| v4-access-domain | 213 | fqdn | false | false |
+----------------------------------------+------+---------------------------+-------------+-------------+
+You can see example of how these options are configured at :ref:`config-example-kea4-all-options-json`.
+
.. note::
The ``default-url`` option was replaced with ``v4-captive-portal`` in Kea 2.1.2, as introduced by
Another possibility is to redefine the option; see :ref:`dhcp4-private-opts`.
Kea comes with several example configuration files. Some of them showcase
-how to configure options 60 and 43. See ``doc/examples/kea4/vendor-specific.json``
-and ``doc/examples/kea4/vivso.json`` in the Kea sources.
+how to configure options 60 and 43. See :ref:`config-example-kea4-vendor-specific-json`
+and :ref:`config-example-kea4-vivso-json`.
.. note::
protocol, to separate them. The "pipe" (``0x7C``) character can be used in the ``dohpath`` service parameter,
as it is allowed in a URI.
-Examples for DNR DHCPv4 options are provided in the Kea sources, in
-`all-options.json` in the `doc/examples/kea4` directory.
+Examples for DNR DHCPv4 options are provided in the Kea sources can be found
+at :ref:`config-example-kea4-all-options-json`.
.. _host-reservation-v4:
| addr-reg-enable | 148 | empty | false |
+--------------------------+-----------------+-----------------+-----------------+
+You can see example of how these options can be configured at :ref:`config-example-kea6-all-options-json`.
+
The unicast option was deprecated by the `RFC 9915
<https://datatracker.ietf.org/doc/html/rfc9915>`__, it is still
supported but not be used and will be removed in a further Kea release.
The other currently defined service parameters mandatory (0), no-default-alpn (2), ipv4hint (4), ech (5),
ipv6hint (6), and ohttp (8) are not usable in the DNR option.
-Further examples are provided in Kea sources in the ``all-options.json`` file
-in the ``doc/examples/kea6`` directory. The DHCPv4 option is nearly identical, and is described
-in :ref:`dnr4-options`.
+Further examples can be found at :ref:`config-example-kea6-all-options-json`.
+The DHCPv4 option is nearly identical, and is described in :ref:`dnr4-options`.
.. _ntp-server-suboptions:
}
In order to launch the Kea DHCPv6 server using the configuration
-contained within the ``boot.json`` file, run:
+contained within the :ref:`config-example-netconf-kea-dhcp6-operations-boot-json` file, run:
.. code-block:: console
# echo '{ "command": "config-get" }' | socat UNIX:/opt/kea/var/run/kea/kea-dhcp6-ctrl.sock '-,ignoreeof'
-The following is the example ``netconf.json`` configuration for
+The following is the example :ref:`config-example-netconf-kea-dhcp6-operations-netconf-json` configuration for:
:iscman:`kea-netconf`, to manage the Kea DHCPv6 server:
.. code-block:: json
RADIUS is a complicated environment. As such, it is not feasible
to provide a default configuration that works for everyone.
However, we do have an example that showcases some of the more common
-features; please see ``doc/examples/kea4/hooks-radius.json`` in the Kea
-sources.
+features; please see :ref:`config-example-kea4-hooks-radius-json`.
The RADIUS hook library supports the following global configuration
flags:
- ``unknown-role``: the configuration of the unknown role
(used when the not-empty assigned role has no configuration).
-Sample Configuration
-~~~~~~~~~~~~~~~~~~~~
+Sample Configurations
+~~~~~~~~~~~~~~~~~~~~~
-A sample configuration is available in ``doc/examples/kea4/hooks-rbac.json``
-in the Kea source and is copied below.
-
-.. code-block:: javascript
- :linenos:
- :emphasize-lines: 41-95
-
- {"Dhcp4":
-
- {
- // Kea is told to listen on the eth0 interface only.
- "interfaces-config": {
- "interfaces": [ "eth0" ]
- },
-
- // Set up the storage for leases.
- "lease-database": {
- "type": "memfile"
- },
-
- "valid-lifetime": 1800,
-
- // Define a single subnet.
- "subnet4": [
- {
- "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
- "id": 1,
- "subnet": "192.0.2.0/24",
- "interface": "eth0"
- }
- ],
-
- // Control sockets.
- "control-sockets": [
- {
- "socket-type": "https",
- "socket-address": "127.0.0.1",
- "socket-port": 8000,
- "trust-anchor": "my-ca",
- "cert-file": "my-cert",
- "key-file": "my-key",
- "cert-required": true
- }
- ],
-
- // Add hooks here.
- "hooks-libraries": [
- {
- "library": "libdhcp_rbac.so",
- "parameters": {
- // This section configures the RBAC hook library.
- // Mandatory parameters.
- "assign-role-method": "cert-subject",
- "api-files": "/opt/share/kea/api",
- // Optional parameters.
- "require-tls": true,
- "commands": [
- {
- "name": "my-command",
- "access": "read",
- "hook": "my-hook"
- } ],
- "access-control-lists": [
- {
- "my-none": { "not": "ALL" }
- },{
- "another-none": { "and": [ "ALL", "NONE" ] }
- },{
- "my-read": { "access": "read" }
- } ],
- "roles": [
- {
- "name": "kea-client",
- "accept-commands":
- {
- "commands": [ "list-commands", "status-get" ]
- },
- "reject-commands": "NONE",
- "other-commands": "reject",
- "list-match-first": "accept",
- "response-filters": [ "list-commands" ]
- },{
- "name": "admin",
- "accept-commands": "ALL",
- "reject-commands":
- {
- "hook": "cb_cmds"
- },
- "list-match-first": "reject"
- } ],
- "default-role":
- {
- "accept-commands": "NONE",
- "reject-commands": "ALL"
- },
- "unknown-role":
- {
- "accept-commands": "READ",
- "reject-commands": "WRITE"
- }
- }
- }
- ]
-
- // Additional parameters, such as logging and others
- // omitted for clarity.
-
- }
- }
+Sample configurations are available at :ref:`config-example-kea4-hooks-rbac-json`
+and :ref:`config-example-kea6-hooks-rbac-json`.
Accept/Reject Algorithm
projects / thirdparty / kea.git / commitdiff
