Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- linux:kea [18.10.2024 21:02. ] – [Konfigurationsoptionen für unseren DHCPv4-Daemon] django
+++ linux:kea [14.03.2025 13:17. ] (aktuell) – [Ergebniskontrolle] django
@@ Zeile 7: / Zeile 7: @@
 |< 100% 5% 8% 12% 12% 12% 12% 12% >|
-^  Subnetz \\ (ID)  ^  Subnetz \\ (Use)  ^ Subnetz Prefix\\ (global Unicast)  ^ Host\\ -       ^ IPv4\\ -         ^ Link-Local-Scope\\ -                ^ Unique-Local-Scope\\  (ULA)          ^ Global-Scope\\ (GUA)             ^
+^  Subnetz \\ (ID)  ^  Subnetz \\ (Use)  ^ Subnetz Prefix\\ (global Unicast)  ^ Host\\ -       ^ IPv4\\ -         ^ Link-Local-Scope\\ (LLA)            ^ Unique-Local-Scope\\  (ULA)          ^ Global-Scope\\ (GUA)             ^
-|  **7**            |  Intra             | 2003:a:e0d:760**7**::/64           |                |                  |                                     |                                      |                                  |
+|  **7**            |  Intra             | 2003:a:bcd:123**4**::/64           |                |                  |                                     |                                      |                                  |
-|                   |                    |                                    | //pml010073//  | ''10.0.10.73''   | ''fe80::e9a6::bb03:1544:b0000/64''  | ''fdb6:cb48:9d77:0:10:0:10:073/64''  | ''2003:a:e0d:7607:10:0:10:73''   |
+|                   |                    |                                    | //pml010073//  | ''10.0.10.73''   | ''fe80::e9a6::bb03:1544:b0000/64''  | ''fd00:dead:beef:0:10:0:10:073/64''  | ''2003:a:bcd:1234:10:0:10:73''   |
-|                   |                    |                                    | //pml010102//  | ''10.0.10.102''  | ''fe80::10:ff:fe10:102''            | ''fdb6:cb48:9d77:0:10:0:10:102/64''  | ''2003:a:e0d:7607:10:0:10:102''  |
+|                   |                    |                                    | //pml010102//  | ''10.0.10.102''  | ''fe80::10:ff:fe10:102''            | ''fdb6:dead:beef:0:10:0:10:102/64''  | ''2003:a:bcd:1234:10:0:10:102''  |
-|                   |                    |                                    | //vml010110//  | ''10.0.10.110''  | ''fe80::10:ff:fe10:110''            | ''fdb6:cb48:9d77:0:10:0:10:110/64''  | ''2003:a:e0d:7607:10:0:10:110''  |
+|                   |                    |                                    | //vml010110//  | ''10.0.10.110''  | ''fe80::10:ff:fe10:110''            | ''fdb6:dead:beef:0:10:0:10:110/64''  | ''2003:a:bcd:1234:10:0:10:110''  |
@@ Zeile 1152: / Zeile 1152: @@
 ==== Grund-Konfiguration ====
 === Firewall/Paketfilter - firewalld ===
-Bevor wir nun unseren **Kea-DHCP-Daemon** Konfigurieren und starten müssen wir natürlich sicherstellen, dass auf dem betreffendem Host auch die Kommunikationsbeziehungen entsprechend erlaubt sind.
+Bevor wir nun unseren **Kea-DHCP-Daemon** konfigurieren und starten müssen wir natürlich sicherstellen, dass auf dem betreffendem Host auch die Kommunikationsbeziehungen entsprechend erlaubt sind.
 Wie auch schon früher bei **CentOS** ab Release **7** bzw. den nachfolgenden Relaese-Kandidaten **Stream von RHEL** nutzen wir auch unter **Arch Linux** den dynamischen **[[https://firewalld.org/|firewalld]]** Service. Ein grosser Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können **//on-the-fly//** aktiviert oder auch wieder deaktiviert werden.
@@ Zeile 1180: / Zeile 1180: @@
 Werfen wir noch kurz einen Blick in die Zone **''intra''**:
-   # firewall-cmd --zone=intra --list-services
+<code> # firewall-cmd --zone=intra --list-services</code>
   dhcp dhcpv6
@@ Zeile 2192: / Zeile 2192: @@
 === Konfigurationsoptionen für unseren DHCPv6-Daemon ===
 In unserer Betriebsumgebung haben wir folgende Rahmenbedingungen für unseren DHCPv6-Server:
-  * **[[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#interface-configuration|Netzwerkinterface]]** : \\ Unser DHCPv4-Daemon soll auf den beiden Netzwerkinterface **''net0''** (**idmz**) und **''net1''** (**intra**) auf entsprechende Adressanfragen lauschen und entsprechend Adressen ausliefern.
+  * **[[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#interface-configuration|Netzwerkinterface]]** : \\ Unser DHCPv4-Daemon soll "nur" auf dem Netzwerkinterface **''net1''** (**intra**) auf entsprechende Adressanfragen lauschen und entsprechend Adressen ausliefern.
   * **[[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#management-api-for-the-dhcpv6-server|Management API]]** : \\ Die Verwaltungs-API ermöglicht die Ausgabe spezifischer Verwaltungsbefehle, wie z. B. das Abrufen von Statistiken, die Neukonfiguration oder das Herunterfahren. Die API soll unter dem **''socket-type''** = **''unix''** der unter dem Link **''socket-name''** = **''/var/lib/kea/kea6-ctrl-socket''** erreichbar sein.
-  * **[[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#memfile-basic-storage-for-leases|Leases]]** : \\ In unserer Beispielumgebung sollen die Leases unserer Clients in der Datei **''/var/lib/kea/dhcp6.leases''** vorgehalten werden. Optional wäre auch die Speicherung in einer [[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#lease-database-configuration|MariaDB bzw. mySQL-Datenbank]] oder in einer [[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#lease-database-configuration|PostgreSQL-Datenbank]] denkbar. Aber im ersten Schritt wollen wir uns mal mit einer Ablage in einer Datei begnügen. Die Lease-Time soll eine Stunde, also **''3600''** Sekunden gelten. Nach 90% der max. Lease-Time soll der Daemon sein Lease-File aufräumen **LFC**((**L**ease **F**ile **C**leanup)) durchführt werden, also nach **''3200''** Sekunden **''lfc-interval''**. Dadurch werden redundante (historische) Informationen aus der Lease-Datei entfernt und die Größe der Lease-Datei effektiv reduziert. Gibt es beim Laden des Lease-Files Fehler, soll der Server nach 100 Fehlern abbrechen und aufhören, zu versuchen die Lease-Datei zu laden.
+  * **[[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#memfile-basic-storage-for-leases|Leases]]** : \\ In unserer Beispielumgebung sollen die Leases unserer Clients in der Datei **''/var/lib/kea/dhcp6.leases''** vorgehalten werden. Optional wäre auch die Speicherung in einer [[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#lease-database-configuration|MariaDB bzw. mySQL-Datenbank]] oder in einer [[https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html#lease-database-configuration|PostgreSQL-Datenbank]] denkbar. Aber im ersten Schritt wollen wir uns mal mit einer Ablage in einer Datei begnügen. Die Lease-Time soll eine Stunde, also **''3600''** Sekunden gelten. Nach 90% der max. Lease-Time soll der Daemon sein Lease-File aufräumen **LFC**((**L**ease **F**ile **C**leanup)) durchführt werden, also nach **''3200''** Sekunden **''lfc-interval''**. Dadurch werden redundante (historische) Informationen aus der Lease-Datei entfernt und die Grösse der Lease-Datei effektiv reduziert. Gibt es beim Laden des Lease-Files Fehler, soll der Server nach 100 Fehlern abbrechen und aufhören, zu versuchen die Lease-Datei zu laden.
   * **[[https://kea.readthedocs.io/en/latest/arm/lease-expiration.html#lease-reclamation-configuration-parameters|Lease Reclamation]]** : \\ Bei der Lease Reclamation, also der Rückforderung von Leases, bei dem abgelaufene Leases zurückgefordert und so anderen Clients wieder zur Verfügung gestellt werden. Hier übernehmen wir die vorgegebenen Default-Wertev von **''reclaim-timer-wait-time''** mit **''10''**, **''flush-reclaimed-timer-wait-time''** vomn **''25''**, **''hold-reclaimed-time''** von **''3600''**, **''max-reclaim-leases''** von **''100''**, **''max-reclaim-time''** von **''250''** und **''unwarned-reclaim-cycles''** von **''5''**.
   * **[[https://kea.readthedocs.io/en/latest/arm/lease-expiration.html#lease-expiration|Lease-Timer]]** : \\ Leases sollen eine Stunde, also **''valid-lifetime''** von **''3600''** Sekunden gelten. Nach **''1800''** Sekunden - das ist die 1/2 der **''valid-lifetime''** sollen die Clients nach einer Verlängerung der Lease fragen, also setzen wir **''renew-timer''** = **''1800''**. Die Clients sollen zusätzlich alle erreichbaren DHCP-Server fragen, ob die Lease noch einmal verlängert werden kann und dies nach **90%** der **''valid-lifetime''**, also setzen wir **''rebind-timer''** = **''3200''**.
   * **[[https://kea.readthedocs.io/en/latest/arm/logging.html#logging-configuration|Logging]]** : \\ Da wir ein zentrales Logging und Auswertung mit Hilfe von **[[https://graylog.org/|Graylog]]** einsetzen, lassen wir den DHCP4-Daemon **__kein__** eigenes Logfile schreiben sondern nutzen unser zentrales syslog, welches der **''systemd-journald.service''** in unser **Journal** schreibt. Hierzu setzen wir die nötigen Parameter wie folgt: **''name''** gleich **''kea-dhcp4''**, **''output''** auf **''syslog''**, die **''severity''** gleich **''INFO''** und den **''debuglevel''** auf **''0''**.
-  * **Name-Server** : \\ Der interne DNS-Daemon ist unter der IP-Adresse **''10.0.0.27''** erreichbar.
+  * **Name-Server** : \\ Der interne DNS-Daemon ist unter der IP-Adresse **''fd00::07:10:0:10.110''** erreichbar.
   * **Domain-Name** : \\ Der Name unserer Domain lautet **''nausch.org''**.
   * **Domain-Search-Liste** : \\ Auf Domain-Search-Listen wird bewusst verzichtet, da diese ein [[https://de.wikipedia.org/wiki/Anachronismus|Anachronismus]] aus den Anfangszeiten des DNS sind und gerne alle Arten von Sicherheits- und Konfigurationsproblemen (DNSSEC, DNS64, QName-Minimization, DNS-Leakage von internen Konfigurationsdaten) erzeugen.
-  * **Time-Server** : \\ Der interne Time-Server ist unter der IP-Adresse **''10.0.0.17''** erreichbar.
+  * **Time-Server** : \\ Der interne Time-Server ist unter der IP-Adresse **''fd00::07:10:0:10.110''** erreichbar.
-  * **Subnetz** : \\ Der DHCPv4-Server ist verantwortlich für das Sub-Netz **''10.0.10.0/24''** der Zone **''intra''**
+  * **Subnetz** : \\ Der DHCPv6-Server ist verantwortlich für das Sub-Netz **''fd00:0:0:7::/64''** der Zone **''intra''**
-    * **Router** : \\ Der Default-Router ist für dieses Subnetz unter der IP-Adresse **''10.0.10.110''** erreichbar.
+    * **Time-Server** : \\ Der interne Time-Server ist bei diesem Subnetz unter der IP-Adresse **''fd00::07:10:0:10.110''** erreichbar.
-    * **Time-Server** : \\ Der interne Time-Server ist bei diesem Subnetz unter der IP-Adresse **''10.0.10.110''** erreichbar.
+    * **Name-Server** : \\ Der interne DNS-Daemon ist unter der IP-Adresse **''fd00::07:10:0:10.110''** in diesem Subnetz erreichbar.
-    * **Name-Server** : \\ Der interne DNS-Daemon ist unter der IP-Adresse **''10.0.10.110''** in diesem Subnetz erreichbar.
+    * **Pool (dynamischer Adress-Bereich)** : \\ Dynamische IP-Adressen sollen aus dem Bereich von **''fd00:0:0:7:10:0:10:300/120''** vergeben werden.
-    * **Pool (dynamischer Adress-Bereich)** : \\ Dynamische IP-Adressen sollen aus dem Bereich von **''10.0.10.230 - 10.0.10.250''** vergeben werden.
+    * **Reservierungen** : \\ Einige Hosts bekommen eine feste IP-Adresse, die der DHCP-Server an Hand der übermittelten DUID des Clients und seiner Netzwerkschnittstelle vergeben wird.
-    * **Reservierungen** : \\ Einige Hosts bekommen eine feste IP-Adresse, die der DHCP-Server an Hand der übermittelten MAC-Adresse der Netzwerkschnittstelle vergeben wird.
-  * **Subnetz** : \\ Der DHCPv4-Server ist verantwortlich für das Sub-Netz **''10.0.0.0/24''** der Zone **''idmz''**
+=== Konfigurationsdatei /etc/kea-dhcp6.conf ===
-    * **Router** : \\ Der Default-Router ist für dieses Subnetz unter der IP-Adresse **''10.0.0.210''** erreichbar.
+Bei der Installation unseres Kea-Servers wurde uns eine entsprechende Musterkonfigurations-Datei bereits mitgeliefert.
-    * **Time-Server** : \\ Der interne Time-Server ist bei diesem Subnetz unter der IP-Adresse **''10.0.0.110''** erreichbar.
+   # less /etc/kea/kea-dhcp6.conf
-    * **Name-Server** : \\ Der interne DNS-Daemon ist unter der IP-Adresse **''10.0.0.110''** in diesem Subnetz erreichbar.
-    * **Pool (dynamischer Adress-Bereich)** : \\ Da die IPv4-Adressen in der Zone **idmz** ausschließlich per **[[|Ansible]]** statisch vergeben werden, gibt es hier keinen dynamischen Adresspool!
+++++ /etc/kea/kea-dhcp6.conf |
-    * **Reservierungen** : \\ Einige Hosts bekommen eine feste IP-Adresse, die der DHCP-Server an Hand der übermittelten MAC-Adresse der Netzwerkschnittstelle vergeben wird.
+<file java /etc/kea/kea-dhcp6.conf>// This is a basic configuration for the Kea DHCPv6 server. Subnet declarations
+// are mostly commented out and no interfaces are listed. Therefore, the servers
+// will not listen or respond to any queries.
+// The basic configuration must be extended to specify interfaces on which
+// the servers should listen. There are a number of example options defined.
+// These probably don't make any sense in your network. Make sure you at least
+// update the following, before running this example in your network:
+// - change the network interface names
+// - change the subnets to match your actual network
+// - change the option values to match your network
+//
+// This is just a very basic configuration. Kea comes with large suite (over 30)
+// of configuration examples and extensive Kea User's Guide. Please refer to
+// those materials to get better understanding of what this software is able to
+// do. Comments in this configuration file sometimes refer to sections for more
+// details. These are section numbers in Kea User's Guide. The version matching
+// your software should come with your Kea package, but it is also available
+// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
+// the stable version is https://kea.readthedocs.io/).
+//
+// This configuration file contains only DHCPv6 server's configuration.
+// If configurations for other Kea services are also included in this file they
+// are ignored by the DHCPv6 server.
+{
+// DHCPv6 configuration starts here. This section will be read by DHCPv6 server
+// and will be ignored by other components.
+"Dhcp6": {
+    // Add names of your network interfaces to listen on.
+    "interfaces-config": {
+        // You typically want to put specific interface names here, e.g. eth0
+        // but you can also specify unicast addresses (e.g. eth0/2001:db8::1) if
+        // you want your server to handle unicast traffic in addition to
+        // multicast. (DHCPv6 is a multicast based protocol).
+        "interfaces": [ ]
+    },
+    // Kea supports control channel, which is a way to receive management commands
+    // while the server is running. This is a Unix domain socket that receives
+    // commands formatted in JSON, e.g. config-set (which sets new configuration),
+    // config-reload (which tells Kea to reload its configuration from file),
+    // statistic-get (to retrieve statistics) and many more. For detailed
+    // description, see Sections 9.12, 16 and 15.
+    "control-socket": {
+        "socket-type": "unix",
+        "socket-name": "/tmp/kea6-ctrl-socket"
+    },
+    // Use Memfile lease database backend to store leases in a CSV file.
+    // Depending on how Kea was compiled, it may also support SQL databases
+    // (MySQL and/or PostgreSQL). Those database backends require more
+    // parameters, like name, host and possibly user and password.
+    // There are dedicated examples for each backend. See Section 8.2.2 "Lease
+    // Storage" for details.
+    "lease-database": {
+        // Memfile is the simplest and easiest backend to use. It's an in-memory
+        // C++ database that stores its state in CSV file.
+        "type": "memfile",
+        "lfc-interval": 3600
+    },
+    // Kea allows storing host reservations in a database. If your network is
+    // small or you have few reservations, it's probably easier to keep them
+    // in the configuration file. If your network is large, it's usually better
+    // to use database for it. To enable it, uncomment the following:
+    // "hosts-database": {
+    //     "type": "mysql",
+    //     "name": "kea",
+    //     "user": "kea",
+    //     "password": "kea",
+    //     "host": "localhost",
+    //     "port": 3306
+    // },
+    // See Section 8.2.3 "Hosts storage" for details.
+    // Setup reclamation of the expired leases and leases affinity.
+    // Expired leases will be reclaimed every 10 seconds. Every 25
+    // seconds reclaimed leases, which have expired more than 3600
+    // seconds ago, will be removed. The limits for leases reclamation
+    // are 100 leases or 250 ms for a single cycle. A warning message
+    // will be logged if there are still expired leases in the
+    // database after 5 consecutive reclamation cycles.
+    // If both "flush-reclaimed-timer-wait-time" and "hold-reclaimed-time" are
+    // not 0, when the client sends a release message the lease is expired
+    // instead of being deleted from the lease storage.
+    "expired-leases-processing": {
+        "reclaim-timer-wait-time": 10,
+        "flush-reclaimed-timer-wait-time": 25,
+        "hold-reclaimed-time": 3600,
+        "max-reclaim-leases": 100,
+        "max-reclaim-time": 250,
+        "unwarned-reclaim-cycles": 5
+    },
+    // These parameters govern global timers. Addresses will be assigned with
+    // preferred and valid lifetimes being 3000 and 4000, respectively. Client
+    // is told to start renewing after 1000 seconds. If the server does not
+    // respond after 2000 seconds since the lease was granted, a client is
+    // supposed to start REBIND procedure (emergency renewal that allows
+    // switching to a different server).
+    "renew-timer": 1000,
+    "rebind-timer": 2000,
+    "preferred-lifetime": 3000,
+    "valid-lifetime": 4000,
+    // These are global options. They are going to be sent when a client requests
+    // them, unless overwritten with values in more specific scopes. The scope
+    // hierarchy is:
+    // - global
+    // - subnet
+    // - class
+    // - host
+    //
+    // Not all of those options make sense. Please configure only those that
+    // are actually useful in your network.
+    //
+    // For a complete list of options currently supported by Kea, see
+    // Section 8.2.9 "Standard DHCPv6 Options". Kea also supports
+    // vendor options (see Section 7.2.10) and allows users to define their
+    // own custom options (see Section 7.2.9).
+    "option-data": [
+        // When specifying options, you typically need to specify
+        // one of (name or code) and data. The full option specification
+        // covers name, code, space, csv-format and data.
+        // space defaults to "dhcp6" which is usually correct, unless you
+        // use encapsulate options. csv-format defaults to "true", so
+        // this is also correct, unless you want to specify the whole
+        // option value as long hex string. For example, to specify
+        // domain-name-servers you could do this:
+        // {
+        //     "name": "dns-servers",
+        //     "code": 23,
+        //     "csv-format": "true",
+        //     "space": "dhcp6",
+        //     "data": "2001:db8:2::45, 2001:db8:2::100"
+        // }
+        // but it's a lot of writing, so it's easier to do this instead:
+        {
+            "name": "dns-servers",
+            "data": "2001:db8:2::45, 2001:db8:2::100"
+        },
+        // Typically people prefer to refer to options by their names, so they
+        // don't need to remember the code names. However, some people like
+        // to use numerical values. For example, DHCPv6 can optionally use
+        // server unicast communication, if extra option is present. Option
+        // "unicast" uses option code 12, so you can reference to it either
+        // by "name": "unicast" or "code": 12. If you enable this option,
+        // you really should also tell the server to listen on that address
+        // (see interfaces-config/interfaces list above).
+        {
+            "code": 12,
+            "data": "2001:db8::1"
+        },
+        // String options that have a comma in their values need to have
+        // it escaped (i.e. each comma is preceded by two backslashes).
+        // That's because commas are reserved for separating fields in
+        // compound options. At the same time, we need to be conformant
+        // with JSON spec, that does not allow "\,". Therefore the
+        // slightly uncommon double backslashes notation is needed.
+        // Legal JSON escapes are \ followed by "\/bfnrt character
+        // or \u followed by 4 hexadecimal numbers (currently Kea
+        // supports only \u0000 to \u00ff code points).
+        // CSV processing translates '\\' into '\' and '\,' into ','
+        // only so for instance '\x' is translated into '\x'. But
+        // as it works on a JSON string value each of these '\'
+        // characters must be doubled on JSON input.
+        {
+            "name": "new-posix-timezone",
+            "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
+        },
+        // Options that take integer values can either be specified in
+        // dec or hex format. Hex format could be either plain (e.g. abcd)
+        // or prefixed with 0x (e.g. 0xabcd).
+        {
+            "name": "preference",
+            "data": "0xf0"
+        },
+        // A few options are encoded in (length, string) tuples
+        // which can be defined using only strings as the CSV
+        // processing computes lengths.
+        {
+            "name": "bootfile-param",
+            "data": "root=/dev/sda2, quiet, splash"
+        }
+    ],
+    // Another thing possible here are hooks. Kea supports a powerful mechanism
+    // that allows loading external libraries that can extract information and
+    // even influence how the server processes packets. Those libraries include
+    // additional forensic logging capabilities, ability to reserve hosts in
+    // more flexible ways, and even add extra commands. For a list of available
+    // hook libraries, see https://gitlab.isc.org/isc-projects/kea/wikis/Hooks-available.
+    // "hooks-libraries": [
+    //   {
+    //       // Forensic Logging library generates forensic type of audit trail
+    //       // of all devices serviced by Kea, including their identifiers
+    //       // (like MAC address), their location in the network, times
+    //       // when they were active etc.
+    //       "library": "/usr/lib/kea/hooks/libdhcp_legal_log.so",
+    //       "parameters": {
+    //           "path": "/var/lib/kea",
+    //           "base-name": "kea-forensic6"
+    //       }
+    //   },
+    //   {
+    //       // Flexible identifier (flex-id). Kea software provides a way to
+    //       // handle host reservations that include addresses, prefixes,
+    //       // options, client classes and other features. The reservation can
+    //       // be based on hardware address, DUID, circuit-id or client-id in
+    //       // DHCPv4 and using hardware address or DUID in DHCPv6. However,
+    //       // there are sometimes scenario where the reservation is more
+    //       // complex, e.g. uses other options that mentioned above, uses part
+    //       // of specific options or perhaps even a combination of several
+    //       // options and fields to uniquely identify a client. Those scenarios
+    //       // are addressed by the Flexible Identifiers hook application.
+    //       "library": "/usr/lib/kea/hooks/libdhcp_flex_id.so",
+    //       "parameters": {
+    //           "identifier-expression": "relay6[0].option[37].hex"
+    //       }
+    //   }
+    // ],
+    // Below an example of a simple IPv6 subnet declaration. Uncomment to enable
+    // it. This is a list, denoted with [ ], of structures, each denoted with
+    // { }. Each structure describes a single subnet and may have several
+    // parameters. One of those parameters is "pools" that is also a list of
+    // structures.
+    "subnet6": [
+        {
+            // This defines the whole subnet. Kea will use this information to
+            // determine where the clients are connected. This is the whole
+            // subnet in your network.
+            // Subnet identifier should be unique for each subnet.
+            "id": 1,
+            // This is mandatory parameter for each subnet.
+            "subnet": "2001:db8:1::/64",
+            // Pools define the actual part of your subnet that is governed
+            // by Kea. Technically this is optional parameter, but it's
+            // almost always needed for DHCP to do its job. If you omit it,
+            // clients won't be able to get addresses, unless there are
+            // host reservations defined for them.
+            "pools": [ { "pool": "2001:db8:1::/80" } ],
+            // Kea supports prefix delegation (PD). This mechanism delegates
+            // whole prefixes, instead of single addresses. You need to specify
+            // a prefix and then size of the delegated prefixes that it will
+            // be split into. This example below tells Kea to use
+            // 2001:db8:1::/56 prefix as pool and split it into /64 prefixes.
+            // This will give you 256 (2^(64-56)) prefixes.
+            "pd-pools": [
+                {
+                    "prefix": "2001:db8:8::",
+                    "prefix-len": 56,
+                    "delegated-len": 64
+                    // Kea also supports excluded prefixes. This advanced option
+                    // is explained in Section 9.2.9. Please make sure your
+                    // excluded prefix matches the pool it is defined in.
+                    // "excluded-prefix": "2001:db8:8:0:80::",
+                    // "excluded-prefix-len": 72
+                }
+            ],
+            "option-data": [
+                // You can specify additional options here that are subnet
+                // specific. Also, you can override global options here.
+                {
+                    "name": "dns-servers",
+                    "data": "2001:db8:2::dead:beef, 2001:db8:2::cafe:babe"
+                }
+            ],
+            // Host reservations can be defined for each subnet.
+            //
+            // Note that reservations are subnet-specific in Kea. This is
+            // different than ISC DHCP. Keep that in mind when migrating
+            // your configurations.
+            "reservations": [
+                // This is a simple host reservation. The host with DUID matching
+                // the specified value will get an address of 2001:db8:1::100.
+                {
+                    "duid": "01:02:03:04:05:0A:0B:0C:0D:0E",
+                    "ip-addresses": [ "2001:db8:1::100" ]
+                },
+                // This is similar to the previous one, but this time the
+                // reservation is done based on hardware/MAC address. The server
+                // will do its best to extract the hardware/MAC address from
+                // received packets (see 'mac-sources' directive for
+                // details). This particular reservation also specifies two
+                // extra options to be available for this client. If there are
+                // options with the same code specified in a global, subnet or
+                // class scope, the values defined at host level take
+                // precedence.
+                {
+                    "hw-address": "00:01:02:03:04:05",
+                    "ip-addresses": [ "2001:db8:1::101" ],
+                    "option-data": [
+                        {
+                            "name": "dns-servers",
+                            "data": "3000:1::234"
+                        },
+                        {
+                            "name": "nis-servers",
+                            "data": "3000:1::234"
+                        }],
+                    // This client will be automatically added to certain
+                    // classes.
+                    "client-classes": [ "special_snowflake", "office" ]
+                },
+                // This is a bit more advanced reservation. The client with the
+                // specified DUID will get a reserved address, a reserved prefix
+                // and a hostname.  This reservation is for an address that it
+                // not within the dynamic pool.  Finally, this reservation
+                // features vendor specific options for CableLabs, which happen
+                // to use enterprise-id 4491. Those particular values will be
+                // returned only to the client that has a DUID matching this
+                // reservation.
+                {
+                    "duid": "01:02:03:04:05:06:07:08:09:0A",
+                    "ip-addresses": [ "2001:db8:1:0:cafe::1" ],
+                    "prefixes": [ "2001:db8:2:abcd::/64" ],
+                    "hostname": "foo.example.com",
+                    "option-data": [
+                        {
+                            "name": "vendor-opts",
+                            "data": "4491"
+                        },
+                        {
+                            "name": "tftp-servers",
+                            "space": "vendor-4491",
+                            "data": "3000:1::234"
+                        }
+                    ]
+                },
+                // This reservation is using flexible identifier. Instead of
+                // relying on specific field, sysadmin can define an expression
+                // similar to what is used for client classification,
+                // e.g. substring(relay[0].option[17],0,6). Then, based on the
+                // value of that expression for incoming packet, the reservation
+                // is matched.  Expression can be specified either as hex or
+                // plain text using single quotes.
+                // Note: flexible identifier requires flex_id hook library to be
+                // loaded to work.
+                {
+                    "flex-id": "'somevalue'",
+                    "ip-addresses": [ "2001:db8:1:0:cafe::2" ]
+                }
+            ]
+        }
+        // More subnets can be defined here.
+        //      {
+        //          "subnet": "2001:db8:2::/64",
+        //          "pools": [ { "pool": "2001:db8:2::/80" } ]
+        //      },
+        //      {
+        //          "subnet": "2001:db8:3::/64",
+        //          "pools": [ { "pool": "2001:db8:3::/80" } ]
+        //      },
+        //      {
+        //          "subnet": "2001:db8:4::/64",
+        //          "pools": [ { "pool": "2001:db8:4::/80" } ]
+        //      }
+    ],
+    // Client-classes can be defined here. See "client-classes" in Dhcp4 for
+    // an example.
+    // DDNS information (how the DHCPv6 component can reach a DDNS daemon)
+    // Logging configuration starts here. Kea uses different loggers to log various
+    // activities. For details (e.g. names of loggers), see Chapter 18.
+    "loggers": [
+    {
+        // This specifies the logging for kea-dhcp6 logger, i.e. all logs
+        // generated by Kea DHCPv6 server.
+        "name": "kea-dhcp6",
+        "output-options": [
+            {
+                // Specifies the output file. There are several special values
+                // supported:
+                // - stdout (prints on standard output)
+                // - stderr (prints on standard error)
+                // - syslog (logs to syslog)
+                // - syslog:name (logs to syslog using specified name)
+                // Any other value is considered a name of the file
+                "output": "/var/log/kea-dhcp6.log"
+                // Shorter log pattern suitable for use with systemd,
+                // avoids redundant information
+                // "pattern": "%-5p %m\n",
+                // This governs whether the log output is flushed to disk after
+                // every write.
+                // "flush": false,
+                // This specifies the maximum size of the file before it is
+                // rotated.
+                // "maxsize": 1048576,
+                // This specifies the maximum number of rotated files to keep.
+                // "maxver": 8
+            }
+        ],
+        // This specifies the severity of log messages to keep. Supported values
+        // are: FATAL, ERROR, WARN, INFO, DEBUG
+        "severity": "INFO",
+        // If DEBUG level is specified, this value is used. 0 is least verbose,
+        // 99 is most verbose. Be cautious, Kea can generate lots and lots
+        // of logs if told to do so.
+        "debuglevel": 0
+    }
+  ]
+}
+}</file>
+++++
+Bevor wir nun aber unseren Kea-DHCPv6-Daemon individuell nach unseren Bedürfnissen hin anpassen, werden wir zunächst die im Paket mitgelieferte Original-Konfigurationsdatei **''/etc/kea/kea-dhcp6.conf''** für spätere Referenzen sichern.
+   # cp -a /etc/kea/kea-dhcp6.conf /etc/kea/kea-dhcp6.conf.orig
+So können wir später bei etwaigen Bedarf Vergleiche zur originalen Konfigurationsdatei mit einer neuen Version bei einem Update des KEA-Paketes anstreben, wie in diesem Beispiel hier:
+   # vimdiff /etc/kea/kea-dhcp6.conf.orig /etc/kea/kea-dhcp6.conf.pacnew
+{{ :linux:kea_vimdiff.png?nolink&900 |Bild: Bildschirmharcopy des Aufgrufes 'vimdiff /etc/kea/kea-dhcp6.conf.orig /etc/kea/kea-dhcp6.conf.pacnew'}}
+Aus den oben genannten Konfigurationsparametern erstellen wir uns nun eine entsprechende Konfigurationsdatei **''/etc/kea/kea-dhcp6.conf''** für unseren Kea-DHCPv4-Daemon.
+   # vim /etc/kea/kea-dhcp6.conf
+<file java /etc/kea/kea-dhcp6.conf>// This is our basic configuration for the Kea DHCPv6 server. See section
+// 9.2 DHCPv6 Server Configuration for detailed informations. the direct link
+// for the stable version is https://kea.readthedocs.io/).
+//
+// This configuration file contains only DHCPv6 server's configuration.
+// If configurations for other Kea services are also included in this file they
+// are ignored by the DHCPv6 server.
+//
+// DHCPv6 configuration starts here. This section will be read by DHCPv6 server
+// and will be ignored by other components.
+{
+  "Dhcp6": {
+    // See section 9.2.4 Interface Configuration for more details:
+    "interfaces-config": {
+      "interfaces": [ "eth1" ]
+    },
+    // Kea supports control channel, which is a way to receive management
+    // commands while the server is running. For detailed description,
+    // see Sections 9.14.
+    "control-socket": {
+      "socket-type": "unix",
+      "socket-name": "/var/lib/kea/kea6-ctrl-socket"
+    },
+    // Use Memfile lease database backend to store leases in a CSV file.
+    //  See Section 9.2.2.1 Memfile - Basic Storage for Leases
+    "lease-database": {
+      "type": "memfile",
+      "persist": true,
+      "name": "/var/lib/kea/kea-leases6.csv",
+      "lfc-interval": 3200,
+      "max-row-errors": 100
+    },
+    // Setup reclamation of the expired leases and leases affinity.
+    // See section 11. Lease Expiration for more and detailed informations.
+    "expired-leases-processing": {
+      "reclaim-timer-wait-time": 10,
+      "flush-reclaimed-timer-wait-time": 25,
+      "hold-reclaimed-time": 3600,
+      "max-reclaim-leases": 100,
+      "max-reclaim-time": 250,
+      "unwarned-reclaim-cycles": 5
+    },
+    // Global timers specified here apply to all subnets, unless there are
+    // subnet specific values defined in particular subnets. See section
+    // 9.2.1. Introduction.
+    "valid-lifetime": 3600,
+    "renew-timer": 1800,
+    "rebind-timer": 3200,
+    "preferred-lifetime": 3000,
+    // Many additional parameters can be specified here. Alle datails will be
+    // found in following sections:
+    // - 9.2.11. Standard DHCPv6 Options
+    // - 9.2.14. Custom DHCPv4 Options
+    // - 9.2.15. DHCPv6 Vendor-Specific Options
+    // - 9.2.16. Nested DHCPv6 Options (Custom Option Spaces)
+    // - 9.2.17. Unspecified Parameters for DHCPv6 Option Configuration
+    //
+    // For a complete list of options currently supported by Kea, see
+    // Section 9.2.11 "Standard DHCPv6 Options". Kea also supports
+    // vendor options (see Section 7.2.10) and allows users to define their
+    // own custom options (see Section 7.2.9).
+    "option-data": [
+      // Domain-Name-Server:
+      {
+        "name": "dns-servers",
+        "data": "fd00:0:0:7:10:0:10:110"
+      },
+      // Domain-Search-Liste:
+      {
+        "name": "domain-search",
+        "data": "nausch.org"
+      }
+    ],
+    // Finally, we list the subnets from which we will be leasing addresses.
+    // See section 9.2.5 IPv6 Subnet Identifier and the following sections
+    // for more details.
+    "subnet6": [
+      {
+        "interface": "eth1",
+        // This defines the whole subnet. Kea will use this information to
+        // determine where the clients are connected. This is the whole
+        // subnet in your network.
+        // Subnet identifier should be unique for each subnet.
+        // Subnet identifier for zone intra
+        "id": 62,
+        // This is mandatory parameter for each subnet.
+        "subnet": "fd00:0:0:7::/64",
+        // Pools define the actual part of your subnet that is governed
+        // by Kea.
+        "pools": [ { "pool": "fd00:0:0:7:10:0:10:300/120" } ],
+        "option-data": [
+          // You can specify additional options here that are subnet
+          // specific. Also, you can override global options here.
+          {
+            "name": "dns-servers",
+            "data": "fd00:0:0:7:10:0:10:110"
+          },
+          {
+            "name": "sntp-servers",
+            "data": "fd00:0:0:7:10:0:10:110"
+          }
+        ],
+        // Host reservations can be defined for each subnet.
+        // Note that reservations are subnet-specific in Kea. This is
+        // different than ISC DHCP. Keep that in mind when migrating
+        // your configurations.
+        "reservations": [
+          // This are the reservations for specific DUID matchings.
+          // "MNSS (C7)"
+          {
+            "duid": "00:03:00:01:ac:1f:6b:00:d3:9b",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:2" ],
+            "hostname": "pml010002.intra.nausch.org"
+          },
+          // "WLAN Router Trendnet TEW-826DAP"
+          {
+            "duid": "00:03:00:01:d8:eb:97:33:48:62",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:3" ],
+            "hostname": "pnc010003.intra.nausch.org"
+          },
+          // "Netzwerkswitch TP-Link T1600G-52PS (UG)"
+          {
+            "duid": "00:03:00:01:64:66:b3:c9:98:7c",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:6" ],
+            "hostname": "pnc010006.intra.nausch.org"
+          },
+          // "Netzwerkswitch Netgear GS308E (DG)"
+          {
+            "duid": "00:03:00:01:6c:cd:d6:b8:52:be",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:7" ],
+            "hostname": "pnc010007.intra.nausch.org"
+          },
+          // "TecVDR (19 Zoll Tischgerät)"
+          {
+            "duid": "00:03:00:01:00:0b:6a:32:32:95",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:100" ],
+            "hostname": "pml010100.intra.nausch.org"
+          },
+          // "MNSS (ArchLinux)"
+          {
+            "duid": "00:02:00:00:ab:11:3e:4a:0e:2c:c1:5b:e2:64",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:102" ],
+            "hostname": "pml010102.intra.nausch.org"
+          },
+          // "ArchLinux FWC"
+          {
+            "duid": "00:03:00:01:52:54:00:41:11:02",
+            "ip-addresses": [ "fd00::7:10:0:10:110" ],
+            "hostname": "vml010110.intra.nausch.org"
+          }
+        ]
+      }
+    ],
+    // Logging configuration starts here. Kea uses different loggers to log various
+    //# activities. For details (e.g. names of loggers), see Chapter 19.
+    "loggers": [
+      {
+        // This specifies the logging for kea-dhcp6 logger, i.e. all logs
+        // generated by Kea DHCPv6 server.
+        "name": "kea-dhcp6",
+        "output_options": [
+          {
+            // Specifies the output file. There are several special values
+            // supported:
+            // - stdout (prints on standard output)
+            // - stderr (prints on standard error)
+            // - syslog (logs to syslog)
+            // - syslog:name (logs to syslog using specified name)
+            // Any other value is considered a name of the file
+            "output": "syslog"
+          }
+        ],
+        // This specifies the severity of log messages to keep. Supported values
+        // are: FATAL, ERROR, WARN, INFO, DEBUG
+        "severity": "INFO",
+        // If DEBUG level is specified, this value is used. 0 is least verbose,
+        // 99 is most verbose. Be cautious, Kea can generate lots and lots
+        // of logs if told to do so.
+        "debuglevel": 0
+      }
+    ]
+  }
+}</file>
+Wollen wir die Kondfigurationsdate ohne die Kommentare sehen, grep'en wir einfach entsprechend danach.
+   # grep -Ev '(^.*//|^$)' /etc/kea/kea-dhcp6.conf
+++++ Beispielkonfigurationsdatei ohne Kommentare |
+<file java /etc/kea/kea-dhcp6.conf>{
+  "Dhcp6": {
+    "interfaces-config": {
+      "interfaces": [ "eth1" ]
+    },
+    "control-socket": {
+      "socket-type": "unix",
+      "socket-name": "/var/lib/kea/kea6-ctrl-socket"
+    },
+    "lease-database": {
+      "type": "memfile",
+      "persist": true,
+      "name": "/var/lib/kea/kea-leases6.csv",
+      "lfc-interval": 3200,
+      "max-row-errors": 100
+    },
+    "expired-leases-processing": {
+      "reclaim-timer-wait-time": 10,
+      "flush-reclaimed-timer-wait-time": 25,
+      "hold-reclaimed-time": 3600,
+      "max-reclaim-leases": 100,
+      "max-reclaim-time": 250,
+      "unwarned-reclaim-cycles": 5
+    },
+    "valid-lifetime": 3600,
+    "renew-timer": 1800,
+    "rebind-timer": 3200,
+    "preferred-lifetime": 3000,
+    "option-data": [
+      {
+        "name": "dns-servers",
+        "data": "fd00:0:0:7:10:0:10:110"
+      },
+      {
+        "name": "domain-search",
+        "data": "nausch.org"
+      }
+    ],
+    "subnet6": [
+      {
+        "interface": "eth1",
+        "id": 62,
+        "subnet": "fd00:0:0:7::/64",
+        "pools": [ { "pool": "fd00:0:0:7:10:0:10:300/120" } ],
+        "option-data": [
+          {
+            "name": "dns-servers",
+            "data": "fd00:0:0:7:10:0:10:110"
+          },
+          {
+            "name": "sntp-servers",
+            "data": "fd00:0:0:7:10:0:10:110"
+          }
+        ],
+        "reservations": [
+          {
+            "duid": "00:03:00:01:ac:1f:6b:00:d3:9b",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:2" ],
+            "hostname": "pml010002.intra.nausch.org"
+          },
+          {
+            "duid": "00:03:00:01:d8:eb:97:33:48:62",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:3" ],
+            "hostname": "pnc010003.intra.nausch.org"
+          },
+          {
+            "duid": "00:03:00:01:64:66:b3:c9:98:7c",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:6" ],
+            "hostname": "pnc010006.intra.nausch.org"
+          },
+          {
+            "duid": "00:03:00:01:6c:cd:d6:b8:52:be",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:7" ],
+            "hostname": "pnc010007.intra.nausch.org"
+          },
+          {
+            "duid": "00:03:00:01:00:0b:6a:32:32:95",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:100" ],
+            "hostname": "pml010100.intra.nausch.org"
+          },
+          {
+            "duid": "00:02:00:00:ab:11:3e:4a:0e:2c:c1:5b:e2:64",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:102" ],
+            "hostname": "pml010102.intra.nausch.org"
+          },
+          {
+            "duid": "00:03:00:01:52:54:00:41:11:02",
+            "ip-addresses": [ "fd00::7:10:0:10:110" ],
+            "hostname": "vml010110.intra.nausch.org"
+          }
+        ]
+      }
+    ],
+    "loggers": [
+      {
+        "name": "kea-dhcp6",
+        "output_options": [
+          {
+            "output": "syslog"
+          }
+        ],
+        "severity": "INFO",
+        "debuglevel": 0
+      }
+    ]
+  }
+}</file>
+++++
+Bevor wir nun unseren **kea-dhcp6**-Daemon starten, führen wir noch einen Konfigurationstest durch. Wir prüfen also nun die Konfigurationsdatei unseres **kea-dhcp6** auf syntaktische Fehler.
+   # kea-dhcp6 -t /etc/kea/kea-dhcp6.conf
+<code>2024-10-19 11:42:46.735 INFO  [kea-dhcp6.hosts/13028.126477756442496] HOSTS_BACKENDS_REGISTERED the following host backend types are available: mysql postgresql
+-10-19 11:42:46.736 WARN  [kea-dhcp6.dhcpsrv/13028.126477756442496] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
+-10-19 11:42:46.736 WARN  [kea-dhcp6.dhcp6/13028.126477756442496] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
+-10-19 11:42:46.736 INFO  [kea-dhcp6.dhcpsrv/13028.126477756442496] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd00:0:0:7::/64 with params: t1=1800, t2=3200, preferred-lifetime=3000, valid-lifetime=3600, rapid-commit is false
+-10-19 11:42:46.738 INFO  [kea-dhcp6.dhcpsrv/13028.126477756442496] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
+-10-19 11:42:46.738 INFO  [kea-dhcp6.dhcpsrv/13028.126477756442496] DHCPSRV_CFGMGR_ADD_IFACE listening on interface eth1</code>
+=== Start des kea-dhcp6 ===
+Nun können wir beruhigt und guten Mutes unseren **kea-dhcp6** Daemon starten.
+   # systemctl start kea-dhcp6.service
+Im **Journal** wir der Start entsprechend dokumentiert.
+<html><pre class="code">Oct 19 11:49:48 vml000110 systemd[1]: Started ISC Kea IPv6 DHCP daemon.
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: 2024-10-19 11:49:49.027 INFO  [kea-dhcp6.dhcp6/13092.138845348149120] DHCP6_STARTING Kea DHCPv6 server version 2.6.1 (stable) starting
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: 2024-10-19 11:49:49.030 INFO  [kea-dhcp6.commands/13092.138845348149120] COMMAND_RECEIVED Received command 'config-set'
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.hosts.138845348149120] HOSTS_BACKENDS_REGISTERED the following host backend types are available: mysql postgresql
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: <font style="color: rgb(201, 214, 95)"><b>WARN  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.</b></font>
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: <font style="color: rgb(201, 214, 95)"><b>WARN  [kea-dhcp6.dhcp6.138845348149120] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.</b></font>
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd00:0:0:7::/64 with params: t1=1800, t2=3200, preferred-lifetime=3000, valid-lifetime=3600, rapid-commit is false
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_ADD_IFACE listening on interface eth1
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.commands.138845348149120] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/lib/kea/kea6-ctrl-socket
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845348149120] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_DB opening memory file lease database: lfc-interval=3200 max-row-errors=100 name=/var/lib/kea/kea-leases6.csv persist=true type=memfile universe=6
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/kea-leases6.csv.2
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/kea-leases6.csv
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 13 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3200 sec
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845348149120] DHCP6_USING_SERVERID server is using server-id 00:01:00:01:2d:c7:a3:0e:52:54:00:41:11:01 and stores in the file /var/lib/kea/kea-dhcp6-serverid
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet fd00:0:0:7::/64
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet fd00:0:0:7::/64
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet fd00:0:0:7::/64
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: <font style="color: rgb(201, 214, 95)"><b>WARN  [kea-dhcp6.dhcp6.138845348149120] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64</b></font>
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845348149120] DHCP6_STARTED Kea DHCPv6 server version 2.6.1 started</pre>
+</html>
+Bei Bedarf können wir natürlich auch den Status unseres Daemons jederzeit abfragen.
+   # systemctl status kea-dhcp6.service
+<html><pre class="code">
+<font style="color: rgb(29, 180, 29)"><b>●</b></font> kea-dhcp6.service - ISC Kea IPv6 DHCP daemon
+     Loaded: loaded (/usr/lib/systemd/system/kea-dhcp6.service; </font><font style="color: rgb(29, 180, 29)"><b>enabled</b></font>; preset: <font style="color: rgb(201, 214, 95)"><b>disabled</b></font>)
+   Active:<font style="color: rgb(29, 180, 29)"><b>active (running)</b></font> since Sat 2024-10-19 11:49:48 CEST; 3min 16s ago
+ Invocation: 0d82ea986a164eea91930cafef01d523
+       Docs: man:kea-dhcp6(8)
+   Main PID: 13092 (kea-dhcp6)
+      Tasks: 9 (limit: 9510)
+     Memory: 3M (peak: 3.5M)
+        CPU: 66ms
+     CGroup: /system.slice/kea-dhcp6.service
+             └─13092 /usr/bin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: <font style="color: rgb(201, 214, 95)"><b>WARN  [kea-dhcp4.dhcp4.136533820646528] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64</b></font>
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845348149120] DHCP6_STARTED Kea DHCPv6 server version 2.6.1 started
+Oct 19 11:50:00 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845313959616] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:29:0f:e9:34:b8:27:eb:b2:56:1f], [no hwaddr info], tid=0x3e3337
+Oct 19 11:50:00 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.packets.138845313959616] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:29:0f:e9:34:b8:27:eb:b2:56:1f], [no hwaddr info], tid=0x3e3337: RENEW (type 5) received from fe80::a112:c604:f325:26dc to ff02::1:2 on interface eth1
+Oct 19 11:50:00 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.leases.138845313959616] DHCP6_LEASE_RENEW duid=[00:01:00:01:29:0f:e9:34:b8:27:eb:b2:56:1f], [no hwaddr info], tid=0x3e3337: lease for address fd00::7:10:0:10:36 and iaid=3957113288 has been allocated
+Oct 19 11:50:00 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.packets.138845313959616] DHCP6_PACKET_SEND duid=[00:01:00:01:29:0f:e9:34:b8:27:eb:b2:56:1f], [no hwaddr info], tid=0x3e3337: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::a112:c604:f325:26dc]:546 on interface eth1
+Oct 19 11:51:52 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845305566912] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:1c:ed:6f:bb:f3:9f], [no hwaddr info], tid=0xd5b5b1
+Oct 19 11:51:52 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.packets.138845305566912] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:1c:ed:6f:bb:f3:9f], [no hwaddr info], tid=0xd5b5b1: RENEW (type 5) received from fe80::1eed:6fff:febb:f39f to ff02::1:2 on interface eth1
+Oct 19 11:51:52 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.leases.138845305566912] DHCP6_LEASE_RENEW duid=[00:03:00:01:1c:ed:6f:bb:f3:9f], [no hwaddr info], tid=0xd5b5b1: lease for address fd00::7:10:0:10:5 and iaid=1874588575 has been allocated
+Oct 19 11:51:52 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.packets.138845305566912] DHCP6_PACKET_SEND duid=[00:03:00:01:1c:ed:6f:bb:f3:9f], [no hwaddr info], tid=0xd5b5b1: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::1eed:6fff:febb:f39f]:546 on interface eth1
+</pre></html>
+Verbindet sich nun ein uns unbekannter Host und kontaktiert unseren **kea-dhcp6**-Daemon wird der erfolgreiche Handshake im **Journal** protokolliert.
+   # journalctl -fu kea-dhcp6
+<code>Oct 19 12:10:53 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.dhcp6.136335342069440] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37], [no hwaddr info], tid=0x86bd1b
+Oct 19 12:10:53 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.packets.136335342069440] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37], [no hwaddr info], tid=0x86bd1b: RENEW (type 5) received from fe80::9ae3:7d16:5806:aff0 to ff02::1:2 on interface eth1
+Oct 19 12:10:53 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.leases.136335342069440] DHCP6_LEASE_RENEW duid=[00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37], [no hwaddr info], tid=0x86bd1b: lease for address fd00::7:10:0:10:304 and iaid=170694673 has been allocated
+Oct 19 12:10:53 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.packets.136335342069440] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37], [no hwaddr info], tid=0x86bd1b: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::9ae3:7d16:5806:aff0]:546 on interface eth1
+</code>
+Dem Client wurde also die IP-Adresse **''fd00::7:10:0:10:304''** aus unserem definierten Pool zugewiesen, da wir dessen DUID **''00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37''** nicht kennen!
+Verbindet sich jedoch nun ein uns bekannter Client, dessen DUID **''00:03:00:01:d8:eb:97:33:48:62''** wir bei den **Reservierungen** der IP-Adresse **''fd00::7:10:0:10:3''** zugeordnet hatten, mit unserem Kea-Host, sehen wir im Journal entsprechend:
+   # journalctl -fu kea-dhcp4
+<code>Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.dhcp6.136335333676736] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735
+Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.packets.136335333676736] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735: RENEW (type 5) received from fe80::2e3a:fdff:fe2e:bd0b to ff02::1:2 on interface eth1
+Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.alloc-engine.136335333676736] ALLOC_ENGINE_V6_HR_ADDR_GRANTED reserved address fd00::7:10:0:10:3 was assigned to client duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735
+Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.leases.136335333676736] DHCP6_LEASE_RENEW duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735: lease for address fd00::7:10:0:10:4 and iaid=4247698699 has been allocated
+Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.packets.136335333676736] DHCP6_PACKET_SEND duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::2e3a:fdff:fe2e:bd0b]:546 on interface eth1</code>
+Der Host hat also seine vordefinierte **feste IPv6-Adresse** **''fd00::7:10:0:10:3''** vom **kea-dhcp4**-Damon erfolgreich zugewiesen bekommen!
+===== Orchestrierung - Installation und Konfiguration der beiden Kea-Daemon mit Hilfe von Ansible  =====
+==== Aufgabenstellung ====
+Natürlich wird man im Jahr 2024 nicht mehr ernsthaft, manuell Server aufsetzen und betreiben wollen. Vielmehr wird man auf ein Orchestrierungswerkzeug wie z.B. **[[linux:ansible:start|Ansible]]** zurückgreifen. Setzen wir einen neue virtuellen Server unter Arch Linux neu auf, oder wollen wir bei einem bestehenden Host die Konfiguration aktualisieren, verwenden wir wie zuvor schon angeschnitten [[https://www.ansible.com/|Ansible]] als Orchestrierungswerkzeug. So ist sichergestellt dass zum einen all unsere Hosts entsprechend gleich aufgebaut, konfiguriert und betrieben werden, es also keine Bastel-/Frickellösung geben wird.
+Wir werden uns nun nachfolgend die Server-Installation und -konfiguration genauer betrachten.
+==== Lösung ====
+<WRAP center round tip 80%>
+Der ungeduldigen Leser kann auch direkt zur Tat schreiten und das manuelle Anlegen der Inventory-Hülle, des Playbooks und der zugehörigen Rolle überspringen und diese Aufgaben mit folgendem Befehl sozusagen auf einem Rutsch erledigen:
+<code> $ mkdir -p ~/devel/ansible ; wget https://gitlab.nausch.org/django/example_kea/-/archive/main/example_kea-main.tar.gz \
+         -O - | tar -xz --strip-components=1 -C ~/devel/ansible</code>
+Nach Anpassung der Daten im Inventory kann man anschliessend direkt **[[#ausfuehrung_-_playbooklauf|zur Ausführung schreiten]]**.
+</WRAP>
+=== Vorbereitung - (Server-)Daten im Inventory ===
+Bei unserem Konfigurationsbeispiel hier gehen wir von folgenden Host-Parametern aus:
+  * **''zone: intra''**
+  * **''hostname: vml010110''**
+Die Konfigurationsdatei unseres **inventory** in unsere, Ansible-Verzeichnis beinhaltet demnach unter anderem:
+   $ vim inventories/production/hosts
+++++ inventories/production/hosts |
+<file bash inventories/production/hosts># Inventory Datei für die System-Umgebung im SOHO
+#
+# Hinweise:
+#           - Kommentare beginnen mit einem '#'-Zeichen
+#           - leere Zeilen werden ignoriert
+#           - Host- und Gruppendefinitionen werden mit [] abgegrenzt
+#           - Hosts können über ihren Hostnamen, FQN oder ihrer IP-Adresse definiert
+#           - übergeordnete Gruppen werden durch [:children] abgegrenzt
+#
+# Host-Definitionen
+# Hosts ohne Gruppenzuordnung
+localhost
+[edmz]
+vml000210
+[idmz]
+vml000110
+[intra]
+pnc010007
+vml010110
+# Host-Gruppen-Definitionen
+# (zu welcher Gruppe gehören Untergruppen bzw. Hosts)
+[linux:children]
+intra
+edmz
+idmz
+</file>
+++++
+Die beiden Beispiel-Hosts aus der Gruppe|Zone **''intra''** in diesem Inventory symbolisieren folgende unterschiedlichen Knoten.
+  * Der Host **''pnc010007''** steht exemplarisch für einen Client im Intranet. In dessen Inventory-File **''inventories/production/host_vars/pnc010007''** sind die ihn beschreibenden Dateien enthalten.
+  * Der Host **''vml010110''** ist in diesem Beispiel unser Server, der die Verbindung zwischen der Zone **''intra''** und der Aussenwelt herstellt. Auf diesem Konten läuft bereits ein **[[linux:ntp|Chrony Timeserver|]]** wie auch eine Firewall auf Basis von **[[https://firewalld.org/|firewalld]]** der eine Zonendefinition **''intra''** besitzt, die die Regeln für diese Zone beinhalten. Sowohl Timeserver wie auch Firewall werden in diesem Beispiel hier nur erwähnt, da in dem Playbook bzw.genauer gesagt im Inventory darauf referenziert wird.
+Wir legen uns also nun die Hostdefinitionsdatei für unseren Switch im SOHO an.
+   $ vim inventories/production/host_vars/pnc010007
+++++ inventories/production/host_vars/pnc010007 |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/inventories/production/host_vars/pnc010007  }}
+++++
+Als nächstes legen wir die Datei für den KVM-Host, auf dem unser Kea-Daemon laufen soll an und definieren darin die zugehörigen Eigenschaften.
+  $ vim inventories/production/host_vars/vml010110/kvm_vhost
+++++ inventories/production/host_vars/vml010110/kvm_vhost |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/inventories/production/host_vars/vml010110/kvm_vhost  }}
+++++
+Die für die beiden **kea-Daemon** relevanten Konfigurationsparameter legen wir in der Inventrory-Datei **''inventories/production/host_vars/vml010110/kea''** ab.
+   $ vim inventories/production/host_vars/vml010110/kea
+++++ inventories/production/host_vars/vml010110/kea |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/inventories/production/host_vars/vml010110/kea  }}
+++++
+Unser Beispiels-Inventory hat also nunmehr folgenden Aufbau:
+<code>inventories/production/
+├── hosts
+└── host_vars
+    ├── pnc010007
+    └── vml010110
+        ├── kea
+        └── kvm_vhost
+directories, 4 files</code>
+=== Playbook ===
+Unser Playbook zum Installieren und Konfigurieren der beiden Kea-Daemon **kea-dhcp4** und **kea-dhcp6**, ist wie immer schlank, unscheinbar und unspektakulär, beinhaltet aber Hinweise zur Aufgabe und wie es aufzurufen ist.
+   $ vim playbooks/kea_dhcp.yml
+++++ playbooks/kea_dhcp.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/playbooks/kea_dhcp.yml }}
+++++
+=== Rolle ===
+Für die Konfiguration der **kea**-Daemon verwenden wir eine eigene Rolle **''kea_dhcp''**, die wir bei unserem zuvor angelegten Playbooks später einfach mit aufrufen werden. Hierzu kopieren wir uns zunächst die Mustervorlage **''common''**.
+   $ cp -avr roles/common/ roles/kea_dhcp
+++++ Ausgabe von cp -avr roles/common/ roles/kea_dhcp |
+<code>'roles/common/' -> 'roles/kea_dhcp'
+'roles/common/defaults' -> 'roles/kea_dhcp/defaults'
+'roles/common/defaults/.gitkeep' -> 'roles/kea_dhcp/defaults/.gitkeep'
+'roles/common/files' -> 'roles/kea_dhcp/files'
+'roles/common/files/.gitkeep' -> 'roles/kea_dhcp/files/.gitkeep'
+'roles/common/handlers' -> 'roles/kea_dhcp/handlers'
+'roles/common/handlers/.gitkeep' -> 'roles/kea_dhcp/handlers/.gitkeep'
+'roles/common/library' -> 'roles/kea_dhcp/library'
+'roles/common/library/.gitkeep' -> 'roles/kea_dhcp/library/.gitkeep'
+'roles/common/lookup_plugins' -> 'roles/kea_dhcp/lookup_plugins'
+'roles/common/lookup_plugins/.gitkeep' -> 'roles/kea_dhcp/lookup_plugins/.gitkeep'
+'roles/common/meta' -> 'roles/kea_dhcp/meta'
+'roles/common/meta/.gitkeep' -> 'roles/kea_dhcp/meta/.gitkeep'
+'roles/common/module_utils' -> 'roles/kea_dhcp/module_utils'
+'roles/common/module_utils/.gitkeep' -> 'roles/kea_dhcp/module_utils/.gitkeep'
+'roles/common/tasks' -> 'roles/kea_dhcp/tasks'
+'roles/common/tasks/main.yml' -> 'roles/kea_dhcp/tasks/main.yml'
+'roles/common/templates' -> 'roles/kea_dhcp/templates'
+'roles/common/templates/.gitkeep' -> 'roles/kea_dhcp/templates/.gitkeep'
+'roles/common/vars' -> 'roles/kea_dhcp/vars'
+'roles/common/vars/.gitkeep' -> 'roles/kea_dhcp/vars/.gitkeep'
+</code>
+++++
+Bei Bedarf können wir uns die Struktur die somit angelegt wurde mit nachfolgendem Befehl anzeigen lassen.
+   $ tree roles/kea_dhcp/
+++++ Ausgabe von tree roles/kea_dhcp/ |
+<code>roles/kea_dhcp/
+├── defaults
+├── files
+├── handlers
+│   └── main.yml
+├── library
+├── lookup_plugins
+├── meta
+├── module_utils
+├── tasks
+│   ├── dhcp4.yml
+│   ├── dhcp6.yml
+│   ├── firewalld.yml
+│   ├── main.yml
+│   └── vorbereitung.yml
+├── templates
+│   ├── dhcp4.j2
+│   └── dhcp6.j2
+└── vars
+directories, 8 files
+</code>
+++++
+Wie wir sehen ist die Rolle durchaus überschaubar, im Task **''main.yaml''** verweisen wir lediglich auf die eigentlichen Tasks **''vorbereitung''**, **''dhcp4''**, **''dhcp6''** und **''firewalld''**
+   $ vim roles/kea_dhcp/tasks/main.yml
+++++ roles/kea_dhcp/tasks/main.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/main.yml }}
+++++
+Die Installation des Kea DHCP-Servers wird in der ersten Task-Gruppe mit dem tag **''vorbereitung''** vorgenommen.
+   $ vim roles/kea_dhcp/tasks/vorbereitung.yml
+++++ roles/kea_dhcp/tasks/vorbereitung.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/vorbereitung.yml }}
+++++
+Für die Konfiguration des Kea-DHCP4-Daemon werden die nötigen Schritte in der Task-Gruppe mit dem tag **''dhcp4''** definiert.
+   $ vim roles/kea_dhcp/tasks/dhcp4.yml
+++++ roles/kea_dhcp/tasks/dhcp4.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/dhcp4.yml }}
+++++
+Der Kea-DHCP4-Daemon wird mit Hilfe der Task-Gruppe mit dem tag **''dhcp6''** konfiguriert.
+   $ vim roles/kea_dhcp/tasks/dhcp6.yml
+++++ roles/kea_dhcp/tasks/dhcp6.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/dhcp6.yml }}
+++++
+Nun brauchen wir noch eine Beschreibung der Aufgaben für die Konfiguration der firewalld-Regeln für beide Kea Daemons.
+   $ vim roles/kea_dhcp/tasks/firewalld.yml
+++++ roles/kea_dhcp/tasks/firewalld.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/firewalld.yml }}
+++++
+Sollte bei der Abarbeitung des Playbook eine oder beide Konfigurationsdateien **''kea-dhcp4.conf''** und **''kea-dhcp6.conf''** verändert werden, ist natürlich hierbei ein Restart der betreffenden Kea-Daemon notwendig. Hierzu verwenden wir die **[[https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_handlers.html|Ansible Playbook Handlers]]**. Diese Handler werden in den beiden Tasks zur Erstellung der Kea-Konfigurationsdateien mit Hilfe eines **handler**-Calls aufgerufen, sofern sich die Datei verändert hat.
+Zu guter Letzt brauchen wir noch eine Konfiguration der Aufgaben die bei einem **''notify''** abgearbeitet werden sollen.
+   $ vim roles/kea_dhcp/handlers/main.yml
+++++ roles/kea_dhcp/handlers/main.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/handlers/main.yml }}
+++++
+Für die Erstellung der jeweiligen Konfigurationsdateien **''/etc/kea/kea-dhcp4.conf''** und **''/etc/kea/kea-dhcp6.conf''** brauchen wir nun noch jeweils ein **[[https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_templating.html|Jinja2]]** Templates. Mit Hilfe dieser beiden Templates und der darin enthaltenen Schleifendefinitionen werden dann mit Hilfe der Daten aus dem Inventory die zuvor genannten Konfigurationsdateien erzeugt.
+   $ vim roles/kea_dhcp/templates/dhcp4.j2
+++++ roles/kea_dhcp/templates/dhcp4.j2 |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/templates/dhcp4.j2 }}
+++++
+   $ vim roles/kea_dhcp/templates/dhcp6.j2
+++++ roles/kea_dhcp/templates/dhcp6.j2 |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/templates/dhcp6.j2 }}
+++++
+=== Ausführung - Playbooklauf ===
+Die orchestrierte Variante der Installation und Konfiguration unserer **kea**-Daemon gestaltet sich ab sofort sehr einfach, brauchen wir doch lediglich die Konfigurationswerte im Inventory zu hinterlegen und zu pflegen und letztendlich das Playbook entsprechend aufzurufen, wenn z.B. ein Client im Intranet hinzugefügt, entfernt oder ausgetauscht wird:
+   $ ansible-playbook playbooks/kea_dhcp.yml
+<html><pre class="code">
+<font style="color: rgb(0, 0, 0)">[16:43:13] Gathering Facts</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 2.19s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:15] kea-dhcp : Installation des Kea DHCP-Servers.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 7ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:15]     ↳ vorbereitung: Vorhandenes System aktualisieren.</font>
+<font style="color: rgb(196, 160, 0)">↳  vml010110 | CHANGED | 2.45s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:17]     ↳ vorbereitung: Installation der benötigten kea Pakete.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 1.63s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:19] kea-dhcp : Konfiguration des Kea DHCP4-Servers.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 12ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:19]     ↳ dhcp4: Checken ob es bereits eine Backupdatei der kea-dhcp4.conf gibt.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 609ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:19]     ↳ dhcp4: Backupdatei der Konfigurationsdatei kea-dhcp4.conf erstellen.</font>
+<font style="color: rgb(3, 99, 84)">vml010110 | SKIPPED | 9ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:20]     ↳ dhcp4: Individuelle Konfigurationsdatei kea-dhcp4.conf erzeugen und kopieren.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 1.19s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:21]     ↳ dhcp4: Sicherstellen, dass der kea-dhcp4 Daemon reboot(-fest) startet.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 918ms<font>
+<font style="color: rgb(0, 0, 0)">[16:43:22] kea-dhcp : Konfiguration des Kea DHCP6-Servers.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 10ms<font>
+<font style="color: rgb(0, 0, 0)">[16:43:22]     ↳ dhcp6: Checken ob es bereits eine Backupdatei der kea-dhcp6.conf gibt.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 524ms<font>
+<font style="color: rgb(0, 0, 0)">[16:43:22]     ↳ dhcp6: Backupdatei der Konfigurationsdatei kea-dhcp6.conf erstellen.</font>
+<font style="color: rgb(3, 99, 84)">vml010110 | SKIPPED | 14ms<font>
+<font style="color: rgb(0, 0, 0)">[16:43:22]     ↳ dhcp6: Individuelle Konfigurationsdatei kea-dhcp6.conf erzeugen und kopieren.</font>
+<font style="color: rgb(196, 160, 0)">↳  vml010110 | CHANGED | 1.31s<font>
+<font style="color: rgb(0, 0, 0)">[16:43:24]     ↳ dhcp6: Sicherstellen, dass der kea-dhcp4 Daemon reboot(-fest) startet.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 826ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:24] kea-dhcp : Konfiguration der firewalld-Regeln für beide Kea Daemons.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 27ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:24]     ↳ firewalld: Konfiguration der firewalld Regeln in Zone_1 für die Kea-Daemon.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 5.09s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:30]     ↳ firewalld: Konfiguration der firewalld Regeln in Zone_2 für die Kea-Daemon./font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 5.12s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:35]     ↳ firewalld: Zum Schluss den aktuellen permanenten Regelsatz final neu laden.</font>
+<font style="color: rgb(196, 160, 0)">↳  vml010110 | CHANGED | 918ms</font>
+<font style="color: rgb(25, 100, 5)">triggering handler | kea-dhcp : Restart dhcp6</font>
+<font style="color: rgb(196, 160, 0)">↳  vml010110 | CHANGED | 1.76s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:36] system</font>
+<font style="color: rgb(25, 100, 5)">-- Play recap --</font>
+<font style="color: rgb(196, 160, 0)">vml010110                  </font><font style="color: rgb(0, 0, 0)">: </font><font style="color: rgb(25, 100, 5)">ok=17   </font><font style="color: rgb(196, 160, 0)">changed=4    </font>unreachable=0    failed=0    <font style="color: rgb(3, 99, 84)">skipped=2</font>    <font style="color: rgb(0, 0, 0)">rescued=0    ignored=0</font>
+</pre>
+</html>
+==== Ergebniskontrolle ====
+Ob die Konfigurationsdateien valide erstellt und auch von den Kea-Daemons erfolgreich geladen worden sind, kontrollieren wir zum Beispiel auf dem Zielhost mit einem Blick in die betreffenden Konfigurationsdateien, mit Hilfe der Option **''-t''** beim jeweiligen kea-binarys, oder mit Hilfe der **''status''**-Abfrage des betreffenden Kea-Daemons.
+  * **kea-dhcp4** <code> # bat /etc/kea/kea-dhcp4.conf</code><code> # kea-dhcp4 -t /etc/kea/kea-dhcp4.conf</code><code> # systemctl status kea-dhcp4</code>
+  * **kea-dhcp6** <code> # bat /etc/kea/kea-dhcp6.conf</code><code> # kea-dhcp6 -t /etc/kea/kea-dhcp6.conf</code><code> # systemctl status kea-dhcp6</code>
+====== Links ======
+  * **[[linux:ansible:detail|zurück zum Kapitel "Ansible - Erweiterte Konfigurationsbeispiele"]] <= **
+  * **=> [[linux:dhcpd|weiter zum Kapitel "DNS Server für IPv4|6 unter Arch Linux einrichten und nutzen"]] <= **
+  * **[[linux:start#ansible|Zurück zur "Ansible"-Übersicht]]**
+  * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
+  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**