1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
// This is a simple example of a configuration for Control-Agent (CA) or simply
// Agent. This server provides RESTful interface for all Kea servers.
{
"Control-agent":
{
// We need to specify where the agent should listen to incoming HTTP
// queries.
"http-host": "127.0.0.1",
// If enabling HA and multi-threading, the 8000 port is used by the HA
// hook library http listener. When using HA hook library with
// multi-threading to function, make sure the port used by dedicated
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
"http-port": 8000,
// Optional authentication.
"authentication":
{
// Required authentication type. The only supported value is
// basic for the basic HTTP authentication.
"type": "basic",
// An optional parameter is the basic HTTP authentication realm.
// Its default is "kea-control-agent".
"realm": "kea-control-agent",
// This optional parameter can be used to specify a common
// prefix for files handling client credentials.
"directory": "/usr/local/share/kea/kea-creds",
// This list specifies the user ids and passwords to use for
// basic HTTP authentication. If empty or not present any client
// is authorized.
"clients":
[
// This specifies an authorized client.
{
"comment": "admin is authorized",
// The user id must not be empty or contain the ':'
// character. It is a mandatory parameter.
"user": "admin",
// If password is not specified an empty password is used.
"password": "1234"
},
// This specifies a hidden client.
{
// The user id is the content of the file /usr/local/share/kea/kea-creds/hiddenu.
"user-file": "hiddenu",
// The password is the content of the file /usr/local/share/kea/kea-creds/hiddenp.
"password-file": "hiddenp"
},
// This specifies a hidden client using a secret in a file.
{
// The secret is the content of the file /usr/local/share/kea/kea-creds/hiddens
// which must be in the <user-id>:<password> format.
"password-file": "hiddens"
}
]
},
// This map specifies where control channel of each server is configured
// to listen on. See 'control-socket' object in the respective
// servers. At this time the only supported socket type is "unix".
// Make sure that the Agent and respective servers configuration
// matches exactly, otherwise they won't be able to communicate.
// One extra feature that requires some explanation is
// user-context. This is a structure that you can define at
// global scope, in control sockets and others. It is parsed by
// Kea, but not used directly. It is intended to keep anything
// you may want to put there - comments, extra designations,
// floor or department names etc. These structures will be made
// available to Kea hooks. A comment entry is translated into a
// user-context with a "comment" property so you can include
// comments inside the configuration itself.
"control-sockets":
{
// This is how the Agent can communicate with the DHCPv4 server.
"dhcp4":
{
"comment": "socket to DHCPv4 server",
"socket-type": "unix",
"socket-name": "kea4-ctrl-socket"
},
// Location of the DHCPv6 command channel socket.
"dhcp6":
{
"socket-type": "unix",
"socket-name": "kea6-ctrl-socket"
},
// Location of the D2 command channel socket.
"d2":
{
"socket-type": "unix",
"socket-name": "kea-ddns-ctrl-socket",
"user-context": { "in-use": false }
}
},
// CA is able to load hook libraries that augment its operation.
// The primary functionality is the ability to add new commands.
"hooks-libraries": [
// Hook libraries list may contain more than one library.
{
// The only necessary parameter is the library filename.
"library": "/opt/local/control-agent-commands.so",
// Some libraries may support parameters. Make sure you
// type this section carefully, as the CA does not validate
// it (because the format is library-specific).
"parameters": {
"param1": "foo"
}
}
],
// Similar to other Kea components, CA also uses logging.
"loggers": [
{
"name": "kea-ctrl-agent",
"output-options": [
{
"output": "/var/log/kea/kea-ctrl-agent.log",
// Several additional parameters are possible in addition
// to the typical output. Flush determines whether logger
// flushes output to a file. Maxsize determines maximum
// filesize before the file is rotated. maxver
// specifies the maximum number of rotated files being
// kept.
"flush": true,
"maxsize": 204800,
"maxver": 4,
// We use pattern to specify custom log message layout
"pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
|
