Introduction à ISC Kea DHCP Server
Le paquet ISC Kea contient les
programmes serveurs pour le DHCP. Il s'agit du successeur du vieux
serveur ISC DHCP qui est en fin de vie depuis décembre 2022.
![[Note]](../images/note.png)
Note
Les versions de développement de BLFS peuvent ne pas arriver à
contruire ou à exécuter certains paquets correctement si LFS ou
des dépendances ont été mises à jour depuis la dernière version
stable des livres.
Informations sur le paquet
-
Téléchargement (HTTP) : https://downloads.isc.org/isc/kea/3.0.2/kea-3.0.2.tar.xz
-
Téléchargement (FTP) :
-
Somme de contrôle MD5 du téléchargement :
a673e95637b708b3b1926c696cdf168b
-
Taille du téléchargement : 6,3 Mo
-
Estimation de l'espace disque requis : 231 Mo
(47 Mo installés, plus 425 Mo pour les tests)
-
Estimation du temps de construction : 6,4 SBU (avec
parallélisme = 4, plus 17 SBU pour les tests)
Dépendances de Kea
Requises
Boost-1.89.0 et log4cplus-2.1.2
Facultatives
MIT Kerberos V5-1.22.1, Valgrind-3.26.0, botan, cppcheck, libyang, and plantuml
Optional (for regenerating documentation)
Doxygen-1.15.0, Graphviz-14.1.0, sphinx_rtd_theme-3.0.2, and texlive-20250308 (or install-tl-unx)
Moteurs de base de données facultatifs
MariaDB-11.8.5 ou MySQL et PostgreSQL-18.1
Installation de ISC Kea DHCP Server
Tout d'abord, appliquez quelques corrections nécessaires pour
boost-1.89.0 :
sed -e "/asio_wrapper/a#include <boost/asio/deadline_timer.hpp>" \
-i src/lib/asiolink/interval_timer.cc \
src/lib/asiodns/io_fetch.cc \
src/lib/asiodns/tests/io_fetch_unittest.cc
Maintenant, installez ISC Kea DHCP
Server en exécutant les commandes suivantes :
mkdir build &&
cd build &&
meson setup .. \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--buildtype=release \
-D crypto=openssl \
-D runstatedir=/run &&
ninja
If tests were enabled, run ninja
test to test the results. There are tests which
require a live database when any of the database hooks are built.
Some tests may fail if IPv6 support is not functional.
Pour installer la suite ISC Kea DHCP
Server, lancez les commandes suivantes en tant
qu'utilisateur root :
ninja install
Corrigez certains chemins codés en dur dans le script keactrl :
sed -e "s;\${prefix}/;;" -i /usr/sbin/keactrl
Créez certains répertoires et corrigez les permissions en tant
qu'utilisateur root :
install -dm0750 /var/lib/kea
install -dm0750 /var/log/kea
Explication des commandes
-D crypto=openssl: Allows using OpenSSL
for communicating with the control-agent and for DNS updates. Use
-D crypto=botan if you want to use
botan. The default provider is openssl.
-D postgresql=enabled ou -D mysql=enabled : ISC Kea peut stocker les baux en base de
données. Cela peut être pratique dans de grands environnements qui
exécutent une grappe de serveurs DHCP. Le moteur memfile (qui est un fichier CSV stocké
localement) est toujours disponible.
-D tests=enabled: This option is
required to build the test suite. Using this option causes the
build size to increase significantly, so it should only be enabled
if you are going to run the test suite.
-D krb5=enabled :ce paramètre
active l'intégration avec Kerberos pour l'authentification des
ordinateurs clients dans un environnement d'entreprise.
Configuration du serveur DHCP Key d'ISC
The support of IPv4, IPv6 and DDNS has been split into separate
servers which run independently from each other. Each of them has
its own configuration file. Additional
configuration files come from the keactrl agent which is used to
control the servers in an easier way.
Remarquez que Kea Control Agent est obsolète depuis la vers 3.0.0.
Ne confondez pas kea-ctrl-agent
avec keactrl.
Consult the Kea Administrator
Reference Manual for detailed information about the
configuration of ISC Kea as it is
a quite capable system. The configuration shown below is a bare
minimum to get a DHCP server running but it already includes
configuration for DDNS (Dynamic DNS). That setup is best for small
networks with a few clients and low amounts of network traffic. For
larger installations with thousands of clients, ISC Kea can be configured to use databases
such as (mariadb or postgresql) to store the leases and build a
cluster with multiple nodes. It can be integrated with ISC Stork,
which is a management dashboard to ISC
Kea.
Si vous voulez démarrer le serveur DHCP au démarrage, installez
le script de démarrage /etc/rc.d/init.d/kea-dhcpd inclus dans le
paquet blfs-bootscripts-20250225 :
make install-kea-dhcpd
Fichiers de
configuration
/etc/kea/keactrl.conf, /etc/kea/kea-ctrl-agent.conf, /etc/kea/kea-dhcp4.conf, /etc/kea/kea-dhcp6.conf et /etc/kea/kea-dhcp-ddns.conf
Configuration du
contrôleur de Kea
keactrl is used to
control the independent servers (IPv4, IPv6, DDNS). Its
configuration file, /etc/kea/keactrl.conf, is installed by default
and includes many path settings which are defined from the
configure at build
time. It also includes settings to specify which of the servers
should be started.
-
Agent de contrôle
L'agent de contrôle est un démon qui permet la
(re)configuration du service Kea DHCP via une API REST.
Indiquez ctrl_agent=yes pour
démarrer l'agent de contrôle (le service qui fournit l'API
REST), indiquez ctrl_agent=no
si vous n'en avez pas besoin.
-
Serveur DHCP IPv4
This daemon handles requests for IPv4 addresses. Set
dhcp4=yes to start it, set
dhcp4=no in case the IPv4
service is not needed.
-
Serveur DHCP IPv6
This daemon handles requests for IPv6 addresses. Set
dhcp6=yes to start it, set
dhcp6=no in case the IPv6
service is not needed.
-
DNS dynamique
This daemon is used to update a DNS server dynamically when
Kea assigns an IP address to a device. Set dhcp_ddns=yes to enable it, set
dhcp_ddns=no if dynamic DNS
updates are not needed.
The Netconf service is not installed because the required
dependencies are not installed by BLFS, and configuring it
correctly is complicated.
With the following command, Kea will be configured to start the
DHCP service for IPv4 and the dynamic DNS update, while the
control agent and the DHCP service for IPv6 remain down. Tweak
the command to match your needs on started services and execute
as the root user:
sed -e "s/^dhcp4=.*/dhcp4=yes/" \
-e "s/^dhcp6=.*/dhcp6=no/" \
-e "s/^dhcp_ddns=.*/dhcp_ddns=yes/" \
-e "s/^ctrl_agent=.*/ctrl_agent=no/" \
-i /etc/kea/keactrl.conf
Configuration de l'agent de contrôle
The provided configuration could be used without changes.
However, in BLFS, objects like sockets are stored in /run rather than in /tmp.
cat > /etc/kea/kea-ctrl-agent.conf << "EOF"
// Begin /etc/kea/kea-ctrl-agent.conf
{
// This is a basic configuration for the Kea Control Agent.
// The RESTful interface will be available at http://127.0.0.1:8000/
"Control-agent": {
"http-host": "127.0.0.1",
"http-port": 8000,
"control-sockets": {
"dhcp4": {
"socket-type": "unix",
"socket-name": "/run/kea/kea4-ctrl-socket"
},
"dhcp6": {
"socket-type": "unix",
"socket-name": "/run/kea/kea6-ctrl-socket"
},
"d2": {
"socket-type": "unix",
"socket-name": "/run/kea/kea-ddns-ctrl-socket"
}
},
"loggers": [
{
"name": "kea-ctrl-agent",
"output_options": [
{
"output": "/var/log/kea/kea-ctrl-agent.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-ctrl-agent.conf
EOF
Configuration du serveur DHCP IPv4
A sample configuration file is created in /etc/kea/kea-dhcp4.conf. Adjust the file to
suit your needs or overwrite it by running the following command
as the root user (you'll need to
edit this file anyway: at least the interfaces field, the ddns-qualifying-suffix field, and
almost all the fields in Subnet4):
cat > /etc/kea/kea-dhcp4.conf << "EOF"
// Begin /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
// Add names of your network interfaces to listen on.
"interfaces-config": {
"interfaces": [ "eth0", "eth2" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea/kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600,
"name": "/var/lib/kea/kea-leases4.csv"
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
// Enable DDNS - Kea will dynamically update the BIND DNS server
"ddns-send-updates" : true,
"ddns-qualifying-suffix": "your.domain.tld",
"dhcp-ddns" : {
"enable-updates": true
},
"subnet4": [
{
"id": 1001, // Each subnet requires a unique numeric id
"subnet": "192.168.56.0/24",
"pools": [ { "pool": "192.168.56.16 - 192.168.56.254" } ],
"option-data": [
{
"name": "domain-name",
"data": "your.domain.tld"
},
{
"name": "domain-name-servers",
"data": "192.168.56.2, 192.168.3.7"
},
{
"name": "domain-search",
"data": "your.domain.tld"
},
{
"name": "routers",
"data": "192.168.56.2"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea/kea-dhcp4.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-dhcp4.conf
EOF
Configuration du serveur DHCP IPv6
La configuration pour l'IPv6 est similaire à la configuration
pour l'IPv4. Le fichier de configuration est /etc/kea/kea-dhcp6.conf.
Configuration du DNS dynamique
If there is a BIND-9.20.16 server running, ISC Kea can update the DNS records when it
gives an IP address to a client. A sample configuration file is
created in /etc/kea/kea-dhcp-ddns.conf. Adjust the file to
suit your needs or overwrite it by running the following command
as the root user:
cat > /etc/kea/kea-dhcp-ddns.conf << "EOF"
// Begin /etc/kea/kea-dhcp-ddns.conf
{
"DhcpDdns": {
"ip-address": "127.0.0.1",
"port": 53001,
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea/kea-ddns-ctrl-socket"
},
"tsig-keys": [
{
"name" : "rndc-key",
"algorithm" : "hmac-sha256",
"secret" : "1FU5hD7faYaajQCjSdA54JkTPQxbbPrRnzOKqHcD9cM="
}
],
"forward-ddns" : {
"ddns-domains" : [
{
"name" : "your.domain.tld.",
"key-name": "rndc-key",
"dns-servers" : [
{
"ip-address" : "127.0.0.1",
"port" : 53
}
]
}
]
},
"reverse-ddns" : {
"ddns-domains" : [
{
"name" : "56.168.192.in-addr.arpa.",
"key-name": "rndc-key",
"dns-servers" : [
{
"ip-address" : "127.0.0.1",
"port" : 53
}
]
}
]
},
"loggers": [
{
"name": "kea-dhcp-ddns",
"output_options": [
{
"output": "/var/log/kea/kea-ddns.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-dhcp-ddns.conf
EOF
Note
La valeur de secret n'est qu'un
exemple. Générez la clé pour votre installation en exécutant la
commande rndc-confgen
-a ou la commande tsig-keygen qui sont toutes
deux fournies par BIND-9.20.16.
Dans cette configuration d'exemple nous supposons que le
serveur DNS tourne sur la même machine que Kea (accessible via
127.0.0.1) et que cette machine a
l'adresse IP 192.168.56.2.