summaryrefslogtreecommitdiffstats
path: root/doc/examples/kea4/all-keys.json
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 14:53:22 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 14:53:22 +0000
commit52c021ee0b0c6ad2128ed550c694aad0d11d4c3f (patch)
tree83cf8627b94336cf4bee7479b9749263bbfd3a06 /doc/examples/kea4/all-keys.json
parentInitial commit. (diff)
downloadisc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.tar.xz
isc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.zip
Adding upstream version 2.5.7.upstream/2.5.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/examples/kea4/all-keys.json')
-rw-r--r--doc/examples/kea4/all-keys.json1277
1 files changed, 1277 insertions, 0 deletions
diff --git a/doc/examples/kea4/all-keys.json b/doc/examples/kea4/all-keys.json
new file mode 100644
index 0000000..d5e0a02
--- /dev/null
+++ b/doc/examples/kea4/all-keys.json
@@ -0,0 +1,1277 @@
+// WARNING: This example configuration is not meant for production use.
+// The Kea DHCPv4 server will refuse this configuration because it contains
+// mutually exclusive configuration parameters.
+//
+// The primary purpose of the example file is to provide a comprehensive
+// list of parameters supported by the Kea DHCPv4 server, along with a brief
+// description of each parameter.
+//
+// This current version should be up to date, i.e. new keywords should be
+// added in this file at the same time as in the parser specification.
+{
+ // Kea DHCPv4 server configuration begins here.
+ "Dhcp4": {
+ // Global flag selecting an IP address allocation strategy for all
+ // subnets. Use "random" for a random allocation strategy.
+ "allocator": "iterative",
+
+ // Global authoritative flag to handle requests by clients for
+ // unknown IP addresses (ignore if disabled, NAK if enabled).
+ "authoritative": false,
+
+ // Global bootfile name to be set in the 'file' field.
+ "boot-file-name": "/dev/null",
+
+ // Ordered list of client classes used by the DHCPv4 server.
+ "client-classes": [
+ {
+ // Class-specific bootfile name to be set in the 'file' field.
+ "boot-file-name": "/tmp/bootfile.efi",
+
+ // Class name.
+ "name": "phones_server1",
+
+ // Class-specific next server address to use in bootstrap, which
+ // is set in 'siaddr' field.
+ "next-server": "10.2.3.4",
+
+ // Class-specific DHCPv4 options list.
+ "option-data": [],
+
+ // Class-specific DHCPv4 option definitions, i.e. custom formats
+ // specified for non-standard options.
+ "option-def": [],
+
+ // Class-specific optional server hostname, which is set in
+ // 'sname' field.
+ "server-hostname": "",
+
+ // Class selection expression. The DHCP packet is assigned to this
+ // class when the given expression evaluates to true.
+ "test": "member('HA_server1')",
+
+ // Class valid lifetime.
+ "valid-lifetime": 6000,
+
+ // Class min valid lifetime.
+ "min-valid-lifetime": 4000,
+
+ // Class max valid lifetime.
+ "max-valid-lifetime": 8000,
+
+ // If greater than zero, it is the lifetime of leases temporarily allocated
+ // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
+ "offer-lifetime" : 65
+ },
+ {
+ // Default value of the class-specific bootfile name. An empty name
+ // means that the bootfile name is unspecified.
+ "boot-file-name": "",
+
+ // Second class name.
+ "name": "phones_server2",
+
+ // Default value of the class-specific next server address. The
+ // zero IPv4 address means that it is unspecified.
+ "next-server": "0.0.0.0",
+
+ // Class-specific DHCPv4 options list.
+ "option-data": [],
+
+ // Class-specific DHCPv4 option definitions, i.e. custom formats
+ // specified for non-standard options.
+ "option-def": [],
+
+ // Class-specific optional server hostname, which is set in
+ // 'sname' field.
+ "server-hostname": "",
+
+ // Class selection expression. The DHCP packet is assigned to this
+ // class when the given expression evaluates to true.
+ "test": "member('HA_server2')"
+ },
+ {
+ // Third class name.
+ "name": "late",
+
+ // Boolean flag indicating whether the class expression is only evaluated
+ // when the class is required, e.g. the selected address pool configuration
+ // includes this class name in its "require-client-classes" list. The
+ // default value false means that the class test expression must
+ // always be evaluated.
+ "only-if-required": true,
+
+ // Class selection expression.
+ "test": "member('ALL')"
+ },
+ {
+ // Fourth class name.
+ "name": "my-template-class",
+
+ // Template class flag that holds the expression used to generate the names for all
+ // the spawned subclasses. In this case, the classes are named after the client ID.
+ "template-test": "substring(option[61].hex, 0, all)"
+ }
+ ],
+
+ // Parameters for triggering behaviors compatible with broken or
+ // non-compliant clients, relays, or other agents
+ "compatibility": {
+ // Ignore DHCP Server Identifier option if set to true.
+ // Enabling this will cause Kea to accept any query, even
+ // if the address in the option belongs to another server,
+ // instead of dropping it. This config option defaults to
+ // false, as enabling it breaks RFC compliance.
+ "ignore-dhcp-server-identifier": false,
+
+ // Ignore Relay Agent Information Link Selection suboption if set
+ // to true. Enabling this will cause Kea to use normal subnet
+ // selection logic instead of attempting to use the subnet
+ // specified in the suboption. This config option defaults to
+ // false, as enabling it breaks RFC compliance.
+ "ignore-rai-link-selection": false,
+
+ // Parse options more leniently where fields can be deduced
+ // deterministically, even if against RFC or common practice.
+ "lenient-option-parsing": true,
+
+ // Boolean flag indicating whether .0 and .255 addresses
+ // must be considered as never free in subnets with a prefix length
+ // of 24 or less. The default is false, as these addresses are not
+ // special; only the first and the last addresses are.
+ "exclude-first-last-24": false
+ },
+
+ // Command control socket configuration parameters for the Kea DHCPv4 server.
+ "control-socket": {
+ // Location of the UNIX domain socket file the DHCPv4 server uses
+ // to receive control commands from the Kea Control Agent or the
+ // local server administrator.
+ "socket-name": "/tmp/kea4-ctrl-socket",
+
+ // Control socket type used by the Kea DHCPv4 server. The 'unix'
+ // socket is currently the only supported type.
+ "socket-type": "unix"
+ },
+
+ // Specifies a prefix to be prepended to the generated Client FQDN.
+ // It may be specified at the global, shared-network, and subnet levels.
+ "ddns-generated-prefix": "myhost",
+
+ // Boolean flag indicating whether the server should ignore DHCP client
+ // wishes to update DNS on its own. With that flag set to true,
+ // the server will send DNS updates for both forward and
+ // reverse DNS data. The default value is false, which indicates
+ // that the server will delegate a DNS update to the client when
+ // requested. It may be specified at the global, shared-network,
+ // and subnet levels.
+ "ddns-override-client-update": false,
+
+ // Boolean flag indicating whether the server should override the DHCP
+ // client's wish to not update the DNS. With this parameter
+ // set to true, the server will send a DNS update even when
+ // the client requested no update. It may be specified at the
+ // global, shared-network, and subnet levels.
+ "ddns-override-no-update": false,
+
+ // Suffix appended to the partial name sent to the DNS. The
+ // default value is an empty string, which indicates that no
+ // suffix is appended. It may be specified at the global,
+ // shared-network, and subnet levels.
+ "ddns-qualifying-suffix": "",
+
+ // Enumeration specifying whether the server should honor
+ // the hostname or Client FQDN sent by the client or replace
+ // this name. The acceptable values are: "never" (use the
+ // name the client sent), "always" (replace the name the
+ // client sent), "when-present" (replace the name the client
+ // sent, but do not generate one when the client didn't send
+ // the name), "when-not-present" (generate the name when
+ // client didn't send one, otherwise leave the name the
+ // client sent). The default value is "never". It may be
+ // specified at the global, shared-network, and subnet levels.
+ "ddns-replace-client-name": "never",
+
+ // Boolean flag which enables or disables DDNS updating. It
+ // defaults to true. It may be specified at the global, shared-
+ // network, and subnet levels. It works in conjunction with
+ // dhcp-ddns:enable-updates, which must be true to enable connectivity
+ // to kea-dhcp-ddns.
+ "ddns-send-updates": true,
+
+ // Boolean flag, which when true instructs the server to always
+ // update DNS when leases are renewed, even if the DNS information
+ // has not changed. The server's default behavior (i.e. flag is false)
+ // is to only update DNS if the DNS information has changed. It
+ // may be specified at the global, shared-network, and subnet levels.
+ "ddns-update-on-renew": true,
+
+ // Boolean flag which is passed to kea-dhcp-ddns with each DDNS
+ // update request, to indicate whether DNS update conflict
+ // resolution as described in RFC 4703 should be employed for the
+ // given update request. The default value for this flag is true.
+ // It may be specified at the global, shared-network, and subnet levels.
+ // This field has been replaced by ddns-conflict-resolution-mode.
+ // Parsing is maintained only for backwards compatibility.
+ // "ddns-use-conflict-resolution": true,
+
+ // Enumeration, which is passed to kea-dhcp-ddns with each DDNS
+ // update request to indicate the mode used for resolving conflicts
+ // while performing DDNS updates. The acceptable values are:
+ // check-with-dhcid (this includes adding a DHCID record and checking
+ // that record via conflict detection as per RFC 4703,
+ // no-check-with-dhcid (this will ignore conflict detection but add
+ // a DHCID record when creating/updating an entry),
+ // check-exists-with-dhcid (this will check if there is an existing
+ // DHCID record but does not verify the value of the record matches
+ // the update. This will also update the DHCID record for the entry),
+ // no-check-without-dhcid (this ignores conflict detection and will
+ // not add a DHCID record when creating/updating a DDNS entry).
+ // The default value is "check-with-dhcid". It may be
+ // specified at the global, shared-network and subnet levels.
+ "ddns-conflict-resolution-mode": "check-with-dhcid",
+
+ // When greater than 0.0, it is the percent of the lease's lifetime
+ // to use for the DNS TTL.
+ "ddns-ttl-percent": 0.75,
+
+ // Time in seconds specifying how long a declined lease should be
+ // excluded from DHCP assignments. The default value is 86400 (24 hours).
+ "decline-probation-period": 86400,
+
+ // Name Change Request forwarding configuration for the Kea DHCPv4 server.
+ // NCRs are sent to the Kea D2 module to update DNS upon allocation of
+ // DHCP leases.
+ "dhcp-ddns": {
+ // Boolean flag indicating whether Kea DHCPv4 server should connect to
+ // kea-dhcp-ddns. This must be true for NCRs to be created and
+ // sent to kea-dhcp-ddns. By default, NCRs are not generated.
+ "enable-updates": false,
+
+ // Specifies maximum number of NCRs to queue waiting to be sent
+ // to the Kea D2 server.
+ "max-queue-size": 1024,
+
+ // Packet format to use when sending NCRs to the Kea D2 server.
+ // Currently, only JSON format is supported.
+ "ncr-format": "JSON",
+
+ // Socket protocol to use when sending NCRs to D2. Currently,
+ // only UDP is supported.
+ "ncr-protocol": "UDP",
+
+ // IP address that the Kea DHCPv4 server should use to send
+ // NCRs to D2. The default value of zero indicates that Kea
+ // should pick a suitable address.
+ "sender-ip": "0.0.0.0",
+
+ // Port number that the Kea DHCPv4 server should use to send
+ // NCRs to D2. The default value of zero indicates that Kea
+ // should pick a suitable port.
+ "sender-port": 0,
+
+ // IP address on which D2 listens for NCRs.
+ "server-ip": "127.0.0.1",
+
+ // Port number on which D2 listens for NCRs.
+ "server-port": 53001,
+
+ // The following parameters are DEPRECATED. They have been
+ // replaced with parameters that may be set at the global,
+ // shared-network, and subnet4 scopes. They are listed here
+ // as configuration parsing still accepts them. Eventually
+ // support for them will be removed.
+ "generated-prefix": "myhost",
+ "hostname-char-replacement": "x",
+ "hostname-char-set": "[^A-Za-z0-9.-]",
+ "override-client-update": false,
+ "override-no-update": false,
+ "qualifying-suffix": "",
+ "replace-client-name": "never"
+ },
+
+ // Specifies the first of the two consecutive ports of the UDP
+ // sockets used for communication between DHCPv6 and DHCPv4
+ // servers. See RFC 7341.
+ "dhcp4o6-port": 6767,
+
+ // Boolean flag indicating whether the Kea DHCPv4 server
+ // should send back the Client Identifier option in its responses.
+ // The default value is true, which indicates that the option
+ // must be sent back if the client included it. The false
+ // value instructs the server to not send this option for
+ // backward compatibility with older DHCP specifications, which
+ // stated that Client Identifier must not be sent back.
+ "echo-client-id": true,
+
+ // Collection of Kea DHCPv4 server parameters configuring how
+ // the server should process expired DHCP leases.
+ "expired-leases-processing": {
+ // Specifies the number of seconds since the last removal of
+ // the expired leases, when the next removal should occur.
+ // If both "flush-reclaimed-timer-wait-time" and
+ // "hold-reclaimed-time" are not 0, when the client sends a release
+ // message the lease is expired instead of being deleted from
+ // lease storage.
+ "flush-reclaimed-timer-wait-time": 25,
+
+ // Specifies the length of time in seconds to keep expired
+ // leases in the lease database (lease affinity).
+ // If both "flush-reclaimed-timer-wait-time" and
+ // "hold-reclaimed-time" are not 0, when the client sends a release
+ // message the lease is expired instead of being deleted from
+ // lease storage.
+ "hold-reclaimed-time": 3600,
+
+ // Specifies the maximum number of expired leases that can be
+ // processed in a single attempt to clean up expired leases
+ // from the lease database. If there are more
+ // expired leases, they will be processed during the next
+ // cleanup attempt.
+ "max-reclaim-leases": 100,
+
+ // Specifies the maximum time in milliseconds that a single attempt
+ // to clean up expired leases from the lease database may take.
+ "max-reclaim-time": 250,
+
+ // Specifies the length of time in seconds since the last attempt
+ // to process expired leases before initiating the next attempt.
+ "reclaim-timer-wait-time": 10,
+
+ // Specifies the maximum number of expired lease-processing cycles
+ // which didn't result in full cleanup of exired leases from the
+ // lease database, after which a warning message is issued.
+ "unwarned-reclaim-cycles": 5
+ },
+
+ // List of hook libraries and their specific configuration parameters
+ // to be loaded by Kea DHCPv4 server.
+ "hooks-libraries": [
+ {
+ // Location of the hook library to be loaded.
+ "library": "/opt/lib/kea/hooks/libdhcp_lease_cmds.so",
+
+ // Hook library-specific configuration parameters.
+ "parameters": { }
+ }
+ ],
+
+ // List of access credentials to external sources of IPv4 reservations,
+ "hosts-databases": [
+ {
+ // Name of the database to connect to.
+ "name": "keatest",
+
+ // Host on which the database resides.
+ "host": "localhost",
+
+ // Database password.
+ "password": "keatest",
+
+ // Port on which the database is available.
+ "port": 3306,
+
+ // Type of database, e.g. "mysql", "postgresql".
+ "type": "mysql",
+
+ // Username to be used to access the database.
+ "user": "keatest",
+
+ // Read-only mode.
+ "readonly": false,
+
+ // The next entries are for OpenSSL support in MySQL.
+
+ // Trust anchor aka certificate authority file or directory.
+ "trust-anchor": "my-ca",
+
+ // Client certificate file name.
+ "cert-file": "my-cert",
+
+ // Private key file name.
+ "key-file": "my-key",
+
+ // Cipher list (see the OpenSSL ciphers command manual).
+ "cipher-list": "AES",
+
+ // Connection reconnect wait time.
+ // This parameter governs how long Kea waits before attempting
+ // to reconnect. Expressed in milliseconds. The default is 0
+ // (disabled) for MySQL and PostgreSQL.
+ "reconnect-wait-time": 3000,
+
+ // Connection maximum reconnect tries.
+ "max-reconnect-tries": 3,
+
+ // Action to take when connection recovery fails.
+ // Supported values: stop-retry-exit, serve-retry-exit,
+ // serve-retry-continue
+ "on-fail": "stop-retry-exit",
+
+ // Flag which indicates if the DB recovery should be attempted
+ // at server startup and on reconfiguration events.
+ "retry-on-startup": false,
+
+ // Connection connect timeout in seconds.
+ "connect-timeout": 100,
+
+ // Timeout of database read operations in seconds.
+ "read-timeout": 120,
+
+ // Timeout of database write operations in seconds.
+ "write-timeout": 180
+ },
+ {
+ // Name of the database to connect to.
+ "name": "keatest",
+
+ // Host on which the database resides.
+ "host": "localhost",
+
+ // Database password.
+ "password": "keatest",
+
+ // Port on which the database is available.
+ "port": 5432,
+
+ // Type of database, e.g. "mysql", "postgresql".
+ "type": "postgresql",
+
+ // Username to be used to access the database.
+ "user": "keatest",
+
+ // TCP user timeout while communicating with the database.
+ // It is specified in seconds.
+ "tcp-user-timeout": 100
+ }
+ ],
+
+ // List of host reservation identifier types to be used by the
+ // Kea DHCPv4 server to fetch static reservations for
+ // DHCP clients. All identifiers are used by default, which
+ // means that the server will issue multiple queries to the
+ // database to find if there is a reservation for a particular
+ // client. If a particular deployment uses only a subset, e.g.
+ // one identifier type, this identifier should be only listed
+ // here to prevent unnecessary queries to the database.
+ "host-reservation-identifiers": [
+ "hw-address",
+ "duid",
+ "circuit-id",
+ "client-id",
+ "flex-id"
+ ],
+
+ // Specifies configuration of interfaces on which the Kea DHCPv4
+ // server is listening to the DHCP queries.
+ "interfaces-config": {
+ // Specifies whether the server should use "udp" sockets or
+ // "raw" sockets to listen to DHCP traffic. The "raw"
+ // sockets are useful when direct DHCP traffic is being
+ // received.
+ "dhcp-socket-type": "udp",
+
+ // Specifies a list of interfaces on which the Kea DHCPv4
+ // server should listen to DHCP requests.
+ "interfaces": [
+ "eth0"
+ ],
+
+ // Enumeration which indicates what interface should be used
+ // to send DHCP responses to the client. The default value is
+ // "same-as-inbound", which indicates that the response should
+ // be sent via the interface on which the client's query
+ // was received. The "use-routing" value indicates that the
+ // Kea server should use the kernel's routing table to find a
+ // suitable interface.
+ "outbound-interface": "same-as-inbound",
+
+ // Boolean flag indicating whether the available interfaces should
+ // be re-detected upon server reconfiguration. The default value
+ // is true, which means that the interfaces are always
+ // re-detected.
+ "re-detect": true,
+
+ // Kea tries to bind the service sockets during initialization, but it may
+ // fail due to a port being already opened or a misconfiguration. Kea can
+ // suppress these errors and only log them. This flag prevents starting
+ // the DHCP server without binding all sockets. If unspecified, it
+ // defaults to false.
+ "service-sockets-require-all": true,
+
+ // Kea tries to bind the service sockets during initialization. This
+ // option specifies how many times binding to interface will be retried.
+ // The default value is 0, which means that the operation will not be
+ // repeated.
+ "service-sockets-max-retries": 5,
+
+ // The time interval in milliseconds to wait before the next attempt to
+ // retry opening a service socket.
+ "service-sockets-retry-wait-time": 5000
+ },
+
+ // Boolean parameter which controls whether an early global host
+ // reservations lookup should be performed. This lookup takes place
+ // before subnet selection and when a global reservation is found
+ // with some client classes, it triggers a second phase classification.
+ // It can also be used to drop queries using host reservations as a
+ // decision table indexed by reservation identifiers.
+ "early-global-reservations-lookup": true,
+
+ // Boolean parameter which controls the DHCP server's behavior with respect
+ // to creating host reservations for the same IP address. By default
+ // this flag is set to true, in which case the server prevents creation
+ // of multiple host reservations for the same IP address. When this
+ // parameter is set to false, the server allows for creating multiple
+ // reservations for the same IP address within a subnet. This setting
+ // is useful in deployments in which a given host may be communicating
+ // with a DHCP server over multiple interfaces and, depending on the
+ // chosen interface, a different MAC address (or other identifier) will
+ // be used to identify the host. Note that some host backends do not
+ // support the mode in which multiple reservations for the same IP
+ // address are used. If these backends are in use and this setting
+ // is attempted, a configuration error will occur. The MySQL and
+ // PostgreSQL backends do support this mode.
+ "ip-reservations-unique": true,
+
+ // Boolean parameter which controls whether host reservations lookup
+ // should be performed before lease lookup. This parameter has effect
+ // only when multi-threading is disabled. When multi-threading is
+ // enabled, host reservations lookup is always performed first to avoid
+ // lease-lookup resource locking.
+ "reservations-lookup-first": true,
+
+ // Specifies credentials to access lease database.
+ "lease-database": {
+ // memfile backend-specific parameter specifying the interval
+ // in seconds at which the lease file should be cleaned up (outdated
+ // lease entries are removed to prevent the lease file from growing
+ // infinitely).
+ "lfc-interval": 3600,
+
+ // Maximum number of lease-file read errors allowed before
+ // loading the file is abandoned. Defaults to 0 (no limit).
+ "max-row-errors": 100,
+
+ // Name of the lease file. In the case of a database it specifies the
+ // database name.
+ "name": "/tmp/kea-dhcp4.csv",
+
+ // memfile-specific parameter indicating whether leases should
+ // be saved on persistent storage (disk) or not. The true value
+ // is the default and it indicates that leases are stored in
+ // persistent storage. This setting must be used in production.
+ // The false value should only be used for testing purposes
+ // because non-stored leases will be lost upon Kea server restart.
+ "persist": true,
+
+ // Lease database backend type, i.e. "memfile", "mysql" or
+ // "postgresql".
+ "type": "memfile"
+ },
+
+ // Boolean value indicating whether the Kea DHCPv4 server should use the client
+ // identifier value sent by the client or ignore it. The default value
+ // is true, which indicates that the server should use the client identifier
+ // and that it takes precedence over the client's MAC address. In deployments
+ // where MAC address should take precedence, this value can be set to
+ // false, in which case the clients will be identified by MAC address.
+ // This is specifically useful when clients don't generate unique
+ // identifiers or these identifiers are not stable, etc.
+ "match-client-id": false,
+
+ // Global value of the next server address set in 'siaddr' field.
+ // The global value may be overridden in lower-level configuration
+ // scopes.
+ "next-server": "192.0.2.123",
+
+ // Global value which limits the number of client packets (e.g.
+ // DHCPREQUESTs) that may be parked while waiting for hook library
+ // work to complete, prior to a response (e.g. DHCPACK) being sent
+ // back to the client. A typical example is when kea-dhcp4 parks a
+ // DHCPREQUEST while it sends the lease update(s) to its HA peer(s).
+ // The packet is unparked once the update(s) have been acknowledged.
+ // This value limits the number of packets that can be held pending
+ // the updates. In times of heavy client traffic, this value can keep
+ // kea-dhcp4 from building an insurmountable backlog of updates.
+ "parked-packet-limit": 128,
+
+ // List of global DHCP options that the Kea DHCPv4 server assigns to
+ // clients.
+ "option-data": [
+ {
+ // Boolean flag indicating whether the given option is always
+ // sent in response or only when requested. The default
+ // value of false indicates that it is only sent when
+ // requested.
+ "always-send": false,
+
+ // Option code. It is not required if the option name is
+ // provided.
+ "code": 6,
+
+ // Boolean value indicating whether the option data specified
+ // in the "data" field is specified as a string of hexadecimal
+ // digits or in human-readable CSV format.
+ "csv-format": true,
+
+ // Option data to be stored in the option payload.
+ "data": "192.0.3.1, 192.0.3.2",
+
+ // Option name. It is not required if the option code is
+ // provided.
+ "name": "domain-name-servers",
+
+ // Boolean flag indicating whether the given option is never
+ // sent in response. The default value of false indicates
+ // that it is sent when it should be. When true, the option
+ // is not sent despite any other setting, i.e. it is
+ // a final flag.
+ "never-send": false,
+
+ // Option space. The default is the "dhcp4" option space which
+ // groups top-level DHCPv4 options.
+ "space": "dhcp4"
+ }
+ ],
+
+ // List of global option definitions, i.e. option formats, that the
+ // Kea DHCPv4 server is using.
+ "option-def": [
+ {
+ // Boolean flag indicating whether the option definition comprises
+ // an array of values of some type, e.g. an array of IPv4 addresses.
+ // The default value of false means that the option does not
+ // comprise an array of values.
+ "array": false,
+
+ // Option code.
+ "code": 6,
+
+ // Holds a name of the option space encapsulated by this option.
+ // All options that belong to this option space will be sent
+ // as sub-options of this option. An empty string means that this
+ // option doesn't encapsulate any option.
+ "encapsulate": "",
+
+ // Option name.
+ "name": "my-option",
+
+ // Specifies the types of fields within the option if the option
+ // is said to be a "record" (see "type"). In this particular example
+ // this option comprises two fields, 1 byte and 2 bytes long.
+ "record-types": "uint8, uint16",
+
+ // Name of the option space to which this option belongs.
+ "space": "my-space",
+
+ // Option type. All possible types are listed in the Kea
+ // Administrator Reference Manual.
+ "type": "record"
+ }
+ ],
+
+ // Global value for the rebind timer, i.e. the time after which the
+ // DHCP client enters the rebind state if it fails to renew the lease.
+ "rebind-timer": 40,
+
+ // Global value for the renew timer, i.e. the time after which the
+ // DHCP client renews the lease.
+ "renew-timer": 30,
+
+ // Global value to store extended information (e.g. relay agent
+ // information) with each lease.
+ "store-extended-info": true,
+
+ // Statistics keep some samples per observation point.
+ // There are two default values: maximum count and maximum age.
+ // Setting the maximum count to zero disables it.
+ "statistic-default-sample-count": 0,
+
+ // When the maximum count is 0 the maximum age (in seconds) applies.
+ "statistic-default-sample-age": 60,
+
+ // Multi-threading parameters.
+ "multi-threading": {
+ // By default, Kea processes packets on multiple threads if the hardware permits.
+ "enable-multi-threading": true,
+
+ // When multi-threading is enabled, Kea will process packets on a
+ // number of multiple threads configurable through this option. The
+ // value must be a positive integer (0 means auto-detect).
+ "thread-pool-size": 0,
+
+ // When multi-threading is enabled, Kea will read packets from the
+ // interface and append a working item to the thread pool. This
+ // option configures the maximum number of items that can be queued.
+ // The value must be a positive integer (0 means unlimited).
+ "packet-queue-size": 0
+ },
+
+ // Governs how the Kea DHCPv4 server should deal with invalid
+ // data received from the client.
+ "sanity-checks": {
+ // Specifies how the Kea DHCPv4 server should behave when invalid
+ // data is read for a lease from the lease file. The following
+ // values are supported: "none" (don't attempt to correct the
+ // lease information), "warn" (print a warning for subnet-id
+ // related inconsistencies), "fix" (correct the subnet id by
+ // trying to find the suitable subnet), "fix-del" (similar
+ // to "fix" but delete the lease if no suitable subnet found),
+ // "del" (delete the lease if the lease has invalid subnet
+ // identifier value).
+ "lease-checks": "warn",
+
+ // Specifies how Kea DHCPv4 server should behave when invalid
+ // extended info is read for a lease from the lease file, or
+ // whether to upgrade from the old format. The following values
+ // are supported: "none" (don't attempt to correct or upgrade
+ // the extended info), "fix" (fix common inconsistencies and
+ // upgrade from the old format; this is the default), "strict"
+ // (fix inconsistencies with an impact on Leasequery),
+ // "pedantic" (enforce full Kea code format).
+ "extended-info-checks": "fix"
+ },
+
+ // List of shared networks used by the Kea DHCPv4 server. The shared
+ // networks group subnets together.
+ "shared-networks": [
+ {
+ // A flag selecting an IP address allocation strategy for all
+ // subnets in this shared network.
+ "allocator": "random",
+
+ // Shared-network level authoritative flag.
+ "authoritative": false,
+
+ // Shared-network level bootfile name.
+ "boot-file-name": "/dev/null",
+
+ // Restricts this shared network to allow only clients
+ // that belong to a particular client class. If an
+ // empty string is provided, no restriction is applied.
+ "client-class": "",
+
+ // Shared-network level value. See description at the global level.
+ "ddns-generated-prefix": "myhost",
+
+ // Shared-network level value. See description at the global level.
+ "ddns-override-client-update": false,
+
+ // Shared-network level value. See description at the global level.
+ "ddns-override-no-update": false,
+
+ // Shared-network level value. See description at the global level.
+ "ddns-qualifying-suffix": "",
+
+ // Shared-network level value. See description at the global level.
+ "ddns-replace-client-name": "never",
+
+ // Shared-network level value. See description at the global level.
+ "ddns-send-updates": true,
+
+ // Shared-network level value. See description at the global level.
+ "ddns-update-on-renew": true,
+
+ // Shared-network level value. See description at the global level.
+ // This field has been replaced by ddns-conflict-resolution-mode.
+ // Parsing is maintained only for backwards compatibility.
+ // "ddns-use-conflict-resolution": true,
+
+ // Shared-network level value. See description at the global level.
+ "ddns-conflict-resolution-mode": "check-with-dhcid",
+
+ // Shared-network level value. See description at the global level.
+ "ddns-ttl-percent": 0.65,
+
+ // Shared-network level value. See description at the global level.
+ "hostname-char-replacement": "x",
+
+ // Shared-network level value. See description at the global level.
+ "hostname-char-set": "[^A-Za-z0-9.-]",
+
+ // Specifies that this shared network is selected for
+ // requests received on a particular interface.
+ "interface": "eth0",
+
+ // Shared-network level flag specifying whether the client
+ // identifier should be used for identifying clients.
+ "match-client-id": true,
+
+ // Shared network name.
+ "name": "my-secret-network",
+
+ // Shared-network level specification of the next server
+ // to be sent in 'siaddr'.
+ "next-server": "192.0.2.123",
+
+ // If greater than zero, it is the lifetime of leases temporarily allocated
+ // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
+ "offer-lifetime" : 60,
+
+ // List of shared network-specific DHCP options.
+ "option-data": [],
+
+ // List of IPv4 relay addresses for which this shared
+ // network is selected.
+ "relay": {
+ "ip-addresses": []
+ },
+
+ // Shared-network level rebind timer.
+ "rebind-timer": 41,
+
+ // Shared-network level renew timer.
+ "renew-timer": 31,
+
+ // Shared-network level compute T1 and T2 timers.
+ "calculate-tee-times": true,
+
+ // T1 = valid lifetime * .5.
+ "t1-percent": .5,
+
+ // T2 = valid lifetime * .75.
+ "t2-percent": .75,
+
+ // Cache threshold = valid lifetime * .25.
+ "cache-threshold": .25,
+
+ // Cache maximum: when the client last-transmission time
+ // is close enough, the lease is not renewed and the current
+ // lease is returned as it was "cached".
+ "cache-max-age": 1000,
+
+ // Enumeration specifying the server's mode of operation when it
+ // fetches host reservations.
+ // "reservation-mode": "all",
+ // It is replaced by the "reservations-global",
+ // "reservations-in-subnet", and "reservations-out-of-pool"
+ // parameters.
+
+ // Specify whether the server should look up global reservations.
+ "reservations-global": false,
+
+ // Specify whether the server should look up in-subnet reservations.
+ "reservations-in-subnet": true,
+
+ // Specify whether the server can assume that all reserved addresses
+ // are out-of-pool.
+ // Ignored when reservations-in-subnet is false.
+ // If specified, it is inherited by "subnet4" levels.
+ "reservations-out-of-pool": false,
+
+ // List of client classes which must be evaluated when this shared
+ // network is selected for client assignments.
+ "require-client-classes": [ "late" ],
+
+ // Turn off storage of extended information (e.g. relay agent
+ // information) with each lease for this shared network.
+ "store-extended-info": false,
+
+ // Shared-network level server hostname set in 'sname' field.
+ "server-hostname": "",
+
+ // List of IPv4 subnets belonging to this shared network.
+ "subnet4": [
+ {
+ // Interface name matched against inbound interface name.
+ // Used in DHCPv4o6. See RFC 7341.
+ "4o6-interface": "",
+
+ // Interface ID option value. See RFC 7341.
+ "4o6-interface-id": "",
+
+ // Prefix matched against source address. See RFC7341.
+ "4o6-subnet": "2001:db8:1:1::/64",
+
+ // A flag selecting an IP address allocation strategy for
+ // the subnet.
+ "allocator": "iterative",
+
+ // Subnet-level authoritative flag.
+ "authoritative": false,
+
+ // Subnet-level bootfile name, set in 'file' field.
+ "boot-file-name": "",
+
+ // Restricts this subnet to allow only clients that belong
+ // to a particular client class. If an empty string is
+ // provided, no restriction is applied.
+ "client-class": "",
+
+ // Subnet-level value. See description at the global level.
+ "ddns-generated-prefix": "myhost",
+
+ // Subnet-level value. See description at the global level.
+ "ddns-override-client-update": false,
+
+ // Subnet-level value. See description at the global level.
+ "ddns-override-no-update": false,
+
+ // Subnet-level value. See description at the global level.
+ "ddns-qualifying-suffix": "",
+
+ // Subnet-level value. See description at the global level.
+ "ddns-replace-client-name": "never",
+
+ // Subnet-level value. See description at the global level.
+ "ddns-send-updates": true,
+
+ // Subnet-level value. See description at the global level.
+ "ddns-update-on-renew": true,
+
+ // Shared-network level value. See description at the global level.
+ // This field has been replaced by ddns-conflict-resolution-mode.
+ // Parsing is maintained only for backwards compatibility.
+ // "ddns-use-conflict-resolution": true,
+
+ // Subnet-level value. See description at the global level.
+ "ddns-conflict-resolution-mode": "check-with-dhcid",
+
+ // Subnet-level value. See description at the global level.
+ "ddns-ttl-percent": 0.55,
+
+ // Subnet-level value. See description at the global level.
+ "hostname-char-replacement": "x",
+
+ // Subnet-level value. See description at the global level.
+ "hostname-char-set": "[^A-Za-z0-9.-]",
+
+ // Subnet unique identifier.
+ "id": 1,
+
+ // Specifies that this subnet is selected for requests
+ // received on a particular interface.
+ "interface": "eth0",
+
+ // Subnet-level flag specifying whether the client identifier
+ // should be used for identifying clients.
+ "match-client-id": true,
+
+ // Subnet-level specification of the next server to be sent
+ // in 'siaddr'.
+ "next-server": "0.0.0.0",
+
+ // If greater than zero, it is the lifetime of leases temporarily allocated
+ // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
+ "offer-lifetime" : 60,
+
+ // Turn on storage of extended information (e.g. relay agent
+ // information) with each lease for this subnet.
+ "store-extended-info": true,
+
+ // Subnet-level list of DHCP options.
+ "option-data": [
+ {
+ // Boolean flag indicating whether the particular option
+ // should be always sent or sent only when requested.
+ "always-send": false,
+
+ // Option code.
+ "code": 3,
+
+ // Boolean flag indicating whether the option value specified
+ // in "data" is a string of hexadecimal values or human-readable
+ // CSV value.
+ "csv-format": true,
+
+ // Option data to be included in the option payload.
+ "data": "192.0.3.1",
+
+ // Option name.
+ "name": "routers",
+
+ // Boolean flag indicating whether the given option is never
+ // sent in response.
+ "never-send": false,
+
+ // Option space. The default value "dhcp4" designates the
+ // top-level option space.
+ "space": "dhcp4"
+ }
+ ],
+
+ // List of IP address pools belonging to the subnet.
+ "pools": [
+ {
+ // Restricts this pool to only be used for client
+ // requests belonging to a particular client class.
+ "client-class": "phones_server1",
+
+ // Pool-level list of DHCP options.
+ "option-data": [],
+
+ // Address range used for client assignments.
+ "pool": "192.1.0.1 - 192.1.0.200",
+
+ // List of client classes which must be evaluated when this pool
+ // is selected for client assignments.
+ "require-client-classes": [ "late" ]
+ },
+ {
+ // Restricts this pool to only be used for client
+ // requests belonging to a particular client class.
+ "client-class": "phones_server2",
+
+ // Pool-level list of DHCP options.
+ "option-data": [],
+
+ // Address range used for client assignments.
+ "pool": "192.3.0.1 - 192.3.0.200",
+
+ // List of client classes which must be evaluated when this pool
+ // is selected for client assignments.
+ "require-client-classes": [],
+
+ // Pool identifier used to enable statistics for this pool.
+ // The pool ID does not need to be unique within the subnet
+ // or across subnets.
+ // If not unconfigured, it defaults to 0. The statistics
+ // regarding this pool will be combined with the other statistics
+ // of all other pools with the same pool ID in this subnet.
+ "pool-id": 1
+ }
+ ],
+
+ // Subnet-level value of the rebind timer.
+ "rebind-timer": 40,
+
+ // List of IPv4 relay addresses for which this subnet is selected.
+ "relay": {
+ "ip-addresses": [
+ "192.168.56.1"
+ ]
+ },
+
+ // Subnet-level value of the renew timer.
+ "renew-timer": 30,
+
+ // Enumeration specifying the server's mode of operation when it
+ // fetches host reservations.
+ // "reservation-mode": "all",
+ // It is replaced by the "reservations-global",
+ // "reservations-in-subnet", and
+ // "reservations-out-of-pool" parameters.
+
+ // Specify whether the server should look up global reservations.
+ "reservations-global": false,
+
+ // Specify whether the server should look up in-subnet reservations.
+ "reservations-in-subnet": true,
+
+ // Specify whether the server can assume that all reserved
+ // addresses are out-of-pool.
+ // Ignored when reservations-in-subnet is false.
+ "reservations-out-of-pool": false,
+
+ // Subnet-level compute T1 and T2 timers.
+ "calculate-tee-times": true,
+
+ // T1 = valid lifetime * .5.
+ "t1-percent": .5,
+
+ // T2 = valid lifetime * .75.
+ "t2-percent": .75,
+
+ // Cache threshold = valid lifetime * .25.
+ "cache-threshold": .25,
+
+ // Subnet-level cache maximum.
+ "cache-max-age": 1000,
+
+ // List of static IPv4 reservations assigned to clients belonging
+ // to this subnet. For a detailed example, see reservations.json.
+ "reservations": [
+ {
+ // Identifier used for client matching. Supported values are
+ // "hw-address", "client-id", "duid", "circuit-id", "flex-id".
+ "circuit-id": "01:11:22:33:44:55:66",
+
+ // Reserved IP address.
+ "ip-address": "192.0.2.204",
+
+ // Hostname.
+ "hostname": "foo.example.org",
+
+ // Reservation-specific option data.
+ "option-data": [
+ {
+ // Option name.
+ "name": "vivso-suboptions",
+
+ // Option data.
+ "data": "4491"
+ }
+ ]
+ }
+ ],
+
+ // List of client classes which must be evaluated when this subnet
+ // is selected for client assignments.
+ "require-client-classes": [ "late" ],
+
+ // Subnet-level server hostname set in 'sname' field.
+ "server-hostname": "",
+
+ // Subnet prefix.
+ "subnet": "192.0.0.0/8",
+
+ // Subnet-level (default) valid lifetime.
+ "valid-lifetime": 6000,
+
+ // Subnet-level min valid lifetime.
+ "min-valid-lifetime": 4000,
+
+ // Subnet-level max valid lifetime.
+ "max-valid-lifetime": 8000
+ }
+ ],
+
+ // Shared-network level (default) valid lifetime.
+ "valid-lifetime": 6001,
+
+ // Shared-network level min valid lifetime.
+ "min-valid-lifetime": 4001,
+
+ // Shared-network level max valid lifetime.
+ "max-valid-lifetime": 8001
+ }
+ ],
+
+ // Global server hostname set in the 'sname' field.
+ "server-hostname": "",
+
+ // List of IPv4 subnets which don't belong to any shared network.
+ "subnet4": [],
+
+ // Global valid lifetime value.
+ "valid-lifetime": 6000,
+
+ // Global min valid lifetime value.
+ "min-valid-lifetime": 4000,
+
+ // Global max valid lifetime value.
+ "max-valid-lifetime": 8000,
+
+ // Reservations (examples are in other files).
+ "reservations": [],
+
+ // Configuration control (currently not used, i.e. this syntax
+ // is already defined but the corresponding feature is not implemented).
+ "config-control": {
+ // Only the configuration databases entry is defined.
+ "config-databases": [
+ {
+ // Name of the database to connect to.
+ "name": "config",
+
+ // Type of database, e.g. "mysql", "postgresql".
+ "type": "mysql"
+ }
+ ],
+ // Interval between attempts to fetch configuration updates
+ // via the configuration backends used.
+ "config-fetch-wait-time": 30
+ },
+
+ // Server tag.
+ "server-tag": "my DHCPv4 server",
+
+ // DHCP queue-control parameters.
+ "dhcp-queue-control": {
+ // Enable queue is mandatory.
+ "enable-queue": true,
+
+ // Queue type is mandatory.
+ "queue-type": "kea-ring4",
+
+ // Capacity is optional.
+ "capacity": 64
+ },
+
+ // Fetches host reservations.
+ // "reservation-mode": "all",
+ // It is replaced by the "reservations-global",
+ // "reservations-in-subnet", and "reservations-out-of-pool" parameters.
+
+ // Specify whether the server should look up global reservations.
+ "reservations-global": false,
+
+ // Specify whether the server should look up in-subnet reservations.
+ "reservations-in-subnet": true,
+
+ // Specify whether the server can assume that all reserved addresses
+ // are out-of-pool.
+ // Ignored when reservations-in-subnet is false.
+ // If specified, it is inherited by "shared-networks" and
+ // "subnet4" levels.
+ "reservations-out-of-pool": false,
+
+ // Global compute T1 and T2 timers.
+ "calculate-tee-times": true,
+
+ // T1 = valid lifetime * .5.
+ "t1-percent": .5,
+
+ // T2 = valid lifetime * .75.
+ "t2-percent": .75,
+
+ // Cache threshold = valid lifetime * .25.
+ "cache-threshold": .25,
+
+ // Global cache maximum.
+ "cache-max-age": 1000,
+
+ // String of zero or more characters with which to replace each
+ // invalid character in the hostname or Client FQDN. The default
+ // value is an empty string, which will cause invalid characters
+ // to be omitted rather than replaced.
+ "hostname-char-replacement": "x",
+
+ // Regular expression describing the invalid character set in
+ // the hostname or Client FQDN.
+ "hostname-char-set": "[^A-Za-z0-9.-]",
+
+ // List of loggers used by the servers using this configuration file.
+ "loggers": [
+ {
+ // Debug level, a value between 0..99. The greater the value
+ // the more detailed the debug log.
+ "debuglevel": 99,
+
+ // Name of the logger.
+ "name": "kea-dhcp4",
+
+ // Configures how the log should be output.
+ "output-options": [
+ {
+ // Determines whether the log should be flushed to a file.
+ "flush": true,
+
+ // Specifies maximum filesize before the file is rotated.
+ "maxsize": 10240000,
+
+ // Specifies the maximum number of rotated files to be kept.
+ "maxver": 1,
+
+ // Specifies the logging destination.
+ "output": "stdout",
+
+ // Specifies log entry content
+ "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
+ }
+ ],
+
+ // Specifies logging severity, i.e. "ERROR", "WARN", "INFO", "DEBUG".
+ "severity": "INFO"
+ }
+ ],
+
+ // If greater than zero, it is the lifetime of leases temporarily allocated
+ // on DISCOVER. When zero (the default), leases are not allocated on DISCOVER.
+ "offer-lifetime" : 60,
+
+ // Look at advanced examples for the use of user-contexts.
+ "user-context": { }
+ }
+}