Commit 87d46a65 authored by Tomek Mrugalski's avatar Tomek Mrugalski 🛰

[5198] # comments converted to //

parent c3dd5887
# This is an example configuration file for D2, Kea's DHCP-DDNS processor.
# It supports updating two Forward DNS zones "four.example.com" and
# "six.example.com"; and one Reverse DNS zone, "2.0.192.in-addr.arpa."
// This is an example configuration file for D2, Kea's DHCP-DDNS processor.
// It supports updating two Forward DNS zones "four.example.com" and
// "six.example.com"; and one Reverse DNS zone, "2.0.192.in-addr.arpa."
{
# ------------------ DHCP-DDNS ---------------------
#
// ------------------ DHCP-DDNS ---------------------
//
"DhcpDdns":
{
# -------------- Global Parameters ----------------
#
# D2 will listen for update requests for Kea DHCP servers at 172.16.1.10
# on port 53001. Maximum time to we will wait for a DNS server to
# respond to us is 1000 ms.
// -------------- Global Parameters ----------------
//
// D2 will listen for update requests for Kea DHCP servers at 172.16.1.10
// on port 53001. Maximum time to we will wait for a DNS server to
// respond to us is 1000 ms.
"ip-address": "172.16.1.10",
"port": 53001,
"dns-server-timeout" : 1000,
#
# ----------------- Forward DDNS ------------------
#
# 1. Zone - "four.example.com.
# It uses TSIG, key name is "d2.md5.key"
# It is served by one DNS server which listens for DDNS requests at
# 172.16.1.1 on the default port 53 (standard DNS port)
#
# 2. Zone - "six.example.com."
# It does not use TSIG.
# It is server by one DNS server at "2001:db8:1::10" on port 7802
//
// ----------------- Forward DDNS ------------------
//
// 1. Zone - "four.example.com.
// It uses TSIG, key name is "d2.md5.key"
// It is served by one DNS server which listens for DDNS requests at
// 172.16.1.1 on the default port 53 (standard DNS port)
//
// 2. Zone - "six.example.com."
// It does not use TSIG.
// It is server by one DNS server at "2001:db8:1::10" on port 7802
"forward-ddns":
{
"ddns-domains":
[
# DdnsDomain for zone "four.example.com."
// DdnsDomain for zone "four.example.com."
{
"name": "four.example.com.",
"key-name": "d2.md5.key",
......@@ -46,7 +46,7 @@
]
},
# DdnsDomain for zone "six.example.com."
// DdnsDomain for zone "six.example.com."
{
"name": "six.example.com.",
"dns-servers":
......@@ -60,13 +60,13 @@
]
},
#
# ----------------- Reverse DDNS ------------------
#
# We will update Reverse DNS for one zone "2.0.192.in-addr-arpa". It
# uses TSIG with key "d2.sha1.key" and is served by two DNS servers:
# one listening at "172.16.1.1" on 53001 and the other at "192.168.2.10".
#
//
// ----------------- Reverse DDNS ------------------
//
// We will update Reverse DNS for one zone "2.0.192.in-addr-arpa". It
// uses TSIG with key "d2.sha1.key" and is served by two DNS servers:
// one listening at "172.16.1.1" on 53001 and the other at "192.168.2.10".
//
"reverse-ddns":
{
"ddns-domains":
......@@ -88,12 +88,12 @@
]
},
#
# ------------------ TSIG keys ---------------------
#
# Each key has a name, an algorithm (HMAC-MD5, HMAC-SHA1, HMAC-SHA224...)
# and a base-64 encoded shared secret.
#
//
// ------------------ TSIG keys ---------------------
//
// Each key has a name, an algorithm (HMAC-MD5, HMAC-SHA1, HMAC-SHA224...)
// and a base-64 encoded shared secret.
//
"tsig-keys":
[
{
......
# This file may be used a template for constructing DHCP-DDNS JSON
# configuration.
#
# Default values that may be omitted are '#' commented out.
// This file may be used a template for constructing DHCP-DDNS JSON
// configuration.
//
// Default values that may be omitted are '//' commented out.
# If in a file by itself, it must start with a left-curly-bracket.
// If in a file by itself, it must start with a left-curly-bracket.
{
"DhcpDdns" :
{
#
# -------------- Global Parameters ----------------
#
# All of the global parameters have default values as shown. If these
# are satisfactory you may omit them.
#
# "ip-address" : "127.0.0.1",
# "port" : 53001,
# "dns-server-timeout" : 100,
# "ncr-protocol" : "UDP"
# "ncr-format" : "JSON"
//
// -------------- Global Parameters ----------------
//
// All of the global parameters have default values as shown. If these
// are satisfactory you may omit them.
//
// "ip-address" : "127.0.0.1",
// "port" : 53001,
// "dns-server-timeout" : 100,
// "ncr-protocol" : "UDP"
// "ncr-format" : "JSON"
#
# ----------------- Forward DDNS ------------------
#
//
// ----------------- Forward DDNS ------------------
//
"forward-ddns" :
{
"ddns-domains" :
[
{
"name" : "<zone name 1>",
# "key-name" : "<key name>",
// "key-name" : "<key name>",
"dns-servers" :
[
{
"ip-address" : "<ip address>"
# ,"port" : 53
// ,"port" : 53
}
# ,
# {
# next DNS server for this DdnsDomain
# }
# :
// ,
// {
// next DNS server for this DdnsDomain
// }
// :
]
}
# ,
# {
# next Forward DdnsDomain
# }
# :
// ,
// {
// next Forward DdnsDomain
// }
// :
]
},
#
# ----------------- Reverse DDNS ------------------
#
//
// ----------------- Reverse DDNS ------------------
//
"reverse-ddns" :
{
"ddns-domains" :
[
{
"name" : "<reverse zone name 1>",
# "key-name" : "<key name>",
// "key-name" : "<key name>",
"dns-servers" :
[
{
"ip-address" : "<ip address>"
# ,"port" : 53
// ,"port" : 53
}
# ,
# {
# next DNS server for this DdnsDomain
# }
# :
// ,
// {
// next DNS server for this DdnsDomain
// }
// :
]
}
# ,
# {
# next Reverse DdnsDomain
# }
# :
// ,
// {
// next Reverse DdnsDomain
// }
// :
]
},
#
# ------------------ TSIG keys ---------------------
#
//
// ------------------ TSIG keys ---------------------
//
"tsig-keys" :
[
{
"name" : "<key name>",
"algorithm" : "<algorithm name>",
# Valid values for algorithm are: HMAC-MD5, HMAC-SHA1,
# HMAC-SHA224, HMAC-SHA256,
# HMAC-SHA384, HMAC-SHA512
# "digest-bits" : 256,
# Minimum truncated length in bits.
# Default 0 (means truncation is forbidden).
// Valid values for algorithm are: HMAC-MD5, HMAC-SHA1,
// HMAC-SHA224, HMAC-SHA256,
// HMAC-SHA384, HMAC-SHA512
// "digest-bits" : 256,
// Minimum truncated length in bits.
// Default 0 (means truncation is forbidden).
"secret" : "<shared secret value>"
}
# ,
# {
# next TSIG Key
# }
// ,
// {
// next TSIG Key
// }
]
}
# If in a file by itself, it must end with an right-curly-bracket.
// If in a file by itself, it must end with an right-curly-bracket.
}
# This is an example configuration file for the DHCPv4 server in Kea.
# It is a basic scenario with one IPv4 subnet configured. It demonstrates
# how to configure Kea to use various backends to store leases:
# - memfile
# - MySQL
# - PostgreSQL
# - CQL (Cassandra) backend
// This is an example configuration file for the DHCPv4 server in Kea.
// It is a basic scenario with one IPv4 subnet configured. It demonstrates
// how to configure Kea to use various backends to store leases:
// - memfile
// - MySQL
// - PostgreSQL
// - CQL (Cassandra) backend
{ "Dhcp4":
{
# Kea is told to listen on ethX interface only.
// Kea is told to listen on ethX interface only.
"interfaces-config": {
"interfaces": [ "ethX" ]
},
# We need to specify lease type. Exactly one lease-database section
# should be present. Make sure you uncomment only one.
// We need to specify lease type. Exactly one lease-database section
// should be present. Make sure you uncomment only one.
# 1. memfile backend. Leases information will be stored in flat CSV file.
# This is the easiest backend to use as it does not require any extra
# dependencies or services running.
# "lease-database": {
# "type": "memfile",
# "persist": true,
# "lfc-interval": 3600
# },
// 1. memfile backend. Leases information will be stored in flat CSV file.
// This is the easiest backend to use as it does not require any extra
// dependencies or services running.
// "lease-database": {
// "type": "memfile",
// "persist": true,
// "lfc-interval": 3600
// },
# 2. MySQL backend. Leases will be stored in MySQL database. Make sure it
# is up, running and properly initialized. See kea-admin documentation
# for details on how to initialize the database. The only strictly required
# parameters are type and name. If other parameters are not specified,
# Kea will assume the database is available on localhost, that user and
# password is not necessary to connect and that timeout is 5 seconds.
# Kea must be compiled with --with-dhcp-mysql option to use this backend.
# "lease-database": {
# "type": "mysql",
# "name": "keatest",
# "host": "localhost",
# "port": 3306,
# "user": "keatest",
# "password": "secret1",
# "connect-timeout": 3
# },
// 2. MySQL backend. Leases will be stored in MySQL database. Make sure it
// is up, running and properly initialized. See kea-admin documentation
// for details on how to initialize the database. The only strictly required
// parameters are type and name. If other parameters are not specified,
// Kea will assume the database is available on localhost, that user and
// password is not necessary to connect and that timeout is 5 seconds.
// Kea must be compiled with --with-dhcp-mysql option to use this backend.
// "lease-database": {
// "type": "mysql",
// "name": "keatest",
// "host": "localhost",
// "port": 3306,
// "user": "keatest",
// "password": "secret1",
// "connect-timeout": 3
// },
# 3. PostgreSQL backend. Leases will be stored in PostgreSQL database. Make
# sure it is up, running and properly initialized. See kea-admin documentation
# for details on how to initialize the database. The only strictly required
# parameters are type and name. If other parameters are not specified,
# Kea will assume the database is available on localhost, that user and
# password is not necessary to connect and that timeout is 5 seconds.
# Kea must be compiled with --with-dhcp-pgsql option to use this backend.
# "lease-database": {
# "type": "pgsql",
# "name": "keatest",
# "host": "localhost",
# "port": 5432,
# "user": "keatest",
# "password": "secret1",
# "connect-timeout": 3
# },
// 3. PostgreSQL backend. Leases will be stored in PostgreSQL database. Make
// sure it is up, running and properly initialized. See kea-admin documentation
// for details on how to initialize the database. The only strictly required
// parameters are type and name. If other parameters are not specified,
// Kea will assume the database is available on localhost, that user and
// password is not necessary to connect and that timeout is 5 seconds.
// Kea must be compiled with --with-dhcp-pgsql option to use this backend.
// "lease-database": {
// "type": "pgsql",
// "name": "keatest",
// "host": "localhost",
// "port": 5432,
// "user": "keatest",
// "password": "secret1",
// "connect-timeout": 3
// },
# 4. CQL (Cassandra) backend. Leases will be stored in Cassandra database. Make
# sure it is up, running and properly initialized. See kea-admin documentation
# for details on how to initialize the database. The only strictly required
# parameters are type, keyspace and contact-points. At least one contact point
# must be specified, but more than one is required for redundancy. Make sure
# you specify the contact points without spaces. Kea must be compiled with
# --with-cql option to use this backend.
# "lease-database": {
# "type": "cql",
# "keyspace": "keatest",
# "contact-points": "192.0.2.1,192.0.2.2,192.0.2.3",
# "port": 9042
# },
// 4. CQL (Cassandra) backend. Leases will be stored in Cassandra database. Make
// sure it is up, running and properly initialized. See kea-admin documentation
// for details on how to initialize the database. The only strictly required
// parameters are type, keyspace and contact-points. At least one contact point
// must be specified, but more than one is required for redundancy. Make sure
// you specify the contact points without spaces. Kea must be compiled with
// --with-cql option to use this backend.
// "lease-database": {
// "type": "cql",
// "keyspace": "keatest",
// "contact-points": "192.0.2.1,192.0.2.2,192.0.2.3",
// "port": 9042
// },
# Addresses will be assigned with a lifetime of 4000 seconds.
// Addresses will be assigned with a lifetime of 4000 seconds.
"valid-lifetime": 4000,
# Renew and rebind timers are commented out. This implies that options
# 58 and 59 will not be sent to the client. In this case it is up to
# the client to pick the timer values according to RFC2131. Uncomment the
# timers to send these options to the client.
# "renew-timer": 1000,
# "rebind-timer": 2000,
// Renew and rebind timers are commented out. This implies that options
// 58 and 59 will not be sent to the client. In this case it is up to
// the client to pick the timer values according to RFC2131. Uncomment the
// timers to send these options to the client.
// "renew-timer": 1000,
// "rebind-timer": 2000,
# The following list defines subnets. We have only one subnet
# here. We tell Kea that it is directly available over local interface.
// The following list defines subnets. We have only one subnet
// here. We tell Kea that it is directly available over local interface.
"subnet4": [
{
"pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
......@@ -95,8 +95,8 @@
]
},
# The following configures logging. It assumes that messages with at least
# informational level (info, warn, error and fatal) should be logged to stdout.
// The following configures logging. It assumes that messages with at least
// informational level (info, warn, error and fatal) should be logged to stdout.
"Logging": {
"loggers": [
{
......
# This is an example configuration file for the DHCPv4 server in Kea.
# The purpose of this example is to showcase how clients can be classified.
// This is an example configuration file for the DHCPv4 server in Kea.
// The purpose of this example is to showcase how clients can be classified.
{ "Dhcp4": {
# Kea is told to listen on ethX interface only.
// Kea is told to listen on ethX interface only.
"interfaces-config": {
"interfaces": [ "ethX" ]
},
# Let's use the simplest backend: memfile and use some reasonable values
# for timers. They are of no concern for the classification demonstration.
// Let's use the simplest backend: memfile and use some reasonable values
// for timers. They are of no concern for the classification demonstration.
"lease-database": { "type": "memfile" },
"renew-timer": 1000,
"rebind-timer": 2000,
"valid-lifetime": 4000,
# This list defines several classes that incoming packets can be assigned to.
# One packet can belong to zero or more classes.
// This list defines several classes that incoming packets can be assigned to.
// One packet can belong to zero or more classes.
"client-classes": [
# The first class attempts to match the whole hardware address to a specific
# value. All incoming packets with that MAC address will get a special
# value of the option. If there are many hosts that require special
# treatment, it is much better to use host reservations. However, doing
# tricks with MAC addresses may prove useful in some cases, e.g.
# by matching OUI to known values we can detect certain vendors.
// The first class attempts to match the whole hardware address to a specific
// value. All incoming packets with that MAC address will get a special
// value of the option. If there are many hosts that require special
// treatment, it is much better to use host reservations. However, doing
// tricks with MAC addresses may prove useful in some cases, e.g.
// by matching OUI to known values we can detect certain vendors.
{
"name": "special_snowflake",
"test": "pkt4.mac == 0x010203040506",
......@@ -34,27 +34,27 @@
}]
},
# Let's classify all incoming DISCOVER (message type 1) to a separate
# class.
// Let's classify all incoming DISCOVER (message type 1) to a separate
// class.
{
"name": "discovers",
"test": "pkt4.msgtype == 1"
},
# Clients are supposed to set the transaction-id field to a random value.
# Clients that send it with 0 are most likely broken. Let's mark them
# as such.
// Clients are supposed to set the transaction-id field to a random value.
// Clients that send it with 0 are most likely broken. Let's mark them
// as such.
{
"name": "broken",
"test": "pkt4.transid == 0"
},
# Let's pick VoIP phones. Those that send their class identifiers
# as Aastra, should belong to VoIP class. For a list of all options,
# see www.iana.org/assignments/bootp-dhcp-parameters/.
# In this particular class, we want to set specific values
# of certain DHCPv4 fields. If the incoming packet matches the
# test, those fields will be set in outgoing responses.
// Let's pick VoIP phones. Those that send their class identifiers
// as Aastra, should belong to VoIP class. For a list of all options,
// see www.iana.org/assignments/bootp-dhcp-parameters/.
// In this particular class, we want to set specific values
// of certain DHCPv4 fields. If the incoming packet matches the
// test, those fields will be set in outgoing responses.
{
"name": "VoIP",
"test": "substring(option[60].hex,0,6) == 'Aastra'",
......@@ -65,23 +65,23 @@
],
# The following list defines subnets. For some subnets we defined
# a class that is allowed in that subnet. If not specified,
# everyone is allowed. When a class is specified, only packets belonging
# to that class are allowed for that subnet.
// The following list defines subnets. For some subnets we defined
// a class that is allowed in that subnet. If not specified,
// everyone is allowed. When a class is specified, only packets belonging
// to that class are allowed for that subnet.
"subnet4": [
{
# This one is for VoIP devices only.
// This one is for VoIP devices only.
"pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
"subnet": "192.0.2.0/24",
"client-class": "VoIP",
"interface": "ethX"
},
# This one doesn't have any client-class specified, so everyone
# is allowed in. The normal subnet selection rules still apply,
# though. There is also a static class reservation for a client
# using MAC address 1a:1b:1c:1d:1e:1f. This client will always
# be assigned to this class.
// This one doesn't have any client-class specified, so everyone
// is allowed in. The normal subnet selection rules still apply,
// though. There is also a static class reservation for a client
// using MAC address 1a:1b:1c:1d:1e:1f. This client will always
// be assigned to this class.
{
"pools": [ { "pool": "192.0.3.1 - 192.0.3.200" } ],
"subnet": "192.0.3.0/24",
......@@ -95,8 +95,8 @@
]
},
# The following configures logging. It assumes that messages with at least
# informational level (info, warn, error and fatal) should be logged to stdout.
// The following configures logging. It assumes that messages with at least
// informational level (info, warn, error and fatal) should be logged to stdout.
"Logging": {