summaryrefslogtreecommitdiffstats
path: root/doc/examples/kea6/ha-hot-standby-server1-with-tls.json
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 14:53:22 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 14:53:22 +0000
commit52c021ee0b0c6ad2128ed550c694aad0d11d4c3f (patch)
tree83cf8627b94336cf4bee7479b9749263bbfd3a06 /doc/examples/kea6/ha-hot-standby-server1-with-tls.json
parentInitial commit. (diff)
downloadisc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.tar.xz
isc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.zip
Adding upstream version 2.5.7.upstream/2.5.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/examples/kea6/ha-hot-standby-server1-with-tls.json')
-rw-r--r--doc/examples/kea6/ha-hot-standby-server1-with-tls.json169
1 files changed, 169 insertions, 0 deletions
diff --git a/doc/examples/kea6/ha-hot-standby-server1-with-tls.json b/doc/examples/kea6/ha-hot-standby-server1-with-tls.json
new file mode 100644
index 0000000..9fab542
--- /dev/null
+++ b/doc/examples/kea6/ha-hot-standby-server1-with-tls.json
@@ -0,0 +1,169 @@
+// This is an example configuration of the Kea DHCPv6 server. It uses High
+// Availability hook library and Lease Commands hook library to enable
+// High Availability function for the DHCP server. Note that almost exactly
+// the same configuration must be used on the second server (partner).
+// The only difference is that "this-server-name" must be set to "server2"
+// on this other server. Also, the interface configuration and location of TLS
+// specific files depend on the network settings and configuration of the
+// particular machine.
+//
+// The servers using this configuration work in hot standby mode.
+{
+
+// DHCPv6 configuration starts here.
+"Dhcp6": {
+ // Add names of your network interfaces to listen on.
+ "interfaces-config": {
+ // The DHCPv6 server listens on this interface.
+ "interfaces": [ "eth0" ]
+ },
+
+ // Control socket is required for communication between the Control
+ // Agent and the DHCP server. High Availability requires Control Agent
+ // to be running because lease updates are sent over the RESTful
+ // API between the HA peers.
+ "control-socket": {
+ "socket-type": "unix",
+ "socket-name": "/tmp/kea6-ctrl-socket"
+ },
+
+ // Use Memfile lease database backend to store leases in a CSV file.
+ // Depending on how Kea was compiled, it may also support SQL databases
+ // (MySQL and/or PostgreSQL). Those database backends require more
+ // parameters, like name, host and possibly user and password.
+ // There are dedicated examples for each backend. See Section 7.2.2 "Lease
+ // Storage" for details.
+ "lease-database": {
+ // Memfile is the simplest and easiest backend to use. It's an in-memory
+ "type": "memfile"
+ },
+
+ // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
+ // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
+ // The latter implements high availability feature for Kea.
+ "hooks-libraries": [
+ // The lease_cmds library must be loaded because HA makes use of it to
+ // deliver lease updates to the server as well as synchronize the
+ // lease database after failure.
+ {
+ "library": "/opt/lib/kea/hooks/libdhcp_lease_cmds.so",
+ "parameters": { }
+ },
+ {
+ // The HA hook library should be loaded.
+ "library": "/opt/lib/kea/hooks/libdhcp_ha.so",
+ "parameters": {
+ // High Availability configuration is specified for the HA hook library.
+ // Each server should have the same HA configuration, except for the
+ // "this-server-name" parameter.
+ "high-availability": [ {
+ // This parameter points to this server instance. The respective
+ // HA peers must have this parameter set to their own names.
+ "this-server-name": "server1",
+ // The HA mode is set to hot-standby. This server will receive lease
+ // updates from the primary. The primary will be responding to all
+ // DHCP queries.
+ "mode": "hot-standby",
+ // Heartbeat is to be sent every 10 seconds if no other control
+ // commands are transmitted.
+ "heartbeat-delay": 10000,
+ // Maximum time for partner's response to a heartbeat, after which
+ // failure detection is started. This is specified in milliseconds.
+ "max-response-delay": 60000,
+ // The following parameters control how the server detects the
+ // partner's failure. The ACK delay sets the threshold for the
+ // 'secs' field of the received discovers. This is specified in
+ // milliseconds.
+ "max-ack-delay": 5000,
+ // This specifies the number of clients which send messages to
+ // the partner but appear to not receive any response.
+ "max-unacked-clients": 5,
+ // Trust anchor aka certificate authority file or directory.
+ "trust-anchor": "/usr/lib/kea/CA.pem",
+ // Client certificate file name.
+ "cert-file": "/usr/lib/kea/server_cert.pem",
+ // Private key file name.
+ "key-file": "/usr/lib/kea/server_key.pem",
+ // Client certificates are required and verified.
+ "require-client-certs": true,
+ "peers": [
+ // This is the configuration of this server instance.
+ {
+ "name": "server1",
+ // This specifies the URL of this server instance. The
+ // Control Agent must run along with this DHCPv6 server
+ // instance and the "http-host" and "http-port" must be
+ // set to the corresponding values.
+ "url": "http://192.168.56.33:8000/",
+ // This server is primary. The other one must be
+ // standby.
+ "role": "primary"
+ },
+ // This is the configuration of the HA peer.
+ {
+ "name": "server2",
+ // Specifies the URL on which the partner's control
+ // channel can be reached. The Control Agent is required
+ // to run on the partner's machine with "http-host" and
+ // "http-port" values set to the corresponding values.
+ "url": "http://192.168.56.66:8000/",
+ // The partner is standby. This server is primary.
+ "role": "standby"
+ }
+ ]
+ } ]
+ }
+ }
+ ],
+
+ // The following list defines subnets. Each subnet consists of at
+ // least subnet and pool entries.
+ "subnet6": [
+ {
+ "id": 1,
+
+ "subnet": "2001:db8:1::/64",
+
+ "pools": [
+ {
+ "pool": "2001:db8:1::100 - 2001:db8:1::250"
+ }
+ ],
+
+ "interface": "eth0"
+ }
+ ],
+
+// The following configures logging. It assumes that messages with at
+// least informational level (info, warn, error and fatal) should be
+// logged to stdout. Alternatively, you can specify stderr here, a filename
+// or 'syslog', which will store output messages via syslog.
+ "loggers": [
+ {
+ // This section affects kea-dhcp6, which is the base logger for DHCPv6
+ // component. It tells DHCPv6 server to write all log messages (on
+ // severity INFO or more) to a file.
+ "name": "kea-dhcp6",
+ "output-options": [
+ {
+ "output": "stdout"
+ }
+ ],
+ "severity": "INFO",
+ "debuglevel": 0
+ },
+ {
+ // This section specifies configuration of the HA hook library-specific
+ // logger.
+ "name": "kea-dhcp6.ha-hooks",
+ "output-options": [
+ {
+ "output": "stdout"
+ }
+ ],
+ "severity": "INFO",
+ "debuglevel": 99
+ }
+ ]
+}
+}