... | @@ -2,64 +2,33 @@ |
... | @@ -2,64 +2,33 @@ |
|
|
|
|
|
Welcome to Kea 1.9.4, the fifth monthly release of the 1.9 development branch. As with any other development release, use this with caution: development releases are not recommended for production use.
|
|
Welcome to Kea 1.9.4, the fifth monthly release of the 1.9 development branch. As with any other development release, use this with caution: development releases are not recommended for production use.
|
|
|
|
|
|
This release adds new features, improves existing features, increases configurability, clarifies documentation and fixes a few bugs. The most notable changes introduced in this version are:
|
|
This release adds new features, improves existing features, clarifies documentation and fixes a few bugs. The most notable changes introduced in this version are:
|
|
|
|
|
|
**TLS support** #1619
|
|
**Experiments with TLS support** Kea currently does not support TLS, so more security conscious deployments need to set up a reverse proxy wrapper. This is really a band-aid that's inconvenient and introduces potential additional problems. We finally managed to get enough resources (and courage) to tackle the problem of implementing native TLS support. We did several experiments with Boost.SSL library that provides a nice C++/ASIO abstraction over OpenSSL layer. We now have an PoC (proof of concept) code. It is not included in this release as it's nowhere near production quality, even with experimental stickers all over it. Nevertheless, we spent a considerable amount of time on TLS in this milestone. The plan is to turn this PoC into production-quality code in the coming releases. Stay tuned! #1619.
|
|
|
|
|
|
**Lease caching** Cache threshold #1418
|
|
**Cache Threshold** The renew-timer governs when the devices are supposed to conduct renew. This timer is supposed to be followed by clients, but they sometimes renew early due to ignorance, poor implementation, or simply bugs. This causes an undue burden on the server, which has to write an updated lease, even though it may have been already renewed seconds ago. The ``cache-threshold`` (expressed as a percentage) and ``cache-max-age`` (expressed in seconds) now govern when early renewal is considered too early by Kea. Kea will still respond but will use old lease lifetimes, thus eliminating the need to update the lease database. Cache threshold is a popular feature of ISC DHCP that so far was missing in Kea. This has changed now. The implementation is considered experimental, as we managed to complete the review process, but we were unable to test it properly. If you're willing to test it, please do report your findings #1418.
|
|
|
|
|
|
**HA failover improvement** Improved failover procedure in Kea High Availability library
|
|
**HA improvement: responsive when recovering from communication failure** Improved failover procedure in Kea High Availability library by introducing new communication-recovery state. In this state, the load balancing servers remain responsive to DHCP queries when the communication between them is interrupted. The new feature is controlled using the ``delayed-updates-limit`` configuration parameter #1402.
|
|
by introducing new communication-recovery state. In this
|
|
|
|
state the load balancing servers remain responsive to DHCP
|
|
|
|
queries when the communication between them is interrupted.
|
|
|
|
The new feature is controlled using the delayed-updates-limit
|
|
|
|
configuration parameter.
|
|
|
|
(Gitlab #1402)
|
|
|
|
|
|
|
|
|
|
**HA improvement: dhcp-enable/dhcp-disable improvements** - The DHCP service can be independently enabled or disabled by the user command, by the database connection mechanics, or by the HA library. The DHCP service is disabled when any of those originators disable the service, and it is enabled when all those who previously disabled the service enable it. The 'dhcp-enable' and 'dhcp-disable' commands accept 'origin' parameter with valid values of 'user' (which is the default) indicating a user generated command and 'ha-partner' which is used internally by the HA library #1601.
|
|
|
|
|
|
suboptimal retrieval of host reservation in the case of db backends #1458
|
|
**Small performance improvement in host backend** The host retrieval algorithm has been optimized slightly when retrieving hosts data from a database. In certain situations, one query to retrieve multiple reservations is used. This should improve the performance slightly, especially in cases with shared networks and many reservations #1458.
|
|
|
|
|
|
**Vendor option examples** - #1546
|
|
**Doc update** - The vendor option examples (options 43 and 125) were added. We also detected several oddities in the option handling, so code fixes and more examples are expected in the near future #1546. The ARM has been clarified that the lease sanitizer fixes the leases in memory only. Kea only reads lease files when starting #1618. The section about running Kea as a non-root user has been corrected #1629. The example in Section 8.2.12 has been corrected by removing unbalanced parentheses #1589. In some cases, Kea does not adhere to RFC standards. The new section dedicated to RFC conformance exceptions mentions two such cases and explains why they're there. Usually, the practical aspects of supporting real-life non-conformant devices outweigh the compliance benefits. The two documented exceptions are 1. DECLINE packet with missing mandatory 'server id' option is handled #1615 and 2. on REQUEST packet with no `requested IP address` Kea should respond with NAK #1608.
|
|
|
|
|
|
**Doc update** - clarified that lease sanitizer fixed the leases in memory only - #1618, running as non-root #1629 Remove unbalance parentheses from example in 8 .2 .12 DHCPv4 Private Options Arm #1589 RFC conformance exceptions: DECLINE packet with no 'server id' option should be dropped by Kea, #1615, on REQUEST packet with no `requested IP address` Kea should respond with NAK #1608 best practice for shell scripts #1610,
|
|
**Build improvements** Hammer, our build automation tool, has been extended with support for recently released Fedora 33 and Ubuntu 20.10 systems. This is the first step towards building packages #1527, #1528. Perfdhcp build system was overly strict #1637. Hammer exception handling was improved. It now handles missing required tools scenario in a gentler way #1512.
|
|
|
|
|
|
**HA improvements** - The DHCP service can be independently enabled or disabled by
|
|
|
|
the user command, by the database connection mechanics or
|
|
|
|
by the HA library. The DHCP service is disabled when any
|
|
|
|
of those originators disables the service, and it is enabled
|
|
|
|
when all those who previously disabled the service enable it.
|
|
|
|
The 'dhcp-enable' and 'dhcp-disable' commands accept 'origin'
|
|
|
|
parameter with valid values of 'user' (which is the default)
|
|
|
|
indicating a user generated command and 'ha-partner' which is
|
|
|
|
used internally by the HA library.
|
|
|
|
(Gitlab #1601)
|
|
|
|
|
|
|
|
**Build improvements** - hammer, Fedora 33 and Ubuntu 20.10 #1527, #1528, perfdhcp was overly strict #1637 hammer exception #1512
|
|
|
|
|
|
|
|
**Bug fixes** - When using the config backend, the server converts the old
|
|
|
|
'reservation-mode' global parameter internally to new
|
|
|
|
reservation flags. The new flags are listed when issuing the
|
|
|
|
config-get command.
|
|
|
|
(Gitlab #1598)
|
|
|
|
|
|
|
|
Populated the space field of option definitions. This solved
|
|
|
|
reported bugs where a specific standard option processing
|
|
|
|
was applied to an option from another space but sharing the
|
|
|
|
same code. In particular, this fixes the problem reported
|
|
|
|
with vendor suboption 125.
|
|
|
|
(Gitlab #1585)
|
|
|
|
|
|
|
|
kea-lfc on a CSV file without a trailing blank line makes it not process the last line #1603
|
|
**Bug fixes** A handful of bugs were fixed in this release. When using the config backend, the server converts the old 'reservation-mode' global parameter internally to new reservation flags. The new flags are listed when issuing the config-get command #1598. Kea was not handling sub-options with option code 125 well, incorrectly assuming that 125 is always vendor option. That is now fixed. If you previously experienced problems with Kea misinterpreting sub-options, your problem may have been fixed as well #1585. The Kea-LFC (lease file cleanup tool) now processes all lines, even if the last line misses a trailing blank line #1603.
|
|
|
|
|
|
**Test improvements** - HA uts thread sanitizer #1627, lfc timer test #1574 shell tests #1630, ha failover tests off by one error #1578 shell tests now report their results #437 unit-test failure on FreeBSD 12.0 #673 cql_update_hosts #1616, jenkins does not report crashes #1519
|
|
**Test improvements** We continue our efforts to improve testing capabilities. This is not something that's users are typically excited about, but investments in testing infrastructure makes the code more stable and more maintainable in the long term. Unit tests for HA running with thread sanitizer (#1627), lfc timer tests, and shell tests were improved #1630. A tricky off by one error was fixed in HA failover tests #1578. The shell tests now report their results in XML file, similar how google tests do #437. A unit test failure on FreeBSD 12.0 is now fixed #673. One Cassandra test (cql_update_hosts) has been fixed #1616. Jenkins, our testing and build farm, did not report crashes under some circumstances. This is now fixed #1519.
|
|
|
|
|
|
**Dev tools** - automated code formatting #1455 msg-compiler no longer adds dates #1511 script to check duplicates in includes #1602,
|
|
**Dev tools** Our team also spent some time improving our processes. This is something we did for making our life easier. Automated code formatting using ``uncrustify`` and ``clang-format`` #1455. The kea-msg-compiler tool no longer adds dates to generated files. This will make fewer commits in git history #1511. We added a script to check duplicated includes. These are mostly harmless, but slow down the compilation a bit #1602. A new section about best practices for maintaining and developing shell scripts was added to the Developer's guide #1610.
|
|
|
|
|
|
## Incompatible changes
|
|
## Incompatible changes
|
|
|
|
|
|
This release introduces TODO-count incompatible changes:
|
|
This release introduces TODO-count incompatible changes:
|
|
|
|
|
|
1. TODO-description
|
|
1. The ``config-get`` command now returns reservation mode using the new syntax. This affect only people who implemented specific code that deals with now obsolete `reservation-mode` as returned by Kea. The parameter deprecated, but still supported when setting the config or reading configuration from file.
|
|
|
|
|
|
## Known Issues
|
|
## Known Issues
|
|
|
|
|
... | | ... | |