Building a Kea testbed with NETCONF
  • Updated on 12 Aug 2019
  • 13 minutes to read
  • Contributors
  • Print
  • Share
  • Dark
    Light

Building a Kea testbed with NETCONF

  • Print
  • Share
  • Dark
    Light

NETCONF is a protocol defined by the IETF to “install, manipulate, and delete the configuration of network devices.” That sounds quite reasonable, but the installation is a bit more complex than it appears at first.

This article provides detailed instructions allowing a system administrator to install Kea, Sysrepo, NETCONF, and Netopeer2 for testing and proof-of-concept.

The base operating system is Ubuntu 18.04, but the same procedure should work with only minor changes on nearly all Linux distributions.

Please note that in the following examples a "Demo User" with the username demouser is used. The userid does not relate to removal of rodents.

Most of the text in grey boxes:

shell commands here

can be selected and pasted into the Linux shell. Beware that there are some locations that use the ~demouser shell expansion; if you do not use the same username, the results will not be as expected.

If the text in the grey box is preceeded by a dollar sign ($), the command is shown followed by the output. For example:

$ ls
libnetconf2   libssh-0.8.6.tar.gz  Netopeer2-0.7-r1  v0.16-r3.tar.gz  v0.7-r1.tar.gz    v0.7-r1.tar.gz.2  zlib-1.2.11.tar.xz
libssh-0.8.6  libyang-0.16-r3      sysrepo-0.7.7     v0.7.8.tar.gz    v0.7-r1.tar.gz.1  zlib-1.2.11

This shows that the ls command was executed and the following two lines were sample output.

Getting started

It is recommended that you do this work in a new, pristine working directory.

mkdir ~demouser/KeaNetconf
cd ~demouser/KeaNetconf

Installation

Dependencies

The first thing to do is confirm that dependencies are met. Installing these from maintained respositories means that they can be upgraded automatically:

sudo apt-get install git cmake build-essential bison flex libpcre3-dev \
  libev-dev libavl-dev libprotobuf-c-dev protobuf-c-compiler \
  swig python-dev lua5.2 pkg-config libpcre++-dev openssl \
  libssl1.0-dev libcrypto++-dev
The software installs following this message are all done by building from source code. There is no reliable way to keep this software upgraded, and once installed on your system, removal is a process that will involve finding and removing bits manually.

It is strongly recommended that you do testing on non-production systems.

libyang

libyang is a YANG (data modeling language for the definition of data sent over the NETCONF network configuration protocol) parser and toolkit written (and providing API) in C.
libyang is required by netopeer2 and sysrepo.

wget https://github.com/CESNET/libyang/archive/v1.0-r3.tar.gz && \
  tar -xf v1.0-r3.tar.gz && \
  rm v1.0-r3.tar.gz && \
  pushd libyang-1.0-r3 && mkdir build && cd build && \
  cmake .. && \
  make && \
  sudo make install && \
  popd

sysrepo

sysrepo is a YANG-based configuration and operational state data store for Unix/Linux applications. As of the publication of this article, the newest version of sysrepo is 0.7.7

wget https://github.com/sysrepo/sysrepo/archive/v0.7.8.tar.gz && \
  tar -xf v0.7.8.tar.gz && \
  rm v0.7.8.tar.gz && \
  pushd sysrepo-0.7.8 && mkdir build && cd build && \
  cmake -DCMAKE_BUILD_TYPE=Release .. && \
  make && \
  sudo make install && \
  popd

As odd as it may seem, we need to start the sysrepo daemon at this point so that software installed in the following instructions will be able to store configuration data:

sudo ldconfig
sudo sysrepod

zlib

The compression library zlib is requried by netopeer2.
Note that this could probably can be installed via apt-get but following these instructions makes sure that you get the 1.2.11 version:

wget http://www.zlib.net/zlib-1.2.11.tar.xz && \
  tar -xf zlib-1.2.11.tar.xz && \
  rm zlib-1.2.11.tar.xz && \
  pushd zlib-1.2.11 && mkdir build && cd build && \
  cmake .. && \
  make && \
  sudo make install && \
  popd

libssh

You will need to install a recent version of libssh.
Unfortunately, many repositories run significantly behind, so this installs the latest (as of the publication of this KB article):

wget https://git.libssh.org/projects/libssh.git/snapshot/libssh-0.8.6.tar.gz && \
  tar -xf libssh-0.8.6.tar.gz && \
  rm libssh-0.8.6.tar.gz && \
 pushd libssh-0.8.6 && mkdir build && cd build && \
  cmake .. && \
  make && \
  sudo make install && \
  popd

libnetconf2

libnetconf2 is a NETCONF library in C intended for building NETCONF clients and servers.
The following instructions install libnetconf2 from github. Unfortunately, we need a specific commit at this time:

git clone https://github.com/CESNET/libnetconf2.git && \
  pushd libnetconf2 && \
  git checkout 526f9f8d09b415a7df1cba4b5dcfc4705ad6f29b && \
  mkdir build && cd build && \
  cmake .. && \
  make && \
  sudo make install && \
  popd

netopeer2

netopeer2 is a second-generation set of tools implementing network configuration tools based on the NETCONF protocol.

The netopeer daemon will be started during installation, so ldconfig must be run to insure that the previously installed libraries are available.

ldconfig
wget https://github.com/CESNET/Netopeer2/archive/v0.7-r1.tar.gz && \
  tar -xf v0.7-r1.tar.gz && \
  rm v0.7-r1.tar.gz && \
  pushd Netopeer2-0.7-r1 && \
  cd keystored && mkdir build && cd build && \
  cmake .. && \
  make && \
  sudo make install && \
  cd ../../server && mkdir build && cd build && \
  cmake .. && \
  make && \
  sudo make install && \
  cd ../../cli/ && mkdir build && cd build && \
  cmake .. && \
  make && \
  sudo make install && \
  popd

CONFIGURATION

To insure that all libraries that have been installed are now available, execute:

sudo ldconfig

Testing

The simplest check to see if netopeer2-server installed correctly is to run it with the -h (help) option:

$ netopeer2-server -h
Usage: netopeer2-server [-dhV] [-v level] [-c category]
 -d                  debug mode (do not daemonize and print
                     verbose messages to stderr instead of syslog)
 -h                  display help
 -V                  show program version
 -v level            verbose output level:
                         0 - errors
                         1 - errors and warnings
                         2 - errors, warnings and verbose messages
 -c category[,category]*  verbose debug level, print only these debug message categories
 categories: DICT, YANG, YIN, XPATH, DIFF, MSG, EDIT_CONFIG, SSH, SYSREPO

Similarly, confirm that netopeer2-cli is installed and functional:

$ netopeer2-cli
get_netconf_dir: Configuration directory "/home/demouser/.netopeer2-cli" did not exist, created.
load_config: No saved history.
load_config: No saved configuration.
> ^D

You should confirm that sysrepo is installed and runnable:

$ sysrepoctl -l
Sysrepo schema directory: /etc/sysrepo/yang/
Sysrepo data directory:   /etc/sysrepo/data/
(Do not alter contents of these directories manually)

Module Name                | Revision   | Conformance | Data Owner          | Permissions | Submodules                    | Enabled Features
-----------------------------------------------------------------------------------------------------------------------------------------------
ietf-netconf-notifications | 2012-02-06 | Installed   | root:root           | 666         |                               |
ietf-netconf               | 2011-06-01 | Installed   | root:root           | 666         |                               | writable-running candidate rollback-on-error validate startup xpath
ietf-netconf-acm           | 2018-02-14 | Imported    |                     |             |                               |
nc-notifications           | 2008-07-14 | Installed   | root:root           | 666         |                               |
[...]

Configuring Netopeer2

To authenticate to the netopeer2 daemon, you will need a set of SSH credentials (public/private keypair). It is highly recommended that you create a separate set of credentials than those that you use elsewhere:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/demouser/.ssh/id_rsa): /home/demouser/.ssh/demouser_net
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/demouser/.ssh/demouser_net.
Your public key has been saved in /home/demouser/.ssh/demouser_net.pub.
The key fingerprint is:
SHA256:g2bNYVLYKRE7[...]NUP8hEbot0 demouser@ubuntu
The key's randomart image is:
+---[RSA 2048]----+
|     .+=..       |
|   .o=Eoo        |
|  o.=+B.o        |
| . + E.B .       |
|  . o.B.S        |
|o.o o+o. .       |
|** + o           |
|BoB   .          |
|o*.o..           |
+----[SHA256]-----+
$ cat ~demouser/.ssh/demouser_net.pub 
ssh-rsa AAAAB3NzaC1yc2EAAA[...]IU5VpoyTkx/lPZ63YZQIYs91YzoN/FtHQ7oZsXrnv3WToO2V demouser@ubuntu

Update load_auth_pubkey.xml

The file as found in the source tarball should look exactly like this:

$ cat Netopeer2-0.7-r1/server/configuration/load_auth_pubkey.xml
<system xmlns="urn:ietf:params:xml:ns:yang:ietf-system">
  <authentication>
    <user>
      <name>[system-username]</name>
      <authorized-key>
        <name>[arbitrary-key-name]</name>
        <algorithm>[key-algorithm]</algorithm>
        <key-data>[key-data]</key-data>
      </authorized-key>
    </user>
  </authentication>
</system>

It has to be updated to match the previously generated key:

cp Netopeer2-0.7-r1/server/configuration/load_auth_pubkey.xml .

Then edit it to include the ssh key as created above (replace the AAA ... O2V in the following text with the public portion of the ssh key that was created above. Note that you will be changing:

  1. user name
  2. authorized-key name
  3. authorized-key algorithm
  4. authorized-key key-data
<system xmlns="urn:ietf:params:xml:ns:yang:ietf-system">
  <authentication>
    <user>
      <name>demouser</name>
      <authorized-key>
        <name>demouser_net</name>
        <algorithm>ssh-rsa</algorithm>
        <key-data>AAAAB3NzaC1yc2EAAAADAQABA[...]Ys91YzoN/FtHQ7oZsXrnv3WToO2V</key-data>
      </authorized-key>
    </user>
  </authentication>
</system>

The edited load_auth_pubkey.xml must now be uploaded into the sysrepo datastore:

sudo sysrepocfg --import=load_auth_pubkey.xml ietf-system --datastore=startup

Configure netopeer2-cli

At this point there should not be any keys imported:

$ netopeer2-cli
> auth keys
The keys used for SSH authentication:
(none)
> 

To import generated keys, execute the following:

> auth keys add /home/demouser/.ssh/demouser_net.pub /home/demouser/.ssh/demouser_net
> auth keys
The keys used for SSH authentication:
#0: /home/demouser/.ssh/demouser_rsa.pub (private /home/demouser/.ssh/demouser_rsa)
> 

To check the preferences of authentication:

> auth pref
The SSH authentication method preferences:
	'publickey':   1
	'password':    2
	'interactive': 3
> 

It is possible to change these using auth pref interactive Nwhere N is a priority number (lower number makes it higher prescidence).

Start netopeer processes:

$ sudo netopeer2-server

You may want to start netopeer2-server in debug mode:

$ sudo netopeer2-server -d -v3

At this point you should be able to connect to the netopeer2-server:

$ netopeer2-cli
> connect
Interactive SSH Authentication
Type your password:
Password: 
> 

and also check the running configuration:

> get-config --source running 
DATA
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
  <listen>
    <endpoint>
      <name>all-interfaces</name>
      <ssh>
        <address>0.0.0.0</address>
        <port>830</port>
        <host-keys>
          <host-key>
            <name>imported SSH key</name>
            <public-key>ssh_host_rsa_key</public-key>
          </host-key>
        </host-keys>
      </ssh>
    </endpoint>
  </listen>
</netconf-server>
<system xmlns="urn:ietf:params:xml:ns:yang:ietf-system">
  <authentication>
    <user>
      <name>demouser</name>
      <authorized-key>
        <name>demouser_net</name>
        <algorithm>ssh-rsa</algorithm>
        <key-data>AAAAB3NzaC1yc2EAAAADAQABA[...]Ys91YzoN/FtHQ7oZsXrnv3WToO2V</key-data>
      </authorized-key>
    </user>
  </authentication>
</system>

KEA INSTALLATION and CONFIGURATION

Download and install dependencies:

sudo apt-get install libboost1.65-all-dev liblog4cplus-dev  autoconf

Download and install Kea 1.5.0

Note that this installs Kea into the directory kea-bin in the demouser's home directory. It does not install software into system paths:

wget https://ftp.isc.org/isc/kea/1.5.0/kea-1.5.0.tar.gz && \
  tar -xf kea-1.5.0.tar.gz && \
  rm kea-1.5.0.tar.gz && \
  pushd kea-1.5.0 && \
  autoreconf -if && \
  ./configure --prefix=/home/demouser/kea-bin --with-sysrepo && \
  make && \
  sudo make install && \
  popd

Confirm that the file kea-1.5.0/config.report contains:

Sysrepo:
  SYSREPO_VERSION:     0.7.7
  SYSREPO_CPPFLAGS:     
  SYSREPO_LIBS:        -L/usr/local/lib -lsysrepo -L/usr/local/lib -lSysrepo-cpp
  SYSREPO_REPO:        /etc/sysrepo

Now you need to install all the Kea YANG modules:

pushd kea-1.5.0/src/share/yang/modules
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-dhcpv6-server* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-dhcpv6-client* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-dhcpv6-relay* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g kea-dhcp4-server* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g kea-dhcp6-server* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g kea-dhcp-ddns* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g kea-ctrl-agent* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-inet-types* && \
sudo sysrepoctl -i -s /etc/sysrepo/yang -s . -g ietf-yang-types* && \
popd

At this point, you will need to prepare 3 config files:

  1. kea-startup.xml for Kea which will be uploaded to sysrepo:
$ cat kea-startup.xml 
<config xmlns="urn:ietf:params:xml:ns:yang:kea-dhcp6-server">
  <control-socket>
    <socket-name>/home/demouser/.control_socket</socket-name>
    <socket-type>unix</socket-type>
  </control-socket>
</config>

Upload it to sysrepo startup datastore using the command:

sudo sysrepocfg --import=kea-startup.xml kea-dhcp6-server --datastore=startup
  1. kea.conf file for kea-dhcp6. The most important configuration options at this point are logging and socket.
$ cat kea.conf 
{
    "Dhcp6":
    {
        "interfaces-config":
        {"interfaces":["enp0s8"]},
        "subnet6":[],
        "lease-database":
           {"type":"memfile",
            "lfc-interval":0},
        "control-socket":
            {"socket-type":"unix",
            "socket-name":"/home/demouser/.control_socket"}
    },
    "Logging":
    {
        "loggers": [
        {
            "name":"kea-dhcp6",
            "output_options":[{"output":"stdout"}],
            "debuglevel":99,
            "severity":"DEBUG"
        }
        ]}
}

and
3) keanetconf.conf for the Kea netconf module (be sure to use the same socket as above):

$ cat keanetconf.conf 
{
    "Netconf":
    {
        "managed-servers": {
            "dhcp6": {
                "model": "kea-dhcp6-server",
                "comment": "DHCP6 server",
                "boot-update": true,
                "subscribe-changes": true,
                "validate-changes": true,
                "control-socket": {
                    "socket-name": "/home/demouser/.control_socket",
                    "socket-type": "unix"
                }
            }
        }
    },
    "Logging":
    {
        "loggers": [
        {
            "name": "kea-netconf",
            "output_options": [{"output": "stdout"}],
            "severity": "DEBUG",
            "debuglevel":99
        }
        ]}
}

Testing:

Start kea-dhcp6:

$ sudo ~demouser/kea-bin/sbin/kea-dhcp6 -c ~demouser/KeaNetconf/kea.conf

Start kea-netconf:

$ sudo ~demouser/kea-bin/sbin/kea-netconf -c ~demouser/KeaNetconf/keanetconf.conf

At this point kea should be automatically reconfigured with configuration stored in kea-startup.xml which was uploaded to the startup datastore.

You must now create a config that you want to upload. Remember to use the same socket location or you will lose the connection with Kea.

You will need to change the interface from enp0s8 to match your system
$ cat kea.xml 
<config xmlns="urn:ietf:params:xml:ns:yang:kea-dhcp6-server">
  <subnet6>
    <id>1</id>
    <pool>
      <start-address>2001:db8::1:0</start-address>
      <end-address>2001:db8::1:1</end-address>
    </pool>
    <subnet>2001:db8::/64</subnet>
  </subnet6>
  <interfaces-config>
    <interfaces>enp0s8</interfaces>
  </interfaces-config>
  <control-socket>
    <socket-name>/home/demouser/.control_socket</socket-name>
    <socket-type>unix</socket-type>
  </control-socket>
</config>

Connect to netopeer2-server:

$ netopeer2-cli
> connect
Interactive SSH Authentication
Type your password:
Password: 
>

Send pre-prepared config to running datastore:

> edit-config --target running --config=kea.xml

If you see:

> edit-config --target running --config=kea.xml
OK

kea-netconf should detect change and only verify the config:

019-01-17 15:47:09.918 INFO  [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGE_EVENT Received YANG configuration change VERIFY event
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1'] (list instance)
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/id = 1
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1'] (list instance)
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1']/start-address = 2001:db8::1:0
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1']/end-address = 2001:db8::1:1
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/subnet = 2001:db8::/64
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: moved: /kea-dhcp6-server:config/subnet6[id='1'] first
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/interfaces-config (container)
2019-01-17 15:47:09.918 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/interfaces-config/interfaces = enp0s8
2019-01-17 15:47:09.919 INFO  [kea-netconf.netconf/6911] NETCONF_VALIDATE_CONFIG_STARTED started validating configuration for dhcp6 server
2019-01-17 15:47:09.929 DEBUG [kea-netconf.netconf/6911] NETCONF_VALIDATE_CONFIG validating configuration with dhcp6 server: {
  "Dhcp6": {
    "control-socket": {
      "socket-name": "/home/demouser/.control_socket",
      "socket-type": "unix"
    },
    "interfaces-config": {
      "interfaces": [ "enp0s8" ]
    },
    "subnet6": [
      {
        "id": 1,
        "pools": [
          {
            "pool": "2001:db8::1:0 - 2001:db8::1:1"
          }
        ],
        "subnet": "2001:db8::/64"
      }
    ]
  }
}
2019-01-17 15:47:09.930 INFO  [kea-netconf.netconf/6911] NETCONF_VALIDATE_CONFIG_COMPLETED completed validating configuration for dhcp6 server

When you are ready to apply changes, use:

> edit-config --target running --defop=replace --config=kea.xml
OK
> commit
OK

At this point, kea-netconf should have logged:

2019-01-17 15:47:09.939 INFO  [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGE_EVENT Received YANG configuration change APPLY event
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1'] (list instance)
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/id = 1
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1'] (list instance)
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1']/start-address = 2001:db8::1:0
2019-01-17 15:47:09.940 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/pool[start-address='2001:db8::1:0'][end-address='2001:db8::1:1']/end-address = 2001:db8::1:1
2019-01-17 15:47:09.941 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/subnet6[id='1']/subnet = 2001:db8::/64
2019-01-17 15:47:09.941 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: moved: /kea-dhcp6-server:config/subnet6[id='1'] first
2019-01-17 15:47:09.941 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/interfaces-config (container)
2019-01-17 15:47:09.941 DEBUG [kea-netconf.netconf/6911] NETCONF_CONFIG_CHANGED_DETAIL YANG configuration changed: created: /kea-dhcp6-server:config/interfaces-config/interfaces = enp0s8
2019-01-17 15:47:09.944 INFO  [kea-netconf.netconf/6911] NETCONF_UPDATE_CONFIG_STARTED started updating configuration for dhcp6 server
2019-01-17 15:47:09.956 DEBUG [kea-netconf.netconf/6911] NETCONF_UPDATE_CONFIG updating configuration with dhcp6 server: {
  "Dhcp6": {
    "control-socket": {
      "socket-name": "/home/demouser/.control_socket",
      "socket-type": "unix"
    },
    "interfaces-config": {
      "interfaces": [ "enp0s8" ]
    },
    "subnet6": [
      {
        "id": 1,
        "pools": [
          {
            "pool": "2001:db8::1:0 - 2001:db8::1:1"
          }
        ],
        "subnet": "2001:db8::/64"
      }
    ]
  }
}
2019-01-17 15:47:09.958 INFO  [kea-netconf.netconf/6911] NETCONF_UPDATE_CONFIG_COMPLETED completed updating configuration for dhcp6 server

kea-dhcp6 will log:

2019-01-17 15:47:09.956 INFO  [kea-dhcp6.commands/6909] COMMAND_RECEIVED Received command 'config-set'
2019-01-17 15:47:09.956 INFO  [kea-dhcp6.hosts/6909] HOSTS_BACKENDS_REGISTERED the following host backend types are available: 
2019-01-17 15:47:09.956 INFO  [kea-dhcp6.dhcpsrv/6909] DHCPSRV_CFGMGR_ADD_IFACE listening on interface enp0s8
2019-01-17 15:47:09.956 INFO  [kea-dhcp6.dhcpsrv/6909] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8::/64 with params t1=900, t2=1800, preferred-lifetime=3600, valid-lifetime=7200, rapid-commit is disabled
2019-01-17 15:47:09.956 INFO  [kea-dhcp6.dhcp6/6909] DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
2019-01-17 15:47:09.956 INFO  [kea-dhcp6.dhcpsrv/6909] DHCPSRV_MEMFILE_DB opening memory file lease database: type=memfile universe=6

At this point, you can claim success! Everything is working as it should!

Errors:

If you see messages like:

> edit-config --target running --config=kea.xml
ERROR
	type:     application
	tag:      operation-failed
	severity: error
	message:  Validation of the changes failed

that means that kea.xml is invalid.

If you see:

> edit-config --target running --config=kea.xml
ERROR
	type:     application
	tag:      operation-failed
	severity: error
	path:     /kea-dhcp6-server:config/subnet6[id='1']
	message:  The node is not enabled in running datastore

That means that kea-netconf is not running!

Additional sample commands:

Get current model of kea-dhcp6-server (that includes revision date):

get-schema --model kea-dhcp6-server 

Replace current running datastore:

edit-config --target running --defop=replace --config=kea.xml

Merge current running datastore with kea.xml (can produce conflicts, this is default action):

edit-config --target running --defop=replace --config=kea.xml 
Was this article helpful?