[#3840] update CA default config and dhcp examples

2025-08-30 05:27:55 +00:00 · 2025-05-15 12:39:54 +03:00 · 2025-05-15 12:39:54 +03:00 · 4c6bcfa35c
commit 4c6bcfa35c
parent b8f1831af8
9 changed files with 40 additions and 14 deletions
--- a/doc/examples/kea4/all-keys-netconf.json
+++ b/doc/examples/kea4/all-keys-netconf.json
@ -542,7 +542,7 @@
            // Name of the lease file. In the case of a database it specifies the
            // database name.
-            "name": "kea-dhcp4.csv",
+            "name": "kea-leases4.csv",
            // memfile-specific parameter indicating whether leases should
            // be saved on persistent storage (disk) or not. The true value
--- a/doc/examples/kea4/all-keys.json
+++ b/doc/examples/kea4/all-keys.json
@ -542,7 +542,7 @@
            // Name of the lease file. In the case of a database it specifies the
            // database name.
-            "name": "kea-dhcp4.csv",
+            "name": "kea-leases4.csv",
            // memfile-specific parameter indicating whether leases should
            // be saved on persistent storage (disk) or not. The true value
--- a/doc/examples/kea4/dhcpv4-over-dhcpv6.json
+++ b/doc/examples/kea4/dhcpv4-over-dhcpv6.json
@ -12,7 +12,7 @@
  "lease-database": {
      "type": "memfile",
-      "name": "kea-dhcp4.csv",
+      "name": "kea-leases4.csv",
      "lfc-interval": 3600
  },
--- a/doc/examples/kea6/all-keys-netconf.json
+++ b/doc/examples/kea6/all-keys-netconf.json
@ -468,7 +468,7 @@
            // Name of the lease file. In the case of a database it specifies the
            // database name.
-            "name": "kea-dhcp6.csv",
+            "name": "kea-leases6.csv",
            // memfile-specific parameter indicating whether leases should
            // be saved on persistent storage (disk) or not. The true value
--- a/doc/examples/kea6/all-keys.json
+++ b/doc/examples/kea6/all-keys.json
@ -468,7 +468,7 @@
            // Name of the lease file. In the case of a database it specifies the
            // database name.
-            "name": "kea-dhcp6.csv",
+            "name": "kea-leases6.csv",
            // memfile-specific parameter indicating whether leases should
            // be saved on persistent storage (disk) or not. The true value
--- a/doc/examples/kea6/dhcpv4-over-dhcpv6.json
+++ b/doc/examples/kea6/dhcpv4-over-dhcpv6.json
@ -13,7 +13,7 @@
  "lease-database": {
      "type": "memfile",
-      "name": "kea-dhcp6.csv"
+      "name": "kea-leases6.csv"
  },
  "preferred-lifetime": 3000,
--- a/src/bin/dhcp4/tests/dhcp4_test_utils.cc
+++ b/src/bin/dhcp4/tests/dhcp4_test_utils.cc
@ -50,10 +50,6 @@ BaseServerTest::~BaseServerTest() {
    s2 << CfgMgr::instance().getDataDir() << "/kea-leases4.csv";
    static_cast<void>(::remove(s2.str().c_str()));
    std::ostringstream s3;
    s3 << CfgMgr::instance().getDataDir() << "/kea-dhcp4.csv";
    static_cast<void>(::remove(s3.str().c_str()));
    // Revert to original data directory.
    CfgMgr::instance().getDataDir(true, original_datadir_);
--- a/src/bin/dhcp6/tests/dhcp6_test_utils.cc
+++ b/src/bin/dhcp6/tests/dhcp6_test_utils.cc
@ -53,10 +53,6 @@ BaseServerTest::~BaseServerTest() {
    s2 << CfgMgr::instance().getDataDir() << "/kea-leases6.csv";
    static_cast<void>(::remove(s2.str().c_str()));
    std::ostringstream s3;
    s3 << CfgMgr::instance().getDataDir() << "/kea-dhcp6.csv";
    static_cast<void>(::remove(s3.str().c_str()));
    // Revert to original data directory.
    CfgMgr::instance().getDataDir(true, original_datadir_);
--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
+++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
@ -26,6 +26,40 @@
    // is specifically for HA updates only.
    "http-port": 8000,
    // Allow access only to kea-api user.
    // To make it work, please store your password in kea-api-password file.
    // Make sure the password file has sufficiently restrictive access permissions,
    // in particular it is not world-readable.
    // The basic HTTP auth offers poor security for unencrypted channels.
    // If possible, a better, stronger HTTPS mechanism should be deployed,
    // in particular when the client authentication is enabled by setting the
    // cert-required to true (the default). See trust-anchor, cert-file,
    // key-file and cert-required below. For more details read the Kea Security
    // section in the ARM.
    "authentication": {
        "type": "basic",
        "realm": "Kea Control Agent",
        "directory": "/etc/kea",
        "clients": [
            {
                "user": "kea-api",
                "password-file": "kea-api-password"
            }
        ]
    },
    // Configuration section containing HTTPS parameters:
    // TLS trust anchor (Certificate Authority). This is a file name or
    // (for OpenSSL only) a directory path.
    // "trust-anchor": "kea-server-ca",
    // TLS server certificate file name.
    // "cert-file": "kea-server-cert",
    // TLS server private key file name.
    // "key-file": "kea-server-key",
    // TLS require client certificates flag. Default is true and means
    // require client certificates. False means they are optional.
    // "cert-required": true
    // Specify location of the files to which the Control Agent
    // should connect to forward commands to the DHCPv4, DHCPv6
    // and D2 servers via unix domain sockets.