工作需要安装一个新的DHCP服务器给Fortigate 提供IP,要求使用kea这个开源软件。上线之前,先在本地模拟一下,简单的记录一下配置安装的过程
安装
他可以通过现成的包来安装,也可以通过source手动安装。官方的教程是通过source来安装,我也这么做。
下载解压kea,注意下载最新版本,官方文档很久没更新了,导致了一个大坑,他的的例子是一个旧版本的型号,这个例子的版本号有bug,后面连接mysql数据库会报错,但是新版本是没问题的。
sudo apt update
sudo apt upgrade
wget https://ftp.isc.org/isc/kea/1.9.9/kea-1.9.9.tar.gz
tar xzvf kea-1.9.9.tar.gz安装mysql
apt install mysql-server mysql-client
sudo apt install mysql-server mysql-client
sudo systemctl enable mysql
sytemctl status mysql安装依赖包
sudo apt install -y gcc build-essential make libmysql++-dev openssl libssl-dev libboost-system-dev liblog4cplus-dev liblog4cplus-1.1-9 libmysqlclient-dev将数据绑定mysql,他默认是使用文本文件,我们也可以使用其他数据库
cd kea-1.9.9
./configure --with-dhcp-mysql=/usr/bin/mysql_config编译安装(等超长时间)注意是否有报错,如果所有的依赖文件和版本号都正确,这一步才会成功
make
sudo make install配置mysql的账号和权限
sudo mysql -u root -p
mysql> CREATE DATABASE kea;
mysql> CREATE USER 'kea'@'localhost' IDENTIFIED BY ‘kea';
mysql> GRANT ALL ON kea.* TO ‘kea'@'localhost';返回shell,初始化数据库表
$ kea-admin db-init mysql -u kea -p kea -n kea很有可能会报错
ERROR 1419 (HY000) at line 1: You do not have the SUPER privilege and binary logging is
enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)
ERROR/kea-admin: mysql_can_create cannot trigger, check user permissions, mysql status = 1
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR/kea-admin: Create failed, the user, keatest, has insufficient privileges.进入mysql执行下面的命令可以修复
mysql> set @@global.log_bin_trust_function_creators = 1;
Query OK, 0 rows affected (0.00 sec)再次执行kea-admin命令就可以了
登陆进mysql查看确认所有的表都创建了
配置
默认的安装目录在 /usr/local
默认的配置文件在 /usr/local/etc/kea/
首先备份模板文件,然后创建一个新的
mv kea-dhcp4.conf _kea-dhcp4.conf
vim kea-dhcp4.conf
cat kea-dhcp4.conf配置文件如下
# The whole configuration starts here.
{
# DHCPv4 specific configuration starts here.
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "enp0s3" ],
"dhcp-socket-type": "raw"
},
"valid-lifetime": 4000,
"renew-timer": 1000,
"rebind-timer": 2000,
"lease-database": {
"type": "mysql",
"host": "localhost",
"port": 3306,
"name": "kea",
"user": "kea",
"password": "kea",
"lfc-interval": 1800
},
"hosts-database": {
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "kea",
"host": "localhost",
"port": 3306
},
"subnet4": [
{
"subnet": "192.168.1.0/24",
"pools": [ { "pool": "192.168.1.116-192.168.1.120" } ]
}],
"option-data": [
{
"name": "routers",
"data": "192.168.1.1"},
{
"name": "domain-name-servers",
"data": "8.8.8.8"
}
],
# Now loggers are inside the DHCPv4 object.
"loggers": [{ß:
"name": “kea-dhcp4",
"severity": "INFO",
"output_options": [
{
"output": "/usr/local/var/log/kea-dhcp4.log"
}
]
}]
}
# The whole configuration structure ends here.
}
然后可以启动服务看看是否工作
sudo keactrl start我们也可以直接启动kea-dhcp4,指定我们的配置文件
sudo kea-dhcp4 -c kea-dhcp4.conf
事实上,我可以把上面的方式直接改成systemd daemon
sandbox@sandbox-VirtualBox:/usr/local/etc/kea$ cat /etc/systemd/system/isc-kea-dhcp4.service
[Unit]
Description=ISC KEA IPv4 DHCP daemon
Documentation=man:kea-dhcp4(8)
After=network-online.target mysql.service
[Service]
ExecStart=/usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
[Install]
WantedBy=multi-user.target然后执行
sudo systemctl daemon-reload
sudo systemctl start isc-kea-dhcp4
sudo systemctl enable isc-kea-dhcp4这里为了测试,我是在virtualbox上安装了两个Ubuntu的服务器,第一台上面我已经安装了上面的kea服务,第二台作为客户端来访问;两台服务器我都放到了intranet里面,kea server上手动分配了一个静态IP
客户端刷新一下dhcp配置,如果没有意外,应该可以成功获取一个IP地址
sudo dhclient -r
sudo dhclient
ifconfig
less /var/lib/dhcp/dhclient.leases服务器端可以查看数据库的更新
进入mysql查看相关表
desc lease4;
Select * from lease4;也可以直接查看日志
2021-07-12 16:30:18.754 INFO [kea-dhcp4.leases/2115.140658865108864] DHCP4_LEASE_ADVERT [hwtype=1 08:00:27:60:f0:54], cid=[no info], tid=0x7e61705e: lease 192.168.1.119 will be advertised
2021-07-12 16:30:18.773 INFO [kea-dhcp4.leases/2115.140658865108864] DHCP4_LEASE_ALLOC [hwtype=1 08:00:27:60:f0:54], cid=[no info], tid=0x7e61705e: lease 192.168.1.119 has been allocated for 4000 second参考资料:
https://kea.readthedocs.io/en/latest/index.html
https://www.prowse.tech/kea-dhcp/
https://kb.isc.org/docs/kea-build-on-ubuntu
http://ylong.net.cn/keadhcp-usage.html
