[Samba] Again kea DHCP-Server
Owen DeLong
Owen.Delong at ff.com
Wed Nov 1 18:34:44 UTC 2023
Well… I’m not convinced KEA can’t be simple DHCP, though I understand that one
would never know that from reading the KEA documentation.
The following is a complete KEA configuration suitable to do a single subnet. In fact, you could probably get away with slightly less.
I’ve replaced the unique addresses from my environment with placeholders (e.g. <network/mask>), but otherwise, this is a working
configuration from a real environment. I find it easier to use KEA in simple environments than keep track of multiple DHCP servers
and go back and forth amongst their quirks, so I use KEA even in the few simple environments I manage.
Below is an example minimal-ish KEA DHCP4 configuration file. Point is, I don’t think that the below is particularly complex (all of 56 lines (additional subnets would require ~17 additional lines each)). Yes, the JSON syntax isn’t what I would call “human friendly” and it’s very persnickety about some things, but it’s workable.
Owen
"Dhcp4": {
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "syslog:local0"
}
],
"severity": "INFO",
"debuglevel": 25
}
],
"option-data": [
# Global Options
{
"space": "dhcp4",
"name": "domain-name-servers",
"code": 6,
"data": “8.8.8.8 1.1.1.1 8.8.4.4"
},
{
"space": "dhcp4",
"name": "domain-name",
"code": 15,
"data": “<domain>"
}
],
"interfaces-config": {
"interfaces": [ "eth0" ]
},
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/dhcp4.leases"
},
"subnet4": [
{
"id": 2,
"subnet": “<network/mask>",
"option-data": [
{
"space": "dhcp4",
"name": "routers",
"code": 3,
"data": “<gateway_addr>"
}
],
"pools": [
{
"pool": “<dynamic_start> - <dynamic_end>"
}
]
}
]
}
On Nov 1, 2023, at 11:14, Stefan Kania via samba <samba at lists.samba.org> wrote:
I think what we need is both a very simple way to setup DHCP (deffinetly NOT kea) and kea for more complex networks. We have the same with the internal DNS and Bind9. So having a script for both kea and dnsmasq would be nice :-). I took a look at kea and it's like buying a Porsche to get the breakfast rolls from the other side of the street.
Most of my custemers will stayx with isc-dhcp (as log as it is possible) because kea is to complex and to overloaded.
Am 01.11.23 um 18:30 schrieb Owen DeLong via samba:
Well, I have a slightly different opinion.
1. I’ll channel Jon Postel here a little bit — Networks and Systems should be as simple
as possible and no simpler… IMHO, DNSMASQ is too simple for most of the
DHCP environments I deal with and I find its structure frustrating at best.
2. Yes, KEA seems over complex when you first approach it. Mainly, that’s because
there’s too much text book documentation and not enough basic example and
HOWTO out there (yet). KEA is definitely capable of being much more complex
than traditional ISC DHCPd that we all know and love… However…
3. ISC DHCPd has become quite a hodgepodge of hacks and a conglomeration
of code spaghetti over the years as various ornaments got hung on the DHCP
tree. KEA is a concerted effort by ISC to step back and look at creating a clean
server with all the modern capabilities needed in a reference implementation
of DHCP that provides literally every possible feature. IMHO, it’s an excellent
effort by very talented people.
That said, it does have some shortcomings. ARM support has been limited
(nonexistent) until very recently. ARM packages still aren’t out (yet), but there
is good progress towards this recently and I am hopeful that we will see full
ARM support for KEA on par with x86 very soon now.
In most use cases, KEA (once you get past a small learning curve) isn’t significantly
harder to manage than ISC DHCP and actually offers much greater flexibility in where
you put various things in the configuration file and how you manage things like
reservations, pools, options, etc.
The Client Classing engine in Kea is top notch and very functional, but again, it
does come with a bit of a learning curve. The ability to have separate namespaces
for vendor options (and custom options) will appeal to anyone who has had to
deal with subnets with more than one different and incompatible vendor-specific
use of DHCP options 43 and 60. (try that with DNSMASQ… I dare you).
Unfortunately, i lack the Samba experience to reliably implement what is needed
here, but I am happy to provide what kea expertise and experience I have to an
effort to address this issue if someone more versed in Samba wants to collaborate.
Owen
On Nov 1, 2023, at 08:24, Rowland Penny via samba <samba at lists.samba.org> wrote:
On Wed, 1 Nov 2023 15:56:46 +0100 Stefan Kania via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote: > Hi to all, > nearly one year a<x-msg://95/#link>͏
<external.png><https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=65426dd6d858dc90e68ea9dc&lang=en>
<finance_warning.png><https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=65426dd6d858dc90e68ea9dc&lang=en>
On Wed, 1 Nov 2023 15:56:46 +0100
Stefan Kania via samba <samba at lists.samba.org> wrote:
Hi to all,
nearly one year ago someone ask about the kea-DHCP support for Samba.
In the Samba wiki I still can only find the idc-dhcp stuff. @Rowland
will you (and can you) replace or add the setup of kea to the wiki?
Would be nice :-)
Stefan
Hi Stefan, the problem is two fold:
A) At the moment my DCs are still running Bullseye (they are
running on Raspberry pi 4 and Bookworm has only recently been released)
B) In my opinon, Using Kea for the task is overkill (but then I think
Kea is overkill for anything)
If/When I do rewrite the script, it will be using the dhcp server built
into dnsmasq, a much simpler set up.
If some else whats to use Kea, then I wish them luck.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
<external.png><https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=654295bfc243f7523a4e5eeb&lang=en>
<finance_warning.png><https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=654295bfc243f7523a4e5eeb&lang=en>
I think what we need is both a very simple way to setup DHCP (deffinetly NOT kea) and kea for more complex networks. We have the same with the internal DNS and Bind9. So having a script for both kea and dnsmasq would be nice :-). I took a look at kea and it's like buying a Porsche to get the breakfast rolls from the other side of the street.
Most of my custemers will stayx with isc-dhcp (as log as it is possible) because kea is to complex and to overloaded.
Am 01.11.23 um 18:30 schrieb Owen DeLong via samba:
> Well, I have a slightly different opinion.
>
> 1. I’ll channel Jon Postel here a little bit — Networks and Systems should be as simple
> as possible and no simpler… IMHO, DNSMASQ is too simple for most of the
> DHCP environments I deal with and I find its structure frustrating at best.
>
> 2. Yes, KEA seems over complex when you first approach it. Mainly, that’s because
> there’s too much text book documentation and not enough basic example and
> HOWTO out there (yet). KEA is definitely capable of being much more complex
> than traditional ISC DHCPd that we all know and love… However…
>
> 3. ISC DHCPd has become quite a hodgepodge of hacks and a conglomeration
> of code spaghetti over the years as various ornaments got hung on the DHCP
> tree. KEA is a concerted effort by ISC to step back and look at creating a clean
> server with all the modern capabilities needed in a reference implementation
> of DHCP that provides literally every possible feature. IMHO, it’s an excellent
> effort by very talented people.
>
> That said, it does have some shortcomings. ARM support has been limited
> (nonexistent) until very recently. ARM packages still aren’t out (yet), but there
> is good progress towards this recently and I am hopeful that we will see full
> ARM support for KEA on par with x86 very soon now.
>
> In most use cases, KEA (once you get past a small learning curve) isn’t significantly
> harder to manage than ISC DHCP and actually offers much greater flexibility in where
> you put various things in the configuration file and how you manage things like
> reservations, pools, options, etc.
>
> The Client Classing engine in Kea is top notch and very functional, but again, it
> does come with a bit of a learning curve. The ability to have separate namespaces
> for vendor options (and custom options) will appeal to anyone who has had to
> deal with subnets with more than one different and incompatible vendor-specific
> use of DHCP options 43 and 60. (try that with DNSMASQ… I dare you).
>
> Unfortunately, i lack the Samba experience to reliably implement what is needed
> here, but I am happy to provide what kea expertise and experience I have to an
> effort to address this issue if someone more versed in Samba wants to collaborate.
>
> Owen
>
>
> On Nov 1, 2023, at 08:24, Rowland Penny via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote:
>
> On Wed, 1 Nov 2023 15:56:46 +0100 Stefan Kania via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote: > Hi to all, > nearly one year a<x-msg://95/#link>͏
> <external.png><https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=65426dd6d858dc90e68ea9dc&lang=en>
> <finance_warning.png><https://summary.us1.defend.egress.com/v3/summary?ref=email&crId=65426dd6d858dc90e68ea9dc&lang=en>
>
>
> On Wed, 1 Nov 2023 15:56:46 +0100
> Stefan Kania via samba <samba at lists.samba.org<mailto:samba at lists.samba.org>> wrote:
>
>> Hi to all,
>> nearly one year ago someone ask about the kea-DHCP support for Samba.
>> In the Samba wiki I still can only find the idc-dhcp stuff. @Rowland
>> will you (and can you) replace or add the setup of kea to the wiki?
>> Would be nice :-)
>>
>> Stefan
>>
>
> Hi Stefan, the problem is two fold:
>
> A) At the moment my DCs are still running Bullseye (they are
> running on Raspberry pi 4 and Bookworm has only recently been released)
>
> B) In my opinon, Using Kea for the task is overkill (but then I think
> Kea is overkill for anything)
>
> If/When I do rewrite the script, it will be using the dhcp server built
> into dnsmasq, a much simpler set up.
>
> If some else whats to use Kea, then I wish them luck.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list