Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- linux:kea [19.10.2024 09:14. ] – [Konfigurationsoptionen für unseren DHCPv6-Daemon] django
+++ linux:kea [14.03.2025 13:17. ] (aktuell) – [Ergebniskontrolle] django
@@ Zeile 7: / Zeile 7: @@
 |< 100% 5% 8% 12% 12% 12% 12% 12% >|
-^  Subnetz \\ (ID)  ^  Subnetz \\ (Use)  ^ Subnetz Prefix\\ (global Unicast)  ^ Host\\ -       ^ IPv4\\ -         ^ Link-Local-Scope\\ -                ^ Unique-Local-Scope\\  (ULA)          ^ Global-Scope\\ (GUA)             ^
+^  Subnetz \\ (ID)  ^  Subnetz \\ (Use)  ^ Subnetz Prefix\\ (global Unicast)  ^ Host\\ -       ^ IPv4\\ -         ^ Link-Local-Scope\\ (LLA)            ^ Unique-Local-Scope\\  (ULA)          ^ Global-Scope\\ (GUA)             ^
-|  **7**            |  Intra             | 2003:a:e0d:760**7**::/64           |                |                  |                                     |                                      |                                  |
+|  **7**            |  Intra             | 2003:a:bcd:123**4**::/64           |                |                  |                                     |                                      |                                  |
-|                   |                    |                                    | //pml010073//  | ''10.0.10.73''   | ''fe80::e9a6::bb03:1544:b0000/64''  | ''fdb6:cb48:9d77:0:10:0:10:073/64''  | ''2003:a:e0d:7607:10:0:10:73''   |
+|                   |                    |                                    | //pml010073//  | ''10.0.10.73''   | ''fe80::e9a6::bb03:1544:b0000/64''  | ''fd00:dead:beef:0:10:0:10:073/64''  | ''2003:a:bcd:1234:10:0:10:73''   |
-|                   |                    |                                    | //pml010102//  | ''10.0.10.102''  | ''fe80::10:ff:fe10:102''            | ''fdb6:cb48:9d77:0:10:0:10:102/64''  | ''2003:a:e0d:7607:10:0:10:102''  |
+|                   |                    |                                    | //pml010102//  | ''10.0.10.102''  | ''fe80::10:ff:fe10:102''            | ''fdb6:dead:beef:0:10:0:10:102/64''  | ''2003:a:bcd:1234:10:0:10:102''  |
-|                   |                    |                                    | //vml010110//  | ''10.0.10.110''  | ''fe80::10:ff:fe10:110''            | ''fdb6:cb48:9d77:0:10:0:10:110/64''  | ''2003:a:e0d:7607:10:0:10:110''  |
+|                   |                    |                                    | //vml010110//  | ''10.0.10.110''  | ''fe80::10:ff:fe10:110''            | ''fdb6:dead:beef:0:10:0:10:110/64''  | ''2003:a:bcd:1234:10:0:10:110''  |
@@ Zeile 1152: / Zeile 1152: @@
 ==== Grund-Konfiguration ====
 === Firewall/Paketfilter - firewalld ===
-Bevor wir nun unseren **Kea-DHCP-Daemon** Konfigurieren und starten müssen wir natürlich sicherstellen, dass auf dem betreffendem Host auch die Kommunikationsbeziehungen entsprechend erlaubt sind.
+Bevor wir nun unseren **Kea-DHCP-Daemon** konfigurieren und starten müssen wir natürlich sicherstellen, dass auf dem betreffendem Host auch die Kommunikationsbeziehungen entsprechend erlaubt sind.
 Wie auch schon früher bei **CentOS** ab Release **7** bzw. den nachfolgenden Relaese-Kandidaten **Stream von RHEL** nutzen wir auch unter **Arch Linux** den dynamischen **[[https://firewalld.org/|firewalld]]** Service. Ein grosser Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können **//on-the-fly//** aktiviert oder auch wieder deaktiviert werden.
@@ Zeile 1180: / Zeile 1180: @@
 Werfen wir noch kurz einen Blick in die Zone **''intra''**:
-   # firewall-cmd --zone=intra --list-services
+<code> # firewall-cmd --zone=intra --list-services</code>
   dhcp dhcpv6
@@ Zeile 2651: / Zeile 2651: @@
 Aus den oben genannten Konfigurationsparametern erstellen wir uns nun eine entsprechende Konfigurationsdatei **''/etc/kea/kea-dhcp6.conf''** für unseren Kea-DHCPv4-Daemon.
-   # vim /etc/kea/kea-dhcp4.conf
+   # vim /etc/kea/kea-dhcp6.conf
-FIXME
+<file java /etc/kea/kea-dhcp6.conf>// This is our basic configuration for the Kea DHCPv6 server. See section
-<file java /etc/kea/kea-dhcp4.conf>// This is a basic configuration for the Kea DHCPv4 server. See section
+// 9.2 DHCPv6 Server Configuration for detailed informations. the direct link
-// 8.2. DHCPv4 Server Configuration for detailed informations.
+// for the stable version is https://kea.readthedocs.io/).
 //
-// This configuration file contains only DHCPv4 server's configuration.
+// This configuration file contains only DHCPv6 server's configuration.
 // If configurations for other Kea services are also included in this file they
-// are ignored by the DHCPv4 server.
+// are ignored by the DHCPv6 server.
+//
+// DHCPv6 configuration starts here. This section will be read by DHCPv6 server
+// and will be ignored by other components.
 {
+  "Dhcp6": {
-// DHCPv4 configuration starts here. This section will be read by DHCPv4 server
+    // See section 9.2.4 Interface Configuration for more details:
-// and will be ignored by other components.
-"Dhcp4": {
-    // See section 8.2.4 Interface Configuration for more details.
     "interfaces-config": {
-        "interfaces": [ "net0", "net1" ],
+      "interfaces": [ "eth1" ]
-        "dhcp-socket-type": "raw"
     },
-    // See section 8.9. Management API for the DHCPv4 Server for more details.
+    // Kea supports control channel, which is a way to receive management
+    // commands while the server is running. For detailed description,
+    // see Sections 9.14.
     "control-socket": {
-        "socket-type": "unix",
+      "socket-type": "unix",
-        "socket-name": "/var/lib/kea/kea4-ctrl-socket"
+      "socket-name": "/var/lib/kea/kea6-ctrl-socket"
     },
+    // Use Memfile lease database backend to store leases in a CSV file.
-    // See Section 8.2.2.1. Memfile - Basic Storage for Leases" for details.
+    //  See Section 9.2.2.1 Memfile - Basic Storage for Leases
     "lease-database": {
-        "type": "memfile",
+      "type": "memfile",
-        "persist": true,
+      "persist": true,
-        "name": "/var/lib/kea/kea-leases4.csv",
+      "name": "/var/lib/kea/kea-leases6.csv",
-        "lfc-interval": 3240,
+      "lfc-interval": 3200,
-        "max-row-errors": 100
+      "max-row-errors": 100
     },
     // Setup reclamation of the expired leases and leases affinity.
     // See section 11. Lease Expiration for more and detailed informations.
     "expired-leases-processing": {
-        "reclaim-timer-wait-time": 10,
+      "reclaim-timer-wait-time": 10,
-        "flush-reclaimed-timer-wait-time": 25,
+      "flush-reclaimed-timer-wait-time": 25,
-        "hold-reclaimed-time": 3600,
+      "hold-reclaimed-time": 3600,
-        "max-reclaim-leases": 100,
+      "max-reclaim-leases": 100,
-        "max-reclaim-time": 250,
+      "max-reclaim-time": 250,
-        "unwarned-reclaim-cycles": 5
+      "unwarned-reclaim-cycles": 5
     },
     // Global timers specified here apply to all subnets, unless there are
     // subnet specific values defined in particular subnets. See section
-    // 8.2.1. Introduction ans section 8.2.9. Sending T1 (Option 58) and T2
+    // 9.2.1. Introduction.
-    // (Option 59) for details.
+    "valid-lifetime": 3600,
     "renew-timer": 1800,
     "rebind-timer": 3200,
-    "valid-lifetime": 3600,
+    "preferred-lifetime": 3000,
     // Many additional parameters can be specified here. Alle datails will be
     // found in following sections:
-    // - 8.2.10. Standard DHCPv4 Options
+    // - 9.2.11. Standard DHCPv6 Options
-    // - 8.2.11. Custom DHCPv4 Options
+    // - 9.2.14. Custom DHCPv4 Options
-    // - 8.2.12. DHCPv4 Private Options
+    // - 9.2.15. DHCPv6 Vendor-Specific Options
-    // - 8.2.13. DHCPv4 Vendor-Specific Options
+    // - 9.2.16. Nested DHCPv6 Options (Custom Option Spaces)
-    // - 8.2.14. Nested DHCPv4 Options (Custom Option Spaces)
+    // - 9.2.17. Unspecified Parameters for DHCPv6 Option Configuration
-    // - 8.2.15. Unspecified Parameters for DHCPv4 Option Configuration
+    //
-    // - 8.2.16. Support for Long Options
+    // For a complete list of options currently supported by Kea, see
+    // Section 9.2.11 "Standard DHCPv6 Options". Kea also supports
+    // vendor options (see Section 7.2.10) and allows users to define their
+    // own custom options (see Section 7.2.9).
     "option-data": [
-        // Domain-Name-Server:
+      // Domain-Name-Server:
-        //{
+      {
-        //    "name": "domain-name-servers",
+        "name": "dns-servers",
-        //    "data": "10.0.10.27"
+        "data": "fd00:0:0:7:10:0:10:110"
-        //},
+      },
-        // Domain-Name:
+      // Domain-Search-Liste:
-        {
+      {
-            "name": "domain-name",
+        "name": "domain-search",
-            "data": "nausch.org"
+        "data": "nausch.org"
-        },
+      }
-        // Time-Server:
-        //{
-        //    "name": "ntp-servers",
-        //    "data": "10.0.0.17"
-        //},
-        // Time-Offset ( Eastern Standard Time):
-        {
-            "name": "time-offset",
-            "data": "-18000"
-        }
     ],
     // Finally, we list the subnets from which we will be leasing addresses.
-    // See section 8.2.6. IPv4 Subnet Identifier and the following sections
+    // See section 9.2.5 IPv6 Subnet Identifier and the following sections
     // for more details.
-    "subnet4": [
+    "subnet6": [
-        {
+      {
-            // This defines the whole subnet. Kea will use this information to
+        "interface": "eth1",
-            // determine where the clients are connected. This is the whole
-            // subnet in your network.
-            // Subnet identifier should be unique for each subnet.
+        // This defines the whole subnet. Kea will use this information to
-            "id": 1,
+        // determine where the clients are connected. This is the whole
+        // subnet in your network.
+        // Subnet identifier should be unique for each subnet.
+        // Subnet identifier for zone intra
+        "id": 62,
-            // This is mandatory parameter for each subnet.
+        // This is mandatory parameter for each subnet.
-            "subnet": "10.0.10.0/24",
+        "subnet": "fd00:0:0:7::/64",
-            // Pools define the actual part of your subnet that is governed
+        // Pools define the actual part of your subnet that is governed
-            // by Kea.
+        // by Kea.
-            "pools": [ { "pool": "10.0.10.230 - 10.0.10.250" } ],
+        "pools": [ { "pool": "fd00:0:0:7:10:0:10:300/120" } ],
-            // These are options that are subnet specific.
+        "option-data": [
-            "option-data": [
+          // You can specify additional options here that are subnet
-                {
+          // specific. Also, you can override global options here.
-                    // Router for the IPv4 subnet.
+          {
-                    "name": "routers",
+            "name": "dns-servers",
-                    "data": "10.0.10.110"
+            "data": "fd00:0:0:7:10:0:10:110"
-                },
+          },
+          {
+            "name": "sntp-servers",
+            "data": "fd00:0:0:7:10:0:10:110"
+          }
-                {
+        ],
-                    // Time-Server:
-                    "name": "ntp-servers",
-                    "data": "10.0.10.110"
-                },
-                {
+        // Host reservations can be defined for each subnet.
-                    // Domain-Name-Server:
+        // Note that reservations are subnet-specific in Kea. This is
-                    "name": "domain-name-servers",
+        // different than ISC DHCP. Keep that in mind when migrating
-                    "data": "10.0.10.27"
+        // your configurations.
-                }
+        "reservations": [
-            ],
+          // This are the reservations for specific DUID matchings.
+          // "MNSS (C7)"
+          {
+            "duid": "00:03:00:01:ac:1f:6b:00:d3:9b",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:2" ],
+            "hostname": "pml010002.intra.nausch.org"
+          },
-            // Kea offers host reservations mechanism. Kea supports reservations
+          // "WLAN Router Trendnet TEW-826DAP"
-            // by several different types of identifiers: hw-address
+          {
-            // (hardware/MAC address of the client), duid (DUID inserted by the
+            "duid": "00:03:00:01:d8:eb:97:33:48:62",
-            // client), client-id (client identifier inserted by the client) and
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:3" ],
-            // circuit-id (circuit identifier inserted by the relay agent).
+            "hostname": "pnc010003.intra.nausch.org"
-            "reservations": [
+          },
-                // This are the reservations for a specific hardware/MAC addresses.
+          // "Netzwerkswitch TP-Link T1600G-52PS (UG)"
-                // MNSS (c7)
+          {
-                {
+            "duid": "00:03:00:01:64:66:b3:c9:98:7c",
-                    "hw-address": "ac:1f:6b:00:d3:9a",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:6" ],
-                    "ip-address": "10.0.10.2",
+            "hostname": "pnc010006.intra.nausch.org"
-                    "hostname": "pml010002.intra.nausch.org"
+          },
-                },
-                // MNSS-IPMI (C7)
+          // "Netzwerkswitch Netgear GS308E (DG)"
-                {
+          {
-                    "hw-address": "00:25:90:13:ba:a2",
+            "duid": "00:03:00:01:6c:cd:d6:b8:52:be",
-                    "ip-address": "10.0.10.3",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:7" ],
-                    "hostname": "pnc010003.intra.nausch.org"
+            "hostname": "pnc010007.intra.nausch.org"
-                }
+          },
-            ],
-            "reservations": [
-                // This are the reservations for a specific hardware/MAC addresses.
-                // vml000200
-                {
-                    "hw-address": "52:54:00:41:20:01",
-                    "ip-address": "10.0.0.200",
-                    "hostname": "vml000200.dmz.nausch.org"
-                },
-                // vml000201
+          // "TecVDR (19 Zoll Tischgerät)"
-                {
+          {
-                    "hw-address": "52:54:00:41:20:11",
+            "duid": "00:03:00:01:00:0b:6a:32:32:95",
-                    "ip-address": "10.0.0.201",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:100" ],
-                    "hostname": "vml000201.dmz.nausch.org"
+            "hostname": "pml010100.intra.nausch.org"
-                },
+          },
-                // vml000202
+          // "MNSS (ArchLinux)"
-                {
+          {
-                    "hw-address": "52:54:00:41:20:21",
+            "duid": "00:02:00:00:ab:11:3e:4a:0e:2c:c1:5b:e2:64",
-                    "ip-address": "10.0.0.202",
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:102" ],
-                    "hostname": "vml000202.dmz.nausch.org"
+            "hostname": "pml010102.intra.nausch.org"
-                },
+          },
-                // vml000203
+          // "ArchLinux FWC"
-                {
+          {
-                    "hw-address": "52:54:00:41:20:31",
+            "duid": "00:03:00:01:52:54:00:41:11:02",
-                    "ip-address": "10.0.0.203",
+            "ip-addresses": [ "fd00::7:10:0:10:110" ],
-                    "hostname": "vml000203.dmz.nausch.org"
+            "hostname": "vml010110.intra.nausch.org"
-                },
+          }
+        ]
-                // vml000204
+      }
-                {
-                    "hw-address": "52:54:00:41:20:41",
-                    "ip-address": "10.0.0.204",
-                    "hostname": "vml000204.dmz.nausch.org"
-                }
-            ]
-        }
     ],
     // Logging configuration starts here. Kea uses different loggers to log various
-    // activities. For details (e.g. names of loggers), see Chapter 18.
+    //# activities. For details (e.g. names of loggers), see Chapter 19.
     "loggers": [
-    {
+      {
-        // This section affects kea-dhcp4, which is the base logger for DHCPv4
+        // This specifies the logging for kea-dhcp6 logger, i.e. all logs
-        // component. It tells DHCPv4 server to write all log messages (on
+        // generated by Kea DHCPv6 server.
-        // severity INFO or more) to a file.
+        "name": "kea-dhcp6",
-        "name": "kea-dhcp4",
         "output_options": [
-            {
+          {
-                // Specifies the output file. There are several special values
+            // Specifies the output file. There are several special values
-                // supported:
+            // supported:
-                // - stdout (prints on standard output)
+            // - stdout (prints on standard output)
-                // - stderr (prints on standard error)
+            // - stderr (prints on standard error)
-                // - syslog (logs to syslog)
+            // - syslog (logs to syslog)
-                // - syslog:name (logs to syslog using specified name)
+            // - syslog:name (logs to syslog using specified name)
-                // Any other value is considered a name of the file
+            // Any other value is considered a name of the file
-                "output": "syslog"
+            "output": "syslog"
-            }
+          }
         ],
         // This specifies the severity of log messages to keep. Supported values
         // are: FATAL, ERROR, WARN, INFO, DEBUG
@@ Zeile 2872: / Zeile 2855: @@
         // of logs if told to do so.
         "debuglevel": 0
-    }
+      }
-  ]
+    ]
-}
+  }
-}
+}</file>
-</file>
 Wollen wir die Kondfigurationsdate ohne die Kommentare sehen, grep'en wir einfach entsprechend danach.
-   # grep -Ev '(^.*//|^$)' /etc/kea/kea-dhcp4.conf
+   # grep -Ev '(^.*//|^$)' /etc/kea/kea-dhcp6.conf
 ++++ Beispielkonfigurationsdatei ohne Kommentare |
-<file java /etc/kea/kea-dhcp4.conf>{
+<file java /etc/kea/kea-dhcp6.conf>{
-"Dhcp4": {
+  "Dhcp6": {
     "interfaces-config": {
-        "interfaces": [ "net0", "net1" ],
+      "interfaces": [ "eth1" ]
-        "dhcp-socket-type": "raw"
     },
     "control-socket": {
-        "socket-type": "unix",
+      "socket-type": "unix",
-        "socket-name": "/var/lib/kea/kea4-ctrl-socket"
+      "socket-name": "/var/lib/kea/kea6-ctrl-socket"
     },
     "lease-database": {
-        "type": "memfile",
+      "type": "memfile",
-        "persist": true,
+      "persist": true,
-        "name": "/var/lib/kea/kea-leases4.csv",
+      "name": "/var/lib/kea/kea-leases6.csv",
-        "lfc-interval": 3240,
+      "lfc-interval": 3200,
-        "max-row-errors": 100
+      "max-row-errors": 100
     },
     "expired-leases-processing": {
-        "reclaim-timer-wait-time": 10,
+      "reclaim-timer-wait-time": 10,
-        "flush-reclaimed-timer-wait-time": 25,
+      "flush-reclaimed-timer-wait-time": 25,
-        "hold-reclaimed-time": 3600,
+      "hold-reclaimed-time": 3600,
-        "max-reclaim-leases": 100,
+      "max-reclaim-leases": 100,
-        "max-reclaim-time": 250,
+      "max-reclaim-time": 250,
-        "unwarned-reclaim-cycles": 5
+      "unwarned-reclaim-cycles": 5
     },
+    "valid-lifetime": 3600,
     "renew-timer": 1800,
     "rebind-timer": 3200,
-    "valid-lifetime": 3600,
+    "preferred-lifetime": 3000,
     "option-data": [
-        {
+      {
-            "name": "domain-name",
+        "name": "dns-servers",
-            "data": "nausch.org"
+        "data": "fd00:0:0:7:10:0:10:110"
-        },
+      },
-        {
-            "name": "time-offset",
+      {
-            "data": "-18000"
+        "name": "domain-search",
-        }
+        "data": "nausch.org"
+      }
     ],
-    "subnet4": [
+    "subnet6": [
-        {
+      {
-            "id": 1,
+        "interface": "eth1",
-            "subnet": "10.0.10.0/24",
-            "pools": [ { "pool": "10.0.10.230 - 10.0.10.250" } ],
+        "id": 62,
-            "option-data": [
+        "subnet": "fd00:0:0:7::/64",
-                {
+        "pools": [ { "pool": "fd00:0:0:7:10:0:10:300/120" } ],
-                    "name": "routers",
+        "option-data": [
-                    "data": "10.0.10.110"
+          {
-                },
+            "name": "dns-servers",
-                {
+            "data": "fd00:0:0:7:10:0:10:110"
-                    "name": "ntp-servers",
+          },
-                    "data": "10.0.10.110"
+          {
-                },
+            "name": "sntp-servers",
-                {
+            "data": "fd00:0:0:7:10:0:10:110"
-                    "name": "domain-name-servers",
+          }
-                    "data": "10.0.10.27"
+        ],
-                }
+        "reservations": [
-            ],
+          {
-            "reservations": [
+            "duid": "00:03:00:01:ac:1f:6b:00:d3:9b",
-                {
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:2" ],
-                    "hw-address": "ac:1f:6b:00:d3:9a",
+            "hostname": "pml010002.intra.nausch.org"
-                    "ip-address": "10.0.10.2",
+          },
-                    "hostname": "pml010002.intra.nausch.org"
+          {
-                },
+            "duid": "00:03:00:01:d8:eb:97:33:48:62",
-                {
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:3" ],
-                    "hw-address": "00:25:90:13:ba:a2",
+            "hostname": "pnc010003.intra.nausch.org"
-                    "ip-address": "10.0.10.3",
+          },
-                    "hostname": "pnc010003.intra.nausch.org"
+          {
-                }
+            "duid": "00:03:00:01:64:66:b3:c9:98:7c",
-            ]
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:6" ],
-        },
+            "hostname": "pnc010006.intra.nausch.org"
-        {
+          },
-            "id": 2,
+          {
-            "subnet": "10.0.0.0/24",
+            "duid": "00:03:00:01:6c:cd:d6:b8:52:be",
-            "pools": [ { "pool": "10.0.0.240 - 10.0.0.254" } ],
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:7" ],
-            "option-data": [
+            "hostname": "pnc010007.intra.nausch.org"
-                {
+          },
-                    "name": "routers",
+          {
-                    "data": "10.0.0.210"
+            "duid": "00:03:00:01:00:0b:6a:32:32:95",
-                },
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:100" ],
+            "hostname": "pml010100.intra.nausch.org"
-                {
+          },
-                    "name": "ntp-servers",
+          {
-                    "data": "10.0.0.110"
+            "duid": "00:02:00:00:ab:11:3e:4a:0e:2c:c1:5b:e2:64",
-                },
+            "ip-addresses": [ "fd00:0:0:7:10:0:10:102" ],
+            "hostname": "pml010102.intra.nausch.org"
-                {
+          },
-                    "name": "domain-name-servers",
+          {
-                    "data": "172.17.2.1"
+            "duid": "00:03:00:01:52:54:00:41:11:02",
-                }
+            "ip-addresses": [ "fd00::7:10:0:10:110" ],
+            "hostname": "vml010110.intra.nausch.org"
-            ],
+          }
-            "reservations": [
+        ]
+      }
-                {
-                    "hw-address": "52:54:00:41:20:01",
-                    "ip-address": "10.0.0.200",
-                    "hostname": "vml000200.dmz.nausch.org"
-                },
-                {
-                    "hw-address": "52:54:00:41:20:11",
-                    "ip-address": "10.0.0.201",
-                    "hostname": "vml000201.dmz.nausch.org"
-                },
-                {
-                    "hw-address": "52:54:00:41:20:21",
-                    "ip-address": "10.0.0.202",
-                    "hostname": "vml000202.dmz.nausch.org"
-                },
-                {
-                    "hw-address": "52:54:00:41:20:31",
-                    "ip-address": "10.0.0.203",
-                    "hostname": "vml000203.dmz.nausch.org"
-                },
-                {
-                    "hw-address": "52:54:00:41:20:41",
-                    "ip-address": "10.0.0.204",
-                    "hostname": "vml000204.dmz.nausch.org"
-                }
-            ]
-        }
     ],
     "loggers": [
-    {
+      {
-        "name": "kea-dhcp4",
+        "name": "kea-dhcp6",
         "output_options": [
-            {
+          {
-                "output": "syslog"
+            "output": "syslog"
-            }
+          }
         ],
         "severity": "INFO",
         "debuglevel": 0
-    }
+      }
-  ]
+    ]
-}
+  }
 }</file>
 ++++
-Bevor wir nun unseren **kea-dhcp4** starten, führen wir noch einen Konfigurationstest durch. Wir prüfen also nun die Konfigurationsdatei unseres **kea-dhcp4** auf syntaktische Fehler.
-   # kea-dhcp4 -t /etc/kea/kea-dhcp4.conf
-<code>2024-07-04 17:23:55.327 INFO  [kea-dhcp4.hosts/1913.135232873002112] HOSTS_BACKENDS_REGISTERED the following host backend types are available: mysql postgresql
+Bevor wir nun unseren **kea-dhcp6**-Daemon starten, führen wir noch einen Konfigurationstest durch. Wir prüfen also nun die Konfigurationsdatei unseres **kea-dhcp6** auf syntaktische Fehler.
--07-04 17:23:55.328 WARN  [kea-dhcp4.dhcpsrv/1913.135232873002112] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
+   # kea-dhcp6 -t /etc/kea/kea-dhcp6.conf
--07-04 17:23:55.328 WARN  [kea-dhcp4.dhcp4/1913.135232873002112] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
+<code>2024-10-19 11:42:46.735 INFO  [kea-dhcp6.hosts/13028.126477756442496] HOSTS_BACKENDS_REGISTERED the following host backend types are available: mysql postgresql
--07-04 17:23:55.328 INFO  [kea-dhcp4.dhcpsrv/1913.135232873002112] DHCPSRV_CFGMGR_NEW_SUBNET4 a new subnet has been added to configuration: 10.0.10.0/24 with params: t1=1800, t2=3200, valid-lifetime=3600
+-10-19 11:42:46.736 WARN  [kea-dhcp6.dhcpsrv/13028.126477756442496] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
--07-04 17:23:55.330 INFO  [kea-dhcp4.dhcpsrv/1913.135232873002112] DHCPSRV_CFGMGR_NEW_SUBNET4 a new subnet has been added to configuration: 10.0.0.0/24 with params: t1=1800, t2=3200, valid-lifetime=3600
+-10-19 11:42:46.736 WARN  [kea-dhcp6.dhcp6/13028.126477756442496] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
--07-04 17:23:55.330 INFO  [kea-dhcp4.dhcpsrv/1913.135232873002112] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
+-10-19 11:42:46.736 INFO  [kea-dhcp6.dhcpsrv/13028.126477756442496] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd00:0:0:7::/64 with params: t1=1800, t2=3200, preferred-lifetime=3000, valid-lifetime=3600, rapid-commit is false
--07-04 17:23:55.330 INFO  [kea-dhcp4.dhcpsrv/1913.135232873002112] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
+-10-19 11:42:46.738 INFO  [kea-dhcp6.dhcpsrv/13028.126477756442496] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
--07-04 17:23:55.331 INFO  [kea-dhcp4.dhcpsrv/1913.135232873002112] DHCPSRV_CFGMGR_ADD_IFACE listening on interface net0
+-10-19 11:42:46.738 INFO  [kea-dhcp6.dhcpsrv/13028.126477756442496] DHCPSRV_CFGMGR_ADD_IFACE listening on interface eth1</code>
--07-04 17:23:55.331 INFO  [kea-dhcp4.dhcpsrv/1913.135232873002112] DHCPSRV_CFGMGR_ADD_IFACE listening on interface net1</code>
+=== Start des kea-dhcp6 ===
+Nun können wir beruhigt und guten Mutes unseren **kea-dhcp6** Daemon starten.
+   # systemctl start kea-dhcp6.service
+Im **Journal** wir der Start entsprechend dokumentiert.
+<html><pre class="code">Oct 19 11:49:48 vml000110 systemd[1]: Started ISC Kea IPv6 DHCP daemon.
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: 2024-10-19 11:49:49.027 INFO  [kea-dhcp6.dhcp6/13092.138845348149120] DHCP6_STARTING Kea DHCPv6 server version 2.6.1 (stable) starting
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: 2024-10-19 11:49:49.030 INFO  [kea-dhcp6.commands/13092.138845348149120] COMMAND_RECEIVED Received command 'config-set'
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.hosts.138845348149120] HOSTS_BACKENDS_REGISTERED the following host backend types are available: mysql postgresql
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: <font style="color: rgb(201, 214, 95)"><b>WARN  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.</b></font>
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: <font style="color: rgb(201, 214, 95)"><b>WARN  [kea-dhcp6.dhcp6.138845348149120] DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.</b></font>
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd00:0:0:7::/64 with params: t1=1800, t2=3200, preferred-lifetime=3000, valid-lifetime=3600, rapid-commit is false
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_ADD_IFACE listening on interface eth1
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.commands.138845348149120] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /var/lib/kea/kea6-ctrl-socket
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845348149120] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_DB opening memory file lease database: lfc-interval=3200 max-row-errors=100 name=/var/lib/kea/kea-leases6.csv persist=true type=memfile universe=6
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/kea-leases6.csv.2
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/kea-leases6.csv
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 13 leases, extended info sanity checks modified 0 leases and 0 leases were entered into tables
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3200 sec
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845348149120] DHCP6_USING_SERVERID server is using server-id 00:01:00:01:2d:c7:a3:0e:52:54:00:41:11:01 and stores in the file /var/lib/kea/kea-dhcp6-serverid
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet fd00:0:0:7::/64
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet fd00:0:0:7::/64
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcpsrv.138845348149120] DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet fd00:0:0:7::/64
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: <font style="color: rgb(201, 214, 95)"><b>WARN  [kea-dhcp6.dhcp6.138845348149120] DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64</b></font>
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845348149120] DHCP6_STARTED Kea DHCPv6 server version 2.6.1 started</pre>
+</html>
+Bei Bedarf können wir natürlich auch den Status unseres Daemons jederzeit abfragen.
+   # systemctl status kea-dhcp6.service
+<html><pre class="code">
+<font style="color: rgb(29, 180, 29)"><b>●</b></font> kea-dhcp6.service - ISC Kea IPv6 DHCP daemon
+     Loaded: loaded (/usr/lib/systemd/system/kea-dhcp6.service; </font><font style="color: rgb(29, 180, 29)"><b>enabled</b></font>; preset: <font style="color: rgb(201, 214, 95)"><b>disabled</b></font>)
+   Active:<font style="color: rgb(29, 180, 29)"><b>active (running)</b></font> since Sat 2024-10-19 11:49:48 CEST; 3min 16s ago
+ Invocation: 0d82ea986a164eea91930cafef01d523
+       Docs: man:kea-dhcp6(8)
+   Main PID: 13092 (kea-dhcp6)
+      Tasks: 9 (limit: 9510)
+     Memory: 3M (peak: 3.5M)
+        CPU: 66ms
+     CGroup: /system.slice/kea-dhcp6.service
+             └─13092 /usr/bin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: <font style="color: rgb(201, 214, 95)"><b>WARN  [kea-dhcp4.dhcp4.136533820646528] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64</b></font>
+Oct 19 11:49:49 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845348149120] DHCP6_STARTED Kea DHCPv6 server version 2.6.1 started
+Oct 19 11:50:00 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845313959616] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:29:0f:e9:34:b8:27:eb:b2:56:1f], [no hwaddr info], tid=0x3e3337
+Oct 19 11:50:00 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.packets.138845313959616] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:29:0f:e9:34:b8:27:eb:b2:56:1f], [no hwaddr info], tid=0x3e3337: RENEW (type 5) received from fe80::a112:c604:f325:26dc to ff02::1:2 on interface eth1
+Oct 19 11:50:00 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.leases.138845313959616] DHCP6_LEASE_RENEW duid=[00:01:00:01:29:0f:e9:34:b8:27:eb:b2:56:1f], [no hwaddr info], tid=0x3e3337: lease for address fd00::7:10:0:10:36 and iaid=3957113288 has been allocated
+Oct 19 11:50:00 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.packets.138845313959616] DHCP6_PACKET_SEND duid=[00:01:00:01:29:0f:e9:34:b8:27:eb:b2:56:1f], [no hwaddr info], tid=0x3e3337: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::a112:c604:f325:26dc]:546 on interface eth1
+Oct 19 11:51:52 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.dhcp6.138845305566912] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:1c:ed:6f:bb:f3:9f], [no hwaddr info], tid=0xd5b5b1
+Oct 19 11:51:52 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.packets.138845305566912] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:1c:ed:6f:bb:f3:9f], [no hwaddr info], tid=0xd5b5b1: RENEW (type 5) received from fe80::1eed:6fff:febb:f39f to ff02::1:2 on interface eth1
+Oct 19 11:51:52 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.leases.138845305566912] DHCP6_LEASE_RENEW duid=[00:03:00:01:1c:ed:6f:bb:f3:9f], [no hwaddr info], tid=0xd5b5b1: lease for address fd00::7:10:0:10:5 and iaid=1874588575 has been allocated
+Oct 19 11:51:52 vml000110 kea-dhcp6[13092]: INFO  [kea-dhcp6.packets.138845305566912] DHCP6_PACKET_SEND duid=[00:03:00:01:1c:ed:6f:bb:f3:9f], [no hwaddr info], tid=0xd5b5b1: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::1eed:6fff:febb:f39f]:546 on interface eth1
+</pre></html>
+Verbindet sich nun ein uns unbekannter Host und kontaktiert unseren **kea-dhcp6**-Daemon wird der erfolgreiche Handshake im **Journal** protokolliert.
+   # journalctl -fu kea-dhcp6
+<code>Oct 19 12:10:53 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.dhcp6.136335342069440] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37], [no hwaddr info], tid=0x86bd1b
+Oct 19 12:10:53 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.packets.136335342069440] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37], [no hwaddr info], tid=0x86bd1b: RENEW (type 5) received from fe80::9ae3:7d16:5806:aff0 to ff02::1:2 on interface eth1
+Oct 19 12:10:53 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.leases.136335342069440] DHCP6_LEASE_RENEW duid=[00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37], [no hwaddr info], tid=0x86bd1b: lease for address fd00::7:10:0:10:304 and iaid=170694673 has been allocated
+Oct 19 12:10:53 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.packets.136335342069440] DHCP6_PACKET_SEND duid=[00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37], [no hwaddr info], tid=0x86bd1b: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::9ae3:7d16:5806:aff0]:546 on interface eth1
+</code>
+Dem Client wurde also die IP-Adresse **''fd00::7:10:0:10:304''** aus unserem definierten Pool zugewiesen, da wir dessen DUID **''00:01:00:01:2e:46:d3:f8:f4:a8:0d:20:b1:37''** nicht kennen!
+Verbindet sich jedoch nun ein uns bekannter Client, dessen DUID **''00:03:00:01:d8:eb:97:33:48:62''** wir bei den **Reservierungen** der IP-Adresse **''fd00::7:10:0:10:3''** zugeordnet hatten, mit unserem Kea-Host, sehen wir im Journal entsprechend:
+   # journalctl -fu kea-dhcp4
+<code>Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.dhcp6.136335333676736] DHCP6_QUERY_LABEL received query: duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735
+Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.packets.136335333676736] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735: RENEW (type 5) received from fe80::2e3a:fdff:fe2e:bd0b to ff02::1:2 on interface eth1
+Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.alloc-engine.136335333676736] ALLOC_ENGINE_V6_HR_ADDR_GRANTED reserved address fd00::7:10:0:10:3 was assigned to client duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735
+Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.leases.136335333676736] DHCP6_LEASE_RENEW duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735: lease for address fd00::7:10:0:10:4 and iaid=4247698699 has been allocated
+Oct 19 12:11:14 vml000110 kea-dhcp6[13178]: INFO  [kea-dhcp6.packets.136335333676736] DHCP6_PACKET_SEND duid=[00:03:00:01:d8:eb:97:33:48:62], [no hwaddr info], tid=0xcec735: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::2e3a:fdff:fe2e:bd0b]:546 on interface eth1</code>
+Der Host hat also seine vordefinierte **feste IPv6-Adresse** **''fd00::7:10:0:10:3''** vom **kea-dhcp4**-Damon erfolgreich zugewiesen bekommen!
+===== Orchestrierung - Installation und Konfiguration der beiden Kea-Daemon mit Hilfe von Ansible  =====
+==== Aufgabenstellung ====
+Natürlich wird man im Jahr 2024 nicht mehr ernsthaft, manuell Server aufsetzen und betreiben wollen. Vielmehr wird man auf ein Orchestrierungswerkzeug wie z.B. **[[linux:ansible:start|Ansible]]** zurückgreifen. Setzen wir einen neue virtuellen Server unter Arch Linux neu auf, oder wollen wir bei einem bestehenden Host die Konfiguration aktualisieren, verwenden wir wie zuvor schon angeschnitten [[https://www.ansible.com/|Ansible]] als Orchestrierungswerkzeug. So ist sichergestellt dass zum einen all unsere Hosts entsprechend gleich aufgebaut, konfiguriert und betrieben werden, es also keine Bastel-/Frickellösung geben wird.
+Wir werden uns nun nachfolgend die Server-Installation und -konfiguration genauer betrachten.
+==== Lösung ====
+<WRAP center round tip 80%>
+Der ungeduldigen Leser kann auch direkt zur Tat schreiten und das manuelle Anlegen der Inventory-Hülle, des Playbooks und der zugehörigen Rolle überspringen und diese Aufgaben mit folgendem Befehl sozusagen auf einem Rutsch erledigen:
+<code> $ mkdir -p ~/devel/ansible ; wget https://gitlab.nausch.org/django/example_kea/-/archive/main/example_kea-main.tar.gz \
+         -O - | tar -xz --strip-components=1 -C ~/devel/ansible</code>
+Nach Anpassung der Daten im Inventory kann man anschliessend direkt **[[#ausfuehrung_-_playbooklauf|zur Ausführung schreiten]]**.
+</WRAP>
+=== Vorbereitung - (Server-)Daten im Inventory ===
+Bei unserem Konfigurationsbeispiel hier gehen wir von folgenden Host-Parametern aus:
+  * **''zone: intra''**
+  * **''hostname: vml010110''**
+Die Konfigurationsdatei unseres **inventory** in unsere, Ansible-Verzeichnis beinhaltet demnach unter anderem:
+   $ vim inventories/production/hosts
+++++ inventories/production/hosts |
+<file bash inventories/production/hosts># Inventory Datei für die System-Umgebung im SOHO
+#
+# Hinweise:
+#           - Kommentare beginnen mit einem '#'-Zeichen
+#           - leere Zeilen werden ignoriert
+#           - Host- und Gruppendefinitionen werden mit [] abgegrenzt
+#           - Hosts können über ihren Hostnamen, FQN oder ihrer IP-Adresse definiert
+#           - übergeordnete Gruppen werden durch [:children] abgegrenzt
+#
+# Host-Definitionen
+# Hosts ohne Gruppenzuordnung
+localhost
+[edmz]
+vml000210
+[idmz]
+vml000110
+[intra]
+pnc010007
+vml010110
+# Host-Gruppen-Definitionen
+# (zu welcher Gruppe gehören Untergruppen bzw. Hosts)
+[linux:children]
+intra
+edmz
+idmz
+</file>
+++++
+Die beiden Beispiel-Hosts aus der Gruppe|Zone **''intra''** in diesem Inventory symbolisieren folgende unterschiedlichen Knoten.
+  * Der Host **''pnc010007''** steht exemplarisch für einen Client im Intranet. In dessen Inventory-File **''inventories/production/host_vars/pnc010007''** sind die ihn beschreibenden Dateien enthalten.
+  * Der Host **''vml010110''** ist in diesem Beispiel unser Server, der die Verbindung zwischen der Zone **''intra''** und der Aussenwelt herstellt. Auf diesem Konten läuft bereits ein **[[linux:ntp|Chrony Timeserver|]]** wie auch eine Firewall auf Basis von **[[https://firewalld.org/|firewalld]]** der eine Zonendefinition **''intra''** besitzt, die die Regeln für diese Zone beinhalten. Sowohl Timeserver wie auch Firewall werden in diesem Beispiel hier nur erwähnt, da in dem Playbook bzw.genauer gesagt im Inventory darauf referenziert wird.
+Wir legen uns also nun die Hostdefinitionsdatei für unseren Switch im SOHO an.
+   $ vim inventories/production/host_vars/pnc010007
+++++ inventories/production/host_vars/pnc010007 |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/inventories/production/host_vars/pnc010007  }}
+++++
+Als nächstes legen wir die Datei für den KVM-Host, auf dem unser Kea-Daemon laufen soll an und definieren darin die zugehörigen Eigenschaften.
+  $ vim inventories/production/host_vars/vml010110/kvm_vhost
+++++ inventories/production/host_vars/vml010110/kvm_vhost |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/inventories/production/host_vars/vml010110/kvm_vhost  }}
+++++
+Die für die beiden **kea-Daemon** relevanten Konfigurationsparameter legen wir in der Inventrory-Datei **''inventories/production/host_vars/vml010110/kea''** ab.
+   $ vim inventories/production/host_vars/vml010110/kea
+++++ inventories/production/host_vars/vml010110/kea |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/inventories/production/host_vars/vml010110/kea  }}
+++++
+Unser Beispiels-Inventory hat also nunmehr folgenden Aufbau:
+<code>inventories/production/
+├── hosts
+└── host_vars
+    ├── pnc010007
+    └── vml010110
+        ├── kea
+        └── kvm_vhost
+directories, 4 files</code>
+=== Playbook ===
+Unser Playbook zum Installieren und Konfigurieren der beiden Kea-Daemon **kea-dhcp4** und **kea-dhcp6**, ist wie immer schlank, unscheinbar und unspektakulär, beinhaltet aber Hinweise zur Aufgabe und wie es aufzurufen ist.
+   $ vim playbooks/kea_dhcp.yml
+++++ playbooks/kea_dhcp.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/playbooks/kea_dhcp.yml }}
+++++
+=== Rolle ===
+Für die Konfiguration der **kea**-Daemon verwenden wir eine eigene Rolle **''kea_dhcp''**, die wir bei unserem zuvor angelegten Playbooks später einfach mit aufrufen werden. Hierzu kopieren wir uns zunächst die Mustervorlage **''common''**.
+   $ cp -avr roles/common/ roles/kea_dhcp
+++++ Ausgabe von cp -avr roles/common/ roles/kea_dhcp |
+<code>'roles/common/' -> 'roles/kea_dhcp'
+'roles/common/defaults' -> 'roles/kea_dhcp/defaults'
+'roles/common/defaults/.gitkeep' -> 'roles/kea_dhcp/defaults/.gitkeep'
+'roles/common/files' -> 'roles/kea_dhcp/files'
+'roles/common/files/.gitkeep' -> 'roles/kea_dhcp/files/.gitkeep'
+'roles/common/handlers' -> 'roles/kea_dhcp/handlers'
+'roles/common/handlers/.gitkeep' -> 'roles/kea_dhcp/handlers/.gitkeep'
+'roles/common/library' -> 'roles/kea_dhcp/library'
+'roles/common/library/.gitkeep' -> 'roles/kea_dhcp/library/.gitkeep'
+'roles/common/lookup_plugins' -> 'roles/kea_dhcp/lookup_plugins'
+'roles/common/lookup_plugins/.gitkeep' -> 'roles/kea_dhcp/lookup_plugins/.gitkeep'
+'roles/common/meta' -> 'roles/kea_dhcp/meta'
+'roles/common/meta/.gitkeep' -> 'roles/kea_dhcp/meta/.gitkeep'
+'roles/common/module_utils' -> 'roles/kea_dhcp/module_utils'
+'roles/common/module_utils/.gitkeep' -> 'roles/kea_dhcp/module_utils/.gitkeep'
+'roles/common/tasks' -> 'roles/kea_dhcp/tasks'
+'roles/common/tasks/main.yml' -> 'roles/kea_dhcp/tasks/main.yml'
+'roles/common/templates' -> 'roles/kea_dhcp/templates'
+'roles/common/templates/.gitkeep' -> 'roles/kea_dhcp/templates/.gitkeep'
+'roles/common/vars' -> 'roles/kea_dhcp/vars'
+'roles/common/vars/.gitkeep' -> 'roles/kea_dhcp/vars/.gitkeep'
+</code>
+++++
+Bei Bedarf können wir uns die Struktur die somit angelegt wurde mit nachfolgendem Befehl anzeigen lassen.
+   $ tree roles/kea_dhcp/
+++++ Ausgabe von tree roles/kea_dhcp/ |
+<code>roles/kea_dhcp/
+├── defaults
+├── files
+├── handlers
+│   └── main.yml
+├── library
+├── lookup_plugins
+├── meta
+├── module_utils
+├── tasks
+│   ├── dhcp4.yml
+│   ├── dhcp6.yml
+│   ├── firewalld.yml
+│   ├── main.yml
+│   └── vorbereitung.yml
+├── templates
+│   ├── dhcp4.j2
+│   └── dhcp6.j2
+└── vars
+directories, 8 files
+</code>
+++++
+Wie wir sehen ist die Rolle durchaus überschaubar, im Task **''main.yaml''** verweisen wir lediglich auf die eigentlichen Tasks **''vorbereitung''**, **''dhcp4''**, **''dhcp6''** und **''firewalld''**
+   $ vim roles/kea_dhcp/tasks/main.yml
+++++ roles/kea_dhcp/tasks/main.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/main.yml }}
+++++
+Die Installation des Kea DHCP-Servers wird in der ersten Task-Gruppe mit dem tag **''vorbereitung''** vorgenommen.
+   $ vim roles/kea_dhcp/tasks/vorbereitung.yml
+++++ roles/kea_dhcp/tasks/vorbereitung.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/vorbereitung.yml }}
+++++
+Für die Konfiguration des Kea-DHCP4-Daemon werden die nötigen Schritte in der Task-Gruppe mit dem tag **''dhcp4''** definiert.
+   $ vim roles/kea_dhcp/tasks/dhcp4.yml
+++++ roles/kea_dhcp/tasks/dhcp4.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/dhcp4.yml }}
+++++
+Der Kea-DHCP4-Daemon wird mit Hilfe der Task-Gruppe mit dem tag **''dhcp6''** konfiguriert.
+   $ vim roles/kea_dhcp/tasks/dhcp6.yml
+++++ roles/kea_dhcp/tasks/dhcp6.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/dhcp6.yml }}
+++++
+Nun brauchen wir noch eine Beschreibung der Aufgaben für die Konfiguration der firewalld-Regeln für beide Kea Daemons.
+   $ vim roles/kea_dhcp/tasks/firewalld.yml
+++++ roles/kea_dhcp/tasks/firewalld.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/tasks/firewalld.yml }}
+++++
+Sollte bei der Abarbeitung des Playbook eine oder beide Konfigurationsdateien **''kea-dhcp4.conf''** und **''kea-dhcp6.conf''** verändert werden, ist natürlich hierbei ein Restart der betreffenden Kea-Daemon notwendig. Hierzu verwenden wir die **[[https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_handlers.html|Ansible Playbook Handlers]]**. Diese Handler werden in den beiden Tasks zur Erstellung der Kea-Konfigurationsdateien mit Hilfe eines **handler**-Calls aufgerufen, sofern sich die Datei verändert hat.
+Zu guter Letzt brauchen wir noch eine Konfiguration der Aufgaben die bei einem **''notify''** abgearbeitet werden sollen.
+   $ vim roles/kea_dhcp/handlers/main.yml
+++++ roles/kea_dhcp/handlers/main.yml |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/handlers/main.yml }}
+++++
+Für die Erstellung der jeweiligen Konfigurationsdateien **''/etc/kea/kea-dhcp4.conf''** und **''/etc/kea/kea-dhcp6.conf''** brauchen wir nun noch jeweils ein **[[https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_templating.html|Jinja2]]** Templates. Mit Hilfe dieser beiden Templates und der darin enthaltenen Schleifendefinitionen werden dann mit Hilfe der Daten aus dem Inventory die zuvor genannten Konfigurationsdateien erzeugt.
+   $ vim roles/kea_dhcp/templates/dhcp4.j2
+++++ roles/kea_dhcp/templates/dhcp4.j2 |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/templates/dhcp4.j2 }}
+++++
+   $ vim roles/kea_dhcp/templates/dhcp6.j2
+++++ roles/kea_dhcp/templates/dhcp6.j2 |
+{{gh> https://gitlab.nausch.org/django/example_kea/-/blob/main/roles/kea_dhcp/templates/dhcp6.j2 }}
+++++
+=== Ausführung - Playbooklauf ===
+Die orchestrierte Variante der Installation und Konfiguration unserer **kea**-Daemon gestaltet sich ab sofort sehr einfach, brauchen wir doch lediglich die Konfigurationswerte im Inventory zu hinterlegen und zu pflegen und letztendlich das Playbook entsprechend aufzurufen, wenn z.B. ein Client im Intranet hinzugefügt, entfernt oder ausgetauscht wird:
+   $ ansible-playbook playbooks/kea_dhcp.yml
+<html><pre class="code">
+<font style="color: rgb(0, 0, 0)">[16:43:13] Gathering Facts</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 2.19s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:15] kea-dhcp : Installation des Kea DHCP-Servers.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 7ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:15]     ↳ vorbereitung: Vorhandenes System aktualisieren.</font>
+<font style="color: rgb(196, 160, 0)">↳  vml010110 | CHANGED | 2.45s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:17]     ↳ vorbereitung: Installation der benötigten kea Pakete.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 1.63s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:19] kea-dhcp : Konfiguration des Kea DHCP4-Servers.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 12ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:19]     ↳ dhcp4: Checken ob es bereits eine Backupdatei der kea-dhcp4.conf gibt.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 609ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:19]     ↳ dhcp4: Backupdatei der Konfigurationsdatei kea-dhcp4.conf erstellen.</font>
+<font style="color: rgb(3, 99, 84)">vml010110 | SKIPPED | 9ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:20]     ↳ dhcp4: Individuelle Konfigurationsdatei kea-dhcp4.conf erzeugen und kopieren.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 1.19s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:21]     ↳ dhcp4: Sicherstellen, dass der kea-dhcp4 Daemon reboot(-fest) startet.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 918ms<font>
+<font style="color: rgb(0, 0, 0)">[16:43:22] kea-dhcp : Konfiguration des Kea DHCP6-Servers.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 10ms<font>
+<font style="color: rgb(0, 0, 0)">[16:43:22]     ↳ dhcp6: Checken ob es bereits eine Backupdatei der kea-dhcp6.conf gibt.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 524ms<font>
+<font style="color: rgb(0, 0, 0)">[16:43:22]     ↳ dhcp6: Backupdatei der Konfigurationsdatei kea-dhcp6.conf erstellen.</font>
+<font style="color: rgb(3, 99, 84)">vml010110 | SKIPPED | 14ms<font>
+<font style="color: rgb(0, 0, 0)">[16:43:22]     ↳ dhcp6: Individuelle Konfigurationsdatei kea-dhcp6.conf erzeugen und kopieren.</font>
+<font style="color: rgb(196, 160, 0)">↳  vml010110 | CHANGED | 1.31s<font>
+<font style="color: rgb(0, 0, 0)">[16:43:24]     ↳ dhcp6: Sicherstellen, dass der kea-dhcp4 Daemon reboot(-fest) startet.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 826ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:24] kea-dhcp : Konfiguration der firewalld-Regeln für beide Kea Daemons.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 27ms</font>
+<font style="color: rgb(0, 0, 0)">[16:43:24]     ↳ firewalld: Konfiguration der firewalld Regeln in Zone_1 für die Kea-Daemon.</font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 5.09s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:30]     ↳ firewalld: Konfiguration der firewalld Regeln in Zone_2 für die Kea-Daemon./font>
+<font style="color: rgb(25, 100, 5)">↳  vml010110 | SUCCESS | 5.12s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:35]     ↳ firewalld: Zum Schluss den aktuellen permanenten Regelsatz final neu laden.</font>
+<font style="color: rgb(196, 160, 0)">↳  vml010110 | CHANGED | 918ms</font>
+<font style="color: rgb(25, 100, 5)">triggering handler | kea-dhcp : Restart dhcp6</font>
+<font style="color: rgb(196, 160, 0)">↳  vml010110 | CHANGED | 1.76s</font>
+<font style="color: rgb(0, 0, 0)">[16:43:36] system</font>
+<font style="color: rgb(25, 100, 5)">-- Play recap --</font>
+<font style="color: rgb(196, 160, 0)">vml010110                  </font><font style="color: rgb(0, 0, 0)">: </font><font style="color: rgb(25, 100, 5)">ok=17   </font><font style="color: rgb(196, 160, 0)">changed=4    </font>unreachable=0    failed=0    <font style="color: rgb(3, 99, 84)">skipped=2</font>    <font style="color: rgb(0, 0, 0)">rescued=0    ignored=0</font>
+</pre>
+</html>
+==== Ergebniskontrolle ====
+Ob die Konfigurationsdateien valide erstellt und auch von den Kea-Daemons erfolgreich geladen worden sind, kontrollieren wir zum Beispiel auf dem Zielhost mit einem Blick in die betreffenden Konfigurationsdateien, mit Hilfe der Option **''-t''** beim jeweiligen kea-binarys, oder mit Hilfe der **''status''**-Abfrage des betreffenden Kea-Daemons.
+  * **kea-dhcp4** <code> # bat /etc/kea/kea-dhcp4.conf</code><code> # kea-dhcp4 -t /etc/kea/kea-dhcp4.conf</code><code> # systemctl status kea-dhcp4</code>
+  * **kea-dhcp6** <code> # bat /etc/kea/kea-dhcp6.conf</code><code> # kea-dhcp6 -t /etc/kea/kea-dhcp6.conf</code><code> # systemctl status kea-dhcp6</code>
+====== Links ======
+  * **[[linux:ansible:detail|zurück zum Kapitel "Ansible - Erweiterte Konfigurationsbeispiele"]] <= **
+  * **=> [[linux:dhcpd|weiter zum Kapitel "DNS Server für IPv4|6 unter Arch Linux einrichten und nutzen"]] <= **
+  * **[[linux:start#ansible|Zurück zur "Ansible"-Übersicht]]**
+  * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**
+  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**