version, provided for testing and evaluation. Development versions are not recommended for production use.
Stork 2.5.0 and subsequent maintenance releases are where we will expose the new features we are working on for our next stable branch. This is the first release of Stork 2.5, and some of these new features require infrastructure work before the features are visible to the user.
Key new features we’re working on in the Stork 2.5 series
- Consolidated tracking of all leases across multiple Kea servers
- User authentication via OpenID Connect (OIDC)
- Support for the Kea configuration backend
- BIND 9 DNS zone transfer monitoring
Consolidated tracking of all leases across multiple Kea servers
This is the first installment of a multi-stage project to provide comprehensive visibility into lease activity across the Kea DHCP deployment. Collecting all the lease activity from potentially a number of Kea servers presents significant scaling challenges, so we have spent quite a bit of time developing a design plan.
We think users would like to:
- see to which clients the leases are assigned
- troubleshoot issues with particular leases
- search for leases belonging to a given client
- see the lease history for a given client
- identify clients that are receiving dhcp leases for the first time
Diagnosing lease issues is harder in large networks with many subnets and many leases. We would like to provide tools to isolate issues with lease allocations. We are interested in hearing about other specific use cases that administrators have to help us determine what diagnostics and tools would be most useful.
This Stork release introduces a mechanism that enables inspection of leases. If enabled, the agents glean lease information from the lease files of any detected Kea instances and stream that information to the server. The server then provides a searchable database of all the leases of all monitored servers. The interface can be sorted, filtered, and searched. Lease tracking currently supports only the memfile backend; this is the first release of a complex feature.
Below you can see screenshots showing DHCPv4 and DHCPv6 leases.
User authentication via OpenID Connect (OIDC)
Stork currently supports user authentication based on credentials stored in the Stork database, or by using LDAP. OpenID Connect is a very popular interoperable authentication protocol based on the OAuth 2.0 framework, that supports single-sign on. An added benefit is, it also supports multi-factor authentication, which is preferred under most security policies. With this release, this feature is basically already available, although it should be considered experimental.
In the logs below, you can see that users are able to authenticate using multiple authentication methods.
Support for the Kea configuration backend
The Kea Configuration Backend (CB or config backend) gives Kea servers the ability to store almost all of their configuration in one or more databases.
Potential features and benefits include:
- Re-use of identical configuration sections across multiple Kea servers
- A “single source of truth” for all Kea servers
- All configuration done through an API with real-time logic checks
- Easier integration with third-party tools or in-house automation
- Database architecture provides concurrency, consistency, and atomicity
- The ability to mine the database for statistics and reporting
- Use of database replication for real-time fault-tolerance
Potential drawbacks include:
- Significant up-front effort to prepare integration and/or automation
- Supported scenarios require use of API for most configuration
- The API is only available to ISC customers with a paid support contract - Incompatible with using Stork for configuration
In Stork 2.5 we are working on integrating the configuration backend, so that administrators will be able to use the Stork user interface to manage a configuration that is in the configuration backend. In this initial release, we are displaying the ‘server tag’ which is used when multiple Kea servers share a configuration backend. The server tags indicate which Kea servers are ‘subscribed’ to that configuration element.
This feature is not yet usable, more work is required to fully support the configuration backend.
BIND 9 DNS zone transfer monitoring
Monitoring zone transfer activity and identifying stuck or stalled zone transfers across an authoritative network has been a difficult problem for DNS operators for a long time. This release includes some infrastructure for an eventual feature that will support operators in monitoring zone transfers. As the simplified diagram below illustrates, finding information about zone transfers requires parsing BIND logs, and checking and compiling information from multiple sources.
This feature is not yet ready for use, there are no user-visible features yet.
Download and Installation
To download Stork sources, go to ISC’s Downloads page. Release notes are posted beside the tarball download link. Most users prefer to install our packages for Debian, Alpine, or RPM-based systems from ISC’s Cloudsmith repo.
The Stork Quickstart Guide will get you up and running quickly. The Stork Administrator Reference Manual (ARM) may also be helpful.
Stork Professional Technical Support Available
ISC is now offering professional technical support for Stork. This will be offered as a line-item on a Kea DHCP support contract. Support for Kea is available as an annual subscription, with several levels:
- Bronze - Premium and Subscriber hooks; ASNs; email support during business hours
- Silver - Premium, Subscriber, and the Role-Based Access Control (RBAC) hook; ASNs; 24x7 email and phone support with SLAs
- Gold - Premium, Subscriber, and the RBAC hook; ASNs; 24x7 email and phone support with faster response times
The annual cost of our Kea support subscriptions is based on deployment size, as measured by the number of simultaneous leases provided. For more information on the support options, please see our Support page and our Kea Support Subscription datasheet. Please feel free to contact us for more information.
