diff options
Diffstat (limited to 'doc/examples/template-ha-mt-tls/kea-ca-1.conf')
| -rw-r--r-- | doc/examples/template-ha-mt-tls/kea-ca-1.conf | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/doc/examples/template-ha-mt-tls/kea-ca-1.conf b/doc/examples/template-ha-mt-tls/kea-ca-1.conf new file mode 100644 index 0000000..765dd9c --- /dev/null +++ b/doc/examples/template-ha-mt-tls/kea-ca-1.conf @@ -0,0 +1,90 @@ +// This is an example of a configuration for Control-Agent (CA) listening +// for incoming HTTPS traffic. This is necessary for handling API commands. +// For a High Availability setup with multi-threading enabled the CA is not +// needed as the peers communicate using a dedicated HTTP listener. + +// It is expected to run with a standby (the passive) server, which has a very similar +// configuration. The only difference is that the location of TLS specific files +// depend on the configuration of the particular machine. +{ + "Control-agent": + { + // We need to specify where the agent should listen to incoming HTTP + // queries. + "http-host": "192.168.1.2", + + // TLS trust anchor (Certificate Authority). This is a file name or + // (for OpenSSL only) a directory path. + "trust-anchor": "/usr/lib/kea/CA.pem", + + // TLS server certificate file name. + "cert-file": "/usr/lib/kea/ca1_cert.pem", + + // TLS server private key file name. + "key-file": "/usr/lib/kea/ca1_key.pem", + + // TLS require client certificates flag. + "cert-required": true, + + // This specifies the port CA will listen on. + // If enabling HA and multi-threading, the 8000 port is used by the HA + // hook library http listener. When using HA hook library with + // multi-threading to function, make sure the port used by dedicated + // listener is different (e.g. 8001) than the one used by CA. Note + // the commands should still be sent via CA. The dedicated listener + // is specifically for HA updates only. + "http-port": 8001, + + "control-sockets": + { + // This is how the Agent can communicate with the DHCPv4 server. + "dhcp4": + { + "comment": "socket to DHCPv4 server", + "socket-type": "unix", + "socket-name": "/tmp/kea4-ctrl-socket" + }, + + // Location of the DHCPv6 command channel socket. + "dhcp6": + { + "socket-type": "unix", + "socket-name": "/tmp/kea6-ctrl-socket" + }, + + // Location of the D2 command channel socket. + "d2": + { + "socket-type": "unix", + "socket-name": "/tmp/kea-ddns-ctrl-socket", + "user-context": { "in-use": false } + } + }, + + // Similar to other Kea components, CA also uses logging. + "loggers": [ + { + "name": "kea-ctrl-agent", + "output-options": [ + { + "output": "/var/log/kea-ctrl-agent.log", + + // Several additional parameters are possible in addition + // to the typical output. Flush determines whether logger + // flushes output to a file. Maxsize determines maximum + // filesize before the file is rotated. maxver + // specifies the maximum number of rotated files being + // kept. + "flush": true, + "maxsize": 204800, + "maxver": 4, + // We use pattern to specify custom log message layout + "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n" + } + ], + "severity": "INFO", + "debuglevel": 0 // debug level only applies when severity is set to DEBUG. + } + ] + } +} |