工作需要安装一个新的DHCP服务器给Fortigate 提供IP,要求使用kea这个开源软件。上线之前,先在本地模拟一下,简单的记录一下配置安装的过程

安装

他可以通过现成的包来安装,也可以通过source手动安装。官方的教程是通过source来安装,我也这么做。

下载解压kea,注意下载最新版本,官方文档很久没更新了,导致了一个大坑,他的的例子是一个旧版本的型号,这个例子的版本号有bug,后面连接mysql数据库会报错,但是新版本是没问题的。

sudo apt update
sudo apt upgrade
wget https://ftp.isc.org/isc/kea/1.9.9/kea-1.9.9.tar.gz
tar xzvf kea-1.9.9.tar.gz

安装mysql

apt install mysql-server mysql-client
sudo apt install mysql-server mysql-client
sudo systemctl enable mysql
sytemctl status mysql

安装依赖包

sudo apt install -y gcc build-essential make libmysql++-dev openssl libssl-dev libboost-system-dev liblog4cplus-dev liblog4cplus-1.1-9 libmysqlclient-dev

将数据绑定mysql,他默认是使用文本文件,我们也可以使用其他数据库

cd kea-1.9.9
./configure --with-dhcp-mysql=/usr/bin/mysql_config

编译安装(等超长时间)注意是否有报错,如果所有的依赖文件和版本号都正确,这一步才会成功

make
sudo make install

配置mysql的账号和权限

sudo mysql -u root -p
mysql> CREATE DATABASE kea;
mysql> CREATE USER 'kea'@'localhost' IDENTIFIED BY ‘kea';
mysql> GRANT ALL ON kea.* TO ‘kea'@'localhost';

返回shell,初始化数据库表

$ kea-admin db-init mysql -u kea -p kea -n kea

很有可能会报错

ERROR 1419 (HY000) at line 1: You do not have the SUPER privilege and binary logging is
enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)
ERROR/kea-admin: mysql_can_create cannot trigger, check user permissions, mysql status = 1
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR/kea-admin: Create failed, the user, keatest, has insufficient privileges.

进入mysql执行下面的命令可以修复

mysql> set @@global.log_bin_trust_function_creators = 1;
Query OK, 0 rows affected (0.00 sec)

再次执行kea-admin命令就可以了

登陆进mysql查看确认所有的表都创建了

Screen Shot 20210711 at 11.01.53 pm.png

配置

默认的安装目录在 /usr/local
默认的配置文件在 /usr/local/etc/kea/
首先备份模板文件,然后创建一个新的

mv kea-dhcp4.conf _kea-dhcp4.conf
vim kea-dhcp4.conf
cat kea-dhcp4.conf

配置文件如下

# The whole configuration starts here.
{
    # DHCPv4 specific configuration starts here.
    "Dhcp4": {
        "interfaces-config": {
            "interfaces": [ "enp0s3" ],
            "dhcp-socket-type": "raw"
        },
        "valid-lifetime": 4000,
        "renew-timer": 1000,
        "rebind-timer": 2000,

    "lease-database": {
        "type": "mysql",
        "host": "localhost",
        "port": 3306,
        "name": "kea",
        "user": "kea",
        "password": "kea",
        "lfc-interval": 1800
        },

     "hosts-database": {
         "type": "mysql",
         "name": "kea",
         "user": "kea",
         "password": "kea",
         "host": "localhost",
         "port": 3306
        },

        "subnet4": [
    {
        "subnet": "192.168.1.0/24",  
        "pools": [ { "pool": "192.168.1.116-192.168.1.120" } ]
    }],

    "option-data": [
        {
        "name": "routers",
        "data": "192.168.1.1"},

        {       
        "name": "domain-name-servers",
        "data": "8.8.8.8"        
        }
        ],

       # Now loggers are inside the DHCPv4 object.
       "loggers": [{ß:
            "name": “kea-dhcp4",
            "severity": "INFO",
            "output_options": [
            {
            "output": "/usr/local/var/log/kea-dhcp4.log"
            }
            ]
        }]
    }

# The whole configuration structure ends here.
}

然后可以启动服务看看是否工作

sudo keactrl start

我们也可以直接启动kea-dhcp4,指定我们的配置文件

sudo kea-dhcp4 -c kea-dhcp4.conf

事实上,我可以把上面的方式直接改成systemd daemon

sandbox@sandbox-VirtualBox:/usr/local/etc/kea$ cat /etc/systemd/system/isc-kea-dhcp4.service 
[Unit]
Description=ISC KEA IPv4 DHCP daemon
Documentation=man:kea-dhcp4(8)
After=network-online.target mysql.service

[Service]
ExecStart=/usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf

[Install]
WantedBy=multi-user.target

然后执行

sudo systemctl daemon-reload
sudo systemctl start isc-kea-dhcp4
sudo systemctl enable isc-kea-dhcp4

这里为了测试,我是在virtualbox上安装了两个Ubuntu的服务器,第一台上面我已经安装了上面的kea服务,第二台作为客户端来访问;两台服务器我都放到了intranet里面,kea server上手动分配了一个静态IP

客户端刷新一下dhcp配置,如果没有意外,应该可以成功获取一个IP地址

sudo dhclient -r
sudo dhclient 
ifconfig
less /var/lib/dhcp/dhclient.leases

服务器端可以查看数据库的更新
进入mysql查看相关表

desc lease4;
Select * from lease4;

也可以直接查看日志


2021-07-12 16:30:18.754 INFO  [kea-dhcp4.leases/2115.140658865108864] DHCP4_LEASE_ADVERT [hwtype=1 08:00:27:60:f0:54], cid=[no info], tid=0x7e61705e: lease 192.168.1.119 will be advertised
2021-07-12 16:30:18.773 INFO  [kea-dhcp4.leases/2115.140658865108864] DHCP4_LEASE_ALLOC [hwtype=1 08:00:27:60:f0:54], cid=[no info], tid=0x7e61705e: lease 192.168.1.119 has been allocated for 4000 second

参考资料:
https://kea.readthedocs.io/en/latest/index.html
https://www.prowse.tech/kea-dhcp/
https://kb.isc.org/docs/kea-build-on-ubuntu
http://ylong.net.cn/keadhcp-usage.html