diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 14:53:22 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 14:53:22 +0000 |
commit | 52c021ee0b0c6ad2128ed550c694aad0d11d4c3f (patch) | |
tree | 83cf8627b94336cf4bee7479b9749263bbfd3a06 /doc/examples/kea6/ha-hot-standby-server1-with-tls.json | |
parent | Initial commit. (diff) | |
download | isc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.tar.xz isc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.zip |
Adding upstream version 2.5.7.upstream/2.5.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/examples/kea6/ha-hot-standby-server1-with-tls.json')
-rw-r--r-- | doc/examples/kea6/ha-hot-standby-server1-with-tls.json | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/doc/examples/kea6/ha-hot-standby-server1-with-tls.json b/doc/examples/kea6/ha-hot-standby-server1-with-tls.json new file mode 100644 index 0000000..9fab542 --- /dev/null +++ b/doc/examples/kea6/ha-hot-standby-server1-with-tls.json @@ -0,0 +1,169 @@ +// This is an example configuration of the Kea DHCPv6 server. It uses High +// Availability hook library and Lease Commands hook library to enable +// High Availability function for the DHCP server. Note that almost exactly +// the same configuration must be used on the second server (partner). +// The only difference is that "this-server-name" must be set to "server2" +// on this other server. Also, the interface configuration and location of TLS +// specific files depend on the network settings and configuration of the +// particular machine. +// +// The servers using this configuration work in hot standby mode. +{ + +// DHCPv6 configuration starts here. +"Dhcp6": { + // Add names of your network interfaces to listen on. + "interfaces-config": { + // The DHCPv6 server listens on this interface. + "interfaces": [ "eth0" ] + }, + + // Control socket is required for communication between the Control + // Agent and the DHCP server. High Availability requires Control Agent + // to be running because lease updates are sent over the RESTful + // API between the HA peers. + "control-socket": { + "socket-type": "unix", + "socket-name": "/tmp/kea6-ctrl-socket" + }, + + // Use Memfile lease database backend to store leases in a CSV file. + // Depending on how Kea was compiled, it may also support SQL databases + // (MySQL and/or PostgreSQL). Those database backends require more + // parameters, like name, host and possibly user and password. + // There are dedicated examples for each backend. See Section 7.2.2 "Lease + // Storage" for details. + "lease-database": { + // Memfile is the simplest and easiest backend to use. It's an in-memory + "type": "memfile" + }, + + // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and + // libdhcp_ha.so. The former handles incoming lease updates from the HA peers. + // The latter implements high availability feature for Kea. + "hooks-libraries": [ + // The lease_cmds library must be loaded because HA makes use of it to + // deliver lease updates to the server as well as synchronize the + // lease database after failure. + { + "library": "/opt/lib/kea/hooks/libdhcp_lease_cmds.so", + "parameters": { } + }, + { + // The HA hook library should be loaded. + "library": "/opt/lib/kea/hooks/libdhcp_ha.so", + "parameters": { + // High Availability configuration is specified for the HA hook library. + // Each server should have the same HA configuration, except for the + // "this-server-name" parameter. + "high-availability": [ { + // This parameter points to this server instance. The respective + // HA peers must have this parameter set to their own names. + "this-server-name": "server1", + // The HA mode is set to hot-standby. This server will receive lease + // updates from the primary. The primary will be responding to all + // DHCP queries. + "mode": "hot-standby", + // Heartbeat is to be sent every 10 seconds if no other control + // commands are transmitted. + "heartbeat-delay": 10000, + // Maximum time for partner's response to a heartbeat, after which + // failure detection is started. This is specified in milliseconds. + "max-response-delay": 60000, + // The following parameters control how the server detects the + // partner's failure. The ACK delay sets the threshold for the + // 'secs' field of the received discovers. This is specified in + // milliseconds. + "max-ack-delay": 5000, + // This specifies the number of clients which send messages to + // the partner but appear to not receive any response. + "max-unacked-clients": 5, + // Trust anchor aka certificate authority file or directory. + "trust-anchor": "/usr/lib/kea/CA.pem", + // Client certificate file name. + "cert-file": "/usr/lib/kea/server_cert.pem", + // Private key file name. + "key-file": "/usr/lib/kea/server_key.pem", + // Client certificates are required and verified. + "require-client-certs": true, + "peers": [ + // This is the configuration of this server instance. + { + "name": "server1", + // This specifies the URL of this server instance. The + // Control Agent must run along with this DHCPv6 server + // instance and the "http-host" and "http-port" must be + // set to the corresponding values. + "url": "http://192.168.56.33:8000/", + // This server is primary. The other one must be + // standby. + "role": "primary" + }, + // This is the configuration of the HA peer. + { + "name": "server2", + // Specifies the URL on which the partner's control + // channel can be reached. The Control Agent is required + // to run on the partner's machine with "http-host" and + // "http-port" values set to the corresponding values. + "url": "http://192.168.56.66:8000/", + // The partner is standby. This server is primary. + "role": "standby" + } + ] + } ] + } + } + ], + + // The following list defines subnets. Each subnet consists of at + // least subnet and pool entries. + "subnet6": [ + { + "id": 1, + + "subnet": "2001:db8:1::/64", + + "pools": [ + { + "pool": "2001:db8:1::100 - 2001:db8:1::250" + } + ], + + "interface": "eth0" + } + ], + +// The following configures logging. It assumes that messages with at +// least informational level (info, warn, error and fatal) should be +// logged to stdout. Alternatively, you can specify stderr here, a filename +// or 'syslog', which will store output messages via syslog. + "loggers": [ + { + // This section affects kea-dhcp6, which is the base logger for DHCPv6 + // component. It tells DHCPv6 server to write all log messages (on + // severity INFO or more) to a file. + "name": "kea-dhcp6", + "output-options": [ + { + "output": "stdout" + } + ], + "severity": "INFO", + "debuglevel": 0 + }, + { + // This section specifies configuration of the HA hook library-specific + // logger. + "name": "kea-dhcp6.ha-hooks", + "output-options": [ + { + "output": "stdout" + } + ], + "severity": "INFO", + "debuglevel": 99 + } + ] +} +} |