From d95200e96763e4a7ed02577b1b177c84abb77838 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Fri, 16 Dec 2022 11:41:33 +0100
Subject: dhcp: T3316: Migrate dhcp/dhcpv6 server to Kea
---
data/templates/dhcp-server/10-override.conf.j2 | 30 --
data/templates/dhcp-server/dhcpd.conf.j2 | 250 ------------
data/templates/dhcp-server/dhcpdv6.conf.j2 | 132 ------
data/templates/dhcp-server/kea-ctrl-agent.conf.j2 | 14 +
data/templates/dhcp-server/kea-dhcp4.conf.j2 | 72 ++++
data/templates/dhcp-server/kea-dhcp6.conf.j2 | 48 +++
debian/control | 3 +-
interface-definitions/dhcp-server.xml.in | 40 +-
interface-definitions/dhcpv6-server.xml.in | 51 ++-
.../include/dhcp/ping-check.xml.i | 8 -
.../include/version/dhcp-server-version.xml.i | 2 +-
.../include/version/dhcpv6-server-version.xml.i | 2 +-
op-mode-definitions/dhcp.xml.in | 4 +-
op-mode-definitions/monitor-log.xml.in | 4 +-
op-mode-definitions/show-log.xml.in | 4 +-
python/vyos/kea.py | 310 ++++++++++++++
python/vyos/template.py | 100 +++++
python/vyos/utils/file.py | 8 +
python/vyos/utils/network.py | 34 ++
smoketest/config-tests/dialup-router-medium-vpn | 5 -
smoketest/configs/basic-vyos | 18 +
smoketest/scripts/cli/test_service_dhcp-server.py | 444 +++++++++++++--------
.../scripts/cli/test_service_dhcpv6-server.py | 156 ++++++--
src/conf_mode/dhcp_server.py | 134 +++++--
src/conf_mode/dhcpv6_server.py | 42 +-
src/conf_mode/system-login.py | 2 +-
.../system/kea-ctrl-agent.service.d/override.conf | 9 +
.../kea-dhcp4-server.service.d/override.conf | 7 +
.../kea-dhcp6-server.service.d/override.conf | 7 +
src/migration-scripts/dhcp-server/6-to-7 | 87 ++++
src/migration-scripts/dhcpv6-server/1-to-2 | 86 ++++
src/op_mode/clear_dhcp_lease.py | 41 +-
src/op_mode/dhcp.py | 120 +++---
src/system/on-dhcp-event.sh | 14 +-
src/systemd/isc-dhcp-server6.service | 24 --
35 files changed, 1465 insertions(+), 847 deletions(-)
delete mode 100644 data/templates/dhcp-server/10-override.conf.j2
delete mode 100644 data/templates/dhcp-server/dhcpd.conf.j2
delete mode 100644 data/templates/dhcp-server/dhcpdv6.conf.j2
create mode 100644 data/templates/dhcp-server/kea-ctrl-agent.conf.j2
create mode 100644 data/templates/dhcp-server/kea-dhcp4.conf.j2
create mode 100644 data/templates/dhcp-server/kea-dhcp6.conf.j2
delete mode 100644 interface-definitions/include/dhcp/ping-check.xml.i
create mode 100644 python/vyos/kea.py
create mode 100644 src/etc/systemd/system/kea-ctrl-agent.service.d/override.conf
create mode 100644 src/etc/systemd/system/kea-dhcp4-server.service.d/override.conf
create mode 100644 src/etc/systemd/system/kea-dhcp6-server.service.d/override.conf
create mode 100755 src/migration-scripts/dhcp-server/6-to-7
create mode 100755 src/migration-scripts/dhcpv6-server/1-to-2
delete mode 100644 src/systemd/isc-dhcp-server6.service
diff --git a/data/templates/dhcp-server/10-override.conf.j2 b/data/templates/dhcp-server/10-override.conf.j2
deleted file mode 100644
index 1504b6808..000000000
--- a/data/templates/dhcp-server/10-override.conf.j2
+++ /dev/null
@@ -1,30 +0,0 @@
-### Autogenerated by dhcp_server.py ###
-{% set lease_file = '/config/dhcpd.leases' %}
-[Unit]
-Description=ISC DHCP IPv4 server
-Documentation=man:dhcpd(8)
-RequiresMountsFor=/run
-ConditionPathExists=
-ConditionPathExists=/run/dhcp-server/dhcpd.conf
-After=
-After=vyos-router.service
-
-[Service]
-Type=forking
-WorkingDirectory=
-WorkingDirectory=/run/dhcp-server
-RuntimeDirectory=dhcp-server
-RuntimeDirectoryPreserve=yes
-Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhcpd.conf LEASE_FILE={{ lease_file }}
-PIDFile=/run/dhcp-server/dhcpd.pid
-ExecStartPre=/bin/sh -ec '\
-touch ${LEASE_FILE}; \
-chown dhcpd:vyattacfg ${LEASE_FILE}* ; \
-chmod 664 ${LEASE_FILE}* ; \
-/usr/sbin/dhcpd -4 -t -T -q -user dhcpd -group vyattacfg -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} '
-ExecStart=
-ExecStart=/usr/sbin/dhcpd -4 -q -user dhcpd -group vyattacfg -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE}
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/data/templates/dhcp-server/dhcpd.conf.j2 b/data/templates/dhcp-server/dhcpd.conf.j2
deleted file mode 100644
index 639526532..000000000
--- a/data/templates/dhcp-server/dhcpd.conf.j2
+++ /dev/null
@@ -1,250 +0,0 @@
-### Autogenerated by dhcp_server.py ###
-
-# For options please consult the following website:
-# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html
-#
-# log-facility local7;
-{% if hostfile_update is vyos_defined %}
-on release {
- set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name);
- set ClientIp = binary-to-ascii(10, 8, ".",leased-address);
- execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "release", "", ClientIp, "", "");
-}
-on expiry {
- set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name);
- set ClientIp = binary-to-ascii(10, 8, ".",leased-address);
- execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "release", "", ClientIp, "", "");
-}
-{% endif %}
-
-{{ 'use-host-decl-names on;' if host_decl_name is vyos_defined }}
-ddns-update-style {{ 'interim' if dynamic_dns_update is vyos_defined else 'none' }};
-option rfc3442-static-route code 121 = array of integer 8;
-option windows-static-route code 249 = array of integer 8;
-option wpad-url code 252 = text;
-option rfc8925-ipv6-only-preferred code 108 = unsigned integer 32;
-
-# Vendor specific options - Ubiquiti Networks
-option space ubnt;
-option ubnt.unifi-controller code 1 = ip-address;
-class "ubnt" {
- match if substring (option vendor-class-identifier , 0, 4) = "ubnt";
- option vendor-class-identifier "ubnt";
- vendor-option-space ubnt;
-}
-
-{% if global_parameters is vyos_defined %}
-# The following {{ global_parameters | length }} line(s) have been added as
-# global-parameters in the CLI and have not been validated !!!
-{% for parameter in global_parameters %}
-{{ parameter }}
-{% endfor %}
-
-{% endif %}
-{% if failover is vyos_defined %}
-# DHCP failover configuration
-failover peer "{{ failover.name }}" {
-{% if failover.status == 'primary' %}
- primary;
- mclt 1800;
- split 128;
-{% elif failover.status == 'secondary' %}
- secondary;
-{% endif %}
- address {{ failover.source_address }};
- port 647;
- peer address {{ failover.remote }};
- peer port 647;
- max-response-delay 30;
- max-unacked-updates 10;
- load balance max seconds 3;
-}
-{% endif %}
-{% if listen_address is vyos_defined %}
-
-# DHCP server serving relay subnet, we need a connector to the real world
-{% for address in listen_address %}
-# Connected subnet statement for listen-address {{ address }}
-subnet {{ address | network_from_ipv4 }} netmask {{ address | netmask_from_ipv4 }} { }
-{% endfor %}
-{% endif %}
-
-# Shared network configration(s)
-{% if shared_network_name is vyos_defined %}
-{% for network, network_config in shared_network_name.items() if network_config.disable is not vyos_defined %}
-shared-network {{ network }} {
-{% if network_config.authoritative is vyos_defined %}
- authoritative;
-{% endif %}
-{% if network_config.name_server is vyos_defined %}
- option domain-name-servers {{ network_config.name_server | join(', ') }};
-{% endif %}
-{% if network_config.domain_name is vyos_defined %}
- option domain-name "{{ network_config.domain_name }}";
-{% endif %}
-{% if network_config.domain_search is vyos_defined %}
- option domain-search "{{ network_config.domain_search | join('", "') }}";
-{% endif %}
-{% if network_config.ntp_server is vyos_defined %}
- option ntp-servers {{ network_config.ntp_server | join(', ') }};
-{% endif %}
-{% if network_config.ping_check is vyos_defined %}
- ping-check true;
-{% endif %}
-{% if network_config.shared_network_parameters is vyos_defined %}
- # The following {{ network_config.shared_network_parameters | length }} line(s)
- # were added as shared-network-parameters in the CLI and have not been validated
-{% for parameter in network_config.shared_network_parameters %}
- {{ parameter }}
-{% endfor %}
-{% endif %}
-{% if network_config.subnet is vyos_defined %}
-{% for subnet, subnet_config in network_config.subnet.items() %}
-{% if subnet_config.description is vyos_defined %}
- # {{ subnet_config.description }}
-{% endif %}
- subnet {{ subnet | address_from_cidr }} netmask {{ subnet | netmask_from_cidr }} {
-{% if subnet_config.name_server is vyos_defined %}
- option domain-name-servers {{ subnet_config.name_server | join(', ') }};
-{% endif %}
-{% if subnet_config.domain_name is vyos_defined %}
- option domain-name "{{ subnet_config.domain_name }}";
-{% endif %}
-{% if subnet_config.domain_search is vyos_defined %}
- option domain-search "{{ subnet_config.domain_search | join('", "') }}";
-{% endif %}
-{% if subnet_config.ntp_server is vyos_defined %}
- option ntp-servers {{ subnet_config.ntp_server | join(', ') }};
-{% endif %}
-{% if subnet_config.pop_server is vyos_defined %}
- option pop-server {{ subnet_config.pop_server | join(', ') }};
-{% endif %}
-{% if subnet_config.smtp_server is vyos_defined %}
- option smtp-server {{ subnet_config.smtp_server | join(', ') }};
-{% endif %}
-{% if subnet_config.time_server is vyos_defined %}
- option time-servers {{ subnet_config.time_server | join(', ') }};
-{% endif %}
-{% if subnet_config.wins_server is vyos_defined %}
- option netbios-name-servers {{ subnet_config.wins_server | join(', ') }};
-{% endif %}
-{% if subnet_config.ipv6_only_preferred is vyos_defined %}
- option rfc8925-ipv6-only-preferred {{ subnet_config.ipv6_only_preferred }};
-{% endif %}
-{% if subnet_config.static_route is vyos_defined %}
-{% set static_default_route = '' %}
-{% if subnet_config.default_router is vyos_defined %}
-{% set static_default_route = ', ' ~ '0.0.0.0/0' | isc_static_route(subnet_config.default_router) %}
-{% endif %}
-{% if subnet_config.static_route is vyos_defined %}
-{% set rfc3442_routes = [] %}
-{% for route, route_options in subnet_config.static_route.items() %}
-{% set rfc3442_routes = rfc3442_routes.append(route | isc_static_route(route_options.next_hop)) %}
-{% endfor %}
- option rfc3442-static-route {{ rfc3442_routes | join(', ') }}{{ static_default_route }};
- option windows-static-route {{ rfc3442_routes | join(', ') }};
-{% endif %}
-{% endif %}
-{% if subnet_config.ip_forwarding is vyos_defined %}
- option ip-forwarding true;
-{% endif %}
-{% if subnet_config.default_router is vyos_defined %}
- option routers {{ subnet_config.default_router }};
-{% endif %}
-{% if subnet_config.server_identifier is vyos_defined %}
- option dhcp-server-identifier {{ subnet_config.server_identifier }};
-{% endif %}
-{% if subnet_config.subnet_parameters is vyos_defined %}
- # The following {{ subnet_config.subnet_parameters | length }} line(s) were added as
- # subnet-parameters in the CLI and have not been validated!!!
-{% for parameter in subnet_config.subnet_parameters %}
- {{ parameter }}
-{% endfor %}
-{% endif %}
-{% if subnet_config.tftp_server_name is vyos_defined %}
- option tftp-server-name "{{ subnet_config.tftp_server_name }}";
-{% endif %}
-{% if subnet_config.bootfile_name is vyos_defined %}
- option bootfile-name "{{ subnet_config.bootfile_name }}";
- filename "{{ subnet_config.bootfile_name }}";
-{% endif %}
-{% if subnet_config.bootfile_server is vyos_defined %}
- next-server {{ subnet_config.bootfile_server }};
-{% endif %}
-{% if subnet_config.bootfile_size is vyos_defined %}
- option boot-size {{ subnet_config.bootfile_size }};
-{% endif %}
-{% if subnet_config.time_offset is vyos_defined %}
- option time-offset {{ subnet_config.time_offset }};
-{% endif %}
-{% if subnet_config.wpad_url is vyos_defined %}
- option wpad-url "{{ subnet_config.wpad_url }}";
-{% endif %}
-{% if subnet_config.client_prefix_length is vyos_defined %}
- option subnet-mask {{ ('0.0.0.0/' ~ subnet_config.client_prefix_length) | netmask_from_cidr }};
-{% endif %}
-{% if subnet_config.lease is vyos_defined %}
- default-lease-time {{ subnet_config.lease }};
- max-lease-time {{ subnet_config.lease }};
-{% endif %}
-{% if network_config.ping_check is not vyos_defined and subnet_config.ping_check is vyos_defined %}
- ping-check true;
-{% endif %}
-{% if subnet_config.static_mapping is vyos_defined %}
-{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not vyos_defined %}
- host {{ host | replace('_','-') if host_decl_name is vyos_defined else network | replace('_','-') ~ '_' ~ host | replace('_','-') }} {
-{% if host_config.ip_address is vyos_defined %}
- fixed-address {{ host_config.ip_address }};
-{% endif %}
- hardware ethernet {{ host_config.mac_address }};
-{% if host_config.static_mapping_parameters is vyos_defined %}
- # The following {{ host_config.static_mapping_parameters | length }} line(s) were added
- # as static-mapping-parameters in the CLI and have not been validated
-{% for parameter in host_config.static_mapping_parameters %}
- {{ parameter }}
-{% endfor %}
-{% endif %}
- }
-{% endfor %}
-{% endif %}
-{% if subnet_config.vendor_option.ubiquiti.unifi_controller is vyos_defined %}
- option ubnt.unifi-controller {{ subnet_config.vendor_option.ubiquiti.unifi_controller }};
-{% endif %}
-{% if subnet_config.range is vyos_defined %}
-{# pool configuration can only be used if there follows a range option #}
- pool {
-{% endif %}
-{% if subnet_config.enable_failover is vyos_defined %}
- failover peer "{{ failover.name }}";
- deny dynamic bootp clients;
-{% endif %}
-{% if subnet_config.range is vyos_defined %}
-{% for range, range_options in subnet_config.range.items() %}
- range {{ range_options.start }} {{ range_options.stop }};
-{% endfor %}
-{% endif %}
-{% if subnet_config.range is vyos_defined %}
-{# pool configuration can only be used if there follows a range option #}
- }
-{% endif %}
- }
-{% endfor %}
-{% endif %}
- on commit {
- set shared-networkname = "{{ network }}";
-{% if hostfile_update is vyos_defined %}
- set ClientIp = binary-to-ascii(10, 8, ".", leased-address);
- set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
- set ClientName = pick-first-value(host-decl-name, option fqdn.hostname, option host-name, "empty_hostname");
- if not (ClientName = "empty_hostname") {
- set ClientDomain = pick-first-value(config-option domain-name, "..YYZ!");
- execute("/usr/libexec/vyos/system/on-dhcp-event.sh", "commit", ClientName, ClientIp, ClientMac, ClientDomain);
- } else {
- log(concat("Hostname is not defined for client with IP: ", ClientIP, " MAC: ", ClientMac));
- }
-{% endif %}
- }
-}
-
-{% endfor %}
-{% endif %}
diff --git a/data/templates/dhcp-server/dhcpdv6.conf.j2 b/data/templates/dhcp-server/dhcpdv6.conf.j2
deleted file mode 100644
index 5c3471316..000000000
--- a/data/templates/dhcp-server/dhcpdv6.conf.j2
+++ /dev/null
@@ -1,132 +0,0 @@
-### Autogenerated by dhcpv6_server.py ###
-
-# For options please consult the following website:
-# https://www.isc.org/wp-content/uploads/2017/08/dhcp43options.html
-
-log-facility local7;
-{% if preference is vyos_defined %}
-option dhcp6.preference {{ preference }};
-{% endif %}
-
-{% if global_parameters.name_server is vyos_defined %}
-option dhcp6.name-servers {{ global_parameters.name_server | join(', ') }};
-{% endif %}
-
-# Vendor specific options - Cisco
-option space cisco code width 2 length width 2;
-option cisco.tftp-servers code 1 = array of ip6-address;
-option vsio.cisco code 9 = encapsulate cisco;
-
-# Shared network configration(s)
-{% if shared_network_name is vyos_defined %}
-{% for network, network_config in shared_network_name.items() if network_config.disable is not vyos_defined %}
-shared-network {{ network }} {
-{% if network_config.common_options is vyos_defined %}
-{% if network_config.common_options.info_refresh_time is vyos_defined %}
- option dhcp6.info-refresh-time {{ network_config.common_options.info_refresh_time }};
-{% endif %}
-{% if network_config.common_options.domain_search is vyos_defined %}
- option dhcp6.domain-search "{{ network_config.common_options.domain_search | join('", "') }}";
-{% endif %}
-{% if network_config.common_options.name_server is vyos_defined %}
- option dhcp6.name-servers {{ network_config.common_options.name_server | join(', ') }};
-{% endif %}
-{% endif %}
-{% if network_config.subnet is vyos_defined %}
-{% for subnet, subnet_config in network_config.subnet.items() %}
- subnet6 {{ subnet }} {
-{% if subnet_config.address_range is vyos_defined %}
-{% if subnet_config.address_range.prefix is vyos_defined %}
-{% for prefix, prefix_config in subnet_config.address_range.prefix.items() %}
- range6 {{ prefix }} {{ "temporary" if prefix_config.temporary is vyos_defined }};
-{% endfor %}
-{% endif %}
-{% if subnet_config.address_range.start is vyos_defined %}
-{% for address, address_config in subnet_config.address_range.start.items() %}
- range6 {{ address }} {{ address_config.stop }};
-{% endfor %}
-{% endif %}
-{% endif %}
-{% if subnet_config.domain_search is vyos_defined %}
- option dhcp6.domain-search "{{ subnet_config.domain_search | join('", "') }}";
-{% endif %}
-{% if subnet_config.lease_time is vyos_defined %}
-{% if subnet_config.lease_time.default is vyos_defined %}
- default-lease-time {{ subnet_config.lease_time.default }};
-{% endif %}
-{% if subnet_config.lease_time.maximum is vyos_defined %}
- max-lease-time {{ subnet_config.lease_time.maximum }};
-{% endif %}
-{% if subnet_config.lease_time.minimum is vyos_defined %}
- min-lease-time {{ subnet_config.lease_time.minimum }};
-{% endif %}
-{% endif %}
-{% if subnet_config.name_server is vyos_defined %}
- option dhcp6.name-servers {{ subnet_config.name_server | join(', ') }};
-{% endif %}
-{% if subnet_config.nis_domain is vyos_defined %}
- option dhcp6.nis-domain-name "{{ subnet_config.nis_domain }}";
-{% endif %}
-{% if subnet_config.nis_server is vyos_defined %}
- option dhcp6.nis-servers {{ subnet_config.nis_server | join(', ') }};
-{% endif %}
-{% if subnet_config.nisplus_domain is vyos_defined %}
- option dhcp6.nisp-domain-name "{{ subnet_config.nisplus_domain }}";
-{% endif %}
-{% if subnet_config.nisplus_server is vyos_defined %}
- option dhcp6.nisp-servers {{ subnet_config.nisplus_server | join(', ') }};
-{% endif %}
-{% if subnet_config.sip_server is vyos_defined %}
-{% set server_ip = [] %}
-{% set server_fqdn = [] %}
-{% for address in subnet_config.sip_server %}
-{% if address | is_ipv6 %}
-{% set server_ip = server_ip.append(address) %}
-{% else %}
-{% set server_fqdn = server_fqdn.append(address) %}
-{% endif %}
-{% endfor %}
-{% if server_ip is vyos_defined and server_ip | length > 0 %}
- option dhcp6.sip-servers-addresses {{ server_ip | join(', ') }};
-{% endif %}
-{% if server_fqdn is vyos_defined and server_fqdn | length > 0 %}
- option dhcp6.sip-servers-names "{{ server_fqdn | join('", "') }}";
-{% endif %}
-{% endif %}
-{% if subnet_config.sntp_server is vyos_defined %}
- option dhcp6.sntp-servers {{ subnet_config.sntp_server | join(', ') }};
-{% endif %}
-{% if subnet_config.prefix_delegation.start is vyos_defined %}
-{% for prefix, prefix_config in subnet_config.prefix_delegation.start.items() %}
- prefix6 {{ prefix }} {{ prefix_config.stop }} /{{ prefix_config.prefix_length }};
-{% endfor %}
-{% endif %}
-{% if subnet_config.static_mapping is vyos_defined %}
-
- # begin configuration of static client mappings
-{% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not vyos_defined %}
- host {{ network | replace('_','-') }}_{{ host | replace('_','-') }} {
-{% if host_config.identifier is vyos_defined %}
- host-identifier option dhcp6.client-id {{ host_config.identifier }};
-{% endif %}
-{% if host_config.ipv6_address is vyos_defined %}
- fixed-address6 {{ host_config.ipv6_address }};
-{% endif %}
-{% if host_config.ipv6_prefix is vyos_defined %}
- fixed-prefix6 {{ host_config.ipv6_prefix }};
-{% endif %}
- }
-{% endfor %}
-{% endif %}
-{% if subnet_config.vendor_option.cisco.tftp_server is vyos_defined %}
- option cisco.tftp-servers {{ subnet_config.vendor_option.cisco.tftp_server | join(', ') }};
-{% endif %}
- }
-{% endfor %}
-{% endif %}
- on commit {
- set shared-networkname = "{{ network }}";
- }
-}
-{% endfor %}
-{% endif %}
diff --git a/data/templates/dhcp-server/kea-ctrl-agent.conf.j2 b/data/templates/dhcp-server/kea-ctrl-agent.conf.j2
new file mode 100644
index 000000000..74c63a7a0
--- /dev/null
+++ b/data/templates/dhcp-server/kea-ctrl-agent.conf.j2
@@ -0,0 +1,14 @@
+{
+ "Control-agent": {
+{% if failover is vyos_defined %}
+ "http-host": "{{ failover.source_address }}",
+ "http-port": 647,
+ "control-sockets": {
+ "dhcp4": {
+ "socket-type": "unix",
+ "socket-name": "/run/kea/dhcp4-ctrl-socket"
+ }
+ }
+{% endif %}
+ }
+}
diff --git a/data/templates/dhcp-server/kea-dhcp4.conf.j2 b/data/templates/dhcp-server/kea-dhcp4.conf.j2
new file mode 100644
index 000000000..6ab13ab27
--- /dev/null
+++ b/data/templates/dhcp-server/kea-dhcp4.conf.j2
@@ -0,0 +1,72 @@
+{
+ "Dhcp4": {
+ "interfaces-config": {
+ "interfaces": [ "*" ],
+ "dhcp-socket-type": "raw",
+ "service-sockets-max-retries": 5,
+ "service-sockets-retry-wait-time": 5000
+ },
+ "control-socket": {
+ "socket-type": "unix",
+ "socket-name": "/run/kea/dhcp4-ctrl-socket"
+ },
+ "lease-database": {
+ "type": "memfile",
+ "persist": true,
+ "name": "{{ lease_file }}"
+ },
+ "option-def": [
+ {
+ "name": "rfc3442-static-route",
+ "code": 121,
+ "type": "record",
+ "array": true,
+ "record-types": "uint8,uint8,uint8,uint8,uint8,uint8,uint8,uint8"
+ },
+ {
+ "name": "windows-static-route",
+ "code": 249,
+ "type": "record",
+ "array": true,
+ "record-types": "uint8,uint8,uint8,uint8,uint8,uint8,uint8,uint8"
+ },
+ {
+ "name": "wpad-url",
+ "code": 252,
+ "type": "string"
+ },
+ {
+ "name": "unifi-controller",
+ "code": 1,
+ "type": "ipv4-address",
+ "space": "ubnt"
+ }
+ ],
+ "hooks-libraries": [
+{% if failover is vyos_defined %}
+ {
+ "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_ha.so",
+ "parameters": {
+ "high-availability": [{{ failover | kea_failover_json }}]
+ }
+ },
+{% endif %}
+{% if hostfile_update is vyos_defined %}
+ {
+ "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_run_script.so",
+ "parameters": {
+ "name": "/usr/libexec/vyos/system/on-dhcp-event.sh",
+ "sync": false
+ }
+ },
+{% endif %}
+ {
+ "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_lease_cmds.so",
+ "parameters": {}
+ }
+ ],
+{% if shared_network_name is vyos_defined %}
+ "shared-networks": {{ shared_network_name | kea_shared_network_json }}
+{% endif %}
+ }
+}
diff --git a/data/templates/dhcp-server/kea-dhcp6.conf.j2 b/data/templates/dhcp-server/kea-dhcp6.conf.j2
new file mode 100644
index 000000000..3ce4e6370
--- /dev/null
+++ b/data/templates/dhcp-server/kea-dhcp6.conf.j2
@@ -0,0 +1,48 @@
+{
+ "Dhcp6": {
+ "interfaces-config": {
+ "interfaces": [ "*" ],
+ "service-sockets-max-retries": 5,
+ "service-sockets-retry-wait-time": 5000
+ },
+ "control-socket": {
+ "socket-type": "unix",
+ "socket-name": "/run/kea/dhcp6-ctrl-socket"
+ },
+ "lease-database": {
+ "type": "memfile",
+ "persist": true,
+ "name": "{{ lease_file }}"
+ },
+ "hooks-libraries": [
+ {
+ "library": "/usr/lib/{{ machine }}-linux-gnu/kea/hooks/libdhcp_lease_cmds.so",
+ "parameters": {}
+ }
+ ],
+ "option-data": [
+{% if global_parameters.name_server is vyos_defined %}
+ {
+ "name": "dns-servers",
+ "code": 23,
+ "space": "dhcp6",
+ "csv-format": true,
+ "data": "{{ global_parameters.name_server | join(", ") }}"
+ }{{ ',' if preference is vyos_defined else '' }}
+{% endif %}
+{% if preference is vyos_defined %}
+ {
+ "name": "preference",
+ "code": 7,
+ "space": "dhcp6",
+ "csv-format": true,
+ "data": "{{ preference }}"
+ }
+{% endif %}
+ ],
+{% if shared_network_name is vyos_defined %}
+ "shared-networks": {{ shared_network_name | kea6_shared_network_json }}
+{% endif %}
+
+ }
+}
diff --git a/debian/control b/debian/control
index f20268444..816d41944 100644
--- a/debian/control
+++ b/debian/control
@@ -169,8 +169,7 @@ Depends:
# For "service dhcp-relay"
isc-dhcp-relay,
# For "service dhcp-server"
- isc-dhcp-server,
- python3-isc-dhcp-leases,
+ kea,
# End "service dhcp-server"
# For "service lldp"
lldpd,
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index 583de7ba9..948f19048 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -63,26 +63,16 @@
Invalid DHCP failover peer status
+ #include
+ #include
-
-
- Additional global parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.
-
-
-
Updating /etc/hosts file (per client lease)
-
-
- Use host declaration name for forward DNS name
-
-
-
#include
@@ -102,16 +92,9 @@
#include
#include
#include
- #include
#include
#include
#include
-
-
- Additional shared-network parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.
-
-
-
DHCP subnet for shared network
@@ -191,12 +174,6 @@
#include
#include
#include
-
-
- Enable DHCP failover support for this subnet
-
-
-
IP address to exclude from DHCP lease range
@@ -231,7 +208,6 @@
86400
#include
- #include
IP address of POP3 server
@@ -339,12 +315,6 @@
-
-
- Additional static-mapping parameters for DHCP server. Will be placed inside the "host" block of the mapping. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.
-
-
-
@@ -386,12 +356,6 @@
Seconds must be between 0 and 4294967295 (49 days)
-
-
- Additional subnet parameters for DHCP server. You must use the syntax of dhcpd.conf in this text-field. Using this without proper knowledge may result in a crashed DHCP server. Check system log to look for errors.
-
-
-
TFTP server name
diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in
index 9dff68a24..16d0f9b01 100644
--- a/interface-definitions/dhcpv6-server.xml.in
+++ b/interface-definitions/dhcpv6-server.xml.in
@@ -41,6 +41,21 @@
#include
#include
+
+
+ Optional interface for this shared network to accept requests from
+
+
+
+
+ txt
+ Interface name
+
+
+ #include
+
+
+
Common options to distribute to all clients, including stateless clients
@@ -79,7 +94,7 @@
Parameters setting ranges for assigning IPv6 addresses
-
+
IPv6 prefix defining range of addresses to assign
@@ -89,16 +104,9 @@
+
-
-
-
- Address range will be used for temporary addresses
-
-
-
-
-
+
First in range of consecutive IPv6 addresses to assign
@@ -221,12 +229,12 @@
Parameters relating to IPv6 prefix delegation
-
+
- First in range of IPv6 addresses to be used in prefix delegation
+ IPv6 prefix to be used in prefix delegation
ipv6
- IPv6 address used in prefix delegation
+ IPv6 prefix used in prefix delegation
@@ -235,27 +243,28 @@
- Length in bits of prefixes to be delegated
+ Length in bits of prefix
u32:32-64
- Delagated prefix length (32-64)
+ Prefix length (32-64)
- Delegated prefix length must be between 32 and 64
+ Prefix length must be between 32 and 64
-
+
- Last in range of IPv6 addresses to be used in prefix delegation
+ Length in bits of prefixes to be delegated
- ipv6
- IPv6 address used in prefix delegation
+ u32:32-64
+ Delegated prefix length (32-64)
-
+
+ Delegated prefix length must be between 32 and 96
diff --git a/interface-definitions/include/dhcp/ping-check.xml.i b/interface-definitions/include/dhcp/ping-check.xml.i
deleted file mode 100644
index a506f68e4..000000000
--- a/interface-definitions/include/dhcp/ping-check.xml.i
+++ /dev/null
@@ -1,8 +0,0 @@
-
-
-
- Sends ICMP Echo request to the address being assigned
-
-
-
-
diff --git a/interface-definitions/include/version/dhcp-server-version.xml.i b/interface-definitions/include/version/dhcp-server-version.xml.i
index 330cb7d1b..7c4b5633e 100644
--- a/interface-definitions/include/version/dhcp-server-version.xml.i
+++ b/interface-definitions/include/version/dhcp-server-version.xml.i
@@ -1,3 +1,3 @@
-
+
diff --git a/interface-definitions/include/version/dhcpv6-server-version.xml.i b/interface-definitions/include/version/dhcpv6-server-version.xml.i
index 4b2cf40aa..ae4178c90 100644
--- a/interface-definitions/include/version/dhcpv6-server-version.xml.i
+++ b/interface-definitions/include/version/dhcpv6-server-version.xml.i
@@ -1,3 +1,3 @@
-
+
diff --git a/op-mode-definitions/dhcp.xml.in b/op-mode-definitions/dhcp.xml.in
index 9c2e2be76..ceb321f3e 100644
--- a/op-mode-definitions/dhcp.xml.in
+++ b/op-mode-definitions/dhcp.xml.in
@@ -163,7 +163,7 @@
Restart DHCP server
- if cli-shell-api existsActive service dhcp-server; then sudo systemctl restart isc-dhcp-server.service; else echo "DHCP server not configured"; fi
+ if cli-shell-api existsActive service dhcp-server; then sudo systemctl restart kea-dhcp4-server.service; else echo "DHCP server not configured"; fi
@@ -182,7 +182,7 @@
Restart DHCPv6 server
- if cli-shell-api existsActive service dhcpv6-server; then sudo systemctl restart isc-dhcp-server6.service; else echo "DHCPv6 server not configured"; fi
+ if cli-shell-api existsActive service dhcpv6-server; then sudo systemctl restart kea-dhcp6-server.service; else echo "DHCPv6 server not configured"; fi
diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index 44628a112..3a8118dcb 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -51,7 +51,7 @@
Monitor last lines of DHCP server log
- journalctl --no-hostname --follow --boot --unit isc-dhcp-server.service
+ journalctl --no-hostname --follow --boot --unit kea-dhcp4-server.service
@@ -81,7 +81,7 @@
Monitor last lines of DHCPv6 server log
- journalctl --no-hostname --follow --boot --unit isc-dhcp-server6.service
+ journalctl --no-hostname --follow --boot --unit kea-dhcp6-server.service
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index 3a622cfb5..399c6acf8 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -78,7 +78,7 @@
Show log for DHCP server
- journalctl --no-hostname --boot --unit isc-dhcp-server.service
+ journalctl --no-hostname --boot --unit kea-dhcp4-server.service
@@ -108,7 +108,7 @@
Show log for DHCPv6 server
- journalctl --no-hostname --boot --unit isc-dhcp-server6.service
+ journalctl --no-hostname --boot --unit kea-dhcp6-server.service
diff --git a/python/vyos/kea.py b/python/vyos/kea.py
new file mode 100644
index 000000000..0ee6871e7
--- /dev/null
+++ b/python/vyos/kea.py
@@ -0,0 +1,310 @@
+# Copyright 2023 VyOS maintainers and contributors
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see .
+
+import json
+import os
+import socket
+
+from datetime import datetime
+
+from vyos.template import is_ipv6
+from vyos.template import isc_static_route
+from vyos.template import netmask_from_cidr
+from vyos.utils.dict import dict_search_args
+from vyos.utils.file import read_file
+
+kea4_options = {
+ 'name_server': 'domain-name-servers',
+ 'domain_name': 'domain-name',
+ 'domain_search': 'domain-search',
+ 'ntp_server': 'ntp-servers',
+ 'pop_server': 'pop-server',
+ 'smtp_server': 'smtp-server',
+ 'time_server': 'time-servers',
+ 'wins_server': 'netbios-name-servers',
+ 'default_router': 'routers',
+ 'server_identifier': 'dhcp-server-identifier',
+ 'tftp_server_name': 'tftp-server-name',
+ 'bootfile_size': 'boot-size',
+ 'time_offset': 'time-offset',
+ 'wpad_url': 'wpad-url',
+ 'ipv6_only_preferred': 'v6-only-preferred'
+}
+
+kea6_options = {
+ 'info_refresh_time': 'information-refresh-time',
+ 'name_server': 'dns-servers',
+ 'domain_search': 'domain-search',
+ 'nis_domain': 'nis-domain-name',
+ 'nis_server': 'nis-servers',
+ 'nisplus_domain': 'nisp-domain-name',
+ 'nisplus_server': 'nisp-servers',
+ 'sntp_server': 'sntp-servers'
+}
+
+def kea_parse_options(config):
+ options = []
+
+ for node, option_name in kea4_options.items():
+ if node not in config:
+ continue
+
+ value = ", ".join(config[node]) if isinstance(config[node], list) else config[node]
+ options.append({'name': option_name, 'data': value})
+
+ if 'client_prefix_length' in config:
+ options.append({'name': 'subnet-mask', 'data': netmask_from_cidr('0.0.0.0/' + config['client_prefix_length'])})
+
+ if 'ip_forwarding' in config:
+ options.append({'name': 'ip-forwarding', 'data': "true"})
+
+ if 'static_route' in config:
+ default_route = ''
+
+ if 'default_router' in config:
+ default_route = isc_static_route('0.0.0.0/0', config['default_router'])
+
+ routes = [isc_static_route(route, route_options['next_hop']) for route, route_options in config['static_route'].items()]
+
+ options.append({'name': 'rfc3442-static-route', 'data': ", ".join(routes if not default_route else routes + [default_route])})
+ options.append({'name': 'windows-static-route', 'data': ", ".join(routes)})
+
+ return options
+
+def kea_parse_subnet(subnet, config):
+ out = {'subnet': subnet}
+ options = kea_parse_options(config)
+
+ if 'bootfile_name' in config:
+ out['boot-file-name'] = config['bootfile_name']
+
+ if 'bootfile_server' in config:
+ out['next-server'] = config['bootfile_server']
+
+ if 'lease' in config:
+ out['valid-lifetime'] = int(config['lease'])
+ out['max-valid-lifetime'] = int(config['lease'])
+
+ if 'range' in config:
+ pools = []
+ for num, range_config in config['range'].items():
+ start, stop = range_config['start'], range_config['stop']
+ pools.append({'pool': f'{start} - {stop}'})
+ out['pools'] = pools
+
+ if 'static_mapping' in config:
+ reservations = []
+ for host, host_config in config['static_mapping'].items():
+ if 'disable' in host_config:
+ continue
+
+ reservations.append({
+ 'hw-address': host_config['mac_address'],
+ 'ip-address': host_config['ip_address']
+ })
+ out['reservations'] = reservations
+
+ unifi_controller = dict_search_args(config, 'vendor_option', 'ubiquiti', 'unifi_controller')
+ if unifi_controller:
+ options.append({
+ 'name': 'unifi-controller',
+ 'data': unifi_controller,
+ 'space': 'ubnt'
+ })
+
+ if options:
+ out['option-data'] = options
+
+ return out
+
+def kea6_parse_options(config):
+ options = []
+
+ if 'common_options' in config:
+ common_opt = config['common_options']
+
+ for node, option_name in kea6_options.items():
+ if node not in common_opt:
+ continue
+
+ value = ", ".join(common_opt[node]) if isinstance(common_opt[node], list) else common_opt[node]
+ options.append({'name': option_name, 'data': value})
+
+ for node, option_name in kea6_options.items():
+ if node not in config:
+ continue
+
+ value = ", ".join(config[node]) if isinstance(config[node], list) else config[node]
+ options.append({'name': option_name, 'data': value})
+
+ if 'sip_server' in config:
+ sip_servers = config['sip_server']
+
+ addrs = []
+ hosts = []
+
+ for server in sip_servers:
+ if is_ipv6(server):
+ addrs.append(server)
+ else:
+ hosts.append(server)
+
+ if addrs:
+ options.append({'name': 'sip-server-addr', 'data': ", ".join(addrs)})
+
+ if hosts:
+ options.append({'name': 'sip-server-dns', 'data': ", ".join(hosts)})
+
+ cisco_tftp = dict_search_args(config, 'vendor_option', 'cisco', 'tftp-server')
+ if cisco_tftp:
+ options.append({'name': 'tftp-servers', 'code': 2, 'space': 'cisco', 'data': cisco_tftp})
+
+ return options
+
+def kea6_parse_subnet(subnet, config):
+ out = {'subnet': subnet}
+ options = kea6_parse_options(config)
+
+ if 'address_range' in config:
+ addr_range = config['address_range']
+ pools = []
+
+ if 'prefix' in addr_range:
+ for prefix in addr_range['prefix']:
+ pools.append({'pool': prefix})
+
+ if 'start' in addr_range:
+ for start, range_conf in addr_range['start'].items():
+ stop = range_conf['stop']
+ pools.append({'pool': f'{start} - {stop}'})
+
+ out['pools'] = pools
+
+ if 'prefix_delegation' in config:
+ pd_pools = []
+
+ if 'prefix' in config['prefix_delegation']:
+ for prefix, pd_conf in config['prefix_delegation']['prefix'].items():
+ pd_pools.append({
+ 'prefix': prefix,
+ 'prefix-len': int(pd_conf['prefix_length']),
+ 'delegated-len': int(pd_conf['delegated_length'])
+ })
+
+ out['pd-pools'] = pd_pools
+
+ if 'lease_time' in config:
+ if 'default' in config['lease_time']:
+ out['valid-lifetime'] = int(config['lease_time']['default'])
+ if 'maximum' in config['lease_time']:
+ out['max-valid-lifetime'] = int(config['lease_time']['maximum'])
+ if 'minimum' in config['lease_time']:
+ out['min-valid-lifetime'] = int(config['lease_time']['minimum'])
+
+ if 'static_mapping' in config:
+ reservations = []
+ for host, host_config in config['static_mapping'].items():
+ if 'disable' in host_config:
+ continue
+
+ reservation = {}
+
+ if 'identifier' in host_config:
+ reservation['duid'] = host_config['identifier']
+
+ if 'ipv6_address' in host_config:
+ reservation['ip-addresses'] = [ host_config['ipv6_address'] ]
+
+ if 'ipv6_prefix' in host_config:
+ reservation['prefixes'] = [ host_config['ipv6_prefix'] ]
+
+ reservations.append(reservation)
+
+ out['reservations'] = reservations
+
+ if options:
+ out['option-data'] = options
+
+ return out
+
+def kea_parse_leases(lease_path):
+ contents = read_file(lease_path)
+ lines = contents.split("\n")
+ output = []
+
+ if len(lines) < 2:
+ return output
+
+ headers = lines[0].split(",")
+
+ for line in lines[1:]:
+ line_out = dict(zip(headers, line.split(",")))
+
+ lifetime = int(line_out['valid_lifetime'])
+ expiry = int(line_out['expire'])
+
+ line_out['start_timestamp'] = datetime.utcfromtimestamp(expiry - lifetime)
+ line_out['expire_timestamp'] = datetime.utcfromtimestamp(expiry) if expiry else None
+
+ output.append(line_out)
+
+ return output
+
+def _ctrl_socket_command(path, command, args=None):
+ if not os.path.exists(path):
+ return None
+
+ with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as sock:
+ sock.connect(path)
+
+ payload = {'command': command}
+ if args:
+ payload['arguments'] = args
+
+ sock.send(bytes(json.dumps(payload), 'utf-8'))
+ result = b''
+ while True:
+ data = sock.recv(4096)
+ result += data
+ if len(data) < 4096:
+ break
+
+ return json.loads(result.decode('utf-8'))
+
+def kea_get_active_config(inet):
+ ctrl_socket = f'/run/kea/dhcp{inet}-ctrl-socket'
+
+ config = _ctrl_socket_command(ctrl_socket, 'config-get')
+
+ if not config or 'result' not in config or config['result'] != 0:
+ return None
+
+ return config
+
+def kea_get_pool_from_subnet_id(config, inet, subnet_id):
+ shared_networks = dict_search_args(config, 'arguments', f'Dhcp{inet}', 'shared-networks')
+
+ if not shared_networks:
+ return None
+
+ for network in shared_networks:
+ if f'subnet{inet}' not in network:
+ continue
+
+ for subnet in network[f'subnet{inet}']:
+ if 'id' in subnet and int(subnet['id']) == int(subnet_id):
+ return network['name']
+
+ return None
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 2d4beeec2..f0a50e728 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -791,6 +791,106 @@ def range_to_regex(num_range):
regex = range_to_regex(num_range)
return f'({regex})'
+@register_filter('kea_failover_json')
+def kea_failover_json(config):
+ from json import dumps
+
+ source_addr = config['source_address']
+ remote_addr = config['remote']
+
+ data = {
+ 'this-server-name': os.uname()[1],
+ 'mode': 'hot-standby',
+ 'heartbeat-delay': 10000,
+ 'max-response-delay': 10000,
+ 'max-ack-delay': 5000,
+ 'max-unacked-clients': 0,
+ 'peers': [
+ {
+ 'name': os.uname()[1],
+ 'url': f'http://{source_addr}:647/',
+ 'role': 'standby' if config['status'] == 'secondary' else 'primary',
+ 'auto-failover': True
+ },
+ {
+ 'name': config['name'],
+ 'url': f'http://{remote_addr}:647/',
+ 'role': 'primary' if config['status'] == 'secondary' else 'standby',
+ 'auto-failover': True
+ }]
+ }
+
+ if 'ca_cert_file' in config:
+ data['trust-anchor'] = config['ca_cert_file']
+
+ if 'cert_file' in config:
+ data['cert-file'] = config['cert_file']
+
+ if 'cert_key_file' in config:
+ data['key-file'] = config['cert_key_file']
+
+ return dumps(data)
+
+@register_filter('kea_shared_network_json')
+def kea_shared_network_json(shared_networks):
+ from vyos.kea import kea_parse_options
+ from vyos.kea import kea_parse_subnet
+ from json import dumps
+ out = []
+
+ for name, config in shared_networks.items():
+ if 'disable' in config:
+ continue
+
+ network = {
+ 'name': name,
+ 'authoritative': ('authoritative' in config),
+ 'subnet4': []
+ }
+ options = kea_parse_options(config)
+
+ if 'subnet' in config:
+ for subnet, subnet_config in config['subnet'].items():
+ network['subnet4'].append(kea_parse_subnet(subnet, subnet_config))
+
+ if options:
+ network['option-data'] = options
+
+ out.append(network)
+
+ return dumps(out, indent=4)
+
+@register_filter('kea6_shared_network_json')
+def kea6_shared_network_json(shared_networks):
+ from vyos.kea import kea6_parse_options
+ from vyos.kea import kea6_parse_subnet
+ from json import dumps
+ out = []
+
+ for name, config in shared_networks.items():
+ if 'disable' in config:
+ continue
+
+ network = {
+ 'name': name,
+ 'subnet6': []
+ }
+ options = kea6_parse_options(config)
+
+ if 'interface' in config:
+ network['interface'] = config['interface']
+
+ if 'subnet' in config:
+ for subnet, subnet_config in config['subnet'].items():
+ network['subnet6'].append(kea6_parse_subnet(subnet, subnet_config))
+
+ if options:
+ network['option-data'] = options
+
+ out.append(network)
+
+ return dumps(out, indent=4)
+
@register_test('vyos_defined')
def vyos_defined(value, test_value=None, var_type=None):
"""
diff --git a/python/vyos/utils/file.py b/python/vyos/utils/file.py
index 9f27a7fb9..2af87a0ca 100644
--- a/python/vyos/utils/file.py
+++ b/python/vyos/utils/file.py
@@ -141,6 +141,14 @@ def chmod_2775(path):
bitmask = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH
chmod(path, bitmask)
+def chmod_775(path):
+ """ Make file executable by all """
+ from stat import S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IXOTH
+
+ bitmask = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | \
+ S_IROTH | S_IXOTH
+ chmod(path, bitmask)
+
def makedir(path, user=None, group=None):
if os.path.exists(path):
return
diff --git a/python/vyos/utils/network.py b/python/vyos/utils/network.py
index 2a0808fca..abc3d4e5b 100644
--- a/python/vyos/utils/network.py
+++ b/python/vyos/utils/network.py
@@ -519,3 +519,37 @@ def get_vxlan_vni_filter(interface: str) -> list:
os_configured_vnis.append(str(vniStart))
return os_configured_vnis
+
+# Calculate prefix length of an IPv6 range, where possible
+# Python-ified from source: https://gitlab.isc.org/isc-projects/dhcp/-/blob/master/keama/confparse.c#L4591
+def ipv6_prefix_length(low, high):
+ import socket
+
+ bytemasks = [0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff]
+
+ try:
+ lo = bytearray(socket.inet_pton(socket.AF_INET6, low))
+ hi = bytearray(socket.inet_pton(socket.AF_INET6, high))
+ except:
+ return None
+
+ xor = bytearray(a ^ b for a, b in zip(lo, hi))
+
+ plen = 0
+ while plen < 128 and xor[plen // 8] == 0:
+ plen += 8
+
+ if plen == 128:
+ return plen
+
+ for i in range((plen // 8) + 1, 16):
+ if xor[i] != 0:
+ return None
+
+ for i in range(8):
+ msk = ~xor[plen // 8] & 0xff
+
+ if msk == bytemasks[i]:
+ return plen + i + 1
+
+ return None
diff --git a/smoketest/config-tests/dialup-router-medium-vpn b/smoketest/config-tests/dialup-router-medium-vpn
index e10adbbc6..039a50594 100644
--- a/smoketest/config-tests/dialup-router-medium-vpn
+++ b/smoketest/config-tests/dialup-router-medium-vpn
@@ -257,7 +257,6 @@ set service dhcp-server shared-network-name LAN authoritative
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name 'vyos.net'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-search 'vyos.net'
-set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 enable-failover
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease '86400'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 name-server '192.168.0.1'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range LANDynamic start '192.168.0.200'
@@ -268,16 +267,12 @@ set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-map
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping IPTV mac-address '00:50:01:31:b5:f6'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping McPrintus ip-address '192.168.0.60'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping McPrintus mac-address '00:50:01:58:ac:95'
-set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping McPrintus static-mapping-parameters 'option domain-name-servers 192.168.0.6,192.168.0.17;'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping Mobile01 ip-address '192.168.0.109'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping Mobile01 mac-address '00:50:01:bc:ac:51'
-set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping Mobile01 static-mapping-parameters 'option domain-name-servers 192.168.0.6,192.168.0.17;'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera1 ip-address '192.168.0.11'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera1 mac-address '00:50:01:70:b9:4d'
-set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera1 static-mapping-parameters 'option domain-name-servers 192.168.0.6,192.168.0.17;'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera2 ip-address '192.168.0.12'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera2 mac-address '00:50:01:70:b7:4f'
-set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping camera2 static-mapping-parameters 'option domain-name-servers 192.168.0.6,192.168.0.17;'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping pearTV ip-address '192.168.0.101'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping pearTV mac-address '00:50:01:ba:62:79'
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 static-mapping sand ip-address '192.168.0.110'
diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos
index 78dba3ee2..fca4964bf 100644
--- a/smoketest/configs/basic-vyos
+++ b/smoketest/configs/basic-vyos
@@ -1,6 +1,7 @@
interfaces {
ethernet eth0 {
address 192.168.0.1/24
+ address fe88::1/56
duplex auto
smp-affinity auto
speed auto
@@ -90,6 +91,23 @@ service {
}
}
}
+ dhcpv6-server {
+ shared-network-name LAN6 {
+ subnet fe88::/56 {
+ address-range {
+ prefix fe88::/56 {
+ temporary
+ }
+ }
+ prefix-delegation {
+ start fe88:0000:0000:0001:: {
+ prefix-length 64
+ stop fe88:0000:0000:0010::
+ }
+ }
+ }
+ }
+ }
dns {
forwarding {
allow-from 192.168.0.0/16
diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py
index 093e43494..aeff2aa82 100755
--- a/smoketest/scripts/cli/test_service_dhcp-server.py
+++ b/smoketest/scripts/cli/test_service_dhcp-server.py
@@ -14,11 +14,15 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
+import os
import unittest
+from json import loads
+
from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.configsession import ConfigSessionError
+from vyos.utils.dict import dict_search_recursive
from vyos.utils.process import process_named_running
from vyos.utils.file import read_file
from vyos.template import address_from_cidr
@@ -26,8 +30,10 @@ from vyos.template import inc_ip
from vyos.template import dec_ip
from vyos.template import netmask_from_cidr
-PROCESS_NAME = 'dhcpd'
-DHCPD_CONF = '/run/dhcp-server/dhcpd.conf'
+PROCESS_NAME = 'kea-dhcp4'
+CTRL_PROCESS_NAME = 'kea-ctrl-agent'
+KEA4_CONF = '/run/kea/kea-dhcp4.conf'
+KEA4_CTRL = '/run/kea/dhcp4-ctrl-socket'
base_path = ['service', 'dhcp-server']
subnet = '192.0.2.0/25'
router = inc_ip(subnet, 1)
@@ -52,6 +58,36 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
self.cli_delete(base_path)
self.cli_commit()
+ def walk_path(self, obj, path):
+ current = obj
+
+ for i, key in enumerate(path):
+ if isinstance(key, str):
+ self.assertTrue(isinstance(current, dict), msg=f'Failed path: {path}')
+ self.assertTrue(key in current, msg=f'Failed path: {path}')
+ elif isinstance(key, int):
+ self.assertTrue(isinstance(current, list), msg=f'Failed path: {path}')
+ self.assertTrue(0 <= key < len(current), msg=f'Failed path: {path}')
+ else:
+ assert False, "Invalid type"
+
+ current = current[key]
+
+ return current
+
+ def verify_config_object(self, obj, path, value):
+ base_obj = self.walk_path(obj, path)
+ self.assertTrue(isinstance(base_obj, list))
+ self.assertTrue(any(True for v in base_obj if v == value))
+
+ def verify_config_value(self, obj, path, key, value):
+ base_obj = self.walk_path(obj, path)
+ if isinstance(base_obj, list):
+ self.assertTrue(any(True for v in base_obj if key in v and v[key] == value))
+ elif isinstance(base_obj, dict):
+ self.assertTrue(key in base_obj)
+ self.assertEqual(base_obj[key], value)
+
def test_dhcp_single_pool_range(self):
shared_net_name = 'SMOKE-1'
@@ -60,15 +96,12 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
range_1_start = inc_ip(subnet, 40)
range_1_stop = inc_ip(subnet, 50)
- self.cli_set(base_path + ['dynamic-dns-update'])
-
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
# we use the first subnet IP address as default gateway
self.cli_set(pool + ['default-router', router])
self.cli_set(pool + ['name-server', dns_1])
self.cli_set(pool + ['name-server', dns_2])
self.cli_set(pool + ['domain-name', domain_name])
- self.cli_set(pool + ['ping-check'])
# check validate() - No DHCP address range or active static-mapping set
with self.assertRaises(ConfigSessionError):
@@ -81,20 +114,37 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
- network = address_from_cidr(subnet)
- netmask = netmask_from_cidr(subnet)
- self.assertIn(f'ddns-update-style interim;', config)
- self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
- self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config)
- self.assertIn(f'option routers {router};', config)
- self.assertIn(f'option domain-name "{domain_name}";', config)
- self.assertIn(f'default-lease-time 86400;', config)
- self.assertIn(f'max-lease-time 86400;', config)
- self.assertIn(f'ping-check true;', config)
- self.assertIn(f'range {range_0_start} {range_0_stop};', config)
- self.assertIn(f'range {range_1_start} {range_1_stop};', config)
- self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
+ config = read_file(KEA4_CONF)
+ obj = loads(config)
+
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'valid-lifetime', 86400)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'max-valid-lifetime', 86400)
+
+ # Verify options
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'domain-name', 'data': domain_name})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'domain-name-servers', 'data': f'{dns_1}, {dns_2}'})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'routers', 'data': router})
+
+ # Verify pools
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'],
+ {'pool': f'{range_0_start} - {range_0_stop}'})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'],
+ {'pool': f'{range_1_start} - {range_1_stop}'})
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
@@ -144,38 +194,79 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
-
- network = address_from_cidr(subnet)
- netmask = netmask_from_cidr(subnet)
- self.assertIn(f'ddns-update-style none;', config)
- self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
- self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config)
- self.assertIn(f'option routers {router};', config)
- self.assertIn(f'option domain-name "{domain_name}";', config)
-
- search = '"' + ('", "').join(search_domains) + '"'
- self.assertIn(f'option domain-search {search};', config)
-
- self.assertIn(f'option ip-forwarding true;', config)
- self.assertIn(f'option smtp-server {smtp_server};', config)
- self.assertIn(f'option pop-server {smtp_server};', config)
- self.assertIn(f'option time-servers {time_server};', config)
- self.assertIn(f'option wpad-url "{wpad}";', config)
- self.assertIn(f'option dhcp-server-identifier {server_identifier};', config)
- self.assertIn(f'option tftp-server-name "{tftp_server}";', config)
- self.assertIn(f'option bootfile-name "{bootfile_name}";', config)
- self.assertIn(f'filename "{bootfile_name}";', config)
- self.assertIn(f'next-server {bootfile_server};', config)
- self.assertIn(f'default-lease-time 86400;', config)
- self.assertIn(f'max-lease-time 86400;', config)
- self.assertIn(f'range {range_0_start} {range_0_stop};', config)
- self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
- self.assertIn(f'option rfc8925-ipv6-only-preferred {ipv6_only_preferred};', config)
-
- # weird syntax for those static routes
- self.assertIn(f'option rfc3442-static-route 24,10,0,0,192,0,2,1, 0,192,0,2,1;', config)
- self.assertIn(f'option windows-static-route 24,10,0,0,192,0,2,1;', config)
+ config = read_file(KEA4_CONF)
+ obj = loads(config)
+
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'boot-file-name', bootfile_name)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'next-server', bootfile_server)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'valid-lifetime', 86400)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'max-valid-lifetime', 86400)
+
+ # Verify options
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'domain-name', 'data': domain_name})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'domain-name-servers', 'data': f'{dns_1}, {dns_2}'})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'domain-search', 'data': ', '.join(search_domains)})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'pop-server', 'data': smtp_server})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'smtp-server', 'data': smtp_server})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'time-servers', 'data': time_server})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'routers', 'data': router})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'dhcp-server-identifier', 'data': server_identifier})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'tftp-server-name', 'data': tftp_server})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'wpad-url', 'data': wpad})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'rfc3442-static-route', 'data': '24,10,0,0,192,0,2,1, 0,192,0,2,1'})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'windows-static-route', 'data': '24,10,0,0,192,0,2,1'})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'v6-only-preferred', 'data': ipv6_only_preferred})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'ip-forwarding', 'data': "true"})
+
+ # Verify pools
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'],
+ {'pool': f'{range_0_start} - {range_0_stop}'})
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
@@ -205,27 +296,39 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
- network = address_from_cidr(subnet)
- netmask = netmask_from_cidr(subnet)
- self.assertIn(f'ddns-update-style none;', config)
- self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
- self.assertIn(f'option domain-name-servers {dns_1}, {dns_2};', config)
- self.assertIn(f'option routers {router};', config)
- self.assertIn(f'option domain-name "{domain_name}";', config)
- self.assertIn(f'default-lease-time 86400;', config)
- self.assertIn(f'max-lease-time 86400;', config)
+ config = read_file(KEA4_CONF)
+ obj = loads(config)
+
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'valid-lifetime', 86400)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'max-valid-lifetime', 86400)
+
+ # Verify options
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'domain-name', 'data': domain_name})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'domain-name-servers', 'data': f'{dns_1}, {dns_2}'})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'routers', 'data': router})
client_base = 10
for client in ['client1', 'client2', 'client3']:
mac = '00:50:00:00:00:{}'.format(client_base)
ip = inc_ip(subnet, client_base)
- self.assertIn(f'host {shared_net_name}_{client}' + ' {', config)
- self.assertIn(f'fixed-address {ip};', config)
- self.assertIn(f'hardware ethernet {mac};', config)
- client_base += 1
- self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'reservations'],
+ {'hw-address': mac, 'ip-address': ip})
+
+ client_base += 1
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
@@ -266,7 +369,9 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
+ config = read_file(KEA4_CONF)
+ obj = loads(config)
+
for network in ['0', '1', '2', '3']:
shared_net_name = f'VyOS-SMOKETEST-{network}'
subnet = f'192.0.{network}.0/24'
@@ -278,27 +383,43 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
range_1_start = inc_ip(subnet, 30)
range_1_stop = inc_ip(subnet, 40)
- network = address_from_cidr(subnet)
- netmask = netmask_from_cidr(subnet)
-
- self.assertIn(f'ddns-update-style none;', config)
- self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
- self.assertIn(f'option domain-name-servers {dns_1};', config)
- self.assertIn(f'option routers {router};', config)
- self.assertIn(f'option domain-name "{domain_name}";', config)
- self.assertIn(f'default-lease-time {lease_time};', config)
- self.assertIn(f'max-lease-time {lease_time};', config)
- self.assertIn(f'range {range_0_start} {range_0_stop};', config)
- self.assertIn(f'range {range_1_start} {range_1_stop};', config)
- self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', int(network), 'subnet4'], 'subnet', subnet)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', int(network), 'subnet4'], 'valid-lifetime', int(lease_time))
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', int(network), 'subnet4'], 'max-valid-lifetime', int(lease_time))
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'option-data'],
+ {'name': 'domain-name', 'data': domain_name})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'option-data'],
+ {'name': 'domain-name-servers', 'data': dns_1})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'option-data'],
+ {'name': 'routers', 'data': router})
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'pools'],
+ {'pool': f'{range_0_start} - {range_0_stop}'})
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'pools'],
+ {'pool': f'{range_1_start} - {range_1_stop}'})
client_base = 60
for client in ['client1', 'client2', 'client3', 'client4']:
mac = '02:50:00:00:00:{}'.format(client_base)
ip = inc_ip(subnet, client_base)
- self.assertIn(f'host {shared_net_name}_{client}' + ' {', config)
- self.assertIn(f'fixed-address {ip};', config)
- self.assertIn(f'hardware ethernet {mac};', config)
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', int(network), 'subnet4', 0, 'reservations'],
+ {'hw-address': mac, 'ip-address': ip})
+
client_base += 1
# Check for running process
@@ -319,14 +440,23 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- # VErify
- config = read_file(DHCPD_CONF)
- network = address_from_cidr(subnet)
- netmask = netmask_from_cidr(subnet)
+ config = read_file(KEA4_CONF)
+ obj = loads(config)
- self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
- self.assertIn(f'option routers {router};', config)
- self.assertIn(f'range {range_0_start} {range_0_stop};', config)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', 'EXCLUDE-TEST')
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet)
+
+ # Verify options
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'routers', 'data': router})
+
+ # Verify pools
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'],
+ {'pool': f'{range_0_start} - {range_0_stop}'})
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
@@ -352,15 +482,27 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- # Verify
- config = read_file(DHCPD_CONF)
- network = address_from_cidr(subnet)
- netmask = netmask_from_cidr(subnet)
+ config = read_file(KEA4_CONF)
+ obj = loads(config)
+
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', 'EXCLUDE-TEST-2')
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet)
- self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
- self.assertIn(f'option routers {router};', config)
- self.assertIn(f'range {range_0_start} {range_0_stop_excl};', config)
- self.assertIn(f'range {range_0_start_excl} {range_0_stop};', config)
+ # Verify options
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'routers', 'data': router})
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'],
+ {'pool': f'{range_0_start} - {range_0_stop_excl}'})
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'],
+ {'pool': f'{range_0_start_excl} - {range_0_stop}'})
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
@@ -384,41 +526,23 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
- network = address_from_cidr(subnet)
- netmask = netmask_from_cidr(subnet)
- # Check the relay network
- self.assertIn(f'subnet {network} netmask {netmask}' + r' { }', config)
-
- relay_network = address_from_cidr(relay_subnet)
- relay_netmask = netmask_from_cidr(relay_subnet)
- self.assertIn(f'subnet {relay_network} netmask {relay_netmask}' + r' {', config)
- self.assertIn(f'option routers {relay_router};', config)
- self.assertIn(f'range {range_0_start} {range_0_stop};', config)
-
- # Check for running process
- self.assertTrue(process_named_running(PROCESS_NAME))
-
- def test_dhcp_invalid_raw_options(self):
- shared_net_name = 'SMOKE-5'
+ config = read_file(KEA4_CONF)
+ obj = loads(config)
- range_0_start = inc_ip(subnet, 10)
- range_0_stop = inc_ip(subnet, 20)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', 'RELAY')
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', relay_subnet)
- pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
- # we use the first subnet IP address as default gateway
- self.cli_set(pool + ['default-router', router])
- self.cli_set(pool + ['range', '0', 'start', range_0_start])
- self.cli_set(pool + ['range', '0', 'stop', range_0_stop])
+ # Verify options
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'routers', 'data': relay_router})
- self.cli_set(base_path + ['global-parameters', 'this-is-crap'])
- # check generate() - dhcpd should not acceot this garbage config
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
- self.cli_delete(base_path + ['global-parameters'])
-
- # commit changes
- self.cli_commit()
+ # Verify pools
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'],
+ {'pool': f'{range_0_start} - {range_0_stop}'})
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
@@ -449,41 +573,43 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['failover', 'remote', failover_remote])
self.cli_set(base_path + ['failover', 'status', 'primary'])
- # check validate() - failover needs to be enabled for at least one subnet
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
- self.cli_set(pool + ['enable-failover'])
-
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
-
- self.assertIn(f'failover peer "{failover_name}"' + r' {', config)
- self.assertIn(f'primary;', config)
- self.assertIn(f'mclt 1800;', config)
- self.assertIn(f'mclt 1800;', config)
- self.assertIn(f'split 128;', config)
- self.assertIn(f'port 647;', config)
- self.assertIn(f'peer port 647;', config)
- self.assertIn(f'max-response-delay 30;', config)
- self.assertIn(f'max-unacked-updates 10;', config)
- self.assertIn(f'load balance max seconds 3;', config)
- self.assertIn(f'address {failover_local};', config)
- self.assertIn(f'peer address {failover_remote};', config)
-
- network = address_from_cidr(subnet)
- netmask = netmask_from_cidr(subnet)
- self.assertIn(f'ddns-update-style none;', config)
- self.assertIn(f'subnet {network} netmask {netmask}' + r' {', config)
- self.assertIn(f'option routers {router};', config)
- self.assertIn(f'range {range_0_start} {range_0_stop};', config)
- self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
- self.assertIn(f'failover peer "{failover_name}";', config)
- self.assertIn(f'deny dynamic bootp clients;', config)
+ config = read_file(KEA4_CONF)
+ obj = loads(config)
+
+ # Verify failover
+ self.verify_config_value(obj, ['Dhcp4', 'control-socket'], 'socket-name', KEA4_CTRL)
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'hooks-libraries', 0, 'parameters', 'high-availability', 0, 'peers'],
+ {'name': os.uname()[1], 'url': f'http://{failover_local}:647/', 'role': 'primary', 'auto-failover': True})
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'hooks-libraries', 0, 'parameters', 'high-availability', 0, 'peers'],
+ {'name': failover_name, 'url': f'http://{failover_remote}:647/', 'role': 'standby', 'auto-failover': True})
+
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks'], 'name', shared_net_name)
+ self.verify_config_value(obj, ['Dhcp4', 'shared-networks', 0, 'subnet4'], 'subnet', subnet)
+
+ # Verify options
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'option-data'],
+ {'name': 'routers', 'data': router})
+
+ # Verify pools
+ self.verify_config_object(
+ obj,
+ ['Dhcp4', 'shared-networks', 0, 'subnet4', 0, 'pools'],
+ {'pool': f'{range_0_start} - {range_0_stop}'})
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
+ self.assertTrue(process_named_running(CTRL_PROCESS_NAME))
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_service_dhcpv6-server.py b/smoketest/scripts/cli/test_service_dhcpv6-server.py
index 4d9dabc3f..175a67537 100755
--- a/smoketest/scripts/cli/test_service_dhcpv6-server.py
+++ b/smoketest/scripts/cli/test_service_dhcpv6-server.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020-2022 VyOS maintainers and contributors
+# Copyright (C) 2020-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -16,6 +16,8 @@
import unittest
+from json import loads
+
from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.configsession import ConfigSessionError
@@ -23,8 +25,8 @@ from vyos.template import inc_ip
from vyos.utils.process import process_named_running
from vyos.utils.file import read_file
-PROCESS_NAME = 'dhcpd'
-DHCPD_CONF = '/run/dhcp-server/dhcpdv6.conf'
+PROCESS_NAME = 'kea-dhcp6'
+KEA6_CONF = '/run/kea/kea-dhcp6.conf'
base_path = ['service', 'dhcpv6-server']
subnet = '2001:db8:f00::/64'
@@ -52,6 +54,36 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase):
self.cli_delete(base_path)
self.cli_commit()
+ def walk_path(self, obj, path):
+ current = obj
+
+ for i, key in enumerate(path):
+ if isinstance(key, str):
+ self.assertTrue(isinstance(current, dict), msg=f'Failed path: {path}')
+ self.assertTrue(key in current, msg=f'Failed path: {path}')
+ elif isinstance(key, int):
+ self.assertTrue(isinstance(current, list), msg=f'Failed path: {path}')
+ self.assertTrue(0 <= key < len(current), msg=f'Failed path: {path}')
+ else:
+ assert False, "Invalid type"
+
+ current = current[key]
+
+ return current
+
+ def verify_config_object(self, obj, path, value):
+ base_obj = self.walk_path(obj, path)
+ self.assertTrue(isinstance(base_obj, list))
+ self.assertTrue(any(True for v in base_obj if v == value))
+
+ def verify_config_value(self, obj, path, key, value):
+ base_obj = self.walk_path(obj, path)
+ if isinstance(base_obj, list):
+ self.assertTrue(any(True for v in base_obj if key in v and v[key] == value))
+ elif isinstance(base_obj, dict):
+ self.assertTrue(key in base_obj)
+ self.assertEqual(base_obj[key], value)
+
def test_single_pool(self):
shared_net_name = 'SMOKE-1'
search_domains = ['foo.vyos.net', 'bar.vyos.net']
@@ -99,34 +131,66 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
- self.assertIn(f'option dhcp6.preference {preference};', config)
-
- self.assertIn(f'subnet6 {subnet}' + r' {', config)
- search = '"' + '", "'.join(search_domains) + '"'
- nissrv = ', '.join(nis_servers)
- self.assertIn(f'range6 {range_start} {range_stop};', config)
- self.assertIn(f'default-lease-time {lease_time};', config)
- self.assertIn(f'default-lease-time {lease_time};', config)
- self.assertIn(f'max-lease-time {max_lease_time};', config)
- self.assertIn(f'min-lease-time {min_lease_time};', config)
- self.assertIn(f'option dhcp6.domain-search {search};', config)
- self.assertIn(f'option dhcp6.name-servers {dns_1}, {dns_2};', config)
- self.assertIn(f'option dhcp6.nis-domain-name "{domain}";', config)
- self.assertIn(f'option dhcp6.nis-servers {nissrv};', config)
- self.assertIn(f'option dhcp6.nisp-domain-name "{domain}";', config)
- self.assertIn(f'option dhcp6.nisp-servers {nissrv};', config)
- self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
+ config = read_file(KEA6_CONF)
+ obj = loads(config)
+
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks'], 'name', shared_net_name)
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'subnet', subnet)
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'valid-lifetime', int(lease_time))
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'min-valid-lifetime', int(min_lease_time))
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'max-valid-lifetime', int(max_lease_time))
+
+ # Verify options
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'],
+ {'name': 'dns-servers', 'data': f'{dns_1}, {dns_2}'})
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'],
+ {'name': 'domain-search', 'data': ", ".join(search_domains)})
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'],
+ {'name': 'nis-domain-name', 'data': domain})
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'],
+ {'name': 'nis-servers', 'data': ", ".join(nis_servers)})
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'],
+ {'name': 'nisp-domain-name', 'data': domain})
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'],
+ {'name': 'nisp-servers', 'data': ", ".join(nis_servers)})
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'],
+ {'name': 'sntp-servers', 'data': sntp_server})
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'option-data'],
+ {'name': 'sip-server-dns', 'data': sip_server})
+
+ # Verify pools
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'pools'],
+ {'pool': f'{range_start} - {range_stop}'})
client_base = 1
for client in ['client1', 'client2', 'client3']:
cid = '00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:{}'.format(client_base)
ip = inc_ip(subnet, client_base)
prefix = inc_ip(subnet, client_base << 64) + '/64'
- self.assertIn(f'host {shared_net_name}_{client}' + ' {', config)
- self.assertIn(f'fixed-address6 {ip};', config)
- self.assertIn(f'fixed-prefix6 {prefix};', config)
- self.assertIn(f'host-identifier option dhcp6.client-id {cid};', config)
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'reservations'],
+ {'duid': cid, 'ip-addresses': [ip], 'prefixes': [prefix]})
+
client_base += 1
# Check for running process
@@ -138,22 +202,34 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase):
range_start = inc_ip(subnet, 256) # ::100
range_stop = inc_ip(subnet, 65535) # ::ffff
delegate_start = '2001:db8:ee::'
- delegate_stop = '2001:db8:ee:ff00::'
- delegate_len = '56'
+ delegate_len = '64'
+ prefix_len = '56'
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]
self.cli_set(pool + ['address-range', 'start', range_start, 'stop', range_stop])
- self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'stop', delegate_stop])
- self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'prefix-length', delegate_len])
+ self.cli_set(pool + ['prefix-delegation', 'prefix', delegate_start, 'delegated-length', delegate_len])
+ self.cli_set(pool + ['prefix-delegation', 'prefix', delegate_start, 'prefix-length', prefix_len])
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
- self.assertIn(f'subnet6 {subnet}' + r' {', config)
- self.assertIn(f'range6 {range_start} {range_stop};', config)
- self.assertIn(f'prefix6 {delegate_start} {delegate_stop} /{delegate_len};', config)
+ config = read_file(KEA6_CONF)
+ obj = loads(config)
+
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks'], 'name', shared_net_name)
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'subnet', subnet)
+
+ # Verify pools
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'pools'],
+ {'pool': f'{range_start} - {range_stop}'})
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'shared-networks', 0, 'subnet6', 0, 'pd-pools'],
+ {'prefix': delegate_start, 'prefix-len': int(prefix_len), 'delegated-len': int(delegate_len)})
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
@@ -170,10 +246,16 @@ class TestServiceDHCPv6Server(VyOSUnitTestSHIM.TestCase):
# commit changes
self.cli_commit()
- config = read_file(DHCPD_CONF)
- self.assertIn(f'option dhcp6.name-servers {ns_global_1}, {ns_global_2};', config)
- self.assertIn(f'subnet6 {subnet}' + r' {', config)
- self.assertIn(f'set shared-networkname = "{shared_net_name}";', config)
+ config = read_file(KEA6_CONF)
+ obj = loads(config)
+
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks'], 'name', shared_net_name)
+ self.verify_config_value(obj, ['Dhcp6', 'shared-networks', 0, 'subnet6'], 'subnet', subnet)
+
+ self.verify_config_object(
+ obj,
+ ['Dhcp6', 'option-data'],
+ {'name': 'dns-servers', "code": 23, "space": "dhcp6", "csv-format": True, 'data': f'{ns_global_1}, {ns_global_2}'})
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index ac7d95632..66f7c8057 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -21,10 +21,16 @@ from ipaddress import ip_network
from netaddr import IPAddress
from netaddr import IPRange
from sys import exit
+from time import sleep
from vyos.config import Config
+from vyos.pki import wrap_certificate
+from vyos.pki import wrap_private_key
from vyos.template import render
from vyos.utils.dict import dict_search
+from vyos.utils.dict import dict_search_args
+from vyos.utils.file import chmod_775
+from vyos.utils.file import write_file
from vyos.utils.process import call
from vyos.utils.process import run
from vyos.utils.network import is_subnet_connected
@@ -33,8 +39,14 @@ from vyos import ConfigError
from vyos import airbag
airbag.enable()
-config_file = '/run/dhcp-server/dhcpd.conf'
-systemd_override = r'/run/systemd/system/isc-dhcp-server.service.d/10-override.conf'
+ctrl_config_file = '/run/kea/kea-ctrl-agent.conf'
+ctrl_socket = '/run/kea/dhcp4-ctrl-socket'
+config_file = '/run/kea/kea-dhcp4.conf'
+lease_file = '/config/dhcp4.leases'
+
+ca_cert_file = '/run/kea/kea-failover-ca.pem'
+cert_file = '/run/kea/kea-failover.pem'
+cert_key_file = '/run/kea/kea-failover-key.pem'
def dhcp_slice_range(exclude_list, range_dict):
"""
@@ -130,6 +142,9 @@ def get_config(config=None):
dhcp['shared_network_name'][network]['subnet'][subnet].update(
{'range' : new_range_dict})
+ if dict_search('failover.certificate', dhcp):
+ dhcp['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True)
+
return dhcp
def verify(dhcp):
@@ -166,13 +181,6 @@ def verify(dhcp):
if 'next_hop' not in route_option:
raise ConfigError(f'DHCP static-route "{route}" requires router to be defined!')
- # DHCP failover needs at least one subnet that uses it
- if 'enable_failover' in subnet_config:
- if 'failover' not in dhcp:
- raise ConfigError(f'Can not enable failover for "{subnet}" in "{network}".\n' \
- 'Failover is not configured globally!')
- failover_ok = True
-
# Check if DHCP address range is inside configured subnet declaration
if 'range' in subnet_config:
networks = []
@@ -249,14 +257,34 @@ def verify(dhcp):
raise ConfigError(f'At least one shared network must be active!')
if 'failover' in dhcp:
- if not failover_ok:
- raise ConfigError('DHCP failover must be enabled for at least one subnet!')
-
for key in ['name', 'remote', 'source_address', 'status']:
if key not in dhcp['failover']:
tmp = key.replace('_', '-')
raise ConfigError(f'DHCP failover requires "{tmp}" to be specified!')
+ if len({'certificate', 'ca_certificate'} & set(dhcp['failover'])) == 1:
+ raise ConfigError(f'DHCP secured failover requires both certificate and CA certificate')
+
+ if 'certificate' in dhcp['failover']:
+ cert_name = dhcp['failover']['certificate']
+
+ if cert_name not in dhcp['pki']['certificate']:
+ raise ConfigError(f'Invalid certificate specified for DHCP failover')
+
+ if not dict_search_args(dhcp['pki']['certificate'], cert_name, 'certificate'):
+ raise ConfigError(f'Invalid certificate specified for DHCP failover')
+
+ if not dict_search_args(dhcp['pki']['certificate'], cert_name, 'private', 'key'):
+ raise ConfigError(f'Missing private key on certificate specified for DHCP failover')
+
+ if 'ca_certificate' in dhcp['failover']:
+ ca_cert_name = dhcp['failover']['ca_certificate']
+ if ca_cert_name not in dhcp['pki']['ca']:
+ raise ConfigError(f'Invalid CA certificate specified for DHCP failover')
+
+ if not dict_search_args(dhcp['pki']['ca'], ca_cert_name, 'certificate'):
+ raise ConfigError(f'Invalid CA certificate specified for DHCP failover')
+
for address in (dict_search('listen_address', dhcp) or []):
if is_addr_assigned(address):
listen_ok = True
@@ -278,43 +306,71 @@ def generate(dhcp):
if not dhcp or 'disable' in dhcp:
return None
- # Please see: https://vyos.dev/T1129 for quoting of the raw
- # parameters we can pass to ISC DHCPd
- tmp_file = '/tmp/dhcpd.conf'
- render(tmp_file, 'dhcp-server/dhcpd.conf.j2', dhcp,
- formater=lambda _: _.replace(""", '"'))
- # XXX: as we have the ability for a user to pass in "raw" options via VyOS
- # CLI (see T3544) we now ask ISC dhcpd to test the newly rendered
- # configuration
- tmp = run(f'/usr/sbin/dhcpd -4 -q -t -cf {tmp_file}')
- if tmp > 0:
- if os.path.exists(tmp_file):
- os.unlink(tmp_file)
- raise ConfigError('Configuration file errors encountered - check your options!')
-
- # Now that we know that the newly rendered configuration is "good" we can
- # render the "real" configuration
- render(config_file, 'dhcp-server/dhcpd.conf.j2', dhcp,
- formater=lambda _: _.replace(""", '"'))
- render(systemd_override, 'dhcp-server/10-override.conf.j2', dhcp)
-
- # Clean up configuration test file
- if os.path.exists(tmp_file):
- os.unlink(tmp_file)
+ dhcp['lease_file'] = lease_file
+ dhcp['machine'] = os.uname().machine
+
+ if not os.path.exists(lease_file):
+ write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755)
+
+ for f in [cert_file, cert_key_file, ca_cert_file]:
+ if os.path.exists(f):
+ os.unlink(f)
+
+ if 'failover' in dhcp:
+ if 'certificate' in dhcp['failover']:
+ cert_name = dhcp['failover']['certificate']
+ cert_data = dhcp['pki']['certificate'][cert_name]['certificate']
+ key_data = dhcp['pki']['certificate'][cert_name]['private']['key']
+ write_file(cert_file, wrap_certificate(cert_data), user='_kea', mode=0o600)
+ write_file(cert_key_file, wrap_private_key(key_data), user='_kea', mode=0o600)
+
+ dhcp['failover']['cert_file'] = cert_file
+ dhcp['failover']['cert_key_file'] = cert_key_file
+
+ if 'ca_certificate' in dhcp['failover']:
+ ca_cert_name = dhcp['failover']['ca_certificate']
+ ca_cert_data = dhcp['pki']['ca'][ca_cert_name]['certificate']
+ write_file(ca_cert_file, wrap_certificate(ca_cert_data), user='_kea', mode=0o600)
+
+ dhcp['failover']['ca_cert_file'] = ca_cert_file
+
+ render(ctrl_config_file, 'dhcp-server/kea-ctrl-agent.conf.j2', dhcp)
+ render(config_file, 'dhcp-server/kea-dhcp4.conf.j2', dhcp)
return None
def apply(dhcp):
- call('systemctl daemon-reload')
- # bail out early - looks like removal from running config
+ services = ['kea-ctrl-agent', 'kea-dhcp4-server', 'kea-dhcp-ddns-server']
+
if not dhcp or 'disable' in dhcp:
- call('systemctl stop isc-dhcp-server.service')
+ for service in services:
+ call(f'systemctl stop {service}.service')
+
if os.path.exists(config_file):
os.unlink(config_file)
return None
- call('systemctl restart isc-dhcp-server.service')
+ for service in services:
+ action = 'restart'
+
+ if service == 'kea-dhcp-ddns-server' and 'dynamic_dns_update' not in dhcp:
+ action = 'stop'
+
+ if service == 'kea-ctrl-agent' and 'failover' not in dhcp:
+ action = 'stop'
+
+ call(f'systemctl {action} {service}.service')
+
+ # op-mode needs ctrl socket permission change
+ i = 0
+ while not os.path.exists(ctrl_socket):
+ if i > 15:
+ break
+ i += 1
+ sleep(1)
+ chmod_775(ctrl_socket)
+
return None
if __name__ == '__main__':
diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py
index 427001609..73a708ff5 100755
--- a/src/conf_mode/dhcpv6_server.py
+++ b/src/conf_mode/dhcpv6_server.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018-2022 VyOS maintainers and contributors
+# Copyright (C) 2018-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -19,18 +19,23 @@ import os
from ipaddress import ip_address
from ipaddress import ip_network
from sys import exit
+from time import sleep
from vyos.config import Config
from vyos.template import render
from vyos.template import is_ipv6
from vyos.utils.process import call
+from vyos.utils.file import chmod_775
+from vyos.utils.file import write_file
from vyos.utils.dict import dict_search
from vyos.utils.network import is_subnet_connected
from vyos import ConfigError
from vyos import airbag
airbag.enable()
-config_file = '/run/dhcp-server/dhcpdv6.conf'
+config_file = '/run/kea/kea-dhcp6.conf'
+ctrl_socket = '/run/kea/dhcp6-ctrl-socket'
+lease_file = '/config/dhcp6.leases'
def get_config(config=None):
if config:
@@ -110,17 +115,20 @@ def verify(dhcpv6):
# Prefix delegation sanity checks
if 'prefix_delegation' in subnet_config:
- if 'start' not in subnet_config['prefix_delegation']:
- raise ConfigError('prefix-delegation start address not defined!')
+ if 'prefix' not in subnet_config['prefix_delegation']:
+ raise ConfigError('prefix-delegation prefix not defined!')
- for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items():
- if 'stop' not in prefix_config:
- raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
+ for prefix, prefix_config in subnet_config['prefix_delegation']['prefix'].items():
+ if 'delegated_length' not in prefix_config:
+ raise ConfigError(f'Delegated IPv6 prefix length for "{prefix}" '\
f'must be configured')
if 'prefix_length' not in prefix_config:
raise ConfigError('Length of delegated IPv6 prefix must be configured')
+ if prefix_config['prefix_length'] > prefix_config['delegated_length']:
+ raise ConfigError('Length of delegated IPv6 prefix must be within parent prefix')
+
# Static mappings don't require anything (but check if IP is in subnet if it's set)
if 'static_mapping' in subnet_config:
for mapping, mapping_config in subnet_config['static_mapping'].items():
@@ -168,12 +176,18 @@ def generate(dhcpv6):
if not dhcpv6 or 'disable' in dhcpv6:
return None
- render(config_file, 'dhcp-server/dhcpdv6.conf.j2', dhcpv6)
+ dhcpv6['lease_file'] = lease_file
+ dhcpv6['machine'] = os.uname().machine
+
+ if not os.path.exists(lease_file):
+ write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755)
+
+ render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6)
return None
def apply(dhcpv6):
# bail out early - looks like removal from running config
- service_name = 'isc-dhcp-server6.service'
+ service_name = 'kea-dhcp6-server.service'
if not dhcpv6 or 'disable' in dhcpv6:
# DHCP server is removed in the commit
call(f'systemctl stop {service_name}')
@@ -182,6 +196,16 @@ def apply(dhcpv6):
return None
call(f'systemctl restart {service_name}')
+
+ # op-mode needs ctrl socket permission change
+ i = 0
+ while not os.path.exists(ctrl_socket):
+ if i > 15:
+ break
+ i += 1
+ sleep(1)
+ chmod_775(ctrl_socket)
+
return None
if __name__ == '__main__':
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 87a269499..3bee961fc 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -330,7 +330,7 @@ def apply(login):
if tmp: command += f" --home '{tmp}'"
else: command += f" --home '/home/{user}'"
- command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk {user}'
+ command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk,_kea {user}'
try:
cmd(command)
diff --git a/src/etc/systemd/system/kea-ctrl-agent.service.d/override.conf b/src/etc/systemd/system/kea-ctrl-agent.service.d/override.conf
new file mode 100644
index 000000000..0f5bf801e
--- /dev/null
+++ b/src/etc/systemd/system/kea-ctrl-agent.service.d/override.conf
@@ -0,0 +1,9 @@
+[Unit]
+After=
+After=vyos-router.service
+
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/kea-ctrl-agent -c /run/kea/kea-ctrl-agent.conf
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
diff --git a/src/etc/systemd/system/kea-dhcp4-server.service.d/override.conf b/src/etc/systemd/system/kea-dhcp4-server.service.d/override.conf
new file mode 100644
index 000000000..682e5bbce
--- /dev/null
+++ b/src/etc/systemd/system/kea-dhcp4-server.service.d/override.conf
@@ -0,0 +1,7 @@
+[Unit]
+After=
+After=vyos-router.service
+
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/kea-dhcp4 -c /run/kea/kea-dhcp4.conf
diff --git a/src/etc/systemd/system/kea-dhcp6-server.service.d/override.conf b/src/etc/systemd/system/kea-dhcp6-server.service.d/override.conf
new file mode 100644
index 000000000..cb33fc057
--- /dev/null
+++ b/src/etc/systemd/system/kea-dhcp6-server.service.d/override.conf
@@ -0,0 +1,7 @@
+[Unit]
+After=
+After=vyos-router.service
+
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/kea-dhcp6 -c /run/kea/kea-dhcp6.conf
diff --git a/src/migration-scripts/dhcp-server/6-to-7 b/src/migration-scripts/dhcp-server/6-to-7
new file mode 100755
index 000000000..ccf385a30
--- /dev/null
+++ b/src/migration-scripts/dhcp-server/6-to-7
@@ -0,0 +1,87 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+# T3316: Migrate to Kea
+# - global-parameters will not function
+# - shared-network-parameters will not function
+# - subnet-parameters will not function
+# - static-mapping-parameters will not function
+# - host-decl-name is on by default, option removed
+# - ping-check no longer supported
+# - failover is default enabled on all subnets that exist on failover servers
+
+import sys
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 2):
+ print("Must specify file name!")
+ sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['service', 'dhcp-server']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+ # Nothing to do
+ sys.exit(0)
+
+if config.exists(base + ['host-decl-name']):
+ config.delete(base + ['host-decl-name'])
+
+if config.exists(base + ['global-parameters']):
+ config.delete(base + ['global-parameters'])
+
+if config.exists(base + ['shared-network-name']):
+ for network in config.list_nodes(base + ['shared-network-name']):
+ base_network = base + ['shared-network-name', network]
+
+ if config.exists(base_network + ['ping-check']):
+ config.delete(base_network + ['ping-check'])
+
+ if config.exists(base_network + ['shared-network-parameters']):
+ config.delete(base_network +['shared-network-parameters'])
+
+ if not config.exists(base_network + ['subnet']):
+ continue
+
+ # Run this for every specified 'subnet'
+ for subnet in config.list_nodes(base_network + ['subnet']):
+ base_subnet = base_network + ['subnet', subnet]
+
+ if config.exists(base_subnet + ['enable-failover']):
+ config.delete(base_subnet + ['enable-failover'])
+
+ if config.exists(base_subnet + ['ping-check']):
+ config.delete(base_subnet + ['ping-check'])
+
+ if config.exists(base_subnet + ['subnet-parameters']):
+ config.delete(base_subnet + ['subnet-parameters'])
+
+ if config.exists(base_subnet + ['static-mapping']):
+ for mapping in config.list_nodes(base_subnet + ['static-mapping']):
+ if config.exists(base_subnet + ['static-mapping', mapping, 'static-mapping-parameters']):
+ config.delete(base_subnet + ['static-mapping', mapping, 'static-mapping-parameters'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)
diff --git a/src/migration-scripts/dhcpv6-server/1-to-2 b/src/migration-scripts/dhcpv6-server/1-to-2
new file mode 100755
index 000000000..cc5a8900a
--- /dev/null
+++ b/src/migration-scripts/dhcpv6-server/1-to-2
@@ -0,0 +1,86 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+# T3316: Migrate to Kea
+# - Kea was meant to have support for key "prefix-highest" under PD which would allow an address range
+# However this seems to have never been implemented. A conversion to prefix length is needed (where possible).
+# Ref: https://lists.isc.org/pipermail/kea-users/2022-November/003686.html
+# - Remove prefix temporary value, convert to multi leafNode (https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp6-srv.html#dhcpv6-server-limitations)
+
+import sys
+from vyos.configtree import ConfigTree
+from vyos.utils.network import ipv6_prefix_length
+
+if (len(sys.argv) < 1):
+ print("Must specify file name!")
+ sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['service', 'dhcpv6-server', 'shared-network-name']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+ # Nothing to do
+ exit(0)
+
+for network in config.list_nodes(base):
+ if not config.exists(base + [network, 'subnet']):
+ continue
+
+ for subnet in config.list_nodes(base + [network, 'subnet']):
+ # Delete temporary value under address-range prefix, convert tagNode to leafNode multi
+ if config.exists(base + [network, 'subnet', subnet, 'address-range', 'prefix']):
+ prefix_base = base + [network, 'subnet', subnet, 'address-range', 'prefix']
+ prefixes = config.list_nodes(prefix_base)
+
+ config.delete(prefix_base)
+
+ for prefix in prefixes:
+ config.set(prefix_base, value=prefix, replace=False)
+
+ if config.exists(base + [network, 'subnet', subnet, 'prefix-delegation', 'prefix']):
+ prefix_base = base + [network, 'subnet', subnet, 'prefix-delegation', 'prefix']
+
+ config.set(prefix_base)
+ config.set_tag(prefix_base)
+
+ for start in config.list_nodes(base + [network, 'subnet', subnet, 'prefix-delegation', 'start']):
+ path = base + [network, 'subnet', subnet, 'prefix-delegation', 'start', start]
+
+ delegated_length = config.return_value(path + ['prefix-length'])
+ stop = config.return_value(path + ['stop'])
+
+ prefix_length = ipv6_prefix_length(start, stop)
+
+ # This range could not be converted into a simple prefix length and must be skipped
+ if not prefix_length:
+ continue
+
+ config.set(prefix_base + [start, 'delegated-length'], value=delegated_length)
+ config.set(prefix_base + [start, 'prefix-length'], value=prefix_length)
+
+ config.delete(base + [network, 'subnet', subnet, 'prefix-delegation', 'start'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1)
diff --git a/src/op_mode/clear_dhcp_lease.py b/src/op_mode/clear_dhcp_lease.py
index f372d3af0..2c95a2b08 100755
--- a/src/op_mode/clear_dhcp_lease.py
+++ b/src/op_mode/clear_dhcp_lease.py
@@ -1,20 +1,34 @@
#!/usr/bin/env python3
+#
+# Copyright 2023 VyOS maintainers and contributors
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see .
import argparse
import re
-from isc_dhcp_leases import Lease
-from isc_dhcp_leases import IscDhcpLeases
-
from vyos.configquery import ConfigTreeQuery
+from vyos.kea import kea_parse_leases
from vyos.utils.io import ask_yes_no
from vyos.utils.process import call
from vyos.utils.commit import commit_in_progress
+# TODO: Update to use Kea control socket command "lease4-del"
config = ConfigTreeQuery()
base = ['service', 'dhcp-server']
-lease_file = '/config/dhcpd.leases'
+lease_file = '/config/dhcp4.leases'
def del_lease_ip(address):
@@ -25,8 +39,7 @@ def del_lease_ip(address):
"""
with open(lease_file, encoding='utf-8') as f:
data = f.read().rstrip()
- lease_config_ip = '{(?P[\s\S]+?)\n}'
- pattern = rf"lease {address} {lease_config_ip}"
+ pattern = rf"^{address},[^\n]+\n"
# Delete lease for ip block
data = re.sub(pattern, '', data)
@@ -38,15 +51,13 @@ def is_ip_in_leases(address):
"""
Return True if address found in the lease file
"""
- leases = IscDhcpLeases(lease_file)
+ leases = kea_parse_leases(lease_file)
lease_ips = []
- for lease in leases.get():
- lease_ips.append(lease.ip)
- if address not in lease_ips:
- print(f'Address "{address}" not found in "{lease_file}"')
- return False
- return True
-
+ for lease in leases:
+ if address == lease['address']:
+ return True
+ print(f'Address "{address}" not found in "{lease_file}"')
+ return False
if not config.exists(base):
print('DHCP-server not configured!')
@@ -75,4 +86,4 @@ if __name__ == '__main__':
exit(1)
else:
del_lease_ip(address)
- call('systemctl restart isc-dhcp-server.service')
+ call('systemctl restart kea-dhcp4-server.service')
diff --git a/src/op_mode/dhcp.py b/src/op_mode/dhcp.py
index d6b8aa0b8..bd2c522ca 100755
--- a/src/op_mode/dhcp.py
+++ b/src/op_mode/dhcp.py
@@ -21,7 +21,6 @@ import typing
from datetime import datetime
from glob import glob
from ipaddress import ip_address
-from isc_dhcp_leases import IscDhcpLeases
from tabulate import tabulate
import vyos.opmode
@@ -29,6 +28,9 @@ import vyos.opmode
from vyos.base import Warning
from vyos.configquery import ConfigTreeQuery
+from vyos.kea import kea_get_active_config
+from vyos.kea import kea_get_pool_from_subnet_id
+from vyos.kea import kea_parse_leases
from vyos.utils.dict import dict_search
from vyos.utils.file import read_file
from vyos.utils.process import cmd
@@ -77,67 +79,62 @@ def _get_raw_server_leases(family='inet', pool=None, sorted=None, state=[], orig
Get DHCP server leases
:return list
"""
- lease_file = '/config/dhcpdv6.leases' if family == 'inet6' else '/config/dhcpd.leases'
+ lease_file = '/config/dhcp6.leases' if family == 'inet6' else '/config/dhcp4.leases'
data = []
- leases = IscDhcpLeases(lease_file).get()
+ leases = kea_parse_leases(lease_file)
if pool is None:
pool = _get_dhcp_pools(family=family)
- aux = False
else:
pool = [pool]
- aux = True
-
- ## Search leases for every pool
- for pool_name in pool:
- for lease in leases:
- if lease.sets.get('shared-networkname', '') == pool_name or lease.sets.get('shared-networkname', '') == '':
- #if lease.sets.get('shared-networkname', '') == pool_name:
- data_lease = {}
- data_lease['ip'] = lease.ip
- data_lease['state'] = lease.binding_state
- #data_lease['pool'] = pool_name if lease.sets.get('shared-networkname', '') != '' else 'Fail-Over Server'
- data_lease['pool'] = lease.sets.get('shared-networkname', '')
- data_lease['end'] = lease.end.timestamp() if lease.end else None
- data_lease['origin'] = 'local' if data_lease['pool'] != '' else 'remote'
-
- if family == 'inet':
- data_lease['mac'] = lease.ethernet
- data_lease['start'] = lease.start.timestamp()
- data_lease['hostname'] = lease.hostname
-
- if family == 'inet6':
- data_lease['last_communication'] = lease.last_communication.timestamp()
- data_lease['iaid_duid'] = _format_hex_string(lease.host_identifier_string)
- lease_types_long = {'na': 'non-temporary', 'ta': 'temporary', 'pd': 'prefix delegation'}
- data_lease['type'] = lease_types_long[lease.type]
-
- data_lease['remaining'] = '-'
-
- if lease.end:
- data_lease['remaining'] = lease.end - datetime.utcnow()
-
- if data_lease['remaining'].days >= 0:
- # substraction gives us a timedelta object which can't be formatted with strftime
- # so we use str(), split gets rid of the microseconds
- data_lease['remaining'] = str(data_lease["remaining"]).split('.')[0]
-
- # Do not add old leases
- if data_lease['remaining'] != '' and data_lease['state'] != 'free':
- if not state or data_lease['state'] in state or state == 'all':
- if not origin or data_lease['origin'] in origin:
- if not aux or (aux and data_lease['pool'] == pool_name):
- data.append(data_lease)
-
- # deduplicate
- checked = []
- for entry in data:
- addr = entry.get('ip')
- if addr not in checked:
- checked.append(addr)
- else:
- idx = _find_list_of_dict_index(data, key='ip', value=addr)
- data.pop(idx)
+
+ inet_suffix = '6' if family == 'inet6' else '4'
+ active_config = kea_get_active_config(inet_suffix)
+
+ for lease in leases:
+ data_lease = {}
+ data_lease['ip'] = lease['address']
+ lease_state_long = {'0': 'active', '1': 'rejected', '2': 'expired'}
+ data_lease['state'] = lease_state_long[lease['state']]
+ data_lease['pool'] = kea_get_pool_from_subnet_id(active_config, inet_suffix, lease['subnet_id']) if active_config else '-'
+ data_lease['end'] = lease['expire_timestamp'].timestamp() if lease['expire_timestamp'] else None
+ data_lease['origin'] = 'local' # TODO: Determine remote in HA
+
+ if family == 'inet':
+ data_lease['mac'] = lease['hwaddr']
+ data_lease['start'] = lease['start_timestamp']
+ data_lease['hostname'] = lease['hostname']
+
+ if family == 'inet6':
+ data_lease['last_communication'] = lease['start_timestamp']
+ data_lease['iaid_duid'] = _format_hex_string(lease['duid'])
+ lease_types_long = {'0': 'non-temporary', '1': 'temporary', '2': 'prefix delegation'}
+ data_lease['type'] = lease_types_long[lease['lease_type']]
+
+ data_lease['remaining'] = '-'
+
+ if lease['expire']:
+ data_lease['remaining'] = lease['expire_timestamp'] - datetime.utcnow()
+
+ if data_lease['remaining'].days >= 0:
+ # substraction gives us a timedelta object which can't be formatted with strftime
+ # so we use str(), split gets rid of the microseconds
+ data_lease['remaining'] = str(data_lease["remaining"]).split('.')[0]
+
+ # Do not add old leases
+ if data_lease['remaining'] != '' and data_lease['pool'] in pool and data_lease['state'] != 'free':
+ if not state or data_lease['state'] in state:
+ data.append(data_lease)
+
+ # deduplicate
+ checked = []
+ for entry in data:
+ addr = entry.get('ip')
+ if addr not in checked:
+ checked.append(addr)
+ else:
+ idx = _find_list_of_dict_index(data, key='ip', value=addr)
+ data.pop(idx)
if sorted:
if sorted == 'ip':
@@ -154,7 +151,7 @@ def _get_formatted_server_leases(raw_data, family='inet'):
ipaddr = lease.get('ip')
hw_addr = lease.get('mac')
state = lease.get('state')
- start = lease.get('start')
+ start = lease.get('start').timestamp()
start = _utc_to_local(start).strftime('%Y/%m/%d %H:%M:%S')
end = lease.get('end')
end = _utc_to_local(end).strftime('%Y/%m/%d %H:%M:%S') if end else '-'
@@ -171,7 +168,7 @@ def _get_formatted_server_leases(raw_data, family='inet'):
for lease in raw_data:
ipaddr = lease.get('ip')
state = lease.get('state')
- start = lease.get('last_communication')
+ start = lease.get('last_communication').timestamp()
start = _utc_to_local(start).strftime('%Y/%m/%d %H:%M:%S')
end = lease.get('end')
end = _utc_to_local(end).strftime('%Y/%m/%d %H:%M:%S')
@@ -282,10 +279,9 @@ def show_server_leases(raw: bool, family: ArgFamily, pool: typing.Optional[str],
sorted: typing.Optional[str], state: typing.Optional[ArgState],
origin: typing.Optional[ArgOrigin] ):
# if dhcp server is down, inactive leases may still be shown as active, so warn the user.
- v = '6' if family == 'inet6' else ''
- service_name = 'DHCPv6' if family == 'inet6' else 'DHCP'
- if not is_systemd_service_running(f'isc-dhcp-server{v}.service'):
- Warning(f'{service_name} server is configured but not started. Data may be stale.')
+ v = '6' if family == 'inet6' else '4'
+ if not is_systemd_service_running(f'kea-dhcp{v}-server.service'):
+ Warning('DHCP server is configured but not started. Data may be stale.')
v = 'v6' if family == 'inet6' else ''
if pool and pool not in _get_dhcp_pools(family=family):
diff --git a/src/system/on-dhcp-event.sh b/src/system/on-dhcp-event.sh
index 49e53d7e1..7b25bf338 100755
--- a/src/system/on-dhcp-event.sh
+++ b/src/system/on-dhcp-event.sh
@@ -15,20 +15,20 @@ if [ $# -lt 5 ]; then
fi
action=$1
-client_name=$2
-client_ip=$3
-client_mac=$4
-domain=$5
+client_name=$LEASE4_HOSTNAME
+client_ip=$LEASE4_ADDRESS
+client_mac=$LEASE4_HWADDR
+domain=$(echo "$client_name" | cut -d"." -f2-)
hostsd_client="/usr/bin/vyos-hostsd-client"
case "$action" in
- commit) # add mapping for new lease
+ leases4_renew|lease4_recover) # add mapping for new lease
if [ -z "$client_name" ]; then
logger -s -t on-dhcp-event "Client name was empty, using MAC \"$client_mac\" instead"
client_name=$(echo "client-"$client_mac | tr : -)
fi
- if [ "$domain" == "..YYZ!" ]; then
+ if [ -z "$domain" ]; then
client_fqdn_name=$client_name
client_search_expr=$client_name
else
@@ -39,7 +39,7 @@ case "$action" in
exit 0
;;
- release) # delete mapping for released address
+ lease4_release|lease4_expire) # delete mapping for released address)
$hostsd_client --delete-hosts --tag "dhcp-server-$client_ip" --apply
exit 0
;;
diff --git a/src/systemd/isc-dhcp-server6.service b/src/systemd/isc-dhcp-server6.service
deleted file mode 100644
index 1345c5fc5..000000000
--- a/src/systemd/isc-dhcp-server6.service
+++ /dev/null
@@ -1,24 +0,0 @@
-[Unit]
-Description=ISC DHCP IPv6 server
-Documentation=man:dhcpd(8)
-RequiresMountsFor=/run
-ConditionPathExists=/run/dhcp-server/dhcpdv6.conf
-After=vyos-router.service
-
-[Service]
-Type=forking
-WorkingDirectory=/run/dhcp-server
-RuntimeDirectory=dhcp-server
-RuntimeDirectoryPreserve=yes
-Environment=PID_FILE=/run/dhcp-server/dhcpdv6.pid CONFIG_FILE=/run/dhcp-server/dhcpdv6.conf LEASE_FILE=/config/dhcpdv6.leases
-PIDFile=/run/dhcp-server/dhcpdv6.pid
-ExecStartPre=/bin/sh -ec '\
-touch ${LEASE_FILE}; \
-chown nobody:nogroup ${LEASE_FILE}* ; \
-chmod 664 ${LEASE_FILE}* ; \
-/usr/sbin/dhcpd -6 -t -T -q -user dhcpd -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} '
-ExecStart=/usr/sbin/dhcpd -6 -q -user dhcpd -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE}
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
--
cgit v1.2.3