4 files changed, 34 insertions, 20 deletions

diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index c1308cda7..7ebc560ba 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -27,9 +27,10 @@ from vyos.pki import wrap_private_key
 from vyos.template import render
 from vyos.utils.dict import dict_search
 from vyos.utils.dict import dict_search_args
+from vyos.utils.file import chmod_775
+from vyos.utils.file import makedir
 from vyos.utils.file import write_file
 from vyos.utils.process import call
-from vyos.utils.process import run
 from vyos.utils.network import is_subnet_connected
 from vyos.utils.network import is_addr_assigned
 from vyos import ConfigError
@@ -39,8 +40,9 @@ airbag.enable()
 ctrl_config_file = '/run/kea/kea-ctrl-agent.conf'
 ctrl_socket = '/run/kea/dhcp4-ctrl-socket'
 config_file = '/run/kea/kea-dhcp4.conf'
-lease_file = '/config/dhcp4.leases'
+lease_file = '/config/dhcp/dhcp4-leases.csv'
 systemd_override = r'/run/systemd/system/kea-ctrl-agent.service.d/10-override.conf'
+user_group = '_kea'
 
 ca_cert_file = '/run/kea/kea-failover-ca.pem'
 cert_file = '/run/kea/kea-failover.pem'
@@ -308,8 +310,15 @@ def generate(dhcp):
     dhcp['lease_file'] = lease_file
     dhcp['machine'] = os.uname().machine
 
+    # Create directory for lease file if necessary
+    lease_dir = os.path.dirname(lease_file)
+    if not os.path.isdir(lease_dir):
+        makedir(lease_dir, group='vyattacfg')
+        chmod_775(lease_dir)
+
+    # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
     if not os.path.exists(lease_file):
-        write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755)
+        write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
 
     for f in [cert_file, cert_key_file, ca_cert_file]:
         if os.path.exists(f):
@@ -320,8 +329,8 @@ def generate(dhcp):
             cert_name = dhcp['failover']['certificate']
             cert_data = dhcp['pki']['certificate'][cert_name]['certificate']
             key_data = dhcp['pki']['certificate'][cert_name]['private']['key']
-            write_file(cert_file, wrap_certificate(cert_data), user='_kea', mode=0o600)
-            write_file(cert_key_file, wrap_private_key(key_data), user='_kea', mode=0o600)
+            write_file(cert_file, wrap_certificate(cert_data), user=user_group, mode=0o600)
+            write_file(cert_key_file, wrap_private_key(key_data), user=user_group, mode=0o600)
 
             dhcp['failover']['cert_file'] = cert_file
             dhcp['failover']['cert_key_file'] = cert_key_file
@@ -329,14 +338,14 @@ def generate(dhcp):
         if 'ca_certificate' in dhcp['failover']:
             ca_cert_name = dhcp['failover']['ca_certificate']
             ca_cert_data = dhcp['pki']['ca'][ca_cert_name]['certificate']
-            write_file(ca_cert_file, wrap_certificate(ca_cert_data), user='_kea', mode=0o600)
+            write_file(ca_cert_file, wrap_certificate(ca_cert_data), user=user_group, mode=0o600)
 
             dhcp['failover']['ca_cert_file'] = ca_cert_file
 
         render(systemd_override, 'dhcp-server/10-override.conf.j2', dhcp)
 
-    render(ctrl_config_file, 'dhcp-server/kea-ctrl-agent.conf.j2', dhcp)
-    render(config_file, 'dhcp-server/kea-dhcp4.conf.j2', dhcp)
+    render(ctrl_config_file, 'dhcp-server/kea-ctrl-agent.conf.j2', dhcp, user=user_group, group=user_group)
+    render(config_file, 'dhcp-server/kea-dhcp4.conf.j2', dhcp, user=user_group, group=user_group)
 
     return None
 
diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py
index f9da3d84a..9cc57dbcf 100755
--- a/src/conf_mode/dhcpv6_server.py
+++ b/src/conf_mode/dhcpv6_server.py
@@ -22,8 +22,9 @@ from sys import exit
 
 from vyos.config import Config
 from vyos.template import render
-from vyos.template import is_ipv6
 from vyos.utils.process import call
+from vyos.utils.file import chmod_775
+from vyos.utils.file import makedir
 from vyos.utils.file import write_file
 from vyos.utils.dict import dict_search
 from vyos.utils.network import is_subnet_connected
@@ -33,7 +34,8 @@ airbag.enable()
 
 config_file = '/run/kea/kea-dhcp6.conf'
 ctrl_socket = '/run/kea/dhcp6-ctrl-socket'
-lease_file = '/config/dhcp6.leases'
+lease_file = '/config/dhcp/dhcp6-leases.csv'
+user_group = '_kea'
 
 def get_config(config=None):
     if config:
@@ -182,10 +184,17 @@ def generate(dhcpv6):
     dhcpv6['lease_file'] = lease_file
     dhcpv6['machine'] = os.uname().machine
 
+    # Create directory for lease file if necessary
+    lease_dir = os.path.dirname(lease_file)
+    if not os.path.isdir(lease_dir):
+        makedir(lease_dir, group='vyattacfg')
+        chmod_775(lease_dir)
+
+    # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
     if not os.path.exists(lease_file):
-        write_file(lease_file, '', user='_kea', group='vyattacfg', mode=0o755)
+        write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
 
-    render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6)
+    render(config_file, 'dhcp-server/kea-dhcp6.conf.j2', dhcpv6, user=user_group, group=user_group)
     return None
 
 def apply(dhcpv6):
diff --git a/src/op_mode/clear_dhcp_lease.py b/src/op_mode/clear_dhcp_lease.py
index 2c95a2b08..7d4b47104 100755
--- a/src/op_mode/clear_dhcp_lease.py
+++ b/src/op_mode/clear_dhcp_lease.py
@@ -28,7 +28,7 @@ from vyos.utils.commit import commit_in_progress
 
 config = ConfigTreeQuery()
 base = ['service', 'dhcp-server']
-lease_file = '/config/dhcp4.leases'
+lease_file = '/config/dhcp/dhcp4-leases.csv'
 
 
 def del_lease_ip(address):
@@ -52,7 +52,6 @@ def is_ip_in_leases(address):
     Return True if address found in the lease file
     """
     leases = kea_parse_leases(lease_file)
-    lease_ips = []
     for lease in leases:
         if address == lease['address']:
             return True
diff --git a/src/op_mode/dhcp.py b/src/op_mode/dhcp.py
index a9271ea79..02f4d5bbb 100755
--- a/src/op_mode/dhcp.py
+++ b/src/op_mode/dhcp.py
@@ -31,9 +31,6 @@ from vyos.configquery import ConfigTreeQuery
 from vyos.kea import kea_get_active_config
 from vyos.kea import kea_get_pool_from_subnet_id
 from vyos.kea import kea_parse_leases
-from vyos.utils.dict import dict_search
-from vyos.utils.file import read_file
-from vyos.utils.process import cmd
 from vyos.utils.process import is_systemd_service_running
 
 time_string = "%a %b %d %H:%M:%S %Z %Y"
@@ -79,8 +76,8 @@ def _get_raw_server_leases(family='inet', pool=None, sorted=None, state=[], orig
     Get DHCP server leases
     :return list
     """
-    lease_file = '/config/dhcp6.leases' if family == 'inet6' else '/config/dhcp4.leases'
-    data = []
+    inet_suffix = '6' if family == 'inet6' else '4'
+    lease_file = f'/config/dhcp/dhcp{inet_suffix}-leases.csv'
     leases = kea_parse_leases(lease_file)
 
     if pool is None:
@@ -88,9 +85,9 @@ def _get_raw_server_leases(family='inet', pool=None, sorted=None, state=[], orig
     else:
         pool = [pool]
 
-    inet_suffix = '6' if family == 'inet6' else '4'
     active_config = kea_get_active_config(inet_suffix)
 
+    data = []
     for lease in leases:
         data_lease = {}
         data_lease['ip'] = lease['address']