Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2024-03-07T12:07:26Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/3244Allow redefine of standard DHCP options2024-03-07T12:07:26ZDarren AnkneyAllow redefine of standard DHCP optionsCurrently, it isn't possible to redefine any standard DHCP option that is defined in Kea. This is a good practice because it prevents administrators from shooting themselves in the foot. However, DHCPv4 is quite old and there have been...Currently, it isn't possible to redefine any standard DHCP option that is defined in Kea. This is a good practice because it prevents administrators from shooting themselves in the foot. However, DHCPv4 is quite old and there have been some newer RFCs that define options that vendors previously could freely use.
An example of this is an older vendor of IP phones who used option 156 with some of their equipment. Option 156 is part of Bulk Lease Query now ([RFC 6926](https://datatracker.ietf.org/doc/html/rfc6926)) since about 2013. This IP phone manufacturer existed from 1998, however. This option was not defined in ISC DHCP, and so could be used there. The option is defined in Kea, though not presently used. Option 156, in the RFC, is defined as containing an integer as a flag of sorts. The old IP phone vendor needs option 156 to contain a string of some kind. This is only an example. This is probably not a one-off situation.
It is unreasonable to require administrators to purchase new equipment as part of the move to Kea, and therefore, it would be better to, in some way, allow the redefine of standard options. This should probably be a deliberate act somehow, perhaps requiring a keyword of some sort, so that the administrator is aware of what they are doing.
[SF1626](https://isc.lightning.force.com/lightning/r/Case/500S6000004IKcWIAW/view)backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/3243Associate option 43, code 1 with a client class using Postgres2024-02-13T06:33:50ZAlessandro SagratiniAssociate option 43, code 1 with a client class using PostgresHi all, I am setting up ubnt.unifi-address vendor-specific option with Postgres; everything works as expected if the configuratiion is "hardcoded" in the configuration file, like here:
```plaintext
"option-def": [
{
...Hi all, I am setting up ubnt.unifi-address vendor-specific option with Postgres; everything works as expected if the configuratiion is "hardcoded" in the configuration file, like here:
```plaintext
"option-def": [
{
"name": "unifi-address",
"code": 1,
"space": "ubnt",
"type": "ipv4-address",
"array": false
}
],
"client-classes": [
{
"name": "ubnt",
"test": "option[vendor-class-identifier].text == 'ubnt'",
"option-def": [
{
"name": "vendor-encapsulated-options",
"code": 43,
"space": "dhcp4",
"type": "empty",
"encapsulate": "ubnt"
}
],
"option-data": [
{
"name": "unifi-address",
"space": "ubnt",
"data": "123.123.123.123"
},
{
"name": "vendor-encapsulated-options"
}
]
}
],
```
Additionally, if I have this configuration in the database the option is also sent, but it's sent regardless if the client matches the client-class:
```plaintext
keadb=# select * from dhcp4_option_def;
id | code | name | space | type | modification_ts | is_array | encapsulate | record_types | user_context | class_id
----+------+-----------------------------+-------+------+-------------------------------+----------+-------------+--------------+--------------+----------
3 | 1 | unifi-address | ubnt | 10 | 2024-02-06 09:35:01.055685+00 | f | | | |
4 | 43 | vendor-encapsulated-options | dhcp4 | 0 | 2024-02-07 08:47:48.873602+00 | f | ubnt | | |
(2 rows)
keadb=# select * from dhcp4_option_def_server;
option_def_id | server_id | modification_ts
---------------+-----------+-------------------------------
3 | 1 | 2024-02-06 10:18:21.478424+00
4 | 1 | 2024-02-07 08:48:25.798256+00
keadb=# select * from dhcp4_options;
option_id | code | value | formatted_value | space | persistent | dhcp_client_class | dhcp4_subnet_id | host_id | scope_id | user_context | shared_network_name | pool_id | modification_ts | cancelled
-----------+------+-------+-------------------------------------+-------+------------+-------------------+-----------------+---------+----------+--------------+---------------------+---------+-------------------------------+-----------
...
1 | 43 | | | dhcp4 | f | | | | 0 | | | | 2024-02-06 10:14:53.913124+00 | f
27 | 1 | | 123.123.123.123 | ubnt | f | | | | 0 | | | | 2024-02-04 09:58:52.903827+00 | f
...
(23 rows)
keadb=# select * from dhcp4_options_server;
option_id | server_id | modification_ts
-----------+-----------+-------------------------------
27 | 1 | 2024-02-06 10:29:05.870566+00
1 | 1 | 2024-02-07 08:49:19.538328+00
(2 rows)
```
* client class is defined as:
```plaintext
keadb=# select * from dhcp4_client_class;
id | name | test | next_server | server_hostname | boot_file_name | only_if_required | valid_lifetime | min_valid_lifetime | max_valid_lifetime | depend_on_known_directly | follow_class_name | modification_ts | user_context | offer_lifetime
----+------+------------------------------------------------+-------------+-----------------+----------------+------------------+----------------+--------------------+--------------------+--------------------------+-------------------+-------------------------------+--------------+----------------
8 | ubnt | option[vendor-class-identifier].text == 'ubnt' | | | | t | | | | f | | 2024-02-04 10:14:23.624558+00 |
```
I know I have to change dhcp_client_class, scope_id in dhcp4_options table and class_id in dhcp4_option_def, but I wonder if there's more than that to associate the options to the class, so they match the "hardcoded" configuration snippet I posted?
Let me know if you need anything else from me. Thank yououtstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/3242PerfMon-Hook-Task-1 Implement skeleton of new hook library2024-02-16T17:58:36ZThomas MarkwalderPerfMon-Hook-Task-1 Implement skeleton of new hook libraryCreate the necessary core hook sub directories and basic infrastructure. The skeleton hook should load and unload and provide empty C callout functions.Create the necessary core hook sub directories and basic infrastructure. The skeleton hook should load and unload and provide empty C callout functions.kea2.5.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3241Failed to start kea-dhcp if the interface defined in the interface-config lis...2024-03-07T14:54:35ZPranathi NandhigamFailed to start kea-dhcp if the interface defined in the interface-config list is unavailable even though some of the interfaces are upI have observed kea-dhcp failed to start when one of the interface defined in the "interface-config" list does not exist even though other defined interfaces are up and has usable IP address configured. May be dhcp server can be started ...I have observed kea-dhcp failed to start when one of the interface defined in the "interface-config" list does not exist even though other defined interfaces are up and has usable IP address configured. May be dhcp server can be started with the interfaces which are up instead of refusing to start until all interfaces defined in the list comes up.
From code snippet below
void IfacesConfigParser::parseInterfacesList(const CfgIfacePtr& cfg_iface, ConstElementPtr ifaces_list) {
for (auto const& iface : ifaces_list->listValue()) {
std::string iface_name = iface->stringValue();
try {
cfg_iface->use(protocol_, iface_name);
} catch (const std::exception& ex) {
isc_throw(DhcpConfigError, "Failed to select interface: "
<< ex.what() << " (" << iface->getPosition() << ")");
}
}
}
Here if interface is not found instead of raising an exception, it can be a warning and can be proceeded with other interfaces in the list. I am not sure how feasible it is and its side effect.next-stable-3.0https://gitlab.isc.org/isc-projects/kea/-/issues/3240bump up version in configure.ac to 2.5.6-git2024-01-31T11:46:31ZWlodzimierz Wencelbump up version in configure.ac to 2.5.6-gitkea2.5.6Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/3239New Global Counter assigned-addresses2024-03-27T12:53:11ZPeter DaviesNew Global Counter assigned-addressesFeature Request: New Global Counter assigned-addresses
Statistics return per subnet counters "assigned-addresses" and "cumulative-assigned-addresses".
However, globally, only the cumulative-assigned-addresses counter is retu...Feature Request: New Global Counter assigned-addresses
Statistics return per subnet counters "assigned-addresses" and "cumulative-assigned-addresses".
However, globally, only the cumulative-assigned-addresses counter is returned.
It may interest administrators to know the total number of assigned addresses per
server.
[SF00001629](https://isc.lightning.force.com/lightning/r/Case/500S6000004QXmC/view)kea2.5.8https://gitlab.isc.org/isc-projects/kea/-/issues/3238Sanity checks for Kea 2.5.5 rc12024-02-20T10:26:54ZWlodzimierz WencelSanity checks for Kea 2.5.5 rc1We are now at step SANITY CHECKS of Kea 2.5.5 rc1.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-co...We are now at step SANITY CHECKS of Kea 2.5.5 rc1.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks) and according to your imagination.
Before starting, please state what you are checking in a thread/discussion (not as comment).
When you finish a check, state in the same thread/discussion what the result is.
This way we know what is covered upfront and we can avoid repeating ourselves.
#### Tarballs on repo.isc.org
* `/data/shared/sweng/kea/releases/2.5.5-rc1`
* `/data/shared/sweng/kea/releases/premium-2.5.5-rc1`
* `/data/shared/sweng/kea/releases/subscription-2.5.5-rc1`
* `/data/shared/sweng/kea/releases/enterprise-2.5.5-rc1`
```
SHA256 (kea-2.5.5.tar.gz) = 77918ea7ccb9bc89756c3e52a26adf515b91e47dbf258027fa973f68eff82f67
SHA256 (kea-enterprise-2.5.5.tar.gz) = 8041d0fd418846c36dc51dc0b64cb820ba46c5d1ec392990f2d30068272c3013
SHA256 (kea-premium-2.5.5.tar.gz) = b376b98480dcf31435d72f42edfc194ba41c3864dacd12fd3d46f43f5ae9d6c4
SHA256 (kea-subscription-2.5.5.tar.gz) = ae4b940a984d80fa93d0f9130bb1fdf41c15cf29858a46dbbf8a5eda98119768
```
#### Packages on packages.aws.isc.org
* [APK: 2.5.5-r20240129145054](https://packages.aws.isc.org/#browse/search/raw=format%3Draw%20AND%20name.raw%3D*r20240129145054.apk)
* [deb: 2.5.5-isc20240129145054](https://packages.aws.isc.org/#browse/search/apt=format%3Dapt%20AND%20version%3D2.5.5-isc20240129145054)
* [RPM: 2.5.5-isc20240129145054.\[os\]](https://packages.aws.isc.org/#browse/search/yum=format%3Dyum%20AND%20version%3D2.5.5-isc20240129145054*)
You can find the name for all the packages attached as build artifacts in the pkg job: https://jenkins.aws.isc.org/job/kea-dev/job/pkg/1407/
Instructions for installing packages are at point 9 of [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks).kea2.5.6Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/3237Changes for Kea 2.5.5 release2024-01-29T14:39:11ZWlodzimierz WencelChanges for Kea 2.5.5 release
- [x] added release entry to ChangeLogs
- [x] regenerated BNF grammar
- [x] regenerated message headers
- [x] regenerated parsers
- [x] reordered messages in alphabetical order
- [x] updated copyright years
- [x] added release entry to ChangeLogs
- [x] regenerated BNF grammar
- [x] regenerated message headers
- [x] regenerated parsers
- [x] reordered messages in alphabetical order
- [x] updated copyright yearskea2.5.5Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/32362.5.5 release checklist2024-01-31T19:24:29ZWlodzimierz Wencel2.5.5 release checklist# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of these checks and updates can be made before the actual fr...# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of these checks and updates can be made before the actual freeze. For new stable releases or maintenance releases, please don't use the `kea-dev` build farm; use a dedicated build farm for each release cycle.
1. [x] Check Jenkins results:
1. [x] Check Jenkins jobs for failures: [distcheck](https://jenkins.aws.isc.org/job/kea-dev/job/distcheck/), etc...
1. [x] Check [Jenkins Tests Report](https://jenkins.aws.isc.org/job/kea-dev/job/jenkins-tests-report/).
1. [x] Check [tarball check report](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/Kea_20Build_20Checks/)
1. [x] Check [Performance Test Results](https://jenkins.aws.isc.org/job/kea-dev/job/performance/lastSuccessfulBuild/artifact/qa-dhcp/kea/performance-jenkins/report.html) in Jenkins for drops in performance.
1. [x] Create a Gitlab issue for bumping up library versions and `KEA_HOOKS_VERSION` and notify developers.
* In case of no developers available, it can be done by running: [./tools/bump-lib-versions.sh](https://gitlab.isc.org/isc-projects/kea/-/blob/master/tools/bump-lib-versions.sh) Kea-q.w.e Kea-a.b.c (where `a.b.c` is the version to be released and `q.w.e` is the version previous to that).
1. [x] Look at the issue numbers in commit descriptions. Add to ChangeLog a mention about any change with visible impact that had not been mentioned already.
1. [x] If any changes have been done to database schemas, then:
1. [x] Check that a previously released schema has not been changed.
1. [x] Check that the additions to `dhcpdb_create.*sql`, and nothing more nor less than what was added in this release, is present in a `upgrade_*_to_*.sh.in` script that should also have been added in this release.
1. [x] Prepare release notes.
1. [x] Create release note on Kea GitLab wiki and notify @tomek. It should be created under the `Release-Notes` directory, like this one: https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes/release-notes-2.3.4
1. [x] Finish release notes and conduct its review.
1. [x] Notify support that release notes are ready for review. To avoid conflicts in edits wait with next step after review is done.
1. [x] Notify @sgoldlust or @vicky that release notes are ready for review. Due to time difference please do this at least 36 hours before planned release.
1. [ ] Check that packages can be uploaded to cloudsmith.
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click `Build with Parameters`.
1. Pick the latest pkg build in the `Packages` field, and the corresponding tarball build in the `Tarball` field, leave the rest as they are `PrivPubRepos: "private"`, `TarballOrPkg: "packages"`, `TestProdRepos: "testing"` and click `Build`.
1. If a new Cloudsmith repository is used, then:
1. [ ] Make sure access tokens have been synchronized from previous Cloudsmith repositories and to the [check-pkgs.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/pkgs-check/check-pkgs.py) QA tool.
1. [x] Check if ReadTheDocs can build Kea documentation. Alternatively, look for failures in emails if you know that the ReadTheDocs webhook is working.
1. Trigger rebuilding docs on [readthedocs.org](https://readthedocs.org/projects/kea/builds) and wait for the build to complete.
The following steps may involve changing files in the repository.
1. [x] Run [update-code-for-release.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/update-code-for-release.py) \
Example command: `GITLAB_TOKEN='...' ./update-code-for-release.py 2.3.4 --repo-dir ~/isc/repos/kea/`. \
Help: `GITLAB_TOKEN='...' ./update-code-for-release.py --help`. \
The script requires an explicit flag for stable and maintenances releases e.g. `--repo-branch v2_4`. \
The script makes the following changes and actions:
1. Runs [prepare_kea_release.sh](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/prepare_kea_release.sh) that:
1. Adds release entries in ChangeLogs.
1. Updates Kea version in configure.ac.
1. Updates copyright years in files that were changed in current year.
1. Sorts message files.
1. Regenerates message files headers.
1. Regenerates parsers using Bison from Docker
1. [x] Run the script again with the `--upload-only` flag which:
1. Creates an issue in GitLab for release changes in kea repo.
1. Creates branches and merge requests for kea and kea-premium.
1. Commits the changes in both repos.
1. Checks out created branches in both repos.
1. Commits and pushes the changes to GitLab server.
1. [x] Check manually User's Guide sections:
1. [x] Chapter 1. Introduction
1. [x] On what platforms we are running tests using Jenkins? Update Supported Platforms in platforms.rst file.
1. [x] Did we add any additional 3rd party software? Update if needed.
1. [x] Is there a new tool installed in bin or sbin released this time? If yes, is it documented?
1. [x] Chapter 2. Quick Start
1. [x] Has the default installation process changed (for kea and hooks)? If yes, are those changes documented and highlighted in the release notes?
1. [x] Chapter 3. Installation
1. [x] Check installation hierarchy (this is also automatically checked at the end of [ut-extended job](https://jenkins.aws.isc.org/job/kea-dev/job/ut-extended/)).
1. [x] Check and update Build Requirements.
1. [x] Check configure options against what `./configure -h` says.
1. [x] Check ChangeLog entries in Kea main and premium: spelling, trailing whitespaces, etc.
1. [x] Check AUTHORS, INSTALL, README files in Kea main and premium.
- AUTHORS: update credits
- README: check "provides" with Release Notes, User Guide (1.3 Kea Software)
1. [x] If changes were made, commit the change, push the branch to the main repository and request a review. Once the changes have been approved, merge the MR to master.
## Build selection, tarballs upload and sanity checks
This is the last moment to freeze code! :snowflake:
1. [x] Go to [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/) Jenkins job and pick the last tarball built - it will be a release candidate.
1. [x] Check tarball before requesting sanity checks from the development team.
1. Download tarballs from picked Jenkins build
1. Check hook libraries.
1. Are there any new hook libraries installed in this release?
1. Are they in the proper tarball? Premium or subscription?
1. Do they have their own package?
1. Check sizes - is the new package reasonable?
1. Check installation tree, compare it with the previous release
1. Check installed libraries.
1. which were updated? (save results)
1. Do any of the libraries from the current release have lower version than in the previous release?
1. Uninstall Kea, check what left (there should be just configuration files)
1. Check if each of the installed binaries has a man page.
1. If not, is the binary included in the tarball? That might explain it.
1. Are man pages up to date?
1. Check if documentation is properly formatted, has correct versions and dates.
1. It's advised to search for previous version numbers, some of them are statically added in statements that are no longer valid.
1. [x] Upload tarballs to repo.isc.org using Jenkins and send sanity checks request.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click `Build with Parameters`.
1. In field `Tarball` select picked tarball build.
1. In field `Pkg` select the corresponding pkg job.
1. In field `Release_Candidate` pick:
1. `rc1` if this is the first selected build for release, it will push the selected tarballs to repo.isc.org, to a directory suffixed with indicated rc#
1. next rc# if this is a respin after some fixes (note: it is not possible to pick previous rc number - it will result in an error)
1. Submit the job that will automatically:
1. Upload the tarballs.
1. Create a GitLab issue for sanity checks, put the announcement there.
1. Send Sanity Checks announcement on the Kea/DHCP channel on Mattermost.\
The announcement includes:
- a link to chapter 4 Sanity Checks of the release process: [KeaReleaseProcess - SanityChecks](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks)
- a link to the GitLab issue
- tarballs locations with SHA256 checksums
- rpm/deb packages locations and versions
## Releasing Tarballs and Packages
Now it's time to publish the code.
1. [x] Update Release Notes with ChangeLog entries.
1. [x] Mark Jenkins jobs with release artifacts to be kept forever and update description of build by adding there version of released kea (e.g. `Kea-2.3.4`).
1. Go to the following Jenkins jobs, click release build and then, on the build page, click `Keep this build forever` button and edit description:
1. [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/).
1. [pkg job](https://jenkins.aws.isc.org/job/kea-dev/job/pkg/).
1. [x] Upload final tarballs to repo.isc.org.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click `Build with Parameters`.
1. In field `Tarball` select picked tarball build.
1. In field `Pkg` select the corresponding pkg job.
1. In field `Release_Candidate` pick `final`. This job will also:
- Open an issue on [the signing repository](https://gitlab.isc.org/isc-private/signing/-/issues) for signing final tarballs on repo.isc.org.
- Create Git tags `Kea-a.b.c` in Kea main and premium repositories.
- Create Gitlab releases `Kea-a.b.c` in Kea main and premium repositories.
1. [x] Sign tarballs with the personal key, by running [sign_kea_and_upload_asc.sh](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/sign_kea_and_upload_asc.sh) which signs, verifies signatures and uploads them.
- If release engineer does NOT have signing key, please contact team member.
1. [x] Confirm that the tarballs have the checksums mentioned on the signing ticket.
1. [ ] Wait for clearance from Security Officer to proceed with the public release (if applicable). If this is a security release, next steps will be impacted by CVE checklist.
1. [x] Login to repo.isc.org and upload final tarball to public ftp using the make-available script.
* Example command: `make-available --public --symlink=cur/2.3 /data/shared/sweng/kea/releases/2.3.4`.
* [x] For premium tarballs use `--private` option.
* For more information use `--debug` option.
* To overwrite existing content, use `--force` option.
* If you did a mistake, contact ASAP someone from the ops team to remove incorrectly uploaded tarballs.
* [x] save links to all premium tarballs and put them into signing ticket as a comment.
1. [x] Upload final RPM & DEB packages, tarballs and sign files to cloudsmith.io:
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click `Build with Parameters`.
1. Pick your selected pkg build in the `Packages` field, the corresponding tarball build in the `Tarball` field, `PrivPubRepos: "both"`, `TarballOrPkg: "both"`, `TestProdRepos: "production"` and click `Build`.
- This step also verifies sign files.
1. When it finishes run check: [releases-pkgs-check](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-check/).
1. [ ] Check that Docker images can be uploaded to Cloudsmith. Run [build-upload-docker](https://jenkins.aws.isc.org/job/kea-dev/job/build-upload-docker/).
* Make sure the right package job is selected under `Packages`.
* Tick `Upload`.
* Leave `TestProdRepos` to `testing`.
* Leave `versionTag` ticked.
* Tick `latestTag` if this is a stable or a maintenance release.
* If this is a stable or maintenance release, change `KeaDockerBranch` to the appropriate branch.
* Press `Build`.
1. [x] Build and upload Docker images to Cloudsmith. Run [build-upload-docker](https://jenkins.aws.isc.org/job/kea-dev/job/build-upload-docker/) with the same actions as above except change `TestProdRepos` to `production`.
1. [x] Update ReadTheDocs:
1. Trick ReadTheDocs into pulling the latest tags. Click `Build version` on [readthedocs.org](https://readthedocs.org/projects/kea/builds).
1. Publish currently released version. On the `Versions` tab, scroll down to `Activate a version`, search for `kea-a.b.c` and click `Activate`.
1. If it's a stable release, change the default version to point to this stable release. `Admin -> Advanced Settings -> Default version* -> Kea-a.b.c`.
1. [x] Create an issue and a merge request to bump up Kea version in `configure.ac` to next development version which could be, based on just released version `a.b.c`:
* `a.b.z-git` where `z == c + 1` most of the time, or
* `a.y.0-git` where `y == b + 2` if a new development series starts, or
* `x.1.0-git` where `x == a + 1` when the released minor version `b` is 9 and `a.b.c` was the last version in the development series and a new development version is coming up next.
1. [x] Contact Marketing team, and find a member who will continue work on this release:
1. [x] Assign this ticket to person who will continue.
1. [x] Share link to signing ticket either directly or as a comment in this issue.
## Marketing
1. [x] Publish links to downloads on ISC website.
1. [x] Update the supported versions document in the Salesforce portal (if there are stable versions released), and update the Kea document in the portal.
1. [x] If it is a new `major.minor` version, SWENG will have created a new repo in Cloudsmith, which will need the customer tokens migrated from an existing repo. Verify that the KB on installing from Cloudsmith has also been updated, then update the Kea document in the SF portal and notify support customers that this new private repo exists.
1. [x] If a new Cloudsmith repository is used, make sure that the Zapier scripts are updated.
* If those are not updated, there was an error made during preparation for new stable release. Please contact QA team and coordinate fix.
1. [x] Upload Premium hooks tarball to SendOwl. Create a new product if a new branch, otherwise update existing product. Send notifications to existing subscribers of the new version.
1. [x] Write release email to _kea-announce_.
1. [x] Write email to _kea-users_ (if a major release).
1. [ ] Announce on social media.
1. [x] Update [Wikipedia entry for Kea](https://en.wikipedia.org/wiki/Kea\_(software)).
1. [x] Write blog article (if a major release).
1. [x] Update [Kea page on website if any new hooks](https://www.isc.org/kea/).
1. [x] Update Kea Premium and Kea Subscription data sheets if any new hooks.
1. [ ] Update [significant features matrix](https://kb.isc.org/docs/en/aa-01615) (if any significant new features).
1. [x] Contact Support team, find a person who will continue this release and assign this issue to them.
## Support
1. [x] Update tickets in case of waiting for support customers.
1. [x] Close this ticketkea2.5.5https://gitlab.isc.org/isc-projects/kea/-/issues/3235bump up lib versions for 2.5.52024-01-26T17:03:30ZWlodzimierz Wencelbump up lib versions for 2.5.5as stated in the subject ;)as stated in the subject ;)kea2.5.5Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/3234Update Kea Premium License text2024-01-29T14:40:19ZVicky Riskvicky@isc.orgUpdate Kea Premium License textThe Kea Premium license text has been updated to version 2.1.1. I made a MR over in the Premium repo but I don't know how to tell for sure if the license text has to go in headers for multiple files, or just in the 'copying' file at the ...The Kea Premium license text has been updated to version 2.1.1. I made a MR over in the Premium repo but I don't know how to tell for sure if the license text has to go in headers for multiple files, or just in the 'copying' file at the top of the tree.kea2.5.5https://gitlab.isc.org/isc-projects/kea/-/issues/3232Include JSONs from doc/examples in the ARM2024-02-01T14:54:13ZAndrei Pavelandrei@isc.orgInclude JSONs from doc/examples in the ARMThe configurations in `doc/examples` are mainly aimed at helping administrators, yet they are not included in the ARM with the exception of a few complex HA examples.
Some of the configurations are mentioned through path without linking...The configurations in `doc/examples` are mainly aimed at helping administrators, yet they are not included in the ARM with the exception of a few complex HA examples.
Some of the configurations are mentioned through path without linking anywhere. Furthermore, the path matches the location in the Kea sources, but not in the Kea installation. An administrator would have to git-clone to find them.
I suggest adding a section to the ARM which includes all of them. This would be done programmatically as opposed to hardcoding each file. Ideally, the directory hierarchy would also be respected and displayed in the ARM section.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3231PerfMon-Core-Task-3 Modify Dhcpv4Srv and Dhcpv6Srv to add packet events2024-02-20T18:22:47ZThomas MarkwalderPerfMon-Core-Task-3 Modify Dhcpv4Srv and Dhcpv6Srv to add packet eventsComplete Kea Core task 3 per PerfMon design: https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#kea-core-tasksComplete Kea Core task 3 per PerfMon design: https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#kea-core-taskskea2.5.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3230PerfMon-Core-Tasks-1-and-2 Create PktEvent Class Modify PktFilters2024-02-16T16:58:12ZThomas MarkwalderPerfMon-Core-Tasks-1-and-2 Create PktEvent Class Modify PktFiltersComplete Kea Core tasks 1 and 2 per PerfMon design: https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#kea-core-tasksComplete Kea Core tasks 1 and 2 per PerfMon design: https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#kea-core-taskskea2.5.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3229hammer.py prepare-system --just-configure2024-01-26T09:15:21ZAndrei Pavelandrei@isc.orghammer.py prepare-system --just-configureWe could use a way to just configure packages without installing them in hammer.We could use a way to just configure packages without installing them in hammer.kea2.5.5Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/3228Add monitoring instrumentation around `dhcp-disable` state.2024-02-01T14:49:57ZTomek MrugalskiAdd monitoring instrumentation around `dhcp-disable` state.For details, see [github PR#133](https://github.com/isc-projects/kea/pull/133).For details, see [github PR#133](https://github.com/isc-projects/kea/pull/133).next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3227config-set accepts incorrect "prefix-len" value2024-01-19T08:22:53ZPeter Daviesconfig-set accepts incorrect "prefix-len" value
---
name: config-set accepts incorrect "prefix-len" value
about: On kea-dhcp6 version 2.2.1 config-set accepts incorrect "prefix-len"
value and future config-get and config-write calls fail.
---
**Describe the bug**
Given the follo...
---
name: config-set accepts incorrect "prefix-len" value
about: On kea-dhcp6 version 2.2.1 config-set accepts incorrect "prefix-len"
value and future config-get and config-write calls fail.
---
**Describe the bug**
Given the following subnet definition ( within a shared-network)
```
"subnet": "2a02:6b67:fc00:31::/64",
"id": 2,
"pd-pools": [{
"prefix": "2a02:6b67:ed70::",
"prefix-len": 44,
"delegated-len": 56}],
```
Kea starts correctly and config-* commands function as expected.
Change "prefix-len": 44, to "prefix-len": 38, and run "config-test" with this
invalid configuration. The command returns "result": 0,
```
[root@blaenau agent]# ./config-test6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5776 100 147 100 5629 143 5507 0:00:01 0:00:01 --:--:-- 5662
[
{
"result": 0,
"text": "Configuration seems sane. Control-socket, hook-libraries, and D2 configuration were sanity checked, but not applied."
}
]
```
Run config-set with this invalid configuration and it also returns 0
```
[root@blaenau agent]# ./config-set6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5684 100 56 100 5628 53 5411 0:00:01 0:00:01 --:--:-- 5475
[
{
"result": 0,
"text": "Configuration successful."
}
]
````
Now try and retrieve the running configuration with config-get or config-write.
```
[root@blaenau agent]# ./config-get6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 191 100 141 100 50 10071 3571 --:--:-- --:--:-- --:--:-- 15916
[
{
"result": 1,
"text": "Error during command processing: invalid prefix range 2a02:6b67:ed70::-2a02:6b67:efff:ffff:ffff:ffff:ffff:ffff"
}
]
```
```
[root@blaenau agent]# ./config-write6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 269 100 134 100 135 13400 13500 --:--:-- --:--:-- --:--:-- 38428
[
{
"result": 1,
"text": "Error during write-config:invalid prefix range 2a02:6b67:ed70::-2a02:6b67:efff:ffff:ffff:ffff:ffff:ffff"
}
]
````
Strangely after accepting the invalid configuration Kea appears to start sending
logging to stdout. the last message in the Kea log file is:
```
2024-01-19 01:52:35.014 INFO [kea-dhcp6.commands/97719.140321550017664] COMMAND_RECEIVED Received command 'config-set'
```
Correcting "prefix-len" and re-runing config-set re-enables the retrieval of the
running config but not the logging issue.
I haven't test if lease processing is affected by this.
**To Reproduce**
Steps to reproduce the behavior:
1. Run Kea dhcpv6 with the attached configuration file [
2. change the prefix-len to some invalid value via config-set
3. The server then appears to accept the configuration but efforts to retrieve
the runing configuration fail
4. See above
**Expected behavior**.
When running config-test Kea ought to have discovered the configuration error
and reported it.
When running config-set Kea ought to have discovered the configuration error
and reported it.
**Environment:**
- Kea version: 2.2.1
tarball
linked with:
log4cplus 1.2.0
OpenSSL 1.1.1k FIPS 25 Mar 2021
database:
Memfile backend 4.0
- OS: Oracle Linux 8"
- none
- none
**Additional Information**
This does not affect 2.5.4 which generates the following error:
```
2024-01-18 14:53:13.667 ERROR [kea-dhcp6.dhcp6/431892.140413956814720] DHCP6_PARSER_FAIL failed to create or run parser for configuration element shared-networks: Invalid Pool6 address boundaries: 2a02:6b67:ed70:: is not the first address in prefix: 2a02:6b67:ec00::/38 (<wire>:0:3314) (<wire>:0:2401)
```
**SalesForce**
[#00001600](https://isc.lightning.force.com/lightning/r/Case/500S6000003m9ybIAA/view)https://gitlab.isc.org/isc-projects/kea/-/issues/3226HA lease updates do not create an accounting entry in v62024-01-25T15:00:10ZAndrei Pavelandrei@isc.orgHA lease updates do not create an accounting entry in v6In v6, HA lease updates are done with the `lease6-bulk-apply` command which is not handled in the `command_processed` RADIUS callout.
This is unlike v4 which does create accounting entries for HA lease updates sent via `lease4-update`.In v6, HA lease updates are done with the `lease6-bulk-apply` command which is not handled in the `command_processed` RADIUS callout.
This is unlike v4 which does create accounting entries for HA lease updates sent via `lease4-update`.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3225when applying MT settings from CB the libs compatibility is not rechecked2024-03-27T13:50:40ZRazvan Becheriuwhen applying MT settings from CB the libs compatibility is not recheckedMT disabled -\> check libs (success) -\> load libs -\> CB load config -\> MT enabled -\> no checking of libs -\> could end up with non MT compatible libs loaded and used in MTMT disabled -\> check libs (success) -\> load libs -\> CB load config -\> MT enabled -\> no checking of libs -\> could end up with non MT compatible libs loaded and used in MTnext-stable-3.0https://gitlab.isc.org/isc-projects/kea/-/issues/3224CB commands should use processDhcp[4|6]Config to validate content of global p...2024-02-01T14:46:08ZRazvan BecheriuCB commands should use processDhcp[4|6]Config to validate content of global parameterssetting global parameters using CB commands does not check if values are valid. They are merged into the current config with no check. this could have an undesired effect on the running server.
global scalar parameters v4:
```plaintext...setting global parameters using CB commands does not check if values are valid. They are merged into the current config with no check. this could have an undesired effect on the running server.
global scalar parameters v4:
```plaintext
if ( (config_pair.first == "renew-timer") ||
(config_pair.first == "rebind-timer") ||
(config_pair.first == "valid-lifetime") ||
(config_pair.first == "min-valid-lifetime") ||
(config_pair.first == "max-valid-lifetime") ||
(config_pair.first == "decline-probation-period") ||
(config_pair.first == "dhcp4o6-port") ||
(config_pair.first == "echo-client-id") ||
(config_pair.first == "match-client-id") ||
(config_pair.first == "authoritative") ||
(config_pair.first == "next-server") ||
(config_pair.first == "server-hostname") ||
(config_pair.first == "boot-file-name") ||
(config_pair.first == "server-tag") ||
(config_pair.first == "reservation-mode") ||
(config_pair.first == "reservations-global") ||
(config_pair.first == "reservations-in-subnet") ||
(config_pair.first == "reservations-out-of-pool") ||
(config_pair.first == "calculate-tee-times") ||
(config_pair.first == "t1-percent") ||
(config_pair.first == "t2-percent") ||
(config_pair.first == "cache-threshold") ||
(config_pair.first == "cache-max-age") ||
(config_pair.first == "hostname-char-set") ||
(config_pair.first == "hostname-char-replacement") ||
(config_pair.first == "ddns-send-updates") ||
(config_pair.first == "ddns-override-no-update") ||
(config_pair.first == "ddns-override-client-update") ||
(config_pair.first == "ddns-replace-client-name") ||
(config_pair.first == "ddns-generated-prefix") ||
(config_pair.first == "ddns-qualifying-suffix") ||
(config_pair.first == "ddns-update-on-renew") ||
(config_pair.first == "ddns-use-conflict-resolution") ||
(config_pair.first == "ddns-conflict-resolution-mode") ||
(config_pair.first == "ddns-ttl-percent") ||
(config_pair.first == "store-extended-info") ||
(config_pair.first == "statistic-default-sample-count") ||
(config_pair.first == "statistic-default-sample-age") ||
(config_pair.first == "early-global-reservations-lookup") ||
(config_pair.first == "ip-reservations-unique") ||
(config_pair.first == "reservations-lookup-first") ||
(config_pair.first == "parked-packet-limit") ||
(config_pair.first == "allocator") ||
(config_pair.first == "offer-lifetime") ) {
CfgMgr::instance().getStagingCfg()->addConfiguredGlobal(config_pair.first,
config_pair.second);
continue;
}
```
global scalar parameters v6:
```plaintext
if ( (config_pair.first == "renew-timer") ||
(config_pair.first == "rebind-timer") ||
(config_pair.first == "preferred-lifetime") ||
(config_pair.first == "min-preferred-lifetime") ||
(config_pair.first == "max-preferred-lifetime") ||
(config_pair.first == "valid-lifetime") ||
(config_pair.first == "min-valid-lifetime") ||
(config_pair.first == "max-valid-lifetime") ||
(config_pair.first == "decline-probation-period") ||
(config_pair.first == "dhcp4o6-port") ||
(config_pair.first == "server-tag") ||
(config_pair.first == "reservation-mode") ||
(config_pair.first == "reservations-global") ||
(config_pair.first == "reservations-in-subnet") ||
(config_pair.first == "reservations-out-of-pool") ||
(config_pair.first == "calculate-tee-times") ||
(config_pair.first == "t1-percent") ||
(config_pair.first == "t2-percent") ||
(config_pair.first == "cache-threshold") ||
(config_pair.first == "cache-max-age") ||
(config_pair.first == "hostname-char-set") ||
(config_pair.first == "hostname-char-replacement") ||
(config_pair.first == "ddns-send-updates") ||
(config_pair.first == "ddns-override-no-update") ||
(config_pair.first == "ddns-override-client-update") ||
(config_pair.first == "ddns-replace-client-name") ||
(config_pair.first == "ddns-generated-prefix") ||
(config_pair.first == "ddns-qualifying-suffix") ||
(config_pair.first == "ddns-update-on-renew") ||
(config_pair.first == "ddns-use-conflict-resolution") ||
(config_pair.first == "ddns-conflict-resolution-mode") ||
(config_pair.first == "ddns-ttl-percent") ||
(config_pair.first == "store-extended-info") ||
(config_pair.first == "statistic-default-sample-count") ||
(config_pair.first == "statistic-default-sample-age") ||
(config_pair.first == "early-global-reservations-lookup") ||
(config_pair.first == "ip-reservations-unique") ||
(config_pair.first == "reservations-lookup-first") ||
(config_pair.first == "parked-packet-limit") ||
(config_pair.first == "allocator") ||
(config_pair.first == "pd-allocator") ) {
CfgMgr::instance().getStagingCfg()->addConfiguredGlobal(config_pair.first,
config_pair.second);
continue;
}
```
lists might not be complete. need to check.
only few parameters are checked - one is valid-lifetime:
```plaintext
void
sanityChecks(const SrvConfigPtr& cfg, const ConstElementPtr& global) {
/// Global lifetime sanity checks
cfg->sanityChecksLifetime("valid-lifetime");
/// Shared network sanity checks
const SharedNetwork4Collection* networks = cfg->getCfgSharedNetworks4()->getAll();
if (networks) {
sharedNetworksSanityChecks(*networks, global->get("shared-networks"));
}
}
```
some are not checked even by processDhcp\[4|6\]Config:
```plaintext
if (allow_packet_park) {
// Get the parking limit. Parsing should ensure the value is present.
uint32_t parked_packet_limit = 0;
data::ConstElementPtr ppl = CfgMgr::instance().getCurrentCfg()->
getConfiguredGlobal(CfgGlobals::PARKED_PACKET_LIMIT);
if (ppl) {
parked_packet_limit = ppl->intValue();
}
if (parked_packet_limit) {
auto const& parking_lot =
ServerHooks::getServerHooks().getParkingLotPtr(hook_label);
if (parking_lot && (parking_lot->size() >= parked_packet_limit)) {
// We can't park it so we're going to throw it on the floor.
LOG_DEBUG(packet4_logger, DBGLVL_PKT_HANDLING, parking_lot_full_msg)
.arg(parked_packet_limit)
.arg(query->getLabel());
isc::stats::StatsMgr::instance().addValue("pkt4-receive-drop",
static_cast<int64_t>(1));
rsp.reset();
return;
}
}
```backlog