2019-06-06 18:25:46 +02:00
|
|
|
.. _kea-shell:
|
|
|
|
|
|
|
|
|
|
*************
|
|
|
|
|
The Kea Shell
|
|
|
|
|
*************
|
|
|
|
|
|
|
|
|
|
.. _shell-overview:
|
|
|
|
|
|
2019-06-28 17:57:37 -04:00
|
|
|
Overview of the Kea Shell
|
|
|
|
|
=========================
|
2019-06-06 18:25:46 +02:00
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
The Kea Control Agent (CA, see
|
|
|
|
|
:ref:`kea-ctrl-agent`) provides a RESTful control interface
|
2019-06-06 18:25:46 +02:00
|
|
|
over HTTP. That API is typically expected to be used by various IPAMs
|
|
|
|
|
and similar management systems. Nevertheless, there may be cases when an
|
2019-06-28 17:57:37 -04:00
|
|
|
administrator wants to send a command to the CA directly, and the Kea shell
|
2019-06-06 18:25:46 +02:00
|
|
|
provides a way to do this. It is a simple command-line,
|
|
|
|
|
scripting-friendly, text client that is able to connect to the CA, send
|
|
|
|
|
it commands with parameters, retrieve the responses, and display them.
|
|
|
|
|
|
|
|
|
|
As the primary purpose of the Kea shell is as a tool in a scripting
|
2021-12-06 21:38:37 +00:00
|
|
|
environment, it is not interactive. However, by following simple guidelines it can
|
2019-06-06 18:25:46 +02:00
|
|
|
be run manually.
|
|
|
|
|
|
2020-09-12 17:36:44 +02:00
|
|
|
Kea 1.9.0 introduced basic HTTP authentication support.
|
2020-07-13 10:14:25 +02:00
|
|
|
|
2024-08-10 12:46:25 +02:00
|
|
|
.. note::
|
|
|
|
|
|
|
|
|
|
Kea version 2.7.2 introduces direct support of HTTP/HTTPS control channel
|
|
|
|
|
by Kea servers (:iscman:`kea-dhcp4`, :iscman:`kea-dhcp6` and
|
|
|
|
|
:iscman:`kea-dhcp-ddns`). The :iscman:`kea-shell` can be used with
|
|
|
|
|
these servers, the only difference is the ``--service`` argument becomes
|
|
|
|
|
useless and is ignored by Kea servers. Note the result is encapsulated
|
|
|
|
|
in a list for :iscman:`kea-ctrl-agent` compatibility.
|
|
|
|
|
|
2019-06-06 18:25:46 +02:00
|
|
|
Shell Usage
|
|
|
|
|
===========
|
|
|
|
|
|
2023-06-06 13:43:11 +03:00
|
|
|
:iscman:`kea-shell` is run as follows:
|
2019-06-06 18:25:46 +02:00
|
|
|
|
2019-07-15 08:32:02 +02:00
|
|
|
.. code-block:: console
|
2019-06-06 18:25:46 +02:00
|
|
|
|
2020-07-13 10:14:25 +02:00
|
|
|
$ kea-shell [--host hostname] [--port number] [--path path] [--auth-user] [--auth-password] [--timeout seconds] [--service service-name] [command]
|
2019-06-06 18:25:46 +02:00
|
|
|
|
|
|
|
|
where:
|
|
|
|
|
|
|
|
|
|
- ``--host hostname`` specifies the hostname of the CA. If not
|
|
|
|
|
specified, "localhost" is used.
|
|
|
|
|
|
|
|
|
|
- ``--port number`` specifies the TCP port on which the CA listens. If
|
|
|
|
|
not specified, 8000 is used.
|
|
|
|
|
|
|
|
|
|
- ``--path path`` specifies the path in the URL to connect to. If not
|
|
|
|
|
specified, an empty path is used. As the CA listens at the empty
|
|
|
|
|
path, this parameter is useful only with a reverse proxy.
|
|
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
- ``--auth-user`` specifies the user ID for basic HTTP authentication.
|
|
|
|
|
If not specified or specified as the empty string, authentication is
|
2020-07-13 10:14:25 +02:00
|
|
|
not used.
|
|
|
|
|
|
2021-03-25 12:57:11 +01:00
|
|
|
- ``--auth-password`` specifies the password for basic HTTP authentication.
|
2021-12-06 21:38:37 +00:00
|
|
|
If not specified but the user ID is specified, an empty password is used.
|
2020-07-13 10:14:25 +02:00
|
|
|
|
2019-06-06 18:25:46 +02:00
|
|
|
- ``--timeout seconds`` specifies the timeout (in seconds) for the
|
|
|
|
|
connection. If not given, 10 seconds is used.
|
|
|
|
|
|
|
|
|
|
- ``--service service-name`` specifies the target of a command. If not
|
2021-12-06 21:38:37 +00:00
|
|
|
given, the CA is used as the target. This may be used more than once
|
2019-06-06 18:25:46 +02:00
|
|
|
to specify multiple targets.
|
|
|
|
|
|
|
|
|
|
- ``command`` specifies the command to be sent. If not specified, the
|
2023-06-06 13:43:28 +03:00
|
|
|
:isccmd:`list-commands` command is used.
|
2019-06-06 18:25:46 +02:00
|
|
|
|
|
|
|
|
Other switches are:
|
|
|
|
|
|
2019-06-28 17:57:37 -04:00
|
|
|
- ``-h`` - prints a help message.
|
2019-06-06 18:25:46 +02:00
|
|
|
|
2024-04-23 19:57:05 +03:00
|
|
|
- ``-v`` - displays the Kea version.
|
|
|
|
|
|
|
|
|
|
- ``-V`` - displays the extended Kea version.
|
2019-06-06 18:25:46 +02:00
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
See :ref:`shell-tls` for new command-line arguments associated with TLS/HTTPS support.
|
2021-03-25 13:26:46 +01:00
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
Once started, the shell reads the parameters for the command from standard
|
2019-06-06 18:25:46 +02:00
|
|
|
input, which are expected to be in JSON format. When all have been read,
|
|
|
|
|
the shell establishes a connection with the CA using HTTP, sends the
|
|
|
|
|
command, and awaits a response. Once that is received, it is displayed
|
|
|
|
|
on standard output.
|
|
|
|
|
|
2019-06-28 17:57:37 -04:00
|
|
|
For a list of available commands, see :ref:`ctrl-channel`;
|
2021-12-06 21:38:37 +00:00
|
|
|
additional commands may be provided by hook libraries. For a list of
|
2023-06-06 13:43:28 +03:00
|
|
|
all supported commands from the CA, use the :isccmd:`list-commands` command.
|
2019-06-06 18:25:46 +02:00
|
|
|
|
|
|
|
|
The following shows a simple example of usage:
|
|
|
|
|
|
2019-07-15 08:32:02 +02:00
|
|
|
.. code-block:: console
|
2019-06-06 18:25:46 +02:00
|
|
|
|
|
|
|
|
$ kea-shell --host 192.0.2.1 --port 8001 --service dhcp4 list-commands
|
|
|
|
|
^D
|
|
|
|
|
|
|
|
|
|
After the command line is entered, the program waits for command
|
2023-06-06 13:43:28 +03:00
|
|
|
parameters to be entered. Since :isccmd:`list-commands` does not take any
|
2021-12-06 21:38:37 +00:00
|
|
|
arguments, Ctrl-D (represented in the above example by "^D")
|
|
|
|
|
indicates end-of-file and terminates the parameter input. The shell
|
2019-06-06 18:25:46 +02:00
|
|
|
then contacts the CA and prints out the list of available commands
|
|
|
|
|
returned for the service named ``dhcp4``.
|
|
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
The Kea shell will likely be most frequently used in
|
2019-06-06 18:25:46 +02:00
|
|
|
scripts; the next example shows a simple scripted execution. It sends
|
2023-06-06 13:43:28 +03:00
|
|
|
the command :isccmd:`config-write` to the CA (the ``--service`` parameter has not
|
2019-06-06 18:25:46 +02:00
|
|
|
been used), along with the parameters specified in param.json. The
|
|
|
|
|
result will be stored in result.json.
|
|
|
|
|
|
2019-07-15 08:32:02 +02:00
|
|
|
.. code-block:: console
|
2019-06-06 18:25:46 +02:00
|
|
|
|
|
|
|
|
$ cat param.json
|
|
|
|
|
"filename": "my-config-file.json"
|
|
|
|
|
$ cat param.json | kea-shell --host 192.0.2.1 config-write > result.json
|
|
|
|
|
|
|
|
|
|
When a reverse proxy is used to de-multiplex requests to different
|
|
|
|
|
servers, the default empty path in the URL is not enough, so the
|
|
|
|
|
``--path`` parameter should be used. For instance, if requests to the
|
|
|
|
|
"/kea" path are forwarded to the CA this can be used:
|
|
|
|
|
|
2019-07-15 08:32:02 +02:00
|
|
|
.. code-block:: console
|
2019-06-06 18:25:46 +02:00
|
|
|
|
|
|
|
|
$ kea-shell --host 192.0.2.1 --port 8001 --path kea ...
|
|
|
|
|
|
2020-11-14 00:00:37 +00:00
|
|
|
The Kea shell requires Python to be installed on the system. It has been
|
2023-06-27 17:28:11 +02:00
|
|
|
tested with various versions of Python 3, up to 3.5.
|
2019-06-06 18:25:46 +02:00
|
|
|
Since not every Kea deployment uses this feature and there are
|
|
|
|
|
deployments that do not have Python, the Kea shell is not enabled by
|
2021-12-06 21:38:37 +00:00
|
|
|
default. To use it, specify ``--enable-shell`` when running ``configure``
|
|
|
|
|
during the installation of Kea. When building on Debian systems,
|
|
|
|
|
``--with-site-packages=...`` may also be useful.
|
2019-06-06 18:25:46 +02:00
|
|
|
|
2023-06-28 19:15:47 +02:00
|
|
|
.. note::
|
|
|
|
|
|
2024-05-16 20:09:54 +00:00
|
|
|
Beginning with Kea 2.4.0, :iscman:`kea-shell` no longer supports Python 2.7.
|
2023-06-28 19:15:47 +02:00
|
|
|
|
2019-06-06 18:25:46 +02:00
|
|
|
The Kea shell is intended to serve more as a demonstration of the
|
|
|
|
|
RESTful interface's capabilities (and, perhaps, an illustration for
|
|
|
|
|
people interested in integrating their management environments with Kea)
|
2019-06-28 17:57:37 -04:00
|
|
|
than as a serious management client. It is not likely to be
|
|
|
|
|
significantly expanded in the future; it is, and will remain, a simple
|
2019-06-06 18:25:46 +02:00
|
|
|
tool.
|
2020-09-12 17:36:44 +02:00
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
When using this tool with basic HTTP authentication, please keep in
|
|
|
|
|
mind that command-line arguments are not hidden from local users.
|
2021-03-25 12:57:11 +01:00
|
|
|
|
2021-03-25 13:26:46 +01:00
|
|
|
.. _shell-tls:
|
|
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
TLS Support
|
2021-03-25 12:57:11 +01:00
|
|
|
===========
|
|
|
|
|
|
2024-05-16 20:09:54 +00:00
|
|
|
:iscman:`kea-shell` supports HTTPS connections; the TLS/HTTPS
|
2021-12-06 21:38:37 +00:00
|
|
|
support requires Python 3. The additional command-line arguments are:
|
2021-03-25 12:57:11 +01:00
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
- ``--ca`` specifies the file or directory name of the Certification
|
|
|
|
|
Authority. If not specified, HTTPS is not used.
|
2021-03-25 12:57:11 +01:00
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
- ``--cert`` specifies the file name of the user end-entity public key
|
|
|
|
|
certificate. If specified, the file name of the user key must also be specified.
|
2021-03-25 12:57:11 +01:00
|
|
|
|
2021-12-06 21:38:37 +00:00
|
|
|
- ``--key`` specifies the file name of the user key file. If specified,
|
|
|
|
|
the file name of the user certificate must also be specified.
|
|
|
|
|
Encrypted key files are not supported.
|
2021-03-25 12:57:11 +01:00
|
|
|
|
2021-03-25 13:26:46 +01:00
|
|
|
For example, a basic HTTPS request to get a list of commands could
|
|
|
|
|
look like this:
|
2021-03-25 12:57:11 +01:00
|
|
|
|
|
|
|
|
.. code-block:: console
|
|
|
|
|
|
2021-03-25 13:26:46 +01:00
|
|
|
$ kea-shell --host 127.0.0.1 --port 8000 --ca ./kea-ca.crt list-commands
|
