Hi,
If I may ask, what version of Kea are you using? Some defaults have
changed across versions.
Thank you,
Darren Ankney
On Tue, Dec 26, 2023 at 4:31 PM CS <cs.temp.m...@gmail.com> wrote:
>
> >Please describe what you mean by "it doesn't work".
> I mean I get a pretty useless error: "Unable to connect to Kea Control Agent."
>
> > it might be be best to ask Men & Mice about "micetro" and how best to set
> > things
> I will at some point, when I find a resource with them. But there are two
> players in this and since kea isn't behaving as expected like you, I and the
> docs said. I'm starting here.
>
> >It actually SHOULDN'T work
> That's my read on it too. But here's proof. The CA config for one server. It
> matches for the other server except certs and ip addresses obv.
>
> "Control-agent": {
> "http-host": "xxx.xx1.xxx.xxx",
> "trust-anchor": "Certificate_Autority.pem",
> "cert-file": "ca1_cert.pem",
> "key-file": "ca1_key.pem",
> "cert-required": true,
> "http-port": 8000,
> "authentication": {
> "type": "basic",
> "realm": "kea-control-agent",
> "clients": [{
> "user": "baduser",
> "password": "badpassword",
> }]
> },
>
> And the dhcp4 config, likewise only the small differences between the two
> servers
>
> "hooks-libraries": [{
> "library":
> "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so",
> "parameters": {}
> },{
> "library" :
> "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
> "parameters": {
> "high-availability": [{
> "this-server-name": "server1.org.org",
> "mode": "load-balancing",
> "heartbeat-delay": 10000,
> "max-response-delay": 60000,
> "max-ack-delay": 5000,
> "max-unacked-clients": 0,
> "require-client-certs": true,
> "trust-anchor":
> "Certificate_Autority.pem",
> "auto-failover": true,
>
> "peers": [{
> "name": "server1.org.org",
> "url":
> "http://xxx.xx1.xxx.xxx:8000/";,
> "cert-file": "dhcp1_cert.pem",
> "key-file": "dhcp1_key.pem",
> "basic-auth-user": "baduser",
> "basic-auth-password":
> "badpassword",
> "role": "primary",
> },{
> "name": "server2.org.org",
> "url":
> "http://xxx.xx2.xxx.xxx:8000/";,
> "cert-file": "dhcp2_cert.pem",
> "key-file": "dhcp2_key.pem",
> "role": "secondary",
> "basic-auth-user": "baduser",
> "basic-auth-password":
> "badpassword",
> }]
> }]
>
> low and behold it runs. The same nature of daemon status and logs on the
> other server.
>
> $ sudo systemctl restart isc-kea-ctrl-agent.service
> isc-kea-dhcp4-server.service
> $ sudo systemctl status isc-kea-ctrl-agent.service
> isc-kea-dhcp4-server.service
> ● isc-kea-ctrl-agent.service - Kea Control Agent
> Loaded: loaded (/lib/systemd/system/isc-kea-ctrl-agent.service; enabled;
> vendor preset: enabled)
> Active: active (running) since Tue 2023-12-26 20:57:29 UTC; 11s ago
> Docs: man:kea-ctrl-agent(8)
> Main PID: 1393724 (kea-ctrl-agent)
> Tasks: 5 (limit: 19052)
> Memory: 2.5M
> CPU: 26ms
> CGroup: /system.slice/isc-kea-ctrl-agent.service
> └─1393724 /usr/sbin/kea-ctrl-agent -c
> /etc/kea/kea-ctrl-agent.conf
>
> Dec 26 20:57:29 kea1 systemd[1]: Started Kea Control Agent.
>
> ● isc-kea-dhcp4-server.service - Kea DHCPv4 Service
> Loaded: loaded (/lib/systemd/system/isc-kea-dhcp4-server.service;
> enabled; vendor preset: enabled)
> Active: active (running) since Tue 2023-12-26 20:57:29 UTC; 11s ago
> Docs: man:kea-dhcp4(8)
> Main PID: 1393730 (kea-dhcp4)
> Tasks: 9 (limit: 19052)
> Memory: 4.5M
> CPU: 96ms
> CGroup: /system.slice/isc-kea-dhcp4-server.service
> └─1393730 /usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
>
> Dec 26 20:57:29 kea1 systemd[1]: isc-kea-dhcp4-server.service: Deactivated
> successfully.
> Dec 26 20:57:29 kea1 systemd[1]: Stopped Kea DHCPv4 Service.
> Dec 26 20:57:29 kea1 systemd[1]: isc-kea-dhcp4-server.service: Consumed 1min
> 28.504s CPU time.
> Dec 26 20:57:29 kea1 systemd[1]: Started Kea DHCPv4 Service.
>
> $ tail -n10 /var/log/kea/kea-ctrl-agent.log
> 2023-12-26 20:59:53.827 INFO [kea-ctrl-agent.ctrl-agent/1393724]
> CTRL_AGENT_COMMAND_RECEIVED command ha-heartbeat received from remote address
> xxx.xxx2.xxx.xxx
> 2023-12-26 20:59:53.828 INFO [kea-ctrl-agent.ctrl-agent/1393724]
> CTRL_AGENT_COMMAND_FORWARDED command ha-heartbeat successfully forwarded to
> the service dhcp4 from remote address xxx.xx2.xxx.xxx
> 2023-12-26 21:00:03.843 INFO [kea-ctrl-agent.auth/1393724]
> HTTP_CLIENT_REQUEST_AUTHORIZED received HTTP request authorized for 'baduser'
> 2023-12-26 21:00:03.843 INFO [kea-ctrl-agent.commands/1393724]
> COMMAND_RECEIVED Received command 'ha-heartbeat'
> 2023-12-26 21:00:03.843 INFO [kea-ctrl-agent.ctrl-agent/1393724]
> CTRL_AGENT_COMMAND_RECEIVED command ha-heartbeat received from remote address
> xxx.xxx2.xxx.xxx
> 2023-12-26 21:00:03.844 INFO [kea-ctrl-agent.ctrl-agent/1393724]
> CTRL_AGENT_COMMAND_FORWARDED command ha-heartbeat successfully forwarded to
> the service dhcp4 from remote address xxx.xxx2.xxx.xxx
> 2023-12-26 21:00:13.859 INFO [kea-ctrl-agent.auth/1393724]
> HTTP_CLIENT_REQUEST_AUTHORIZED received HTTP request authorized for 'baduser'
> 2023-12-26 21:00:13.859 INFO [kea-ctrl-agent.commands/1393724]
> COMMAND_RECEIVED Received command 'ha-heartbeat'
> 2023-12-26 21:00:13.859 INFO [kea-ctrl-agent.ctrl-agent/1393724]
> CTRL_AGENT_COMMAND_RECEIVED command ha-heartbeat received from remote address
> xxx.xxx2.xxx.xxx
> 2023-12-26 21:00:13.860 INFO [kea-ctrl-agent.ctrl-agent/1393724]
> CTRL_AGENT_COMMAND_FORWARDED command ha-heartbeat successfully forwarded to
> the service dhcp4 from remote address xxx.xxx2.xxx.xxx
> $ tail -n10 /var/log/kea/kea-dhcp4.log
> 2023-12-26 20:58:53.728 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 20:59:03.745 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 20:59:13.762 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 20:59:23.777 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 20:59:33.793 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 20:59:43.811 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 20:59:53.827 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 21:00:03.844 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 21:00:13.859 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
> 2023-12-26 21:00:23.875 INFO [kea-dhcp4.commands/1393730] COMMAND_RECEIVED
> Received command 'ha-heartbeat'
>
> And changing the CA or the server HA paramersts to port 8001 without changing
> the other (and the other server results in "connection refused" logs. It obv
> wants the CA port to match the HA parameters port despite what we and the
> documentation suggests...
>
> CS, cs.temp.m...@gmail.com
>
>
> On Mon, 25 Dec 2023 at 02:45, Darren Ankney <darren.ank...@gmail.com> wrote:
>>
>> Hi,
>>
>> It actually SHOULDN'T work to set your control agent and
>> multi-threaded HA listener to the same port as only one of the
>> applications should be able to setup a listener on that port. Please
>> describe what you mean by "it doesn't work". I'm thinking it might be
>> be best to ask Men & Mice about "micetro" and how best to set things
>> up there.
>>
>> Thank you,
>>
>> Darren Ankney
>>
>> On Thu, Dec 21, 2023 at 6:47 PM CS <cs.temp.m...@gmail.com> wrote:
>> >
>> > Hi all,
>> > Moving on from my failure to start and logging issues (thank you for your
>> > help btw!) I now don't have my heartbeat/control_agent working correctly.
>> >
>> > It works fine so long as I set the ports of my control agents and ha hook
>> > parameters to be the same (IE 8000 or 8001)
>> >
>> > However I am unable to tie the tiny cluster into micetro, probably because
>> > the CA port is occupied with HA heartbeats?
>> >
>> > Looking to these examples:
>> > https://github.com/isc-projects/kea/tree/master/doc/examples/template-ha-mt-tls
>> >
>> > Documentation points out
>> > //This specifies the port CA will listen on.
>> > // If enabling HA and multi-threading, the 8000 port is used by
>> > the HA
>> > // hook library http listener. When using HA hook library with
>> > // multi-threading to function, make sure the port used by
>> > dedicated
>> > // listener is different (e.g. 8001) than the one used by CA. Note
>> > // the commands should still be sent via CA. The dedicated listener
>> > // is specifically for HA updates only.
>> >
>> > However, how to have a dedicated port for HA and a different one for CA
>> > escapes me.
>> >
>> > CS, cs.temp.m...@gmail.com
>> > --
>> > ISC funds the development of this software with paid support
>> > subscriptions. Contact us at https://www.isc.org/contact/ for more
>> > information.
>> >
>> > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>> >
>> > Kea-users mailing list
>> > Kea-users@lists.isc.org
>> > https://lists.isc.org/mailman/listinfo/kea-users
>> --
>> ISC funds the development of this software with paid support subscriptions.
>> Contact us at https://www.isc.org/contact/ for more information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
