<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Yeah, the curl didn't work - it connected ok, but the auth failed
- see my next post for more information - and thanks for helping
us out :-)<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 26/01/2023 21:57, Veronique Lefebure
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ZRAP278MB07555DC57DED805C7429353D89CF9@ZRAP278MB0755.CHEP278.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);" class="elementToProof">
Hi,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255,
255, 255);" class="elementToProof">
Have you tried to run a manual curl command from one of the two
servers to its partner ?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b>
Kea-users <a class="moz-txt-link-rfc2396E" href="mailto:kea-users-bounces@lists.isc.org"><kea-users-bounces@lists.isc.org></a> on behalf of
duluxoz <a class="moz-txt-link-rfc2396E" href="mailto:duluxoz@gmail.com"><duluxoz@gmail.com></a><br>
<b>Sent:</b> Thursday, January 26, 2023 9:26 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:kea-users@lists.isc.org">kea-users@lists.isc.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:kea-users@lists.isc.org"><kea-users@lists.isc.org></a><br>
<b>Subject:</b> [Kea-users] Kea HA Heartbeat Failure</font>
<div> </div>
</div>
<div>
<p><font size="1"><font face="Arial">Hi All,</font></font></p>
<p><font size="1"><font face="Arial">Looking for some pointers
on an issue we've got.</font></font></p>
<p><font size="1"><font face="Arial">TL:DR: Our Kea HA Servers'
Heartbeat not connecting - permissions issue.</font></font></p>
<p><font size="1"><font face="Arial">So we've got to Kea servers
(v2.2) running on two Rocky Linux v9.1 servers. Clients
are getting IP Addresses (both dynamic and reserved) and
keactrl works fine, etc. But we're getting the following
error messages showing up in the logs:</font></font></p>
<p><font size="1"><font face="Arial">~~~</font></font></p>
<p><font size="1"><font face="Arial">2023-01-26 16:20:37.013
WARN [kea-dhcp4.ha-hooks/7896.140594097562496]
HA_HEARTBEAT_FAILED heartbeat to kea_dhcp_2 (<a
href="http://192.168.1.3:8000/"
data-auth="NotApplicable" class="x_moz-txt-link-freetext
moz-txt-link-freetext" moz-do-not-send="true">http://192.168.1.3:8000/</a>)
failed: Unauthorized, error code 1<br>
2023-01-26 16:20:37.013 WARN
[kea-dhcp4.ha-hooks/7896.140594097562496]
HA_COMMUNICATION_INTERRUPTED communication with kea_dhcp_2
is interrupted<br>
~~~<br>
</font></font></p>
<p><font size="1"><font face="Arial">Its not SELinux (we turned
off SELinux and the problem persisted).</font></font></p>
<p class="elementToProof"><font size="1"><font face="Arial">Its
not firewalld (we think) - ie the ports are opened,
confirmed by netstat.</font></font></p>
<p><font size="1"><font face="Arial">We are using the default
port of 8000 for keactrl and the heartbeat (I assume this
is OK, as the doco seems to imply that it is).</font></font></p>
<p class="elementToProof"><font size="1"><font face="Arial">keactrl
is using a basic authentication with a pre-shared key, and
we've checked that its the same on both servers.<br>
</font></font></p>
<p><font size="1"><font face="Arial">We've bound port 8000 to
the actual IPv4 address of the server (not 127.0.0.1). We
originally had it bound to the loopback address, and we
were getting "connection refused" errors, so we bound it
to the real IP Address and not we're getting the above
error.</font></font></p>
<p><font size="1"><font face="Arial">The two servers' IP
Addresses are in the correct "allow" statement, and when
we removed the allow statement from the config (ie opened
up connection to all) we still had the same problem.</font></font></p>
<p><font size="1"><font face="Arial">Finally, our config files
are practically the same as those shown on numerous
websites and in the official doco and sample files - with
the relevant details changed (ie IP Addresses, etc) - I
can post them here if required, but I'm loath to fill up a
post with irrelevant info unless requested. :-)<br>
</font></font></p>
<p class="elementToProof"><font size="1"><font face="Arial">So,
any pointers would be appreciated</font></font></p>
<p><font size="1"><font face="Arial">Cheers</font></font></p>
</div>
<div class="elementToProof"><font size="1"><font face="Arial">Dulux-Oz</font></font>
</div>
</blockquote>
<div class="moz-signature">-- <br>
<title>Peregrine IT Signature</title>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<p> <font size="4" face="Arial" color="842dce"><strong>Matthew J
BLACK</strong></font> <br>
<font size="2" face="Arial" color="b760ff"> M.Inf.Tech.(Data
Comms) <br>
MBA <br>
B.Sc. <br>
MACS (Snr), CP, IP3P </font> </p>
<p> <font size="3" face="Arial" color="842dce">When you want it
done <em>right</em> ‒ the first time!</font> </p>
<table border="0">
<tbody>
<tr>
<td align="right"><font size="1" face="Arial" color="b760ff">Phone:</font></td>
<td><font size="1" face="Arial" color="b760ff">+61 4 0411
0089</font></td>
</tr>
<tr>
<td align="right"><font size="1" face="Arial" color="b760ff">Email:</font></td>
<td><a href="mailto:matthew@peregrineit.net"><font size="1"
face="Arial" color="b760ff">matthew@peregrineit.net</font></a></td>
</tr>
<tr>
<td align="right"><font size="1" face="Arial" color="b760ff">Web:</font></td>
<td><a href="http://www.peregrineit.net"><font size="1"
face="Arial" color="b760ff">www.peregrineit.net</font></a></td>
</tr>
</tbody>
</table>
<p> <a href="http://au.linkedin.com/in/mjblack"> <img
src="http://s.c.lnkd.licdn.com/scds/common/u/img/webpromo/btn_viewmy_160x33.png"
alt="View Matthew J BLACK's profile on LinkedIn" width="160"
height="33" border="0"> </a> </p>
<font size="1" face="Arial">
<p> This Email is intended only for the addressee. Its use is
limited to that intended by the author at the time and it is
not to be distributed without the author’s consent. You must
not use or disclose the contents of this Email, or add the
sender’s Email address to any database, list or mailing list
unless you are expressly authorised to do so. Unless
otherwise stated, Peregrine I.T. Pty Ltd accepts no liability
for the contents of this Email except where subsequently
confirmed in writing. The opinions expressed in this Email
are those of the author and do not necessarily represent the
views of Peregrine I.T. Pty Ltd. This Email is confidential
and may be subject to a claim of legal privilege. </p>
<p> If you have received this Email in error, please notify the
author and delete this message immediately. </p>
</font>
</div>
</body>
</html>