From: Razvan Becheriu Date: Sat, 27 Aug 2022 21:16:24 +0000 (+0300) Subject: [#2441] fixed comments in examples X-Git-Tag: Kea-2.3.0~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6ab5f516618f9bdbb7a361f7c830345c7309876e;p=thirdparty%2Fkea.git [#2441] fixed comments in examples --- diff --git a/doc/examples/kea4/ha-load-balancing-server1-mt-with-tls.json b/doc/examples/kea4/ha-load-balancing-server1-mt-with-tls.json index 951ee2d1b0..a837ada392 100644 --- a/doc/examples/kea4/ha-load-balancing-server1-mt-with-tls.json +++ b/doc/examples/kea4/ha-load-balancing-server1-mt-with-tls.json @@ -135,6 +135,9 @@ // hundreds of thausands of clients), you may need to increase it // further. The default value is 60000ms (60 seconds). "sync-timeout": 60000, + // To not experience performance degradation when the Kea server is + // processing packets on multiple threads, the High Availablility module + // must be configured in a similar way. "multi-threading": { "enable-multi-threading": true, // When running in MT mode, the dedicated listener is used to handle @@ -149,10 +152,11 @@ // This is the configuration of this server instance. { "name": "server1", - // This specifies the URL of our server instance. The - // Control Agent is not required run along with our DHCPv4 server - // instance. The "http-host" and "http-port" values must be - // set to different values then the Control Agent. + // This specifies the URL of this server instance. The + // Control Agent is not required to run along with this DHCPv4 server + // instance if multi-threading is enabled. + // The "http-host" and "http-port" values must be set to different + // values then the ones used by the Control Agent. "url": "http://192.168.56.33:8000/", // Trust anchor aka certificate authority file or directory. "trust-anchor": "/usr/lib/kea/CA.pem", @@ -160,18 +164,20 @@ "cert-file": "/usr/lib/kea/server1_cert.pem", // Private key file name. "key-file": "/usr/lib/kea/server1_key.pem", + // Client certificates are required and verified. + "require-client-certs": true, // This server is primary. The other one must be // secondary. "role": "primary" }, - // This is the configuration of our HA peer. + // This is the configuration of the HA peer. { "name": "server2", // Specifies the URL on which the partner's control // channel can be reached. The Control Agent is not required - // to run on the partner's machine. The "http-host" and - // "http-port" values must be set to different values then the - // Control Agent. + // to run on the partner's machine if multi-threading is enabled. + // The "http-host" and "http-port" values must be set to different + // values then the ones used by the Control Agent. "url": "http://192.168.56.66:8000/", // Trust anchor aka certificate authority file or directory. "trust-anchor": "/usr/lib/kea/CA.pem", @@ -179,7 +185,9 @@ "cert-file": "/usr/lib/kea/server2_cert.pem", // Private key file name. "key-file": "/usr/lib/kea/server2_key.pem", - // The partner is a secondary. Our is primary. + // Client certificates are required and verified. + "require-client-certs": true, + // The partner is secondary. This server is primary. "role": "secondary" } ] diff --git a/doc/examples/kea4/ha-load-balancing-server2-mt.json b/doc/examples/kea4/ha-load-balancing-server2-mt.json index a445c7672c..9563b07032 100644 --- a/doc/examples/kea4/ha-load-balancing-server2-mt.json +++ b/doc/examples/kea4/ha-load-balancing-server2-mt.json @@ -134,6 +134,9 @@ // hundreds of thausands of clients), you may need to increase it // further. The default value is 60000ms (60 seconds). "sync-timeout": 60000, + // To not experience performance degradation when the Kea server is + // processing packets on multiple threads, the High Availablility module + // must be configured in a similar way. "multi-threading": { "enable-multi-threading": true, // When running in MT mode, the dedicated listener is used to handle @@ -145,28 +148,29 @@ "http-client-threads": 4 }, "peers": [ - // This is the configuration of this server instance. + // This is the configuration of the HA peer. { "name": "server1", - // This specifies the URL of our server instance. The - // Control Agent is not required run along with our DHCPv4 server - // instance. The "http-host" and "http-port" values must be - // set to different values then the Control Agent. + // Specifies the URL on which the partner's control + // channel can be reached. The Control Agent is not required + // to run on the partner's machine if multi-threading is enabled. + // The "http-host" and "http-port" values must be set to different + // values then the ones used by the Control Agent. "url": "http://192.168.56.33:8000/", - // This server is primary. The other one must be - // secondary. + // The partner is primary. This server is secondary. "role": "primary" }, - // This is the configuration of our HA peer. + // This is the configuration of this server instance. { "name": "server2", - // Specifies the URL on which the partner's control - // channel can be reached. The Control Agent is not required - // to run on the partner's machine. The "http-host" and - // "http-port" values must be set to different values then the - // Control Agent. + // This specifies the URL of this server instance. The + // Control Agent is not required to run along with this DHCPv4 server + // instance if multi-threading is enabled. + // The "http-host" and "http-port" values must be set to different + // values then the ones used by the Control Agent. "url": "http://192.168.56.66:8000/", - // The partner is a secondary. Our is primary. + // This server is secondary. The other one must be + // primary. "role": "secondary" } ] diff --git a/doc/examples/kea6/ha-hot-standby-server1-with-tls.json b/doc/examples/kea6/ha-hot-standby-server1-with-tls.json index ac5c63eb74..bd57d06365 100644 --- a/doc/examples/kea6/ha-hot-standby-server1-with-tls.json +++ b/doc/examples/kea6/ha-hot-standby-server1-with-tls.json @@ -84,27 +84,30 @@ "cert-file": "/usr/lib/kea/server_cert.pem", // Private key file name. "key-file": "/usr/lib/kea/server_key.pem", + // Client certificates are required and verified. + "require-client-certs": true, "peers": [ - // This is the configuration of our HA peer. + // This is the configuration of this server instance. { "name": "server1", - // Specifies the URL on which the partner's control - // channel can be reached. The Control Agent is required - // to run on the partner's machine with "http-host" and - // "http-port" values set to the corresponding values. + // This specifies the URL of this server instance. The + // Control Agent must run along with this DHCPv6 server + // instance and the "http-host" and "http-port" must be + // set to the corresponding values. "url": "http://192.168.56.33:8000/", - // The partner is primary. Our is standby. + // This server is primary. The other one must be + // standby. "role": "primary" }, - // This is the configuration of this server instance. + // This is the configuration of the HA peer. { "name": "server2", - // This specifies the URL of our server instance. The - // Control Agent must run along with our DHCPv6 server - // instance and the "http-host" and "http-port" must be - // set to the corresponding values. + // Specifies the URL on which the partner's control + // channel can be reached. The Control Agent is required + // to run on the partner's machine with "http-host" and + // "http-port" values set to the corresponding values. "url": "http://192.168.56.66:8000/", - // Out server is standby. The partner is primary. + // The partner is standby. This server is primary. "role": "standby" } ] diff --git a/doc/examples/kea6/ha-hot-standby-server2.json b/doc/examples/kea6/ha-hot-standby-server2.json index 1b9d3dde00..cd9de933ff 100644 --- a/doc/examples/kea6/ha-hot-standby-server2.json +++ b/doc/examples/kea6/ha-hot-standby-server2.json @@ -78,7 +78,7 @@ // the partner but appear to not receive any response. "max-unacked-clients": 5, "peers": [ - // This is the configuration of our HA peer. + // This is the configuration of the HA peer. { "name": "server1", // Specifies the URL on which the partner's control @@ -86,18 +86,19 @@ // to run on the partner's machine with "http-host" and // "http-port" values set to the corresponding values. "url": "http://192.168.56.33:8000/", - // The partner is primary. Our is standby. + // The partner is primary. This server is standby. "role": "primary" }, // This is the configuration of this server instance. { "name": "server2", - // This specifies the URL of our server instance. The - // Control Agent must run along with our DHCPv6 server + // This specifies the URL of this server instance. The + // Control Agent must run along with this DHCPv6 server // instance and the "http-host" and "http-port" must be // set to the corresponding values. "url": "http://192.168.56.66:8000/", - // Out server is standby. The partner is primary. + // This server is standby. The other one must be + // primary. "role": "standby" } ] diff --git a/doc/examples/template-ha-mt-tls/info.md b/doc/examples/template-ha-mt-tls/info.md index 0215702013..dbd22818f8 100644 --- a/doc/examples/template-ha-mt-tls/info.md +++ b/doc/examples/template-ha-mt-tls/info.md @@ -32,10 +32,10 @@ listener, which forward only the lease updates commands to the peer server. Deployment Considerations ~~~~~~~~~~~~~~~~~~~~~~~~~ -The setup is not expected to scale automatically. This example uses 4 thread for +The setup is not expected to scale automatically. This example uses 4 threads for processing DHCP traffic, 4 threads for listening and handling HA peer HTTP requests and 4 threads for sending lease updates to the HA peer. The thread queue used to -store incomming HDCP requests is set to 64, but specific values for better +store incomming DHCP requests is set to 64, but specific values for better performance must be determined on the deployment setup by doing proper testing and benchmarks. diff --git a/doc/examples/template-ha-mt-tls/kea-dhcp4-1.conf b/doc/examples/template-ha-mt-tls/kea-dhcp4-1.conf index f498fb1da7..e7974ee598 100644 --- a/doc/examples/template-ha-mt-tls/kea-dhcp4-1.conf +++ b/doc/examples/template-ha-mt-tls/kea-dhcp4-1.conf @@ -155,6 +155,8 @@ "cert-file": "/usr/lib/kea/server1_cert.pem", // Private key file name. "key-file": "/usr/lib/kea/server1_key.pem", + // Client certificates are required and verified. + "require-client-certs": true, // This server is primary. The other one must be // secondary. "role": "primary" @@ -173,6 +175,8 @@ "cert-file": "/usr/lib/kea/server2_cert.pem", // Private key file name. "key-file": "/usr/lib/kea/server2_key.pem", + // Client certificates are required and verified. + "require-client-certs": true, // The other server is secondary. This one must be // primary. "role": "standby" diff --git a/doc/examples/template-ha-mt-tls/kea-dhcp4-2.conf b/doc/examples/template-ha-mt-tls/kea-dhcp4-2.conf index 7ddb75dcd4..36c418dd19 100644 --- a/doc/examples/template-ha-mt-tls/kea-dhcp4-2.conf +++ b/doc/examples/template-ha-mt-tls/kea-dhcp4-2.conf @@ -2,7 +2,7 @@ // // - uses High Availability hooks library and Lease Commands hooks library // to enable High Availability function for the DHCP server. This config -// file is for the primary (the active) server. +// file is for the secondary (the standby) server. // - uses memfile, which stores lease data in a local CSV file // - it assumes a single /24 addressing over a link that is directly reachable // (no DHCP relays) @@ -155,6 +155,8 @@ "cert-file": "/usr/lib/kea/server1_cert.pem", // Private key file name. "key-file": "/usr/lib/kea/server1_key.pem", + // Client certificates are required and verified. + "require-client-certs": true, // The other server is primary. This one must be // secondary. "role": "primary" @@ -173,6 +175,8 @@ "cert-file": "/usr/lib/kea/server2_cert.pem", // Private key file name. "key-file": "/usr/lib/kea/server2_key.pem", + // Client certificates are required and verified. + "require-client-certs": true, // This server is secondary. The other one must be // primary. "role": "standby" diff --git a/src/lib/yang/tests/adaptor_config_unittests.cc b/src/lib/yang/tests/adaptor_config_unittests.cc index c4670887dc..514cf67cf6 100644 --- a/src/lib/yang/tests/adaptor_config_unittests.cc +++ b/src/lib/yang/tests/adaptor_config_unittests.cc @@ -70,8 +70,8 @@ TEST_F(AdaptorConfigTest, loadExamples4) { "config-backend.json", "dhcpv4-over-dhcpv6.json", "global-reservations.json", - "ha-load-balancing-primary-mt-with-tls.json", - "ha-load-balancing-secondary-mt.json", + "ha-load-balancing-server1-mt-with-tls.json", + "ha-load-balancing-server2-mt.json", "hooks.json", "hooks-radius.json", "leases-expiration.json", @@ -106,8 +106,8 @@ TEST_F(AdaptorConfigTest, loadExamples6) { "dhcpv4-over-dhcpv6.json", "duid.json", "global-reservations.json", - "ha-hot-standby-primary-with-tls.json", - "ha-hot-standby-secondary.json", + "ha-hot-standby-server1-with-tls.json", + "ha-hot-standby-server2.json", "hooks.json", "iPXE.json", "leases-expiration.json", diff --git a/src/lib/yang/tests/config_unittests.cc b/src/lib/yang/tests/config_unittests.cc index fcbadb8d70..e1c24c9ea4 100644 --- a/src/lib/yang/tests/config_unittests.cc +++ b/src/lib/yang/tests/config_unittests.cc @@ -334,8 +334,8 @@ TEST_F(ConfigTestKeaV4, examples4) { "config-backend.json", "dhcpv4-over-dhcpv6.json", "global-reservations.json", - "ha-load-balancing-primary-mt-with-tls.json", - "ha-load-balancing-secondary-mt.json", + "ha-load-balancing-server1-mt-with-tls.json", + "ha-load-balancing-server2-mt.json", "hooks.json", "hooks-radius.json", "leases-expiration.json", @@ -376,8 +376,8 @@ TEST_F(ConfigTestKeaV6, examples6) { "dhcpv4-over-dhcpv6.json", "duid.json", "global-reservations.json", - "ha-hot-standby-primary-with-tls.json", - "ha-hot-standby-secondary.json", + "ha-hot-standby-server1-with-tls.json", + "ha-hot-standby-server2.json", "hooks.json", "iPXE.json", "leases-expiration.json",