[Kea-users] Kea HA Heartbeat Failure
    Frey, Rick E 
    Rick.Frey at windstream.com
       
    Fri Jan 27 13:49:24 UTC 2023
    
    
  
Hello Dulux-Oz,
Not sure if you’re using hot-standby or load-balancing (or passive backup) HA, but the HA hook chapter 16 for config section of each mode does have some sample configs and describes the use of  basic-auth-user and basic-auth-password (or alternative basic-auth-password-file should you wish to store password outside of your config file).
https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?highlight=basic-auth-password#hot-standby-configuration
or
https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?highlight=basic-auth-password#load-balancing-configuration
From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of duluxoz <duluxoz at gmail.com>
Date: Friday, January 27, 2023 at 2:32 AM
To: Veronique Lefebure <Veronique.Lefebure at cern.ch>, kea-users at lists.isc.org <kea-users at lists.isc.org>
Subject: Re: [Kea-users] Kea HA Heartbeat Failure
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hi Veronique,
Thanks for that - that's what we were missing: the auth info inside the peers block.
A note to the Kea Document Maintainers: I do not recall *ever* reading *anywhere* in the doco or sample config files where the basic-auth-user and basic-auth-password need to be included in the ha->peers block. Of course, I may have missed it, but still, it may behove you to make something like this much more predominant in the documentation *and* sample config files.
Thanks to everyone who helped us out in this - we really appreciate it
Cheers
Dulux-Oz
On 27/01/2023 18:49, Veronique Lefebure wrote:
We have this in the kea-ctrl-agent config and it works fine:
    "authentication": {
      "type": "basic",
      "realm": "kea-control-agent",
      "clients": [
        {
          "user": "xxxxx",
          "password": "yyyy"
        }
      ]
    }
and in kea-dhcp4.conf:
        "parameters": {
          "high-availability": [
            {
...
              "peers": [
                {
                  "auto-failover": true,
                  "basic-auth-password": "yyyy",
                  "basic-auth-user": "xxxx",
                  "name": "kea1.example.com",
                  "role": "primary",
                  "url": "http://xx.xxx.xx.xx:90xx/"
                },
...
Sensitivity: Internal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20230127/d7dd1bd8/attachment.htm>
    
    
More information about the Kea-users
mailing list