diff --git a/doc/sphinx/arm/agent.rst b/doc/sphinx/arm/agent.rst index 090ba1ac7c..9a2369e47b 100644 --- a/doc/sphinx/arm/agent.rst +++ b/doc/sphinx/arm/agent.rst @@ -39,9 +39,9 @@ The CA processes received commands according to the following algorithm: .. note:: - The CA will be deprecated by a future Kea release: its function has - been moved to Kea servers since release 2.7.2, see the section about - migration from CA (:ref:`ctrl-channel-migration`). + The CA is deprecated: its function has been moved to Kea servers since + release 2.7.2, see the section about migration from CA + (:ref:`ctrl-channel-migration`). .. _agent-configuration: diff --git a/src/bin/agent/ca_messages.cc b/src/bin/agent/ca_messages.cc index c07dd2fdd9..090444212d 100644 --- a/src/bin/agent/ca_messages.cc +++ b/src/bin/agent/ca_messages.cc @@ -1,4 +1,4 @@ -// File created from src/bin/agent/ca_messages.mes +// File created from ../src/bin/agent/ca_messages.mes #include #include @@ -21,6 +21,7 @@ extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_UPDATED = "CTRL_AGENT_ extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED = "CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED"; extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_STARTED = "CTRL_AGENT_HTTP_SERVICE_STARTED"; extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_UPDATED = "CTRL_AGENT_HTTP_SERVICE_UPDATED"; +extern const isc::log::MessageID CTRL_AGENT_IS_DEPRECATED = "CTRL_AGENT_IS_DEPRECATED"; extern const isc::log::MessageID CTRL_AGENT_RUN_EXIT = "CTRL_AGENT_RUN_EXIT"; extern const isc::log::MessageID CTRL_AGENT_SECURITY_CHECKS_DISABLED = "CTRL_AGENT_SECURITY_CHECKS_DISABLED"; extern const isc::log::MessageID CTRL_AGENT_STARTED = "CTRL_AGENT_STARTED"; @@ -45,6 +46,7 @@ const char* values[] = { "CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED", "failed to reused HTTP service bound to address: %1 port: %2", "CTRL_AGENT_HTTP_SERVICE_STARTED", "HTTP service bound to address: %1 port: %2", "CTRL_AGENT_HTTP_SERVICE_UPDATED", "reused HTTP service bound to address: %1 port: %2", + "CTRL_AGENT_IS_DEPRECATED", "Kea Control Agent is deprecated. Its function has been moved to Kea servers.", "CTRL_AGENT_RUN_EXIT", "application is exiting the event loop", "CTRL_AGENT_SECURITY_CHECKS_DISABLED", "Invoked with command line option -X, Security checks are disabled!!", "CTRL_AGENT_STARTED", "Kea Control Agent version %1 started", diff --git a/src/bin/agent/ca_messages.h b/src/bin/agent/ca_messages.h index d0249603b7..bcd6643129 100644 --- a/src/bin/agent/ca_messages.h +++ b/src/bin/agent/ca_messages.h @@ -1,4 +1,4 @@ -// File created from src/bin/agent/ca_messages.mes +// File created from ../src/bin/agent/ca_messages.mes #ifndef CA_MESSAGES_H #define CA_MESSAGES_H @@ -22,6 +22,7 @@ extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_UPDATED; extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_REUSE_FAILED; extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_STARTED; extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_UPDATED; +extern const isc::log::MessageID CTRL_AGENT_IS_DEPRECATED; extern const isc::log::MessageID CTRL_AGENT_RUN_EXIT; extern const isc::log::MessageID CTRL_AGENT_SECURITY_CHECKS_DISABLED; extern const isc::log::MessageID CTRL_AGENT_STARTED; diff --git a/src/bin/agent/ca_messages.mes b/src/bin/agent/ca_messages.mes index b0e8adc135..3ec38f581c 100644 --- a/src/bin/agent/ca_messages.mes +++ b/src/bin/agent/ca_messages.mes @@ -82,9 +82,13 @@ This informational message indicates that the Control Agent has processed all configuration information and is ready to begin processing. The version is also printed. +% CTRL_AGENT_IS_DEPRECATED Kea Control Agent is deprecated. Its function has been moved to Kea servers. +This warning message indicates that the Control Agent has been deprecated. +All its function has been moved to Kea servers. + % CTRL_AGENT_SECURITY_CHECKS_DISABLED Invoked with command line option -X, Security checks are disabled!! This warning is emitted when internal security checks normally -performed by kea-ctrl-agent have been disabled via command line opion '-X'. +performed by kea-ctrl-agent have been disabled via command line option '-X'. This means the server is not enforcing restrictions on resource paths or permissions. This mode of operation may expose your environment to security vulnerabilities and should only be used diff --git a/src/bin/agent/ca_process.cc b/src/bin/agent/ca_process.cc index b3164ca244..f01dd97d4d 100644 --- a/src/bin/agent/ca_process.cc +++ b/src/bin/agent/ca_process.cc @@ -44,6 +44,8 @@ void CtrlAgentProcess::run() { LOG_INFO(agent_logger, CTRL_AGENT_STARTED).arg(VERSION); + LOG_WARN(agent_logger, CTRL_AGENT_IS_DEPRECATED); + if (!PathChecker::shouldEnforceSecurity()) { LOG_WARN(agent_logger, CTRL_AGENT_SECURITY_CHECKS_DISABLED); } diff --git a/src/bin/dhcp4/dhcp4_messages.mes b/src/bin/dhcp4/dhcp4_messages.mes index 332232ec25..baab461ef3 100644 --- a/src/bin/dhcp4/dhcp4_messages.mes +++ b/src/bin/dhcp4/dhcp4_messages.mes @@ -1185,7 +1185,7 @@ expected: the erroneous response is dropped, the discover query is displayed. % DHCP4_SECURITY_CHECKS_DISABLED Invoked with command line option -X, Security checks are disabled!! This warning is emitted when internal security checks normally -performed by kea-dhcp4 have been disabled via command line opion '-X'. +performed by kea-dhcp4 have been disabled via command line option '-X'. This means the server is not enforcing restrictions on resource paths or permissions. This mode of operation may expose your environment to security vulnerabilities and should only be used diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes index 6f75fe6aba..235179df7e 100644 --- a/src/bin/dhcp6/dhcp6_messages.mes +++ b/src/bin/dhcp6/dhcp6_messages.mes @@ -1162,7 +1162,7 @@ new server id. % DHCP6_SECURITY_CHECKS_DISABLED Invoked with command line option -X, Security checks are disabled!! This warning is emitted when internal security checks normally -performed by kea-dhcp6 have been disabled via command line opion '-X'. +performed by kea-dhcp6 have been disabled via command line option '-X'. This means the server is not enforcing restrictions on resource paths or permissions. This mode of operation may expose your environment to security vulnerabilities and should only be used diff --git a/src/lib/d2srv/d2_messages.mes b/src/lib/d2srv/d2_messages.mes index c3b3c42f81..35f313459e 100644 --- a/src/lib/d2srv/d2_messages.mes +++ b/src/lib/d2srv/d2_messages.mes @@ -450,7 +450,7 @@ response from a DNS server. % DHCP_DDNS_SECURITY_CHECKS_DISABLED Invoked with command line option -X, Security checks are disabled!! This warning is emitted when internal security checks normally -performed by kea-dhcp-ddns have been disabled via command line opion '-X'. +performed by kea-dhcp-ddns have been disabled via command line option '-X'. This means the server is not enforcing restrictions on resource paths or permissions. This mode of operation may expose your environment to security vulnerabilities and should only be used