<div dir="ltr">Hi Darren, <div><br></div><div>Thanks for the observation, I was trying on the two different sets of servers, and while copying the config these are missed, I have corrected them but still, it didn't work at first, then I removed the certificate params values like </div><div>"trust-anchor": "",<br> "cert-file": "",<br> "key-file": "",<br></div><div>in both the kea-DHCP service file and control-agent config. In control-agent.conf I also added "cert-required": false</div><div>it worked and I am able to get a lease but here I have doubts. When I add the certificates back again it is not working </div><div>I tried to add a debug logging configuration for <span style="color:rgb(0,0,0);font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:10.8px">kea-ctrl-agent.http like</span></div><div> "loggers": [<br> {<br> "name": "kea-dhcp4",<br> "debuglevel": 99,<br> "output_options": [<br> {<br> "output": "/var/log/kea-dhcp4.log"<br> }<br> ],<br> "severity": "DEBUG"<br> },<br> {<br> "name": "kea-ctrl-agent.http ",<br> "debuglevel": 99,<br> "output_options": [<br> {<br> "output": "/var/log/kea-ctrl-agent.http.log"<br> }<br> ],<br> "severity": "DEBUG"<br> }<br> ]<br></div><div> but I don't see any logs even after starting the server, </div><div>1)Do we have any way where we can increase debugging for the HTTP agent and see if there are any issues?</div><div>2)I<span style="color:rgb(0,0,0);white-space:pre-wrap">n hot standby mode I tried to check the failover case. It worked only when I set the m</span><span style="color:rgb(0,0,0);white-space:pre-wrap">ax-unacked-clients to zero only as part of a suggestion from one of the GitHub URLs but want to cross-check if that is the correct expected way.</span></div><div><span style="color:rgb(0,0,0);white-space:pre-wrap">3)And one last confirmation: when we are running the Kea with HA we should run the keactrl_agent on all the appliances?</span></div><div><span style="color:rgb(0,0,0);white-space:pre-wrap">Asking this because generally, I prefer using systemctl for my services and for kea I used it so just checking if should I use keactrl_agent also to be monitored by systemctl service </span></div><div><span style="color:rgb(0,0,0);white-space:pre-wrap"><br></span></div><div><span style="color:rgb(0,0,0);white-space:pre-wrap"><br></span></div><div>Thanks in Advance</div><div>Kraishak</div><div><span style="color:rgb(0,0,0);white-space:pre-wrap"><br></span></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 18, 2023 at 11:37 PM Darren Ankney <<a href="mailto:darren.ankney@gmail.com">darren.ankney@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hui Kraishak,<br>
<br>
The first thing I see is that your failover configs aren't exactly the<br>
same. They have two differences that I see:<br>
<br>
"max-unacked-clients": 5,<br>
vs<br>
"max-unacked-clients": 0,<br>
<br>
and<br>
<br>
"url": "<a href="http://192.168.0.169:8000/" rel="noreferrer" target="_blank">http://192.168.0.169:8000/</a>",<br>
vs<br>
"url": "<a href="http://192.168.0.126:8000/" rel="noreferrer" target="_blank">http://192.168.0.126:8000/</a>",<br>
<br>
You really want those configurations to be the same except the<br>
"this-server-name": portion.<br>
<br>
I also see that the "url": "<a href="http://192.168.0.169:8000/" rel="noreferrer" target="_blank">http://192.168.0.169:8000/</a>", on the<br>
primary (in the standby server slot) does not match what you are<br>
listening to in your control agent on the standby server:<br>
<br>
"http-host": "192.168.0.126",<br>
"http-port": 8000,<br>
<br>
I imagine if you fix that typo, it will begin to work.<br>
<br>
Thank you,<br>
<br>
Darren Ankney<br>
<br>
On Tue, Apr 18, 2023 at 1:38 PM Kraishak Mahtha <<a href="mailto:kraishak.edu@gmail.com" target="_blank">kraishak.edu@gmail.com</a>> wrote:<br>
><br>
> Hi Kevin,<br>
><br>
> We have that setup already, I use a tool that send packets using the 4.0.0.0 network interface, I tried that in standalone and it worked fine. I have been using that tool for years and to my knowledge that has no issues, I also tried with <a href="http://192.168.0.0/22" rel="noreferrer" target="_blank">192.168.0.0/22</a> network too, but still no luck.<br>
><br>
> And when you observe the echo command output file on both primary and failover it shows waiting, I guess that is causing the issue , I think it is something like both in recover recover status just like as ISC failover stages, may be I could be wrong too.<br>
><br>
> Do you have any suggestions of how to debug more about the HA, Can we add any more debugging for HA flow ?<br>
><br>
> On Tue, 18 Apr 2023 at 10:13 PM, Kevin P. Fleming <<a href="mailto:lists.kea-users@kevin.km6g.us" target="_blank">lists.kea-users@kevin.km6g.us</a>> wrote:<br>
>><br>
>> On Tue, Apr 18, 2023, at 12:26, Kraishak Mahtha wrote:<br>
>><br>
>> Hi,<br>
>> I am trying to configure the kea-DHCP failover.<br>
>> Initially, I ran two DHCP servers as two separate standalone and tested the DHCP leases. It is working fine but when I add that to the failover type it is not working. unable to get leases.<br>
>> I tried checking the logs, netstat, and config of both dhcp4 and the control agent, everything seems to be ok. I am not sure where the service is getting stuck, I have attached the required config files and "status-get" command output, can someone guide me on this<br>
>><br>
>><br>
>> Your servers are on <a href="http://192.168.0.0/24" rel="noreferrer" target="_blank">192.168.0.0/24</a>, but the subnet you have configured is <a href="http://4.0.0.0/16" rel="noreferrer" target="_blank">4.0.0.0/16</a>. How are you sending the DHCP traffic from the clients to your servers, is there a relay involved? If so, is it sending the traffic to both servers in parallel?<br>
>><br>
>><br>
>> --<br>
>> ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
>><br>
>> To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
>><br>
>> Kea-users mailing list<br>
>> <a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
>> <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
><br>
> --<br>
> ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
><br>
> To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
><br>
> Kea-users mailing list<br>
> <a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
> <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>