Am 22.06.23 um 19:35 schrieb Eric Graham:
Check the permissions of the control socket on your server:
* Confirm that the Kea control agent can read it * Confirm that
SELinux is not denying the attempt
Eric, thanks for your help.
If it works most of the time ... why wouldn't the permissions be OK then?
OK:
root@adc1:/etc/kea# ls -l /tmp/kea4*
srwxr-xr-x 1 _kea _kea 0 22. Jun 07:35 /tmp/kea4-ctrl-socket
-rw------- 1 _kea _kea 0 22. Jun 07:35 /tmp/kea4-ctrl-socket.lock
root@adc2:/etc/kea# ls -l /tmp/kea4*
srwxr-xr-x 1 _kea _kea 0 17. Mai 08:18 /tmp/kea4-ctrl-socket
-rw------- 1 _kea _kea 0 17. Mai 08:18 /tmp/kea4-ctrl-socket.lock
SElinux: don't know how to check that right now ...
Your control agent on the other server isn't configured to connect to
the socket for dhcp4 on your primary server, correct?
As far as I understand, no.
I add the whole file just to be safe here:
root@adc1:/etc/kea# cat kea-ctrl-agent.conf
// This is a basic configuration for the Kea Control Agent.
//
// This is just a very basic configuration. Kea comes with large suite
(over 30)
// of configuration examples and extensive Kea User's Guide. Please refer to
// those materials to get better understanding of what this software is
able to
// do. Comments in this configuration file sometimes refer to sections
for more
// details. These are section numbers in Kea User's Guide. The version
matching
// your software should come with your Kea package, but it is also available
// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
// the stable version is https://kea.readthedocs.io/).
//
// This configuration file contains only Control Agent's configuration.
// If configurations for other Kea services are also included in this
file they
// are ignored by the Control Agent.
{
// This is a basic configuration for the Kea Control Agent.
// RESTful interface to be available at http://127.0.0.1:8000/
"Control-agent": {
"http-host": "10.0.0.231",
// If enabling HA and multi-threading, the 8000 port is used by the HA
// hook library http listener. When using HA hook library with
// multi-threading to function, make sure the port used by dedicated
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
"http-port": 8000,
"authentication": {
"type": "basic",
"realm": "kea-control-agent",
"clients": [
{
"user": "admin",
"password": "X-dEldmfRz"
} ]
},
// Specify location of the files to which the Control Agent
// should connect to forward commands to the DHCPv4, DHCPv6
// and D2 servers via unix domain sockets.
"control-sockets": {
"dhcp4": {
"socket-type": "unix",
"socket-name": "/tmp/kea4-ctrl-socket"
}
# "dhcp6": {
# "socket-type": "unix",
# "socket-name": "/tmp/kea6-ctrl-socket"
# },
# "d2": {
# "socket-type": "unix",
# "socket-name": "/tmp/kea-ddns-ctrl-socket"
# }
},
// Specify hooks libraries that are attached to the Control Agent.
// Such hooks libraries should support 'control_command_receive'
// hook point. This is currently commented out because it has to
// point to the existing hooks library. Otherwise the Control
// Agent will fail to start.
"hooks-libraries": [
// {
// "library":
"/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so",
// "parameters": {
// "param1": "foo"
// }
// }
],
// Logging configuration starts here. Kea uses different loggers to log
various
// activities. For details (e.g. names of loggers), see Chapter 18.
"loggers": [
{
// This specifies the logging for Control Agent daemon.
"name": "kea-ctrl-agent",
"output_options": [
{
// Specifies the output file. There are several special
values
// supported:
// - stdout (prints on standard output)
// - stderr (prints on standard error)
// - syslog (logs to syslog)
// - syslog:name (logs to syslog using specified name)
// Any other value is considered a name of the file
"output": "stdout",
// Shorter log pattern suitable for use with systemd,
// avoids redundant information
"pattern": "%-5p %m\n"
// This governs whether the log output is flushed to
disk after
// every write.
// "flush": false,
// This specifies the maximum size of the file before it is
// rotated.
// "maxsize": 1048576,
// This specifies the maximum number of rotated files
to keep.
// "maxver": 8
}
],
// This specifies the severity of log messages to keep.
Supported values
// are: FATAL, ERROR, WARN, INFO, DEBUG
"severity": "INFO",
// If DEBUG level is specified, this value is used. 0 is least
verbose,
// 99 is most verbose. Be cautious, Kea can generate lots and lots
// of logs if told to do so.
"debuglevel": 0
}
]
}
}
It looks at the local socket in /tmp, right?
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/kea-users
