summaryrefslogtreecommitdiffstats
path: root/doc/examples/template-ha-mt-tls/kea-ca-1.conf
blob: 765dd9cc218e2c57eb1998565af81170c328da4e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
// This is an example of a configuration for Control-Agent (CA) listening
// for incoming HTTPS traffic. This is necessary for handling API commands.
// For a High Availability setup with multi-threading enabled the CA is not
// needed as the peers communicate using a dedicated HTTP listener.

// It is expected to run with a standby (the passive) server, which has a very similar
// configuration. The only difference is that the location of TLS specific files
// depend on the configuration of the particular machine.
{
    "Control-agent":
    {
        // We need to specify where the agent should listen to incoming HTTP
        // queries.
        "http-host": "192.168.1.2",

        // TLS trust anchor (Certificate Authority). This is a file name or
        // (for OpenSSL only) a directory path.
        "trust-anchor": "/usr/lib/kea/CA.pem",

        // TLS server certificate file name.
        "cert-file": "/usr/lib/kea/ca1_cert.pem",

        // TLS server private key file name.
        "key-file": "/usr/lib/kea/ca1_key.pem",

        // TLS require client certificates flag.
        "cert-required": true,

        // This specifies the port CA will listen on.
        // If enabling HA and multi-threading, the 8000 port is used by the HA
        // hook library http listener. When using HA hook library with
        // multi-threading to function, make sure the port used by dedicated
        // listener is different (e.g. 8001) than the one used by CA. Note
        // the commands should still be sent via CA. The dedicated listener
        // is specifically for HA updates only.
        "http-port": 8001,

        "control-sockets":
        {
            // This is how the Agent can communicate with the DHCPv4 server.
            "dhcp4":
            {
                "comment": "socket to DHCPv4 server",
                "socket-type": "unix",
                "socket-name": "/tmp/kea4-ctrl-socket"
            },

            // Location of the DHCPv6 command channel socket.
            "dhcp6":
            {
                "socket-type": "unix",
                "socket-name": "/tmp/kea6-ctrl-socket"
            },

            // Location of the D2 command channel socket.
            "d2":
            {
                "socket-type": "unix",
                "socket-name": "/tmp/kea-ddns-ctrl-socket",
                "user-context": { "in-use": false }
            }
        },

        // Similar to other Kea components, CA also uses logging.
        "loggers": [
            {
                "name": "kea-ctrl-agent",
                "output-options": [
                    {
                        "output": "/var/log/kea-ctrl-agent.log",

                        // Several additional parameters are possible in addition
                        // to the typical output. Flush determines whether logger
                        // flushes output to a file. Maxsize determines maximum
                        // filesize before the file is rotated. maxver
                        // specifies the maximum number of rotated files being
                        // kept.
                        "flush": true,
                        "maxsize": 204800,
                        "maxver": 4,
                        // We use pattern to specify custom log message layout
                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
                    }
                ],
                "severity": "INFO",
                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
            }
        ]
    }
}