#author("2020-01-19T16:48:30+09:00","default:nowsky","nowsky") #author("2020-01-19T16:48:36+09:00","default:nowsky","nowsky") *Kea [#n1dc89fa] [[ISC Kea DHCP:+https://www.isc.org/kea/]] フリーのDHCPサーバとして利用されているISC DHCP Serverの後継ソフト。 リース情報の保持にRDBも利用出来る様になった上、 REST APIによるアプリケーション制御も出来る様になった。 従来はfailover機能が実装されていなかったが、v1.4.0で実装された。 ~ *インストール [#b6e00805] &size(16){&font(b){0. 事前準備};}; KeaにはBoostライブラリを利用している為、関連するライブラリを導入しておく。 # zypper install log4cplus log4cplus-devel boost-devel libboost_system-devel # tar zxvf kea-1.6.1.tar.gz # cd kea-1.6.1 # ./configure --prefix=/usr/local/kea-1.6.1 --enable-shell --with-openssl --with-mysql=/usr/bin/mysql_config # make # make install # ln -s /usr/local/kea-1.6.1 /usr/local/kea # ln -s /usr/local/kea/etc/kea /etc/kea # mkdir /var/log/kea ~ ---- &size(16){&font(b){1. 起動準備};}; プログラム起動用のサービスファイルを作成する。 実行ユーザはrootそのままにしておく。必要に応じてパーミッション変更も実施する。 - /usr/lib/systemd/system/kea-ctrl.service [Unit] Description=ISC Kea CTRL Agent Documentation=man:kea-ctrl-agent(8) Wants=network-online.target After=network-online.target time-sync.target [Service] Type=simple Restart=on-failure EnvironmentFile=-/etc/sysconfig/kea ExecStartPre=/usr/local/kea/sbin/kea-ctrl-agent -t ${CONFIG_CTRL} ExecStart=/usr/local/kea/sbin/kea-ctrl-agent -c ${CONFIG_CTRL} ExecReload=/bin/kill -HUP $MAINPID ExecStop=/bin/kill -SIGTERM $MAINPID [Install] WantedBy=kea-dhcp4.service WantedBy=kea-dhcp6.service - /usr/lib/systemd/system/kea-dhcp4.service [Unit] Description=ISC Kea DHCPv4 Server Documentation=man:kea-dhcp4(8) Wants=network-online.target After=network-online.target time-sync.target [Service] Type=simple Restart=on-failure EnvironmentFile=-/etc/sysconfig/kea ExecStartPre=/usr/local/kea/sbin/kea-dhcp4 -t ${CONFIG_DHCP4} ExecStart=/usr/local/kea/sbin/kea-dhcp4 -c ${CONFIG_DHCP4} ExecReload=/bin/kill -HUP $MAINPID ExecStop=/bin/kill -SIGTERM $MAINPID [Install] WantedBy=multi-user.target - /usr/lib/systemd/system/kea-dhcp6.service [Unit] Description=ISC Kea DHCPv6 Server Documentation=man:kea-dhcp6(8) Wants=network-online.target After=network-online.target time-sync.target [Service] Type=simple Restart=on-failure EnvironmentFile=-/etc/sysconfig/kea ExecStartPre=/usr/local/kea/sbin/kea-dhcp6 -t ${CONFIG_DHCP6} ExecStart=/usr/local/kea/sbin/kea-dhcp6 -c ${CONFIG_DHCP6} ExecReload=/bin/kill -HUP $MAINPID ExecStop=/bin/kill -SIGTERM $MAINPID [Install] WantedBy=multi-user.target - /etc/sysconfig/kea ## Type: string ## Default: /usr/local/kea/etc/kea/kea-ctrl-agent.conf # # This is a basic configuration for the Kea Control Agent. # Specify kea-ctrl-agent configuration file. # CONFIG_CTRL="/etc/kea/kea-ctrl-agent.conf" ## Type: string ## Default: /usr/local/kea/etc/kea/kea-dhcp4.conf # # This is a basic configuration for the Kea DHCPv4 server. # Specify kea-dhcp4 configuration file. # CONFIG_DHCP4="/etc/kea/kea-dhcp4.conf" ## Type: string ## Default: /usr/local/kea/etc/kea/kea-dhcp6.conf # # This is a basic configuration for the Kea DHCPv6 server. # Specify kea-dhcp6 configuration file. # CONFIG_DHCP6="/etc/kea/kea-dhcp6.conf" ## Type: string ## Default: /usr/local/kea/var/run # # The value as passed into the build configure script. # That this value may be overridden at runtime by # setting the environment variable KEA_PIDFILE_DIR, # although this is intended primarily for testing purposes. # KEA_PIDFILE_DIR="/var/run" - /etc/logrotate.d/kea /var/log/kea/*.log { missingok ifempty sharedscripts postrotate systemctl restart kea-ctrl > /dev/null 2>&1 || true systemctl restart kea-dhcp4 > /dev/null 2>&1 || true endscript } ~ ---- &size(16){&font(b){2. DB準備};}; リース情報の格納にRDBを使う場合はデータベースの作成を行う。 Kea DHCPでは、MySQL・PostgreSQL・Cassandra・LDAPなどを利用可能。 下記はバックエンドにMySQLを利用した場合の設定例 MariaDB [(none)]> create database kea_db; MariaDB [(none)]> create user 'kea_user'@'%' identified by 'kea_pass'; MariaDB [(none)]> grant all on kea_db.* to 'kea_user'@'%'; MariaDB [(none)]> flush privileges; MariaDB [(none)]> quit; # vi /etc/my.cnf --- ※下記を追記 "log_bin_trust_function_creators = 1" # /usr/local/kea/sbin/kea-admin db-init mysql -h 127.0.0.1 -u kea_user -p kea_pass -n kea_db -d /usr/local/kea/share/kea/scripts ~ *コンフィグ [#lb297fa0] &size(16){&font(b){A. シングル構成・別セグメント待受};}; 詳細は[[マニュアル:+https://kb.isc.org/docs/kea-administrator-reference-manual]]に書かれているので割愛。 下記はクライアントセグメントの外にDHCPサーバを設置し、複数セグメントのDHCPサーバを集約管理する時の設定。 ・DHCPサーバ 構成情報 |IPアドレス |10.0.0.1 | |ネットワーク |10.0.0.0/24 | |インターフェース|eth0 (1NIC構成)| ・DHCPクライアント IP払出し情報 |ネットワーク |10.10.0.0/24 | |デフォルトルート|10.10.0.254 | |IP払い出し範囲 |10.10.0.100~10.10.0.200| |プライマリDNS |10.0.0.10 | |セカンダリDNS |10.0.0.20 | ・補足 DHCPクライアントとDHCPサーバが別セグメントになり、DHCP DISCOVERがDHCPサーバまで届かなくなるので、 クライアントのデフォルトルートとなるルータに、[[DHCPリレー設定:+http://www.cisco.com/cisco/web/support/JP/docs/CIAN/IOS/IOSSWRels15_1/CG/001/iad_dhcp_rly_agt.html?bid=0900e4b1825ae5ce#44008]]を入れておく。 #region(/etc/kea/keactrl.conf) # prefix holds the location where the Kea is installed. prefix=/usr/local/kea # Location of Kea configuration files. kea_dhcp4_config_file=${prefix}/etc/kea/kea-dhcp4.conf kea_dhcp6_config_file=${prefix}/etc/kea/kea-dhcp6.conf kea_dhcp_ddns_config_file=${prefix}/etc/kea/kea-dhcp-ddns.conf kea_ctrl_agent_config_file=${prefix}/etc/kea/kea-ctrl-agent.conf kea_netconf_config_file=${prefix}/etc/kea/kea-netconf.conf # Location of Kea binaries. exec_prefix=${prefix} dhcp4_srv=${exec_prefix}/sbin/kea-dhcp4 dhcp6_srv=${exec_prefix}/sbin/kea-dhcp6 dhcp_ddns_srv=${exec_prefix}/sbin/kea-dhcp-ddns ctrl_agent_srv=${exec_prefix}/sbin/kea-ctrl-agent netconf_srv=${exec_prefix}/sbin/kea-netconf # Start DHCPv4 server? dhcp4=yes # Start DHCPv6 server? dhcp6=no # Start DHCP DDNS server? dhcp_ddns=no # Start Control Agent? ctrl_agent=no # Start Netconf? netconf=no # Be verbose? kea_verbose=no #endregion #region(/etc/kea/kea-ctrl-agent.conf) { "Control-agent": { "http-host": "10.0.0.1", "http-port": 10067, "control-sockets": { "dhcp4": { "socket-type": "unix", "socket-name": "/tmp/kea-dhcp4-ctrl.sock" }, "dhcp6": { "socket-type": "unix", "socket-name": "/tmp/kea-dhcp6-ctrl.sock" } }, "loggers": [ { "name": "kea-ctrl-agent", "output_options": [ { "output": "/var/log/kea/kea-ctrl.log", "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n", "flush": true, "maxsize": 0 } ], "severity": "WARN", "debuglevel": 0 } ] } } #endregion #region(/etc/kea/kea-dhcp4.conf) { "Dhcp4": { "interfaces-config": { "interfaces": [ "eth0/10.0.0.1" ], "dhcp-socket-type": "udp", "outbound-interface": "use-routing" }, "control-socket": { "socket-type": "unix", "socket-name": "/tmp/kea-dhcp4-ctrl.sock" }, "lease-database": { "type": "memfile", "persist": true, "name": "/tmp/kea-dhcp4.lease", "lfc-interval": 3600, "max-row-errors": 0 }, "expired-leases-processing": { "reclaim-timer-wait-time": 10, "flush-reclaimed-timer-wait-time": 25, "hold-reclaimed-time": 3600, "max-reclaim-leases": 100, "max-reclaim-time": 250, "unwarned-reclaim-cycles": 5 }, "renew-timer": 1000, "rebind-timer": 2000, "valid-lifetime": 4000, "option-data": [ { "name": "domain-name-servers", "data": "10.0.0.10, 10.0.0.20" }, { "name": "default-ip-ttl", "data": "0xf0" } ], "subnet4": [ { "subnet": "10.10.0.0/24", "pools": [ { "pool": "10.10.0.100 - 10.10.0.200" } ], "option-data": [ { "name": "routers", "data": "10.10.0.254" } ] } ], "loggers": [ { "name": "kea-dhcp4", "output_options": [ { "output": "/var/log/kea/kea-dhcp4.log", "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c/%i] %m\n", "flush": true, "maxsize": 0 } ], "severity": "WARN", "debuglevel": 0 } ] } } #endregion g