[Kea-announce] Kea 1.9.5, a new development release of Kea, is now available
Michael McNally
mcnally at isc.org
Wed Feb 24 10:01:01 UTC 2021
Internet Systems Consortium is pleased to announce the release of Kea 1.9.5.
Releases in the Kea 1.9.x sequence are part of the Kea 1.9 development branch,
where new features are provided for testing and evaluation before the branch
is designated stable and recommended for production use.
The current stable branch of Kea is Kea 1.8 and its most recent release is 1.8.2
The latest releases from each branch are available via the ISC downloads page:
https://www.isc.org/download
______________________________________________________________________
Please Note: New Signing Key
If you are among the users who use the detached signatures provided
with each release download to verify its authenticity, please note
that this release is signed with the new code signing key that ISC
introduced at the beginning of 2021, having fingerprint
7E1C 91AC 8030 A5A5 9D1E FAB9 750F 3C87 723E 4012.
If your preferred keyserver does not have it for automated retrieval,
the codesign at isc.org key may be found at: https://www.isc.org/pgpkey
For those who are unfamiliar with PGP / GPG, the page with the ISC
public keys (https://www.isc.org/pgpkey) also contains instructions
on how to use the public key portion of the codesign key and the
signature files to verify the contents of your download.
______________________________________________________________________
# Kea 1.9.5, February 24th 2021, Release Notes
Welcome to Kea 1.9.5, the fifth monthly release of the 1.9 development
branch. As with any other development release, use this with caution:
development releases are not recommended for production use.
This release adds new features, improves existing features, clarifies
documentation, and fixes a few bugs. The most notable changes introduced
in this version are:
**New script hook.** Due to popular demand, a new hook that calls an
arbitrary external script has been added. This script may initiate an
external process, such as updating routing and firewall rules for
provisioned devices. The script is called asynchronously, i.e. Kea
starts the script, does not wait for its completion, and continues
processing the packet. This approach greatly decreases performance
impact. This hook has been only lightly tested; use it with caution and
please do share your experience. #899
**Setting lease time for client classes.** Earlier Kea versions allowed
setting different lease lifetimes depending on where the device was
located in the network (using the global, network, or subnet levels).
However, it was impossible to set the lifetime based on device type.
This missing capability is now implemented for IPv4, with IPv6 support
coming soon. #1635
**TLS support work in progress.** The Kea team continues its work on
implementing Transport Layer Security (TLS) in Kea. The ultimate goal is
for the Control Agent (CA) to be able to accept HTTPS connections. While
the TLS solution is not yet usable, several important milestones have
been completed. There are now several new parameters available in the CA
configuration: `trust-anchor`, `cert-file`, `key-file`, and
`cert-required`. The parameters can be configured, but they are not yet
used. A new config example, `doc/examples/agent/https.json`, has been
added with some commentary (#1662). Another change updated the asiolink
library to be able to handle the future TLS socket types. This is not a
user-visible change. #1644
**DB cluster improvements.** Kea does not officially support any
database (DB) clustering solutions; we have heard from users who have
used clustering solutions with varying results. The ISC team has begun
experimenting with Galera, Percona, NDB, and group replication. We set
up clusters and ran unit and system tests, and found a few issues to
address. The first two improvements make our MySQL libraries run better
in a Percona cluster. One ticket updated the MySQL schema with the
primary key for forensic logging (#1709), while another fixed several
problems in unit tests that manifested themselves only on Percona
(#1708). Finally, we are getting ready to run performance tests of
multiple Kea instances connected to a DB cluster. To do that reliably,
we need to export the list of leases assigned by each instance and then
correlate them to check for any duplicates. With that in mind, we
extended our `perfdhcp` tool with the ability to export the list of
assigned leases. We hope to make good use of that capability in future
tests. #1703
**Bug fixes.** Earlier Kea versions could experience a crash when
processing a high request rate while the forensic logging hook was
configured to write log entries to a database and multi-threading was
enabled. This release includes a fix for this problem (#1711). One user
reported that Kea used values defined in client classes in a
non-deterministic way. The code has been updated to provide consistent
behavior for options and fixed fields (#1672). When dealing with client
classification, it is possible to encounter a situation when there are
subnets and pools available, but the client does not meet the class
requirements and is therefore unable to use any of them. In such cases,
earlier Kea versions printed cryptic error messages, such as `failed to
allocate an IPv4 address after 0 attempt(s)`. This was confusing, so the
message has been tweaked; several additional messages explain the
reasons why the allocation failed. More details are available to debug
the problem. #1701
**MySQL DB upgrade improvements.** Two prior development releases had
incorrectly versioned database schema. As a result, when upgrading from
1.9.2 or 1.9.3 to 1.9.4 the `kea-admin` tool incorrectly assumed the
schema was already updated, when in fact it was not. This is now
corrected (#1698). Upgrading from any earlier Kea versions to 1.9.5
works correctly, and a workaround for upgrading to 1.9.4 is documented
in the Known issues list. See the link below.
## Incompatible Changes
There are no backward-incompatible changes in this release.
## Known Issues
For details on known issues, visit:
https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list
And for the list of issues marked as bugs:
https://gitlab.isc.org/isc-projects/kea/issues?label_name%5B%5D=bug
## Release Model
The Kea project has a significant production deployment base with users
who are looking for stability, rather than a constant stream of new
"bleeding-edge" features. At the same time, we want to continue
developing the software and add some new powerful, but
difficult-to-implement, features. To meet both of these requirements we
have both Stable and Development branches.
Stable releases are what you would expect: stable, released
infrequently, without new features or significant changes, very
well-tested. These can be identified by an even-numbered minor version
number. The current stable release is 1.8.2. The older stable version of
1.6.3 is also available. If we discover important bugs that require
fixing, we may release additional maintenance versions on the 1.8
branch, but that will be determined on a case-by-case basis. The next
major stable version will be 2.0.0.
Development releases can be easily identified by an odd minor version
number: for example, 1.9.0 is a development release. Subsequent releases
on the same minor release branch get numbered with 1.9.1, 1.9.2, and so
on.
Our goal is to make the development release available on the last
Wednesday of each month. There may be exceptions (such as during
holidays), but that's the general plan.
We encourage users to test the development releases and report back
their findings.
For more details on the plan, see ISC's Software Support Policy at:
https://kb.isc.org/docs/aa-00896
## Kea Overview
Kea is a DHCP implementation developed by Internet Systems Consortium,
Inc. that features fully functional DHCPv4 and DHCPv6 servers, a dynamic
DNS update daemon, a Control Agent (CA) that provides a REST API to
control the DHCP and DNS update servers, an example shell client to
connect to the CA, a daemon that is able to retrieve YANG configuration
and updates from Sysrepo, and a DHCP performance-measurement tool. Both
DHCP servers support server discovery, address assignment, renewal,
rebinding, release, decline, information request, DNS updates, client
classification, and host reservations. The DHCPv6 server also supports
prefix delegation. Lease information is stored in a CSV file by default;
it can optionally be stored in a MySQL, PostgreSQL, or Cassandra
database instead. Host reservations can be stored in a configuration
file, or in a MySQL, PostgreSQL, or Cassandra database. They can also be
retrieved from a RADIUS server, although this functionality is somewhat
limited. Kea DHCPv4 and DHCPv6 daemons provide support for YANG models,
which are stored in a Sysrepo datastore and can be configured via the
NETCONF protocol.
This text references issue numbers. For more details, visit the Kea
GitLab page at:
https://gitlab.isc.org/isc-projects/kea/-/issues
## License
This version of Kea is released under the Mozilla Public License,
version 2.0.
https://www.mozilla.org/en-US/MPL/2.0
The premium and subscriber-only hooks libraries are provided in source
code form, under the terms of an End User License Agreement (you will
get the source code that you can modify freely, but you are not
permitted to redistribute it).
## Download
Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:
https://cloudsmith.io/~isc/repos/
The Kea source and PGP signature for this release may be downloaded from:
https://www.isc.org/download
The signature was generated with the ISC code-signing key which is
available at:
https://www.isc.org/pgpkey
ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation, at:
* https://kea.readthedocs.io/en/latest/
* or via https://kb.isc.org/docs/kea-administrator-reference-manual in
HTML, plain text, or PDF formats
ISC maintains a public open source code tree, a wiki, an issue tracking
system, milestone planning, and a roadmap at:
https://gitlab.isc.org/isc-projects/kea
We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list at:
https://lists.isc.org/mailman/listinfo/kea-users
We would also like to hear whether the documentation is adequate and
accurate. Please open tickets in the Kea GitLab project for bugs,
documentation omissions and errors, and enhancement requests. We want to
hear from you even if everything worked.
## Support
Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea development and
maintenance are funded with support subscriptions. For more information
on ISC's Kea and DHCP software support see:
https://www.isc.org/support/
Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at:
https://www.isc.org/community/mailing-List
If you have any comments or questions about working with Kea, please
share them to the Kea Users List:
https://lists.isc.org/mailman/listinfo/kea-users
Bugs and feature requests may be submitted via GitLab at:
https://gitlab.isc.org/isc-projects/kea/-/issues
## Changes
The following summarizes changes since the previous release of 1.9.4:
```
1872. [build] razvan
Library version numbers bumped for Kea 1.9.5 development
version.
(Gitlab #1713)
1871. [bug] andrei
The cache threshold feature introduced in 1.9.4 modified
previously versioned schema 9.5. This caused problems for people
who had already upgraded to 9.5 which in Kea versions means 1.9.2
and 1.9.3.
In this change, the upgrade commands were moved to schema 9.6 and
are only applied if the database does not contain the required
columns. Affected Kea installments can now be upgraded to 1.9.5
and above seamlessly.
(Gitlab #1698)
1870. [bug] razvan
Fixed a crash when using the Kea Legal Log Hooks Library with
multi-threading. This bug was affecting only database backends.
The log file backend was not affected by this bug.
(Gitlab #1711)
1869. [func] tmark
Kea-dhcp4 now supports specifying valid-lifetime in client
classes. Prior to this it could only be specified at the
global, shared-network, and subnet scopes.
(Gitlab #1635)
1868. [func] andrei
The forensic log hook library has gained an auto-increment
primary key column in it's logs table. It is now able to function
in a MySQL Percona cluster which requires a primary key for all
it's tables when configured with pxc_strict_mode = ENFORCING
which is also the default value.
(Gitlab #1709)
1867. [bug] andrei
MySQL connection unit tests have been modified to work with
Percona cluster. This change doesn't fix all problems, but it
improves the situation sufficiently to be able to run unit tests
with positive results on a Percona cluster.
(Gitlab #1708)
1866. [func] marcin
Added new log messages issued when a dynamic lease allocation
fails. The new messages provide comprehensive information about
the circumstances in which the failure occurred. In particular,
they state whether the client is connected to a shared network
or not. If it is, the shared network name is provided. Otherwise,
the client's subnet id is logged. The new messages also inform
from how many subnets the server attempted to allocate a lease
and how many subnets could not be used because of non-matching
client classes.
(Gitlab #1701)
1865. [func] razvan
Implemented the Run Script hooks library which can be used to
run external scripts for specific packet processing hook points.
There are several exported environment variables available for
the script. Currently the implementation is nonblocking and
Kea will not wait for the script to finish execution before
continuing to the next step. For this reason, the next step
provided by the script is ignored.
(Gitlab #899)
1864. [func] fdupont
New parameters to handle TLS support added in Control Agent
config: "trust-anchor", "cert-file", "key-file" and
"cert-required". They can be configured, but their values are
not yet used.
(Gitlab #1662)
1863. [func] andrei
The perfdhcp tool now supports the -x l option that exports the
assigned leases to stdout in CSV format. This new capability is
very useful for the ongoing DB cluster experiments, where we need
to correlate leases between multiple Kea instances sharing the
same cluster.
(Gitlab #1703)
1862. [build] andrei
Added execution permissions to the upgrade scripts in Kea's
installation. Previously kea-admin db-upgrade would fail with a
permission denied error. It started manifesting in 1.9.3 and
affected 1.9.4 as well. Additionally, now, when running make in
the source repository to recreate scripts e.g. kea-admin, after a
change to the .in files e.g. kea-admin.in, they maintain the
execution permissions granted in the initial build. This makes
development more seamless.
(Gitlab #1681)
1861. [bug]* tmark
kea-dhcp4 now uses the value for each fixed field (e.g.
next-server, server-hostname, boot-file-name) from the
first class in query's list of classes that specifies the
field. Prior to this it used the value from the last class
which specified the field. It may be necessary to revise
existing configurations to get the desired values.
(Gitlab #1672)
```
Thank you again to everyone who assisted us in making this release
possible.
We look forward to receiving your feedback.
More information about the Kea-announce
mailing list