kea/doc/sphinx/arm/database-connectivity.rst

.. _database-connectivity:

*********************
Database Connectivity
*********************

The Kea servers (:iscman:`kea-dhcp4` and :iscman:`kea-dhcp6`) can be configured to use a variety of
database backends for leases, hosts, and configuration. They can be
configured to support automatic recovery when connectivity is lost, via
the ``on-fail`` and ``retry-on-startup`` parameters.
(The ``reconnect-wait-time`` and ``max-reconnect-tries`` parameters are
described in :ref:`database-configuration4` and :ref:`database-configuration6`.)

It is important to understand how and when automatic recovery comes into play.
Automatic recovery, when configured, only operates after a successful startup
or reconfiguration during which connectivity to all backends has been
successfully established.

During server startup, the inability to connect to any of the configured
backends is considered fatal only if ``retry-on-startup`` is set to ``false``
(the default). A fatal error is logged and the server exits, based on the idea
that the configuration should be valid at startup. Exiting to the operating
system allows nanny scripts to detect the problem.
If ``retry-on-startup`` is set to ``true``, the server will start reconnection
attempts even at server startup or on reconfigure events, and will honor the
action specified in the ``on-fail`` parameter.

During dynamic reconfiguration, all backends are disconnected and then
reconnected using the new configuration. If connectivity to any of the
backends cannot be established, the server logs a fatal error but remains
up. It is able to process commands but does not serve clients. This
allows the configuration to be corrected via the :isccmd:`config-set` or
``remote-*`` commands, if required.

During normal operations, if connectivity to any of the backends is lost and
automatic recovery for that backend is enabled, the server disconnects from the
respective backend and then attempts to reconnect. During the recovery process,
the server ceases to serve clients according to the ``on-fail`` configured
option but continues to respond to commands.

The ``on-fail`` parameter configures the actions the server should take when a
connection is lost. It can have one of the following values:

-  ``stop-retry-exit`` - indicates that the server should stop the service
   while it tries to recover the connection, and exit if recovery is not
   successful after ``max-reconnect-tries``.

-  ``serve-retry-exit`` - indicates that the server should not stop the
   service while it tries to recover the connection, and exit if recovery is not
   successful after ``max-reconnect-tries``.

-  ``serve-retry-continue`` - indicates that the server should not stop the
   service while it tries to recover the connection, and not exit if recovery is
   not successful after ``max-reconnect-tries``.

If connectivity to all backends is restored, the server returns to normal
operations. If the connection cannot be restored and the server is configured
to exit, it issues a fatal error before shutdown.

For Kea DHCP servers to work with database backends, the database schema must be
created and must match the version of the Kea
server. If the version check fails and the database backend is not configured
as read-only, Kea attempts to initialize the schema.

.. note::

    Kea does not automatically attempt to upgrade an existing schema; doing so
    might deprive users of the opportunity to take precautions, such as
    backing up the database or temporarily shutting off running
    Kea servers that are currently operating on the database.

The connection to the database server can optionally be protected by TLS.
Corresponding database configuration parameters for Kea servers are:

-  The ``trust-anchor`` specifies the Certification Authority file name or
   directory path.

-  The ``cert-file`` specifies the client certificate file name.

-  The ``key-file`` specifies the private key file name.

-  The ``ssl-mode`` specifies the SSL mode: ``disable``, ``prefer``,
   ``require``, ``verify-ca`` or ``verify-full``.

-  The ``cipher-list`` specifies the list of TLS ciphers (the syntax of
   the content of this parameter is described in the OpenSSL ciphers
   manual).

These parameters are similar to the parameters of the secure connections
with the agent but are interpreted by different backends using database
configurations too.

Currently the support for each database is:

-  MySQL supports the whole set, except ``ssl-mode``, additional configuration
   must be done in the MySQL local setup, for instance certificate revocation
   list, choice of a specific TLS version, mutual authentication, etc.
   When a TLS connection was required but the actual connection is in
   clear text an error log is emitted.

-  PostgreSQL supports the whole set, except ``cipher-list``, additional
   configuration must be done in the client library (libpq). Anything else must
   be done in the PostgreSQL local configuration.
[#1284] Added database-connectivity section to ARM 2020-08-18 11:28:26 -04:00			`.. _database-connectivity:`

			`*********************`
			`Database Connectivity`
			`*********************`
[#3025] document automatic db init 2024-02-16 13:34:05 +02:00
[#2554] add 'iscman' references The commands used were: - find doc/sphinx/man -name '.rst' \| xargs grep -F '.. iscman' \| cut -d ' ' -f 3 > /tmp/binaries - for i in $(cat /tmp/binaries); do find doc/sphinx/arm -name '.rst' \| xargs sed -i "s/\`\`${i}\`\`/:iscman:\`${i}\`/g"; done Manual adjustment was required in a few places to: - extend title lines - realign table lines 2023-06-06 13:43:11 +03:00			The Kea servers (:iscman:`kea-dhcp4` and :iscman:`kea-dhcp6`) can be configured to use a variety of
[#2103] Text edits 2021-10-13 20:42:23 +00:00			`database backends for leases, hosts, and configuration. They can be`
			`configured to support automatic recovery when connectivity is lost, via`
[#3019] retry db open on startup 2023-10-18 18:30:33 +03:00			the ``on-fail`` and ``retry-on-startup`` parameters.
			(The ``reconnect-wait-time`` and ``max-reconnect-tries`` parameters are
			described in :ref:`database-configuration4` and :ref:`database-configuration6`.)
[#1284] Added database-connectivity section to ARM 2020-08-18 11:28:26 -04:00
[#1589] Removed trailing spaces 2020-12-23 21:08:13 +01:00			`It is important to understand how and when automatic recovery comes into play.`
			`Automatic recovery, when configured, only operates after a successful startup`
			`or reconfiguration during which connectivity to all backends has been`
[#1284] Added database-connectivity section to ARM 2020-08-18 11:28:26 -04:00			`successfully established.`

Fix typos, and other text corrections Mostly minor text fixups, with a few edits for clarity 2020-11-14 00:00:37 +00:00			`During server startup, the inability to connect to any of the configured`
[#3019] addressed review comments 2023-12-12 10:35:52 +02:00			backends is considered fatal only if ``retry-on-startup`` is set to ``false``
			`(the default). A fatal error is logged and the server exits, based on the idea`
			`that the configuration should be valid at startup. Exiting to the operating`
			`system allows nanny scripts to detect the problem.`
[#3019] retry db open on startup 2023-10-18 18:30:33 +03:00			If ``retry-on-startup`` is set to ``true``, the server will start reconnection
			`attempts even at server startup or on reconfigure events, and will honor the`
[#3019] addressed review comments 2023-12-12 10:35:52 +02:00			action specified in the ``on-fail`` parameter.
[#1284] Added database-connectivity section to ARM 2020-08-18 11:28:26 -04:00
Fix typos, and other text corrections Mostly minor text fixups, with a few edits for clarity 2020-11-14 00:00:37 +00:00			`During dynamic reconfiguration, all backends are disconnected and then`
			`reconnected using the new configuration. If connectivity to any of the`
			`backends cannot be established, the server logs a fatal error but remains`
[#1589] Removed trailing spaces 2020-12-23 21:08:13 +01:00			`up. It is able to process commands but does not serve clients. This`
[#2554] add 'isccmd' references The commands used were: - find doc/sphinx/arm -name '.rst' \| xargs grep -E '^\.\. ' \| cut -d ' ' -f 2 \| sort -uV \| grep _command- > /tmp/commands - for i in $(cat /tmp/commands); do find doc/sphinx/arm -name '.rst' \| xargs sed -i "s/\`\`${i}\`\` command/\`${i} command <_command-${i}>\`/g"; done - for i in $(cat /tmp/commands); do find doc/sphinx/arm -name '.rst' \| xargs sed -i "s/\`\`${i}\`\`/\`${i} <_command-${i}>\`/g"; done - for i in $(cat /tmp/commands); do find doc/sphinx/arm -name '.rst' \| xargs sed -i "s/The \`${i} <_command-${i}>\` Command/The \`\`${i}\`\` Command/g"; done - for i in $(cat /tmp/commands); do find doc/sphinx/arm -name '*.rst' \| xargs sed -i "s/- ${i}/- \`${i} <_command-${i}>\`/g"; done But they were not perfect. Some manual adjustment was required. 2023-06-06 13:43:28 +03:00			allows the configuration to be corrected via the :isccmd:`config-set` or
[#2103] Additional text edits after review 2021-10-19 19:03:55 +00:00			``remote-*`` commands, if required.
[#1284] Added database-connectivity section to ARM 2020-08-18 11:28:26 -04:00
[#1589] Removed trailing spaces 2020-12-23 21:08:13 +01:00			`During normal operations, if connectivity to any of the backends is lost and`
[#1375] updated ChangeLog and documentation 2020-12-09 19:09:25 +02:00			`automatic recovery for that backend is enabled, the server disconnects from the`
			`respective backend and then attempts to reconnect. During the recovery process,`
[#1621] implemented "on-fail" action for connection recovery 2021-03-25 23:27:38 +02:00			the server ceases to serve clients according to the ``on-fail`` configured
[#2103] Text edits 2021-10-13 20:42:23 +00:00			`option but continues to respond to commands.`
[#1621] implemented "on-fail" action for connection recovery 2021-03-25 23:27:38 +02:00
			The ``on-fail`` parameter configures the actions the server should take when a
			`connection is lost. It can have one of the following values:`
[#1621] fixed typos and bug which prevents configuring values for "on-fail" 2021-03-26 16:23:48 +02:00
[#2103] Text edits 2021-10-13 20:42:23 +00:00			- ``stop-retry-exit`` - indicates that the server should stop the service
			`while it tries to recover the connection, and exit if recovery is not`
[#1621] fixed typos and bug which prevents configuring values for "on-fail" 2021-03-26 16:23:48 +02:00			successful after ``max-reconnect-tries``.

[#2103] Text edits 2021-10-13 20:42:23 +00:00			- ``serve-retry-exit`` - indicates that the server should not stop the
			`service while it tries to recover the connection, and exit if recovery is not`
[#1621] fixed typos and bug which prevents configuring values for "on-fail" 2021-03-26 16:23:48 +02:00			successful after ``max-reconnect-tries``.

[#2103] Text edits 2021-10-13 20:42:23 +00:00			- ``serve-retry-continue`` - indicates that the server should not stop the
			`service while it tries to recover the connection, and not exit if recovery is`
[#1621] fixed typos and bug which prevents configuring values for "on-fail" 2021-03-26 16:23:48 +02:00			not successful after ``max-reconnect-tries``.
[#1621] implemented "on-fail" action for connection recovery 2021-03-25 23:27:38 +02:00
			`If connectivity to all backends is restored, the server returns to normal`
[#2103] Text edits 2021-10-13 20:42:23 +00:00			`operations. If the connection cannot be restored and the server is configured`
[#1917] Changes up to and including Chapter 23 2021-06-08 15:00:54 +00:00			`to exit, it issues a fatal error before shutdown.`
[#34] Checkpoint: code and tests to do 2021-11-29 16:29:22 +01:00
Resolve "Editorial review of the ARM prior to 2.6 release" 2024-05-16 20:09:54 +00:00			`For Kea DHCP servers to work with database backends, the database schema must be`
			`created and must match the version of the Kea`
			`server. If the version check fails and the database backend is not configured`
			`as read-only, Kea attempts to initialize the schema.`
[#3025] document automatic db init 2024-02-16 13:34:05 +02:00
			`.. note::`

Resolve "Editorial review of the ARM prior to 2.6 release" 2024-05-16 20:09:54 +00:00			`Kea does not automatically attempt to upgrade an existing schema; doing so`
[#3019] remove limitation on db retry from doc 2024-05-17 12:07:47 +03:00			`might deprive users of the opportunity to take precautions, such as`
Resolve "Editorial review of the ARM prior to 2.6 release" 2024-05-16 20:09:54 +00:00			`backing up the database or temporarily shutting off running`
[#3025] document automatic db init 2024-02-16 13:34:05 +02:00			`Kea servers that are currently operating on the database.`

[#34] Checkpoint: code and tests to do 2021-11-29 16:29:22 +01:00			`The connection to the database server can optionally be protected by TLS.`
			`Corresponding database configuration parameters for Kea servers are:`

			- The ``trust-anchor`` specifies the Certification Authority file name or
			`directory path.`

			- The ``cert-file`` specifies the client certificate file name.

			- The ``key-file`` specifies the private key file name.

[#3927] add ssl-mode parameter 2025-07-08 22:28:57 +03:00			- The ``ssl-mode`` specifies the SSL mode: ``disable``, ``prefer``,
			``require``, ``verify-ca`` or ``verify-full``.

[#34] Checkpoint: code and tests to do 2021-11-29 16:29:22 +01:00			- The ``cipher-list`` specifies the list of TLS ciphers (the syntax of
			`the content of this parameter is described in the OpenSSL ciphers`
			`manual).`

			`These parameters are similar to the parameters of the secure connections`
			`with the agent but are interpreted by different backends using database`
			`configurations too.`

			`Currently the support for each database is:`

[#3927] remove ssl-mode for mysql 2025-07-09 18:09:37 +03:00			- MySQL supports the whole set, except ``ssl-mode``, additional configuration
			`must be done in the MySQL local setup, for instance certificate revocation`
			`list, choice of a specific TLS version, mutual authentication, etc.`
[#34] Checkpoint: code and tests to do 2021-11-29 16:29:22 +01:00			`When a TLS connection was required but the actual connection is in`
			`clear text an error log is emitted.`

[#3927] remove ssl-mode for mysql 2025-07-09 18:09:37 +03:00			- PostgreSQL supports the whole set, except ``cipher-list``, additional
			`configuration must be done in the client library (libpq). Anything else must`
			`be done in the PostgreSQL local configuration.`