summaryrefslogtreecommitdiffstats
path: root/doc/examples/template-ha-mt-tls/kea-ca-1.conf
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 14:53:22 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 14:53:22 +0000
commit52c021ee0b0c6ad2128ed550c694aad0d11d4c3f (patch)
tree83cf8627b94336cf4bee7479b9749263bbfd3a06 /doc/examples/template-ha-mt-tls/kea-ca-1.conf
parentInitial commit. (diff)
downloadisc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.tar.xz
isc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.zip
Adding upstream version 2.5.7.upstream/2.5.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--doc/examples/template-ha-mt-tls/kea-ca-1.conf90
1 files changed, 90 insertions, 0 deletions
diff --git a/doc/examples/template-ha-mt-tls/kea-ca-1.conf b/doc/examples/template-ha-mt-tls/kea-ca-1.conf
new file mode 100644
index 0000000..765dd9c
--- /dev/null
+++ b/doc/examples/template-ha-mt-tls/kea-ca-1.conf
@@ -0,0 +1,90 @@
+// This is an example of a configuration for Control-Agent (CA) listening
+// for incoming HTTPS traffic. This is necessary for handling API commands.
+// For a High Availability setup with multi-threading enabled the CA is not
+// needed as the peers communicate using a dedicated HTTP listener.
+
+// It is expected to run with a standby (the passive) server, which has a very similar
+// configuration. The only difference is that the location of TLS specific files
+// depend on the configuration of the particular machine.
+{
+ "Control-agent":
+ {
+ // We need to specify where the agent should listen to incoming HTTP
+ // queries.
+ "http-host": "192.168.1.2",
+
+ // TLS trust anchor (Certificate Authority). This is a file name or
+ // (for OpenSSL only) a directory path.
+ "trust-anchor": "/usr/lib/kea/CA.pem",
+
+ // TLS server certificate file name.
+ "cert-file": "/usr/lib/kea/ca1_cert.pem",
+
+ // TLS server private key file name.
+ "key-file": "/usr/lib/kea/ca1_key.pem",
+
+ // TLS require client certificates flag.
+ "cert-required": true,
+
+ // This specifies the port CA will listen on.
+ // If enabling HA and multi-threading, the 8000 port is used by the HA
+ // hook library http listener. When using HA hook library with
+ // multi-threading to function, make sure the port used by dedicated
+ // listener is different (e.g. 8001) than the one used by CA. Note
+ // the commands should still be sent via CA. The dedicated listener
+ // is specifically for HA updates only.
+ "http-port": 8001,
+
+ "control-sockets":
+ {
+ // This is how the Agent can communicate with the DHCPv4 server.
+ "dhcp4":
+ {
+ "comment": "socket to DHCPv4 server",
+ "socket-type": "unix",
+ "socket-name": "/tmp/kea4-ctrl-socket"
+ },
+
+ // Location of the DHCPv6 command channel socket.
+ "dhcp6":
+ {
+ "socket-type": "unix",
+ "socket-name": "/tmp/kea6-ctrl-socket"
+ },
+
+ // Location of the D2 command channel socket.
+ "d2":
+ {
+ "socket-type": "unix",
+ "socket-name": "/tmp/kea-ddns-ctrl-socket",
+ "user-context": { "in-use": false }
+ }
+ },
+
+ // Similar to other Kea components, CA also uses logging.
+ "loggers": [
+ {
+ "name": "kea-ctrl-agent",
+ "output-options": [
+ {
+ "output": "/var/log/kea-ctrl-agent.log",
+
+ // Several additional parameters are possible in addition
+ // to the typical output. Flush determines whether logger
+ // flushes output to a file. Maxsize determines maximum
+ // filesize before the file is rotated. maxver
+ // specifies the maximum number of rotated files being
+ // kept.
+ "flush": true,
+ "maxsize": 204800,
+ "maxver": 4,
+ // We use pattern to specify custom log message layout
+ "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
+ }
+ ],
+ "severity": "INFO",
+ "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
+ }
+ ]
+ }
+}