{{tag>linux docker kea dhcp}}
======Docker - DHCP Kea Server======
Since mid 2023 I have been running a Docker ISC Kea Image using base Docker Alpine Linux images, with S6 init system. (ISC Kea is a modern replacement for their DHCP.) The main DHCP server runs on my main server and I have an automatic fall over back up on my separate Linux router. I basically followed the Kea template [[https://kea.readthedocs.io/en/latest/arm/config-templates.html#template-home-network-of-a-power-user|Home Network of a Power User]]. I was never quite sure I had the automatic fall over back-up working. On 2023-01-02 I modified a configuration file on the primary server with a syntax error, 8 days later I notice millions of lines of errors on my log files. Sure enough the backup had simply been working. I fixed up the simple syntax error and the primary server took back over. Everything basically worked as expected.
ISC also has a project for a simple GUI interface primarily for Kea and basic for Bind9. There is apparently no Alpine package yet for Stork.
=====History=====
The article by Lee Hutchinson [[https://arstechnica.com/information-technology/2024/10/finally-upgrading-from-isc-dhcp-server-to-isc-kea-for-my-homelab/|Finally upgrading from isc-dhcp-server to isc-kea for my homelab]] was written after I made my upgrade to Kea. He wrote an a much earlier article on [[https://blog.bigdinosaur.org/running-bind9-and-isc-dhcp/|running BIND9 and ISC_DHCP]] in his blog, which I found referenced in [[https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/|The Ars guide to building a Linux router from scratch]]. It looks like he updated this [[https://arstechnica.com/information-technology/2024/02/doing-dns-and-dhcp-for-your-lan-the-old-way-the-way-that-works/|Doing DNS and DHCP for your LAN the old way—the way that works]] with a semi related part 2 [[https://arstechnica.com/information-technology/2024/03/banish-oem-self-signed-certs-forever-and-roll-your-own-private-letsencrypt/|Banish OEM self-signed certs forever and roll your own private LetsEncrypt]]. In my earlier implementation of my router [[https://wiki.kptree.net/doku.php?id=linux_router:dns_dhcp|DHCP and DNS]] that was written on "bare metal I did follow Lee's notes on DDNS between ISC-DHCP and BIND9. I never particularly like the DDNS between ISC DHCP and BIND9 for the following reasons:
*I makes the BIND9 file messy. The DDNS entries are all over the place in the zone files with different timetolife headers all over the place too.
*One had to take greater care to freeze Bind9 when adjusting zone files as DHCP could be writing to it. With Bind in a Docker container, I just restart the container after adjusting the zone file.
*I just static IPv4 addresses for my main home server services and manually define the domain names in the Bind zone files where required. The dynamically defined DNS is simply not important for me.
*Other less critical non-server addresses that I want a constant LAN IP I define as static in Kea.
*Whilst I expect DDNS certainly has some benefits the use of simple setup of back up of DNS and DHCP is much more beneficially to me. I run my main home server and NAS and a separate router service focused server. Both of these run Kea and Bind in Docker containers in back-up mode. If I fiddle with either machine the other provides reliable backup DHCP and DNS. This is much more beneficial to me than DDNS. If DHCP or DNS are unavailable on my home network it can be very confusing, difficult, time consuming and frustrating to make it work again. Backup DHCP and DNS on my home server system is simply so much more beneficial than DDNS.
There are more references on building a home router and related here: [[https://wiki.kptree.net/doku.php?id=linux_router:dns_dhcp#main_references_used_2017|Main references used]], sadly some of these already suffer from link rot even though the information was still relevant.
=====Kea Packages and Hooks=====
ISC-Kea seems to be provided in a number of [[https://kb.isc.org/docs/isc-kea-packages|packages]]
^ Package ^ Use ^ Descriptiion ^ Comment ^
| isc-kea | | ISC Kea metapackage | This installs everything |
| isc-kea-admin | | This package provides backend database initialization and migration scripts and a DHCP benchmark tool. If you are not using a database backend, you may not need this. | Not using a database backend at this time |
| isc-kea-common | X | Common libraries for the ISC Kea DHCP server. Install this. | Need this. |
| isc-kea-ctrl-agent | X | This package provides the REST API service agent for Kea DHCP. | ? |
| isc-kea-dev | | Development headers for ISC Kea DHCP server. Install if you plan to create any custom Kea hooks. | Probably do not need. |
| isc-kea-dhcp4-server | X | DHCPv4 server. (''isc-kea-dhcp4'' for Alpine) | Need this. |
| isc-kea-dhcp6-server | | DHCPv6 server. (''isc-kea-dhcp6'' for Alpine) | Do not need at this time. |
| isc-kea-dhcp-ddns | | DDNS server. | Need this. |
| isc-kea-doc | | Kea documentation. Highly recommended. Example documents are located here ''/usr/share/doc/kea/examples/'' | On a Docker container? |
| isc-kea-hook-flex-option | | Flexible Options hook. | What is this? |
| isc-kea-hook-ha | X | High Availability hook. | What is this? |
| isc-kea-hook-lease-cmds | X | Lease Commands hook. | What is this? |
| isc-kea-hook-mysql-cb | | MySQL Configuration Backend. | Dont need this at this time. |
| isc-kea-hook-pgsql-cb | | PostgreSQL Configuration Backend. | Dont need this. |
| isc-kea-hook-stat-cmds | | Statistics Commands hook. | ? |
| isc-kea-http | | This package is essential, install it. | It is essential... |
| isc-kea-perfdhcp | | Optional. Includes a DHCP performance testing tool from ISC. | ? |
| isc-kea-shell | X | Text client for Kea DHCP Control Agent. | ? |
See [[https://kea.readthedocs.io/en/latest/arm/hooks.html#available-hook-libraries|16.4. Available Hook Libraries]] for the available hook libraries. I have removed the hook reference from the above table that I do not use.
*[[https://kb.isc.org/docs/kea-configuration-sections-explained|Kea configuration sections explained]]
*[[https://kea.readthedocs.io/en/latest/arm/config-templates.html#template-home-network-of-a-power-user|Templates]]
====Network Ports====
From IANA Service Name and Transport Protocol Port online [[https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml|Number Registry]]:
bootps 67 {tcp, udp} Bootstrap Protocol Server (DHCP)
bootpc 68 {tcp, udp} Bootstrap Protocol Client (DHCP)
The Kea Control Agent uses port 8000 by default, but that value can be manually defined in its configuration file. (Usually located at /etc/kea/kea-ctrl-agent.conf.) This port needs to be open and accessible on every server that hosts a Kea DHCP service and a Kea Control Agent.
====Docker Network Type====
This is a good case where the Docker network type needs to be set to host. The DHCP server needs to be directly on the host to function.
====DHCP testing====
''%%sudo nmap --script broadcast-dhcp-discover%%'' will test for DHCP servers on the same network. It will only report the first DHCP server discovered.
===Reference===
*[[https://serverfault.com/questions/171744/command-line-program-to-test-dhcp-service|Command line program to test DHCP service]]
*[[https://nmap.org/book/toc.html|The Official Nmap Project Guide to Network Discovery and Security Scanning]]
*[[https://www.redhat.com/sysadmin/nmap-scripting-engine|5 scripts for getting started with the Nmap Scripting Engine]]
====main dhcp4====
*''kea-dhcp4 -t /app/dhcpv4.conf'' to test the kea-dhcp4 configuration files ''/app/dhcpv4.conf''
*''kea-dhcp4 -c /app/dhcpv4.conf'' to start kea dhcp4 using configuration file ''/app/dhcpv4.conf''
++++Use of symlink, TL;DR;|
Using symlinks in is confusing when using Docker mounted directories.
To control which dhcp4 config file to run (basic or plus):
*''ln -s .config/dhcp_basic.conf .config/dhcp.conf'' to run basic
*''ln -s .config/dhcp_plus.conf .config/dhcp.conf'' to run plus
*The ''-f'' flag can be used to overwrite an existing link file instead of deleting first.
*It makes more sense in this case to use a hard link as docker can not resolve the soft link. A hard link only works on the same device, but this should not be an issue with Docker volume command, as a hard linked file is the same as any other regular file in the same directory.
The plus configuration allows a secondary backup dhcp server to be operated.++++
*Kea Docs [[https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html|The DHCPv4 Server]]
*''kea-dhcp4 -c /app/dhcpv4_plus.conf'' to start kea dhcp4 using configuration file ''/app/dhcpv4_plus.conf''. This configuration file is designed to work with the kea control agent setup. Where as the basic configuration ''/app/dhcpv4_basic.conf'' is not.
++++Upgrade problem to 2.6.0 with dhcp4 parameter id in subnet configuration, TL;DR;|
I had a problem when upgrading to to Kea 2.6.0 that stopped kea-dhcp4 operating with an error ''file: /etc/kea/kea-dhcp4.conf, reason: subnet configuration failed: missing parameter ‘id’''. The error also reported the configuration line where the missing parameter was expected. Adding the missing parameter to the file as per Kea docs [[https://kea.readthedocs.io/en/kea-2.6.0/arm/dhcp4-srv.html#ipv4-subnet-identifier|ipv4-subnet-identifier]] resolved this error. Apparently this parameter was auto assigned in earlier versions of Kea, if not manually assigned in configuration file. In Kea version 2.6.0 manual assignment became mandatory, see [[https://kb.isc.org/docs/changes-to-be-aware-of-when-migrating-to-kea-2-6-0|Changes to Be Aware of When Migrating to Kea 2.6.0]].++++
====ctrl-agent -t /app/kea-ctrl-agent.conf====
*''kea-ctrl-agent -t /app/kea-ctrl-agent.conf'' to test the kea-cont-agent configuration file ''/app/kea-ctrl-agent.conf''
*''kea-ctrl-agent -c /app/kea-ctrl-agent.conf'' to start the kea-cont-agent configuration file ''/app/kea-ctrl-agent.conf''
*[[https://kea.readthedocs.io/en/latest/arm/agent.html|The Kea Control Agent]]
====Kea logging====
*[[https://kb.isc.org/docs/kea-logging-configuration|Kea Logging Configuration]], [[https://kea.readthedocs.io/en/latest/arm/logging.html|Kea Docs 19. Logging]]
I have stored log files in the .config directory that is a Docker mounted volume for persistence and easy external viewing outside container. The following logs files can be seen.
* ''.config/log/kea-dhcp4-commands.log''
* ''.config/log/kea-dhcp4-dhcpsrv.log''
* ''.config/log/kea-dhcp4-leases.log''
* ''.config/log/kea-dhcp4.log''
* ''.config/log/kea-dhcp4-ha-hooks.log''
====Kea Miscellaneous====
*''docker attach kptr-kea-1'' to attach to running container
*''kea-dhcp4 -v'' To check running version
=====References=====
*KPTree.net's bare metal implementation of [[linux_router:dns_dhcp|dns - dhcp]], based upon ISC Bind9 and DHCP on Debian 10 (was originally Ubuntu).
*ISC documentation
*[[https://kea.readthedocs.io/en/latest/arm/config-templates.html#template-home-network-of-a-power-user|Template: Home Network of a Power User]]
*[[https://kb.isc.org/docs/isc-kea-packages|Using Official ISC Packages for Kea]]
*[[https://kb.isc.org/docs/kea-configuration-sections-explained|Kea Configuration Introduction]]
*[[https://kb.isc.org/docs/kea-configuration-for-small-office-or-home-use|Kea Configuration for Small Office or Home Use]]
*[[https://web-wilke.de/install-and-run-kea-dhcp-with-stork-on-debian-11/|Install and run KEA DHCP with Stork on Debian 11]]
*[[https://github.com/JonasAlfredsson/docker-kea| JonasAlfredsson / docker-kea ]]
*[[https://www.henrydu.com/2020/09/15/kea-dhcp-webinar-01/|Kea dhcp webinar 01]] [[https://www.youtube.com/watch?v=zr8kGTcJ5WY|Youtube Webinar]]
Kea read the docs [[https://kea.readthedocs.io/en/latest/arm/intro.html|Intro]] give the latest docs and the into states which version this is. A specific version can be found by changing the ''latest'' in the html path to the Kea version required, e.g. as of writing the current verion I am using is 2.6.1, so '%%https://kea.readthedocs.io/en/2.6.1/arm/intro.html%%'' [[https://kea.readthedocs.io/en/2.6.1/arm/intro.html|Intro]]
<- docker_notes:docker-dns|Back ^ docker_notes:index|Start page ^ docker_notes:vpn|Next ->