From: Francis Dupont Date: Tue, 27 Nov 2018 15:02:44 +0000 (+0100) Subject: [136-add-global-host-reservation-examples] Added (and used to find and fix a bug... X-Git-Tag: 284-need-dhcp6-example-for-netconf_base~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=81f4f566b6c8c0e4e5fc94bf3e67c75cfa9de853;p=thirdparty%2Fkea.git [136-add-global-host-reservation-examples] Added (and used to find and fix a bug) global reservation examples --- diff --git a/doc/examples/kea4/global-reservations.json b/doc/examples/kea4/global-reservations.json new file mode 100644 index 0000000000..111164b66a --- /dev/null +++ b/doc/examples/kea4/global-reservations.json @@ -0,0 +1,157 @@ +// This is an example configuration file for the DHCPv4 server in Kea. +// It contains one subnet and two global reservations for the clients +// identified by the MAC addresses. +{ "Dhcp4": + +{ +// Kea is told to listen on ethX interface only. + "interfaces-config": { + "interfaces": [ "ethX" ] + }, + +// We need to specify the the database used to store leases. As of September +// 2016, four database backends are supported: MySQL, PostgreSQL, Cassandra, and +// the in-memory database, Memfile. We'll use memfile because it doesn't +// require any prior set up. + "lease-database": { + "type": "memfile", + "lfc-interval": 3600 + }, + +// Addresses will be assigned with a lifetime of 4000 seconds. + "valid-lifetime": 4000, + +// Renew and rebind timers are commented out. This implies that options +// 58 and 59 will not be sent to the client. In this case it is up to +// the client to pick the timer values according to RFC2131. Uncomment the +// timers to send these options to the client. +// "renew-timer": 1000, +// "rebind-timer": 2000, + +// Kea supports reservations by several different types of identifiers: +// hw-address (hardware/MAC address of the client), duid (DUID inserted by the +// client), client-id (client identifier inserted by the client), circuit-id +// (circuit identifier inserted by the relay agent) and flex-id (flexible +// identifier available when flex_id hook library is loaded). When told to do +// so, Kea can check for all of those identifier types, but it takes a costly +// database lookup to do so. It is therefore useful from a performance +// perspective to use only the reservation types that are actually used in a +// given network. + +// The example below is not optimal from a performance perspective, but it +// nicely showcases the host reservation capabilities. Please use the minimum +// set of identifier types used in your network. +"host-reservation-identifiers": [ "circuit-id", "hw-address", "duid", + "client-id", "flex-id" ], + +// This directive tells Kea that reservations are global. +"reservation-mode": "global", + +// Define some reservations at the global scope. +"reservations": [ + +// This is a reservation for a specific hardware/MAC address. It's a very +// simple reservation: just an address and nothing else. +// Note it is not recommended but still allowed to reverse addresses at +// the global scope: as it breaks the link between the reservation and +// the subnet it can lead to a client localized in another subnet than +// its address belongs to. + { + "hw-address": "1a:1b:1c:1d:1e:1f", + "ip-address": "192.0.2.201" + }, + +// This is a reservation for a specific client-id. It also shows +// the this client will get a reserved hostname. A hostname can be defined +// for any identifier type, not just client-id. Either a hostname or +// an address is required. + { + "client-id": "01:11:22:33:44:55:66", + "hostname": "special-snowflake" + }, + +// The third reservation is based on DUID. This reservation also +// defines special option values for this particular client. If +// the domain-name-servers option would have been defined on a global, +// subnet or class level, the host specific values take preference. + { + "duid": "01:02:03:04:05", + "ip-address": "192.0.2.203", + "option-data": [ { + "name": "domain-name-servers", + "data": "10.1.1.202,10.1.1.203" + } ] + }, + +// The fourth reservation is based on circuit-id. This is an option inserted +// by the relay agent that forwards the packet from client to the server. +// In this example the host is also assigned vendor specific options. + { + "circuit-id": "01:11:22:33:44:55:66", + "ip-address": "192.0.2.204", + "option-data": [ + { + "name": "vivso-suboptions", + "data": "4491" + }, + { + "name": "tftp-servers", + "space": "vendor-4491", + "data": "10.1.1.202,10.1.1.203" + } + ] + }, + +// This reservation is for a client that needs specific DHCPv4 fields to be +// set. Three supported fields are next-server, server-hostname and +// boot-file-name + { + "client-id": "01:0a:0b:0c:0d:0e:0f", + "ip-address": "192.0.2.205", + "next-server": "192.0.2.1", + "server-hostname": "hal9000", + "boot-file-name": "/dev/null" + }, + +// This reservation is using flexible identifier. Instead of relying +// on specific field, sysadmin can define an expression similar to what +// is used for client classification, +// e.g. substring(relay[0].option[17],0,6). Then, based on the value of +// that expression for incoming packet, the reservation is matched. +// Expression can be specified either as hex or plain text using single +// quotes. +// Note: flexible identifier requires flex_id hook library to be +// loaded to work. + { + "flex-id": "s0mEVaLue", + "ip-address": "192.0.2.206" + } +], + // Define a subnet. + "subnet4": [ + { + "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ], + "subnet": "192.0.2.0/24", + "interface": "eth0" + } + ] +}, + +// The following configures logging. It assumes that messages with at +// least informational level (info, warn, error and fatal) should be +// logged to stdout. +"Logging": { + "loggers": [ + { + "name": "kea-dhcp4", + "output_options": [ + { + "output": "stdout" + } + ], + "severity": "INFO" + } + ] +} + +} diff --git a/doc/examples/kea6/global-reservations.json b/doc/examples/kea6/global-reservations.json new file mode 100644 index 0000000000..9511d699be --- /dev/null +++ b/doc/examples/kea6/global-reservations.json @@ -0,0 +1,152 @@ +// This is an example configuration file for DHCPv6 server in Kea +// that showcases how to do globalhost reservations. It is +// assumed that one subnet (2001:db8:1::/64) is available directly +// over ethX interface. + +{ "Dhcp6": + +{ +// Kea is told to listen on ethX interface only. + "interfaces-config": { + "interfaces": [ "ethX" ] + }, + +// We need to specify the the database used to store leases. As of +// September 2016, four database backends are supported: MySQL, +// PostgreSQL, Cassandra, and the in-memory database, Memfile. +// We'll use memfile because it doesn't require any prior set up. + "lease-database": { + "type": "memfile", + "lfc-interval": 3600 + }, + +// This is pretty basic stuff, it has nothing to do with reservations. + "preferred-lifetime": 3000, + "valid-lifetime": 4000, + "renew-timer": 1000, + "rebind-timer": 2000, + +// Kea supports three types of identifiers in DHCPv6: hw-address (hardware/MAC +// address of the client), duid (DUID inserted by the client) and flex-id +// (flexible identifier available when flex_id hook library is loaded) When told +// to do so, Kea can check for each of these identifier types, but it takes a +// costly database lookup to do so. It is therefore useful from a performance +// perspective to use only the reservation types that are actually used in a +// given network. + "host-reservation-identifiers": [ "duid", "hw-address", "flex-id" ], + +// This directive tells Kea that reservations are global. + "reservation-mode": "global", + +// Host reservations. Define several reservations. + "reservations": [ + +// This is a simple host reservation. The host with DUID matching +// the specified value will get an address of 2001:db8:1::100. +// Note it is not recommended but still allowed to reverse addresses at +// the global scope: as it breaks the link between the reservation and +// the subnet it can lead to a client localized in another subnet than +// its address belongs to. + { + "duid": "01:02:03:04:05:0A:0B:0C:0D:0E", + "ip-addresses": [ "2001:db8:1::100" ] + }, + +// This is similar to the previous one, but this time the reservation +// is done based on hardware/MAC address. The server will do its best to +// extract the hardware/MAC address from received packets (see +// 'mac-sources' directive for details). This particular reservation +// also specifies two extra options to be available for this client. If +// there are options with the same code specified in a global, subnet or +// class scope, the values defined at host level take precedence. + { + "hw-address": "00:01:02:03:04:05", + "ip-addresses": [ "2001:db8:1::101" ], + "option-data": [ + { + "name": "dns-servers", + "data": "3000:1::234" + }, + { + "name": "nis-servers", + "data": "3000:1::234" + }], + "client-classes": [ "special_snowflake", "office" ] + }, + +// This is a bit more advanced reservation. The client with the specified +// DUID will get a reserved address, a reserved prefix and a hostname. +// At least one of the three must be specified in a reservation. +// Finally, this reservation features vendor specific options for CableLabs, +// which happen to use enterprise-id 4491. Those particular values will +// be returned only to the client that has a DUID matching this reservation. + { + "duid": "01:02:03:04:05:06:07:08:09:0A", + "ip-addresses": [ "2001:db8:1:cafe::1" ], + "prefixes": [ "2001:db8:2:abcd::/64" ], + "hostname": "foo.example.com", + "option-data": [ { + "name": "vendor-opts", + "data": "4491" + }, + { + "name": "tftp-servers", + "space": "vendor-4491", + "data": "3000:1::234" + } ] + }, + +// This reservation is using flexible identifier. Instead of relying +// on specific field, sysadmin can define an expression similar to what +// is used for client classification, +// e.g. substring(relay[0].option[17],0,6). Then, based on the value of +// that expression for incoming packet, the reservation is matched. +// Expression can be specified either as hex or plain text using single +// quotes. +// Note: flexible identifier requires flex_id hook library to be +//loaded to work. + { + "flex-id": "'somevalue'", + "ip-addresses": [ "2001:db8:1:cafe::2" ] + } + ], + +// The following list defines subnets. Subnet, pools and interface definitions +// are the same as in the regular scenario. + "subnet6": [ + { + "subnet": "2001:db8::/47", + + "pools": [ { "pool": "2001:db8::/64" } ], + + "pd-pools": [ + { + "prefix": "2001:db8:1:8000::", + "prefix-len": 56, + "delegated-len": 64 + } + ], + "interface": "ethX" + } + ] +}, + +// The following configures logging. It assumes that messages with at +// least informational level (info, warn, error and fatal) should be +// logged to stdout. +"Logging": { + "loggers": [ + { + "name": "kea-dhcp6", + "output_options": [ + { + "output": "stdout" + } + ], + "debuglevel": 0, + "severity": "INFO" + } + ] +} + +} diff --git a/src/bin/dhcp4/tests/parser_unittest.cc b/src/bin/dhcp4/tests/parser_unittest.cc index c379ca26d5..e8598d009d 100644 --- a/src/bin/dhcp4/tests/parser_unittest.cc +++ b/src/bin/dhcp4/tests/parser_unittest.cc @@ -271,6 +271,7 @@ TEST(ParserTest, file) { "classify2.json", "comments.json", "dhcpv4-over-dhcpv6.json", + "global-reservations.json", "hooks.json", "leases-expiration.json", "multiple-options.json", diff --git a/src/bin/dhcp6/tests/parser_unittest.cc b/src/bin/dhcp6/tests/parser_unittest.cc index 7fc8119039..16b22a9e7a 100644 --- a/src/bin/dhcp6/tests/parser_unittest.cc +++ b/src/bin/dhcp6/tests/parser_unittest.cc @@ -278,6 +278,7 @@ TEST(ParserTest, file) { configs.push_back("comments.json"); configs.push_back("dhcpv4-over-dhcpv6.json"); configs.push_back("duid.json"); + configs.push_back("global-reservations.json"); configs.push_back("hooks.json"); configs.push_back("iPXE.json"); configs.push_back("leases-expiration.json"); diff --git a/src/lib/yang/adaptor_config.cc b/src/lib/yang/adaptor_config.cc index adca8e27b0..e536e6c36d 100644 --- a/src/lib/yang/adaptor_config.cc +++ b/src/lib/yang/adaptor_config.cc @@ -586,6 +586,7 @@ AdaptorConfig::preProcess(ElementPtr dhcp, const string& subsel, ConstElementPtr hosts = dhcp->get("reservations"); if (hosts) { if (!hosts->empty()) { + sanitizeHostList(hosts); sanitizeOptionHosts(hosts, space, codes); } else { dhcp->remove("reservations"); diff --git a/src/lib/yang/tests/adaptor_config_unittests.cc b/src/lib/yang/tests/adaptor_config_unittests.cc index 1ab3939966..91a31daef2 100644 --- a/src/lib/yang/tests/adaptor_config_unittests.cc +++ b/src/lib/yang/tests/adaptor_config_unittests.cc @@ -69,6 +69,7 @@ TEST_F(AdaptorConfigTest, loadExamples4) { "classify2.json", "comments.json", "dhcpv4-over-dhcpv6.json", + "global-reservations.json", "hooks.json", "leases-expiration.json", "multiple-options.json", @@ -99,6 +100,7 @@ TEST_F(AdaptorConfigTest, loadExamples6) { "comments.json", "dhcpv4-over-dhcpv6.json", "duid.json", + "global-reservations.json", "hooks.json", "iPXE.json", "leases-expiration.json", diff --git a/src/lib/yang/tests/config_unittests.cc b/src/lib/yang/tests/config_unittests.cc index 0987987223..dfde222c93 100644 --- a/src/lib/yang/tests/config_unittests.cc +++ b/src/lib/yang/tests/config_unittests.cc @@ -335,6 +335,7 @@ TEST_F(ConfigTest, examples4) { "classify2.json", "comments.json", "dhcpv4-over-dhcpv6.json", + "global-reservations.json", "hooks.json", "leases-expiration.json", "multiple-options.json", @@ -373,6 +374,7 @@ TEST_F(ConfigTest, examples6) { "comments.json", "dhcpv4-over-dhcpv6.json", "duid.json", + "global-reservations.json", "hooks.json", "iPXE.json", "leases-expiration.json",