raise_error=False)
execute(f'sudo rpm -i {rpm_root_path}/RPMS/{arch.strip()}/*rpm', check_times=check_times, dry_run=dry_run)
- _check_installed_rpm_or_debs(
- ['kea-dhcp4.service'],
- "Expected a file at path '/etc/kea/kea-api-user'",
- expect_success_on_start=False,
- )
-
- # Wait for systemd's rate limit period to pass to avoid "Start request repeated too quickly" after the failed
- # implicit start from the installation of isc-kea-dhcp4 above.
- time.sleep(10)
- # Reset systemd's rate limit period. Redundant, but just to be safe.
- execute('sudo systemctl reset-failed kea-dhcp4.service', raise_error=False)
-
- execute('echo kea-api-user | sudo tee /etc/kea/kea-api-user > /dev/null')
- execute('sudo touch /etc/kea/kea-api-password')
-
# check if kea services can be started
services_list = ['kea-dhcp4.service', 'kea-dhcp6.service', 'kea-dhcp-ddns.service']
_check_installed_rpm_or_debs(services_list, '_STARTED Kea')
# install packages
execute('sudo dpkg -i *deb', check_times=check_times, dry_run=dry_run)
- _check_installed_rpm_or_debs(
- ['isc-kea-dhcp4-server.service'],
- "Expected a file at path '/etc/kea/kea-api-user'",
- expect_success_on_start=False,
- )
-
- # Wait for systemd's rate limit period to pass to avoid "Start request repeated too quickly" after the failed
- # explicit start above.
- time.sleep(10)
- # Reset systemd's rate limit period. Redundant, but just to be safe.
- execute('sudo systemctl reset-failed isc-kea-dhcp4-server.service')
-
- execute('echo kea-api-user | sudo tee /etc/kea/kea-api-user > /dev/null')
- execute('sudo touch /etc/kea/kea-api-password')
-
# check if kea services can be started
services_list = ['isc-kea-dhcp4-server.service', 'isc-kea-dhcp6-server.service',
'isc-kea-dhcp-ddns-server.service']
# install packages
execute('sudo apk add *.apk', cwd='kea-pkg', check_times=check_times, dry_run=dry_run)
- exitcode, _ = execute('sudo rc-service kea-dhcp4 start', capture=True, raise_error=False)
- assert exitcode == 1
- _, logs = execute('sudo cat /var/log/kea/kea-dhcp4.log', capture=True)
- assert "Expected a file at path '/etc/kea/kea-api-user'" in logs
-
- execute('echo kea-api-user | sudo tee /etc/kea/kea-api-user > /dev/null')
- execute('sudo touch /etc/kea/kea-api-password')
-
- execute('sudo rc-service kea-dhcp4 stop')
-
- time.sleep(10)
-
# check if kea services can be started
for svc in ['kea-dhcp4', 'kea-dhcp6', 'kea-dhcp-ddns']:
execute(f'sudo rc-service {svc} start')
// configuration), config-reload (which tells Kea to reload its
// configuration from file), statistic-get (to retrieve statistics) and many
// more. For detailed description, see Sections 8.8, 16 and 15.
- "control-sockets": [
- {
- "socket-type": "unix",
- "socket-name": "kea4-ctrl-socket"
- },
- {
- // HTTP control channel.
- "socket-type": "http",
-
- "socket-address": "127.0.0.1",
-
- // If enabling HA and multi-threading, the 8000 port is used
- // by the HA hook library http listener. When using HA hook
- // library with multi-threading to function, make sure
- // the port used by dedicate d listener is different
- // (e.g. 8001) than the one used here. Note the commands
- // should still be sent via the control socket. The dedicated
- // listener is specifically for HA updates only.
- "socket-port": 8000,
-
-
- // Allow access only to kea-api user.
-
- // To make it work, please store your user name in
- // kea-api-user file. and store your password in the
- // kea-api-password file.
- // Make sure the user and password files have sufficiently
- // restrictive access permissions, in particular that they
- // are not world-readable.
- // The basic HTTP auth offers poor security for
- // unencrypted channels. If possible, a better, stronger
- // HTTPS mechanism should be deployed, in particular when the
- // client authentication is enabled by setting the
- // cert-required to true (the default). See trust-anchor,
- // cert-file, key-file and cert-required below. For more
- // details read the Kea Secu rity section in the ARM.
- "authentication": {
- "type": "basic",
- "realm": "Kea Control Agent",
- "directory": "/etc/kea",
- "clients": [
- {
- "user-file": "kea-api-user",
- "password-file": "kea-api-password"
- }
- ]
- }
-
- // Configuration section containing HTTPS parameters:
- // TLS trust anchor (Certificate Authority). This is a file
- // name or a directory path.
- // "trust-anchor": "kea-server-ca",
- // TLS server certificate file name.
- // "cert-file": "kea-server-cert",
- // TLS server private key file name.
- // "key-file": "kea-server-key",
- // TLS require client certificates flag. Default is true and means
- // require client certificates. False means they are optional.
- // "cert-required": true
- }
- ],
+ "control-socket": {
+ "socket-type": "unix",
+ "socket-name": "kea4-ctrl-socket"
+ },
// Use Memfile lease database backend to store leases in a CSV file.
// Depending on how Kea was compiled, it may also support SQL databases
projects / thirdparty / kea.git / commitdiff
