Building a Kea testbed with NETCONF
- 16 Dec 2022
- 12 Minutes to read
-
Contributors
-
Print
-
DarkLight
-
PDF
Building a Kea testbed with NETCONF
- Updated on 16 Dec 2022
- 12 Minutes to read
-
Contributors
-
Print
-
DarkLight
-
PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
NETCONF is a protocol defined by the IETF to “install, manipulate, and delete the configuration of network devices.” That sounds quite reasonable, but the installation is a bit more complex than it appears at first.
This article provides detailed instructions allowing a system administrator to install Kea, Sysrepo, NETCONF, and Netopeer2 for testing and proof-of-concept.
The base operating system is Ubuntu 18.04, but the same procedure should work with only minor changes on nearly all Linux distributions.
Please note that in the following examples a "Demo User" with the username demouser is used. The userid does not relate to getting rid of rodents.
Most of the text in grey boxes:
shell commands here
can be selected and pasted into the Linux shell. Beware that there are some locations that use the ~demouser shell expansion; if you do not use the same username, the results will not be as expected.
If the text in the grey box is preceeded by a dollar sign ($), the command is shown followed by the output. For example:
$ ls
libnetconf2 libssh-0.8.6.tar.gz Netopeer2-0.7-r1 v0.16-r3.tar.gz v0.7-r1.tar.gz v0.7-r1.tar.gz.2 zlib-1.2.11.tar.xz
libssh-0.8.6 libyang-0.16-r3 sysrepo-0.7.7 v0.7.8.tar.gz v0.7-r1.tar.gz.1 zlib-1.2.11
This shows that the ls command was executed and the following two lines were sample output.
Getting started
It is recommended that you do this work in a new, pristine working directory.
mkdir ~demouser/KeaNetconf
cd ~demouser/KeaNetconf
Installation
Dependencies
The first thing to do is confirm that dependencies are met. Installing these from maintained respositories means that they can be upgraded automatically:
sudo apt-get install git cmake build-essential bison flex libpcre3-dev \
libev-dev libavl-dev libprotobuf-c-dev protobuf-c-compiler \
swig python-dev lua5.2 pkg-config libpcre++-dev openssl \
libssl1.0-dev libcrypto++-dev
The software installs following this message are all done by building from source code. There is no reliable way to keep this software upgraded, and once installed on your system, removal is a process that will involve finding and removing bits manually.
It is strongly recommended that you do testing on non-production systems.
It is strongly recommended that you do testing on non-production systems.
libyang
libyang is a YANG (data modeling language for the definition of data sent over the NETCONF network configuration protocol) parser and toolkit written (and providing API) in C.
libyang is required by netopeer2 and sysrepo.
wget https://github.com/CESNET/libyang/archive/v1.0-r3.tar.gz && \
tar -xf v1.0-r3.tar.gz && \
rm v1.0-r3.tar.gz && \
pushd libyang-1.0-r3 && mkdir build && cd build && \
cmake .. && \
make && \
sudo make install && \
popd
sysrepo
sysrepo is a YANG-based configuration and operational state data store for Unix/Linux applications. As of the publication of this article, the newest version of sysrepo is 0.7.7
wget https://github.com/sysrepo/sysrepo/archive/v0.7.8.tar.gz && \
tar -xf v0.7.8.tar.gz && \
rm v0.7.8.tar.gz && \
pushd sysrepo-0.7.8 && mkdir build && cd build && \
cmake -DCMAKE_BUILD_TYPE=Release .. && \
make && \
sudo make install && \
popd
As odd as it may seem, we need to start the sysrepo daemon at this point so that software installed in the following instructions will be able to store configuration data:
sudo ldconfig
sudo sysrepod
zlib
The compression library zlib is requried by netopeer2.
Note that this could probably can be installed via apt-get but following these instructions makes sure that you get the 1.2.11 version:
wget http://www.zlib.net/zlib-1.2.11.tar.xz && \
tar -xf zlib-1.2.11.tar.xz && \
rm zlib-1.2.11.tar.xz && \
pushd zlib-1.2.11 && mkdir build && cd build && \
cmake .. && \
make && \
sudo make install && \
popd
libssh
You will need to install a recent version of libssh.
Unfortunately, many repositories run significantly behind, so this installs the latest (as of the publication of this KB article):
wget https://git.libssh.org/projects/libssh.git/snapshot/libssh-0.8.6.tar.gz && \
tar -xf libssh-0.8.6.tar.gz && \
rm libssh-0.8.6.tar.gz && \
pushd libssh-0.8.6 && mkdir build && cd build && \
cmake .. && \
make && \
sudo make install && \
popd
libnetconf2
libnetconf2 is a NETCONF library in C intended for building NETCONF clients and servers.
The following instructions install libnetconf2 from github. Unfortunately, we need a specific commit at this time:
git clone https://github.com/CESNET/libnetconf2.git && \
pushd libnetconf2 && \
git checkout 526f9f8d09b415a7df1cba4b5dcfc4705ad6f29b && \
mkdir build && cd build && \
cmake .. && \
make && \
sudo make install && \
popd
netopeer2
netopeer2 is a second-generation set of tools implementing network configuration tools based on the NETCONF protocol.
The netopeer daemon will be started during installation, so ldconfig must be run to insure that the previously installed libraries are available.
ldconfig
wget https://github.com/CESNET/Netopeer2/archive/v0.7-r1.tar.gz && \
tar -xf v0.7-r1.tar.gz && \
rm v0.7-r1.tar.gz && \
pushd Netopeer2-0.7-r1 && \
cd keystored && mkdir build && cd build && \
cmake .. && \
make && \
sudo make install && \
cd ../../server && mkdir build && cd build && \
cmake .. && \
make && \
sudo make install && \
cd ../../cli/ && mkdir build && cd build && \
cmake .. && \
make && \
sudo make install && \
popd
CONFIGURATION
To insure that all libraries that have been installed are now available, execute:
sudo ldconfig
Testing
The simplest check to see if netopeer2-server installed correctly is to run it with the -h (help) option:
$ netopeer2-server -h
Usage: netopeer2-server [-dhV] [-v level] [-c category]
-d debug mode (do not daemonize and print
verbose messages to stderr instead of syslog)
-h display help
-V show program version
-v level verbose output level:
0 - errors
1 - errors and warnings
2 - errors, warnings and verbose messages
-c category[,category]* verbose debug level, print only these debug message categories
categories: DICT, YANG, YIN, XPATH, DIFF, MSG, EDIT_CONFIG, SSH, SYSREPO
Similarly, confirm that netopeer2-cli is installed and functional:
$ netopeer2-cli
get_netconf_dir: Configuration directory "/home/demouser/.netopeer2-cli" did not exist, created.
load_config: No saved history.
load_config: No saved configuration.
> ^D
You should confirm that sysrepo is installed and runnable:
$ sysrepoctl -l
Sysrepo schema directory: /etc/sysrepo/yang/
Sysrepo data directory: /etc/sysrepo/data/
(Do not alter contents of these directories manually)
Module Name | Revision | Conformance | Data Owner | Permissions | Submodules | Enabled Features
-----------------------------------------------------------------------------------------------------------------------------------------------
ietf-netconf-notifications | 2012-02-06 | Installed | root:root | 666 | |
ietf-netconf | 2011-06-01 | Installed | root:root | 666 | | writable-running candidate rollback-on-error validate startup xpath
ietf-netconf-acm | 2018-02-14 | Imported | | | |
nc-notifications | 2008-07-14 | Installed | root:root | 666 | |
[...]
Configuring Netopeer2
To authenticate to the netopeer2 daemon, you will need a set of SSH credentials (public/private keypair). It is highly recommended that you create a separate set of credentials than those that you use elsewhere:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/demouser/.ssh/id_rsa): /home/demouser/.ssh/demouser_net
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/demouser/.ssh/demouser_net.
Your public key has been saved in /home/demouser/.ssh/demouser_net.pub.
The key fingerprint is:
SHA256:g2bNYVLYKRE7[...]NUP8hEbot0 demouser@ubuntu
The key's randomart image is:
+---[RSA 2048]----+
| .+=.. |
| .o=Eoo |
| o.=+B.o |
| . + E.B . |
| . o.B.S |
|o.o o+o. . |
|** + o |
|BoB . |
|o*.o.. |
+----[SHA256]-----+
$ cat ~demouser/.ssh/demouser_net.pub
ssh-rsa AAAAB3NzaC1yc2EAAA[...]IU5VpoyTkx/lPZ63YZQIYs91YzoN/FtHQ7oZsXrnv3WToO2V demouser@ubuntu
Update load_auth_pubkey.xml
The file as found in the source tarball should look exactly like this:
$ cat Netopeer2-0.7-r1/server/configuration/load_auth_pubkey.xml
<system xmlns="urn:ietf:params:xml:ns:yang:ietf-system">
<authentication>
<user>
<name>[system-username]</name>
<authorized-key>
<name>[arbitrary-key-name]</name>
<algorithm>[key-algorithm]</algorithm>
<key-data>[key-data]</key-data>
</authorized-key>
</user>
</authentication>
</system>
It has to be updated to match the previously generated key:
cp Netopeer2-0.7-r1/server/configuration/load_auth_pubkey.xml .
Then edit it to include the ssh key as created above (replace the AAA ... O2V in the following text with the public portion of the ssh key that was created above. Note that you will be changing:
- user name
- authorized-key name
- authorized-key algorithm
- authorized-key key-data
<system xmlns="urn:ietf:params:xml:ns:yang:ietf-system">
<authentication>
<user>
<name>demouser</name>
<authorized-key>
<name>demouser_net</name>
<algorithm>ssh-rsa</algorithm>
<key-data>AAAAB3NzaC1yc2EAAAADAQABA[...]Ys91YzoN/FtHQ7oZsXrnv3WToO2V</key-data>
</authorized-key>
</user>
</authentication>
</system>
The edited load_auth_pubkey.xml must now be uploaded into the sysrepo datastore:
sudo sysrepocfg --import=load_auth_pubkey.xml ietf-system --datastore=startup
Configure netopeer2-cli
At this point there should not be any keys imported:
$ netopeer2-cli
> auth keys
The keys used for SSH authentication:
(none)
>
To import generated keys, execute the following:
> auth keys add /home/demouser/.ssh/demouser_net.pub /home/demouser/.ssh/demouser_net
> auth keys
The keys used for SSH authentication:
#0: /home/demouser/.ssh/demouser_rsa.pub (private /home/demouser/.ssh/demouser_rsa)
>
To check the preferences of authentication:
> auth pref
The SSH authentication method preferences:
'publickey': 1
'password': 2
'interactive': 3
>
It is possible to change these using auth pref interactive Nwhere N is a priority number (lower number makes it higher prescidence).
Start netopeer processes:
$ sudo netopeer2-server
You may want to start netopeer2-server in debug mode:
$ sudo netopeer2-server -d -v3
At this point you should be able to connect to the netopeer2-server:
$ netopeer2-cli
> connect
Interactive SSH Authentication
Type your password:
Password:
>
and also check the running configuration:
> get-config --source running
DATA
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoint>
<name>all-interfaces</name>
<ssh>
<address>0.0.0.0</address>
<port>830</port>
<host-keys>
<host-key>
<name>imported SSH key</name>
<public-key>ssh_host_rsa_key</public-key>
</host-key>
</host-keys>
</ssh>
</endpoint>
</listen>
</netconf-server>
<system xmlns="urn:ietf:params:xml:ns:yang:ietf-system">
<authentication>
<user>
<name>demouser</name>
<authorized-key>
<name>demouser_net</name>
<algorithm>ssh-rsa</algorithm>
<key-data>AAAAB3NzaC1yc2EAAAADAQABA[...]Ys91YzoN/FtHQ7oZsXrnv3WToO2V</key-data>
</authorized-key>
</user>
</authentication>
</system>
KEA INSTALLATION and CONFIGURATION
Download and install dependencies:
sudo apt-get install libboost1.65-all-dev liblog4cplus-dev autoconf
Download and install Kea 1.5.0
Note that this installs Kea into the directory kea-bin in the demouser's home directory. It does not install software into system paths:
wget https://ftp.isc.org/isc/kea/1.5.0/kea-1.5.0.tar.gz && \
tar -xf kea-1.5.0.tar.gz && \
rm kea-1.5.0.tar.gz && \
pushd kea-1.5.0 && \
autoreconf -if && \
./configure --prefix=/home/demouser/kea-bin --with-sysrepo && \
make && \
sudo make install && \
popd
Confirm that the file kea-1.5.0/config.report contains:
Sysrepo:
SYSREPO_VERSION: 0.7.7
SYSREPO_CPPFLAGS:
SYSREPO_LIBS: -L/usr/local/lib -lsysrepo -L/usr/local/lib -lSysrepo-cpp
SYSREPO_REPO: /etc/sysrepo
Now you need to install all the Kea YANG modules:
pushd kea-1.5.0/src/share/yang/modules
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-dhcpv6-server* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-dhcpv6-client* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-dhcpv6-relay* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g kea-dhcp4-server* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g kea-dhcp6-server* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g kea-dhcp-ddns* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g kea-ctrl-agent* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-inet-types* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-yang-types* && \
popd
At this point, you will need to prepare 3 config files:
kea-startup.xmlfor Kea which will be uploaded tosysrepo:
$ cat kea-startup.xml
<config xmlns="urn:ietf:params:xml:ns:yang:kea-dhcp6-server">
<control-socket>
<socket-name>/home/demouser/.control_socket</socket-name>
<socket-type>unix</socket-type>
</control-socket>
</config>
Upload it to sysrepo startup datastore using the command:
sudo sysrepocfg --import=kea-startup.xml kea-dhcp6-server --datastore=startup
kea.conffile forkea-dhcp6. The most important configuration options at this point areloggingandsocket.
$ cat kea.conf
{
"Dhcp6":
{
"interfaces-config":
{"interfaces":["enp0s8"]},
"subnet6":[],
"lease-database":
{"type":"memfile",
"lfc-interval":0},
"control-socket":
{"socket-type":"unix",
"socket-name":"/home/demouser/.control_socket"}
},
"Logging":
{
"loggers": [
{
"name":"kea-dhcp6",
"output_options":[{"output":"stdout"}],
"debuglevel":99,
"severity":"DEBUG"
}
]}
}
and
3) keanetconf.conf for the Kea netconf module (be sure to use the same socket as above):
$ cat keanetconf.conf
{
"Netconf":
{
"managed-servers": {
"dhcp6": {
"model": "kea-dhcp6-server",
"comment": "DHCP6 server",
"boot-update": true,
"subscribe-changes": true,
"validate-changes": true,
"control-socket": {
"socket-name": "/home/demouser/.control_socket",
"socket-type": "unix"
}
}
}
},
"Logging":
{
"loggers": [
{
"name": "kea-netconf",
"output_options": [{"output": "stdout"}],
"severity": "DEBUG",
"debuglevel":99
}
]}
}
Testing:
Start kea-dhcp6:
$ sudo ~demouser/kea-bin/sbin/kea-dhcp6 -c ~demouser/KeaNetconf/kea.conf
Start kea-netconf:
$ sudo ~demouser/kea-bin/sbin/kea-netconf -c ~demouser/KeaNetconf/keanetconf.conf
At this point kea should be automatically reconfigured with configuration stored in kea-startup.xml which was uploaded to the startup datastore.
You must now create a config that you want to upload. Remember to use the same socket location or you will lose the connection with Kea.
You will need to change the interface from
enp0s8 to match your system
$ cat kea.xml
<config xmlns="urn:ietf:params:xml:ns:yang:kea-dhcp6-server">
<subnet6>
<id>1</id>
<pool>
<start-address>2001:db8::1:0</start-address>
<end-address>2001:db8::1:1</end-address>
</pool>
<subnet>2001:db8::/64</subnet>
</subnet6>
<interfaces-config>
<interfaces>enp0s8</interfaces>
</interfaces-config>
<control-socket>
<socket-name>/home/demouser/.control_socket</socket-name>
<socket-type>unix</socket-type>
</control-socket>
</config>
Connect to netopeer2-server:
$ netopeer2-cli
> connect
Interactive SSH Authentication
Type your password:
Password:
>
Send pre-prepared config to running datastore:
> edit-config --target running --config=kea.xml
If you see:
> edit-config --target running --config=kea.xml
OK
kea-netconf should detect change and only verify the config:
019-01-17 15:47:09.918 INFO [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGE_EVENT Received YANG configuration change VERIFY event
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1'] (list instance)
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/id = 1
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1'] (list instance)
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1']/start-address = 2001:db8::1:0
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1']/end-address = 2001:db8::1:1
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/subnet = 2001:db8::/64
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: moved: /kea-dhcp6-server:config/subnet6[id='1'] first
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/interfaces-config (container)
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/interfaces-config/interfaces = enp0s8
2019-01-17 15:47:09.919 INFO [kea-netconf.netconf/6911] NETCONF_VALIDATE_CONFIG_STARTED started validating configuration for dhcp6 server
2019-01-17 15:47:09.929 DEBUG [kea-netconf.netconf/6911] NETCONF_VALIDATE_CONFIG validating configuration with dhcp6 server: {
"Dhcp6": {
"control-socket": {
"socket-name": "/home/demouser/.control_socket",
"socket-type": "unix"
},
"interfaces-config": {
"interfaces": [ "enp0s8" ]
},
"subnet6": [
{
"id": 1,
"pools": [
{
"pool": "2001:db8::1:0 - 2001:db8::1:1"
}
],
"subnet": "2001:db8::/64"
}
]
}
}
2019-01-17 15:47:09.930 INFO [kea-netconf.netconf/6911] NETCONF_VALIDATE_CONFIG_COMPLETED completed validating configuration for dhcp6 server
When you are ready to apply changes, use:
> edit-config --target running --defop=replace --config=kea.xml
OK
> commit
OK
At this point, kea-netconf should have logged:
2019-01-17 15:47:09.939 INFO [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGE_EVENT Received YANG configuration change APPLY event
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1'] (list instance)
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/id = 1
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1'] (list instance)
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1']/start-address = 2001:db8::1:0
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1']/end-address = 2001:db8::1:1
2019-01-17 15:47:09.941 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/subnet = 2001:db8::/64
2019-01-17 15:47:09.941 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: moved: /kea-dhcp6-server:config/subnet6[id='1'] first
2019-01-17 15:47:09.941 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/interfaces-config (container)
2019-01-17 15:47:09.941 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/interfaces-config/interfaces = enp0s8
2019-01-17 15:47:09.944 INFO [kea-netconf.netconf/6911] NETCONF_UPDATE_CONFIG_STARTED started updating configuration for dhcp6 server
2019-01-17 15:47:09.956 DEBUG [kea-netconf.netconf/6911] NETCONF_UPDATE_CONFIG updating configuration with dhcp6 server: {
"Dhcp6": {
"control-socket": {
"socket-name": "/home/demouser/.control_socket",
"socket-type": "unix"
},
"interfaces-config": {
"interfaces": [ "enp0s8" ]
},
"subnet6": [
{
"id": 1,
"pools": [
{
"pool": "2001:db8::1:0 - 2001:db8::1:1"
}
],
"subnet": "2001:db8::/64"
}
]
}
}
2019-01-17 15:47:09.958 INFO [kea-netconf.netconf/6911] NETCONF_UPDATE_CONFIG_COMPLETED completed updating configuration for dhcp6 server
kea-dhcp6 will log:
2019-01-17 15:47:09.956 INFO [kea-dhcp6.commands/6909] COMMAND_RECEIVED Received command 'config-set'
2019-01-17 15:47:09.956 INFO [kea-dhcp6.hosts/6909] HOSTS_BACKENDS_REGISTERED the following host backend types are available:
2019-01-17 15:47:09.956 INFO [kea-dhcp6.dhcpsrv/6909] DHCPSRV_CFGMGR_ADD_IFACE listening on interface enp0s8
2019-01-17 15:47:09.956 INFO [kea-dhcp6.dhcpsrv/6909] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8::/64 with params t1=900, t2=1800, preferred-lifetime=3600, valid-lifetime=7200, rapid-commit is disabled
2019-01-17 15:47:09.956 INFO [kea-dhcp6.dhcp6/6909] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2019-01-17 15:47:09.956 INFO [kea-dhcp6.dhcpsrv/6909] DHCPSRV_MEMFILE_DB opening memory file lease database: type=memfile universe=6
At this point, you can claim success! Everything is working as it should!
Errors:
If you see messages like:
> edit-config --target running --config=kea.xml
ERROR
type: application
tag: operation-failed
severity: error
message: Validation of the changes failed
that means that kea.xml is invalid.
If you see:
> edit-config --target running --config=kea.xml
ERROR
type: application
tag: operation-failed
severity: error
path: /kea-dhcp6-server:config/subnet6[id='1']
message: The node is not enabled in running datastore
That means that kea-netconf is not running!
Additional sample commands:
Get current model of kea-dhcp6-server (that includes revision date):
get-schema --model kea-dhcp6-server
Replace current running datastore:
edit-config --target running --defop=replace --config=kea.xml
Merge current running datastore with kea.xml (can produce conflicts, this is default action):
edit-config --target running --defop=replace --config=kea.xml