stork issueshttps://gitlab.isc.org/isc-projects/stork/-/issues2024-03-19T14:58:05Zhttps://gitlab.isc.org/isc-projects/stork/-/issues/1323Attach more labels to the Prometheus samples2024-03-19T14:58:05ZSlawek FigielAttach more labels to the Prometheus samplesCurrently, if you haven't the subnet_cmds hook, the metrics are labeled with the subnet ID, and if you have the subnet_cmds hook, the metrics are labeled with the subnet name prefix if provided, otherwise with the subnet ID.
Our custome...Currently, if you haven't the subnet_cmds hook, the metrics are labeled with the subnet ID, and if you have the subnet_cmds hook, the metrics are labeled with the subnet name prefix if provided, otherwise with the subnet ID.
Our customer needs samples labeled by subnet ID regardless of the subnet_cmds presence. It would also be helpful to attach the shared network name.
[SF#1762](https://isc.lightning.force.com/lightning/r/Case/500S6000006AQSSIA4/view)1.17https://gitlab.isc.org/isc-projects/stork/-/issues/1319Package issues during update2024-03-28T13:33:54ZDarren AnkneyPackage issues during updateIt was found that when updating to Stork 1.15.0 (in this case from 1.14.0) on RHEL 7 (and CentOS 7 though engineering states that this problem likely applies to all versions) that there are two problems encountered:
1. The Stork Server ...It was found that when updating to Stork 1.15.0 (in this case from 1.14.0) on RHEL 7 (and CentOS 7 though engineering states that this problem likely applies to all versions) that there are two problems encountered:
1. The Stork Server service ends up stopped in the disabled state even though it was enabled and started prior to update.
2. The `useradd` call in the postinstall script sets the homedir to `/var/lib` instead of `/var/lib/stork-server`.
A patch was provided by the reporter:
```
diff --git a/etc/hooks/rpm/isc-stork-server.postinst b/etc/hooks/rpm/isc-stork-server.postinst
index 3b890b75..7833efd4 100644
--- a/etc/hooks/rpm/isc-stork-server.postinst
+++ b/etc/hooks/rpm/isc-stork-server.postinst
@@ -4,5 +4,5 @@ set -eu
# add stork-server user if does not exist
if ! getent passwd stork-server > /dev/null; then
- useradd --system --home-dir /var/lib/ stork-server
+ useradd --system --base-dir /var/lib/ stork-server
fi
diff --git a/etc/hooks/rpm/isc-stork-server.prerm b/etc/hooks/rpm/isc-stork-server.prerm
index e4649e2c..cc007fbc 100644
--- a/etc/hooks/rpm/isc-stork-server.prerm
+++ b/etc/hooks/rpm/isc-stork-server.prerm
@@ -1,16 +1,17 @@
#!/bin/sh
set -eu
-
-has_active_systemd=0
-if command -v systemctl > /dev/null; then
- status=$(systemctl is-system-running || true)
- if [ "${status}" = "running" ] || [ "${status}" = "degraded" ] || [ "${status}" = "maintenance" ]; then
- has_active_systemd=1
+if [ "$1" -eq 0 ]; then # Uninstall == 0 not Upgrade == 1
+ has_active_systemd=0
+ if command -v systemctl > /dev/null; then
+ status=$(systemctl is-system-running || true)
+ if [ "${status}" = "running" ] || [ "${status}" = "degraded" ] || [ "${status}" = "maintenance" ]; then
+ has_active_systemd=1
+ fi
fi
-fi
-if [ $has_active_systemd -eq 1 ]; then
- systemctl disable isc-stork-server
- systemctl stop isc-stork-server
-fi
+ if [ $has_active_systemd -eq 1 ]; then
+ systemctl disable isc-stork-server
+ systemctl stop isc-stork-server
+ fi
+fi
```
[SF1727](https://isc.lightning.force.com/lightning/r/Case/500S6000005dJugIAE/view)1.16Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1193CA returns number overflow on ipv6 stats2024-03-22T12:56:27ZSlawek FigielCA returns number overflow on ipv6 statsThe issue was found during [1.13 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1187#note_408666) by @slawek.
I have observed a weird error in logs:
```
stork-1130-agent-kea6-1 | INFO COMMAND_RECEIVED R...The issue was found during [1.13 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1187#note_408666) by @slawek.
I have observed a weird error in logs:
```
stork-1130-agent-kea6-1 | INFO COMMAND_RECEIVED Received command 'statistic-get-all'
stork-1130-agent-kea6-1 | INFO CTRL_AGENT_COMMAND_RECEIVED command statistic-get-all received from remote address 127.0.0.1
stork-1130-agent-kea6-1 | INFO COMMAND_RECEIVED Received command 'statistic-get-all'
stork-1130-agent-kea6-1 | time="2023-10-10 12:40:51" level="error" msg="Failed to parse responses from Kea: response result from Kea != 0: 1, text: internal server error: unable to parse server's answer to the forwarded message: Number overflow: 36893488147419103232 in <wire>:0:8422" file=" promkeaexporter.go:850 "
stork-1130-agent-kea6-1 | time="2023-10-10 12:40:51" level="error" msg="Some errors were encountered while collecting stats from Kea: response result from Kea != 0: 1, text: internal server error: unable to parse server's answer to the forwarded message: Number overflow: 36893488147419103232 in <wire>:0:8422\nisc.org/stork/agent.(*GetAllStatisticsResponse).UnmarshalJSON\n\tisc.org/stork/agent/promkeaexporter.go:149\nencoding/json.(*decodeState).array\n\tencoding/json/decode.go:507\nencoding/json.(*decodeState).value\n\tencoding/json/decode.go:364\nencoding/json.(*decodeState).unmarshal\n\tencoding/json/decode.go:181\nencoding/json.Unmarshal\n\tencoding/json/decode.go:108\nisc.org/stork/agent.(*PromKeaExporter).collectStats\n\tisc.org/stork/agent/promkeaexporter.go:847\nisc.org/stork/agent.(*PromKeaExporter).statsCollectorLoop\n\tisc.org/stork/agent/promkeaexporter.go:710\nruntime.goexit\n\truntime/asm_amd64.s:1650" file=" promkeaexporter.go:712 "
```1.16Slawek FigielSlawek Figiel2024-05-29https://gitlab.isc.org/isc-projects/stork/-/issues/1037External authentication using headers2023-05-23T13:20:55ZDarren AnkneyExternal authentication using headersSome web software packages support a method of remote authentication where REMOTE_USER headers are used. This might be called RemoteUserMiddleware, Header authentication, or a subset of Shibboleth.
In the Django world, there is an Auth...Some web software packages support a method of remote authentication where REMOTE_USER headers are used. This might be called RemoteUserMiddleware, Header authentication, or a subset of Shibboleth.
In the Django world, there is an AuthN backend called RemoteUserMiddleware: https://docs.djangoproject.com/en/4.2/howto/auth-remote-user/ which may describe the intent here.
[RT22012](https://support.isc.org/Ticket/Display.html?id=22012)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1033Persistent database of dhcp clients seen on the network2024-02-01T14:51:36ZVicky Riskvicky@isc.orgPersistent database of dhcp clients seen on the networkThis is a feature request for an endpoint database in Stork, of all the clients serviced by any of the Kea servers managed by Stork.
Stork users would like to be able to store, view and update client information that persists after the ...This is a feature request for an endpoint database in Stork, of all the clients serviced by any of the Kea servers managed by Stork.
Stork users would like to be able to store, view and update client information that persists after the lease may have been released. It would be useful to maintain a database of client information that could associate networked client identity with other administrative parameters that a help desk or network admin function might need.
Possible use cases
- identify the end user associated with an ip address or subnet of addresses, in order to send email notification about upcoming maintenance that might impact that subnet
- identify the date a client associated with a particular DNS host name was last seen on the network, to help in identifying abandoned hostnames in the DNS.
- identify the end user associated with a device for which there is an unused host reservation, in order to follow up off-line and possibly 'reclaim' that HR
- identifying all the printers scattered across multiple subnets, in order to move them all to a separate subnet
- determine the physical location for a client device that is misbehaving on the network in order to find it and remove it, update, or reboot it
- find all devices associated with an end user who has recently left the company, to determine whether any of those devices are still responding/renewing on the network
- identify the phone number associated with an ip phone, to update a directory listing (this is probably not the ideal way to do this however)
- locating all the users with client devices of a particular vendor and device type in case of an urgent security update (this is probably not the ideal way to do this however)
Possible db fields
- client-identifying parameters from the DHCP interaction (MAC, DUID, etc)
- host reservation information (if there is an associated HR), including DNS name, boot file location, user-context, perhaps any other options on the HR
- IP address assigned and date/time it was last renewed.
- [device type](https://gitlab.isc.org/isc-projects/stork/-/issues/161), such as Android phone, iPhone, Windows laptop, HP Printer, etc (eventually we might want to try populating this information using client [fingerprinting](https://gitlab.isc.org/isc-projects/stork/-/issues/777) from options provided in requests)
- vendor/manufacturer (e.g. Apple, Samsung, HP etc). This could eventually be populated by fingerprinting.
- geographic location (this could be a city/office such as Baltimore, MD, or it could be some other code such as BLDG21-3rdFlr. We should probably permit a wide range of possible end user formats/strings for this.
- any 'user context' data associated with the client. Other than host reservations, is there any other way that user context could be associated with a client? There could be user context associated with the subnet that the client most recently received a lease from, would we want to associate that with the client??
- end user contact information fields, such as fname, lname, userID, email address, phone extension, mobile and administrative affiliation (e.g. department). (this might be in a different linked table, so a user could be associated with multiple devices? Also, that would facilitate importing a table of end user contact data.)
Other features
- it would be very cool if this database of endpoints could be created from lease data, but without removing endpoints when the leases failed to renew
- it would be ideal if the information could be updated when a new lease is assigned, if the endpoint is found in the database with a prior lease. So, for example, the ip address and some option data might be updated, but the rest of the information, much of which would have been administratively entered, would persist on the record
- some organizations might have a table of endpoints that they would want to import, in csv format, for instance. It would also be useful to be able to export this information for import into some other client inventory system
- this should be different from the Lease db in that Kea does not need to maintain it in real time! Nobody would want this if updates were blocking on assigning or renewing leases, or if using it put a big performance strain on Kea. It is fine if updates to this database are not acknowledged to Kea, and Kea definitely should not wait for responses from the endpoint db. Possibly this could use the 3rd lease data stream from HA as an input?
- Some of the above may be features that make more sense as use cases for a network documentation system, such as NetBox. We are not trying to replace the network documentation, but to provide documentation at a more granular level... So we might want to investigate what a NetBox might offer for endpoint tracking first, and possible somehow leverage that ...
- The Stork admin would likely want to customize which fields are used and displayed in the GUI, as many enterprises would not populate all of the fields.
- It might be necessary for the Stork admin to identify *which* endpoint identifier should be used as the unique index field, so that updates are possible.
We haven't discussed the GUI features that might leverage this database, but it does seem to be desirable to permit record deletion, or at least mark them as historical/deprecated/inactive or something. Otherwise this db would grow and grow like an unrotated log file...backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/901Regular expressions2023-02-17T11:29:20ZPeter DaviesRegular expressionsThere may be some utility in allowing the search bar to process regular expression.
I'm not sure how much work this would entail. It has been pointed out that for leases
Kea's leaseX-get-by-* commands do not support this; the leaseX-...There may be some utility in allowing the search bar to process regular expression.
I'm not sure how much work this would entail. It has been pointed out that for leases
Kea's leaseX-get-by-* commands do not support this; the leaseX-get-all could be used.
[ RT #21476 ](https://support.isc.org/Ticket/Display.html?id=21476)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/764Feature Request: Add version control and version history (and maybe some limi...2023-01-31T10:05:50ZCathy AlmondFeature Request: Add version control and version history (and maybe some limited roll back?) capability to Kea configuration/CB[Per Support Ticket #17332](https://support.isc.org/Ticket/Display.html?id=17332)
I think it's highly probable this is something that would need to be integrated with Stork and/or something completely independent (git-based?) for config...[Per Support Ticket #17332](https://support.isc.org/Ticket/Display.html?id=17332)
I think it's highly probable this is something that would need to be integrated with Stork and/or something completely independent (git-based?) for configuration change management.
Recording it here as a placeholder feature request anywaybackloghttps://gitlab.isc.org/isc-projects/stork/-/issues/158DHCP active test tool2024-02-01T14:52:14ZVicky Riskvicky@isc.orgDHCP active test toolAs a DHCP system administrator, I would like to have a process running, that I can control via Stork, that is constantly requesting and renewing leases. This would approximate a 'real user' client.
- I would like to be able to set this ...As a DHCP system administrator, I would like to have a process running, that I can control via Stork, that is constantly requesting and renewing leases. This would approximate a 'real user' client.
- I would like to be able to set this up to run at regular intervals (suggested default = 5 minutes)
- I would like to set up this active test vs any one or all of my dhcp servers
- I would like to have this release the lease by default (so it is also exercising the address selection), or to have a configuration option to determine whether it is renewing or releasing/and getting a new address each time.
- I would like the results displayed in stork (success/failure
- I would like stork to display the time elapsed to get the lease (from discover to offer perhaps?). This might be best if the figure displayed is an average of the last say, 5 tries, something like that?
- I would like an alarm if this fails (once we have established what the mechanism is for raising an alarm, I would like this both in the Stork UI and via whatever mechanism Stork uses for issuing external alarms)
- I realize this is not going to be 'that much' like a real user if it is not on the same network as the users - that is ok. This is more of a 'canary' test to ensure the dhcp server process is working.
- As an administrator, I want this little test to also see that the dhcp server is reachable via the network. It would be ideal if the client process running the test does not have to be ON the same machine as the Kea server (so don't put it in the local agent). I realize that my Stork instance may be on a different network than my production clients (it probably will be) - but that is ok.
- As an administrator, I need to be able to run this test vs Kea DHCPv4 and Kea DHCPv6 servers (so, simulate both kinds of clients).
- For the basic test, all we are looking for is an address. At some point we may also ask for a prefix delegation and or options, but not in this feature request.backlog