ISC Packages for Kea DHCP
  • 13 Sep 2022
  • 10 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

ISC Packages for Kea DHCP

  • Dark
    Light
  • PDF

Overview

ISC offers binary packages of Kea DHCP for our users and customers, hosted on Cloudsmith. They are provided along with the source code tarballs for every release.

Why use Kea DHCP packages?

  1. Update quickly and efficiently, directly from our repository in one step, skip the added step of downloading and building binaries locally;
  2. Get all the latest bug fixes and features immediately, no waiting for your OS distribution to pick up the changes and release them. We provide binary packages along with sources at the time of release (sometimes the binaries are posted a few hours later, but generally the same day).

Supported Operating Systems

ISC has created packages for what we think are the most popular operating systems for production DHCP servers. If your preferred operating system is not packaged, remember you can still build from our published sources.

We provide the following types of packages:

  • RPMs for RHEL, CentOS, Fedora
  • debs for Debian and ubuntu
  • apk for Alpine
Supported OS Versions
Please note that we only provide packages for currently supported versions of an operating system. When we release a new version of Kea, we evaluate the OSes we support. We add packages for newly released operating system versions as we are able to, and remove packages for operating system versions and Kea versions that become end-of-life.

A current list of supported systems and their versions can be found in the Kea documentation.

Kea Packages vs OS packages

Kea binaries are available in several packages. They are in the same layout as the ones provided by Fedora and Debian and their derivatives, and they behave in more or less the same way. To avoid confusing ISC packages with those from other distributors, all ISC packages start with the isc- prefix.

Open Source Packages

Thank you!
The repository for Kea open source packages is provided by Cloudsmith at no charge as a free community service for non-profit open source projects.

The open source packages contain the base Kea software and the following hooks libraries:

  • BOOTP
  • Flexible Option
  • High Availability
  • Lease Commands
  • MySQL Configuration Backend
  • PostgreSQL Configuration Backend
  • Statistics Commands
Open Source RPM Packages
Comment
isc-kea DHCPv4, DHCPv6 and DDNS servers
isc-kea-devel Development headers and libraries for Kea DHCP server. Needed if you plan to build your own Kea hooks.
isc-kea-hooks This package includes the open source hooks, with the exception of user-check.
isc-kea-libs Shared libraries used by Kea. Install this.
freeradius-client You will need this if you are using the Kea RADIUS integration.
freeradius-client-devel Install this if you are using the Kea RADIUS integration.
Open Source Deb Packages
Comment
isc-kea-admin This package provides backend database initialization and migration scripts and a DHCP benchmark tool. If you are not using a database backend, you may not need this.
isc-kea-common Common libraries for the ISC Kea DHCP server. Install this.
isc-kea-ctrl-agent This package provides the REST API service agent for Kea DHCP.
isc-kea-dev Development headers for ISC Kea DHCP server. Install if you plan to create any custom Kea hooks.
isc-kea-dhcp4-server DHCPv4 server
isc-kea-dhcp6-server DHCPv6 server
isc-kea-dhcp-ddns-server DDNS server
isc-kea-doc Kea Documentation. Highly recommended.
python3-isc-kea-connector This package is needed for the Kea shell. Optional.
libfreeradius-client You will need this if you are using the Kea RADIUS integration.
libfreeradius-client-dev For Kea RADIUS integration. Optional.

Debug images are available: use the package name above +"-dbgsym". For example, isc-kea-common-dbgsym is an alternative to isc-kea-common.

Open Source APK Packages
Comment
isc-kea-admin This package provides backend database initialization and migration scripts and a DHCP benchmark tool. If you are not using a database backend, you may not need this.
isc-kea-common Common libraries for the ISC Kea DHCP server. Install this.
isc-kea-ctrl-agent This package provides the REST API service agent for Kea DHCP.
isc-kea-dev Development headers for ISC Kea DHCP server. Install if you plan to create any custom Kea hooks.
isc-kea-dhcp4-server DHCPv4 server
isc-kea-dhcp6-server DHCPv6 server
isc-kea-dhcp-ddns-server DDNS server
isc-kea-doc Kea Documentation. Highly recommended.
isc-kea-hook-flex-option Flexible Options hook
isc-kea-hook-ha High Availability hook
isc-kea-hook-lease-cmds Lease Commands hook
isc-kea-hook-mysql-cb MySQL Configuration Backend
isc-kea-hook-pgsql-cb PostgreSQL Configuration Backend
isc-kea-hook-stat-cmds Statistics Commands hook
isc-kea-http This package is essential, install it.
isc-kea-perfdhcp Optional. Includes a DHCP performance testing tool from ISC.
isc-kea-shell Text client for Kea DHCP Control Agent.
isc-kea-hook-static This file seems empty, investigating if this hook is essential for some reason

Additional Packages for ISC support subscribers

ISC support subscribers are entitled to additional hooks not included in the open source. Entitlement is based on support level, but the full list of additional hooks available to subscribers is:

Premium Hook Packages
Hook name
isc-kea-premium-class-cmds Classification Commands hooks library
isc-kea-premium-cb-cmds Config Backend Commands hooks library
isc-kea-premium-ddns-tuning DDNS Tuning hooks library
isc-kea-premium-flex-id Flexible Identifier hooks library
isc-kea-premium-forensic-log Forensic Logging hooks library
isc-kea-premium-gss-tsig GSS-TSIG library
isc-kea-premium-host-cache Host Cache hooks library
isc-kea-premium-host-cmds Host Commands hooks library
isc-kea-premium-lease-query Leasequery library
isc-kea-premium-limits Limits library
isc-kea-premium-radius RADIUS hooks library
isc-kea-premium-rbac Role-Based Access Control
isc-kea-premium-subnet-cmds Subnet Commands hooks library

Above are the package names for RPM and Deb formats. The Alpine packages are called slightly differently, inserting the word "hook" between "kea" and "premium", e.g. isc-kea-hook-premium-host-cache.

For more information about obtaining the subscriber-only Kea hooks libraries, please contact us at https://www.isc.org/contact. All of the Kea hook libraries are described fully in the Kea ARM.

RADIUS packages for Kea 1.6 and above
The Free RADIUS support requires a special patch from ISC to work with Kea. The packages posted for Kea 1.6 and above are missing this patch. If you are using RADIUS with Kea, please ask ISC Support for the correct package.

Using the Cloudsmith Repositories

All ISC binary packages for Kea are contained in our repositories on Cloudsmith. Note that the source tarballs are also available alongside the binary packages for Kea 2.1.7 and later versions. We have both open source repositories, which are available to anyone, and private repositiories for ISC customers, which require a security token to access.

Open Source Repositories

Packages can be downloaded from our public Cloudsmith repository by following these directions. These instructions are for Kea 1.8, but they can be easily customized for other versions by changing kea-1-8 in the commands to kea-2-0, etc., as appropriate. The current open source repositories on Cloudsmith are:

Repository Name comments
kea-1-6 eol stable branch
kea-1-8 eol stable branch
kea-2-0 old stable branch
kea-2-2 current stable branch
kea-2-3 current development branch
keama migration tool for ISC DHCP migration to Kea
stork GUI management tool for Kea

Installing Debian Packages

To install packages, you can quickly setup the repository automatically (recommended):

curl -1sLf \
  'https://dl.cloudsmith.io/public/isc/kea-2-2/setup.deb.sh' \
  | sudo -E bash

If you need to force a specific distribution/release, you can also do that (e.g. if your system is compatible but not identical):

curl -1sLf \
  'https://dl.cloudsmith.io/public/isc/kea-2-2/setup.deb.sh' \
  | sudo -E distro=some-distro codename=some-codename arch=some-arch bash

or ... you can manually configure it yourself before installing packages:

apt-get install -y debian-keyring  # debian only
apt-get install -y debian-archive-keyring  # debian only
apt-get install -y apt-transport-https
# For Debian Stretch, Ubuntu 16.04 and later
keyring_location=/usr/share/keyrings/isc-kea-2-2-archive-keyring.gpg
# For Debian Jessie, Ubuntu 15.10 and earlier
keyring_location=/etc/apt/trusted.gpg.d/isc-kea-2-2.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-2/gpg.A8CB727C62565FF8.key' |  gpg --dearmor > ${keyring_location}
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-2/config.deb.txt?distro=debian&codename=stretch' > /etc/apt/sources.list.d/isc-kea-2-2.list
apt-get update

Note: Please replace ubuntu and focal above with your actual operating system, distribution, and distribution version.

If you no longer want to install packages from the repository, you can remove it with:

rm /etc/apt/sources.list.d/isc-kea-2-2.list
apt-get clean
rm -rf /var/lib/apt/lists/*
apt-get update

Installing RPM Packages

To install RPM packages, you can quickly setup the repository automatically (recommended):

curl -1sLf \
  'https://dl.cloudsmith.io/public/isc/kea-2-2/setup.rpm.sh' \
  | sudo -E bash

If you need to force a specific distribution/release, you can also do that (e.g. if your system is compatible but not identical):

curl -1sLf \
  'https://dl.cloudsmith.io/public/isc/kea-2-2/setup.rpm.sh' \
  | sudo -E distro=some-distro codename=some-codename arch=some-arch bash

or... you can manually configure it yourself before installing packages:

yum install yum-utils pygpgme
rpm --import 'https://dl.cloudsmith.io/public/isc/kea-2-2/cfg/gpg/gpg.A8CB727C62565FF8.key'
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-2/config.rpm.txt?distro=el&codename=9' > /tmp/isc-kea-2-2.repo
yum-config-manager --add-repo '/tmp/isc-kea-2-2.repo'
yum -q makecache -y --disablerepo='*' --enablerepo='isc-kea-2-2'

Note: Please replace el and 9 above with your actual distribution/version and use wildcards when enabling multiple repos.

If you no longer want to install packages from the repository, you can remove it with:

rm /etc/yum.repos.d/isc-kea-2-2.repo
rm /etc/yum.repos.d/isc-kea-2-2-source.repo

Installing Alpine Packages

To install packages, you can quickly setup the repository automatically (recommended):

sudo apk add --no-cache bash
curl -1sLf \
  'https://dl.cloudsmith.io/public/isc/kea-2-2/setup.alpine.sh' \
  | sudo -E bash

If you need to force a specific distribution/release, you can also do that (e.g. if your system is compatible but not identical):

sudo apk add --no-cache bash
curl -1sLf \
  'https://dl.cloudsmith.io/public/isc/kea-2-2/setup.alpine.sh' \
  | sudo -E distro=some-distro codename=some-codename arch=some-arch bash

or ... you can manually configure it yourself before installing packages:

curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-2/rsa.C661CE1E55D11F19.key' > /etc/apk/keys/kea-2-2@isc-C661CE1E55D11F19.rsa.pub
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-2/config.alpine.txt?distro=alpine&codename=v3.15' >> /etc/apk/repositories
apk update

Note: Please replace v3.8 above with your actual distribution version.

If you no longer want to install packages from the repository, you can remove the entries with:

$EDITOR /etc/apk/repositories

Remove /alpine/v3.8/main line, save then execute:

rm -f /etc/apk/keys/kea-2-1@isc-CC39698D5EDFF644.rsa.pub
apk update

Private repositories for Subscribers

Organizations that purchase professional Kea DHCP support from ISC are encouraged to use the private repositories (designated with a -prv suffix in the repository name). The -prv repositories contain extra software not included in the open source. These repositories will also be updated in case of a security vulnerability, prior to publication of that vulnerability.

These instructions provide information on accessing the private Cloudsmith repositories with a token, indicated with your_token_goes_here in the commands. If you are an ISC Kea support customer and need a token, please open a ticket to request one.

The instructions are very similar to the ones for the open source repositories, given above. They can be easily customized by altering the URLs; the public part should be replaced with the token and kea-2-2 with kea-2-2-prv. For example:

'https://dl.cloudsmith.io/public/isc/kea-2-2/cfg/setup/bash.rpm.sh'

should be changed to

'https://dl.cloudsmith.io/your_token_goes_here/isc/kea-2-2-prv/cfg/setup/bash.rpm.sh' 

The current private repositories on Cloudsmith are:

Repository Name comments
kea-1-6-prv eol stable branch
kea-1-8-prv eol stable branch
kea-2-0-prv old stable branch
kea-2-2-prv current stable branch
kea-2-3-prv current development branch

Source Tarballs in the Package Repository

With the release of Kea 2.1.7 we have started adding the source tarballs alongside the binary packages in the Cloudsmith repository. This is a particular convenience for our support subscribers, who can now use the same token to download the source that they have already been using to install the packages.

To download the source tarball and its signatures from Cloudsmith, use the following set of commands, replacing the version string with the current version you wish to download:

version=2.1.7; \
  for file in kea-$version.tar.gz kea-$version.tar.gz.asc kea-$version.tar.gz.sha1.asc kea-$version.tar.gz.sha256.asc kea-$version.tar.gz.sha512.asc Kea-$version-ReleaseNotes.txt;  do \
  curl -O https://dl.cloudsmith.io/public/isc/kea-2-1/raw/versions/$version/$file; \
done

or just a single file:

curl -O https://dl.cloudsmith.io/public/isc/kea-2-1/raw/versions/2.1.7/kea-2.1.7.tar.gz

The tarballs (in contrast to the binary packages) have been signed using ISC's code signing key. To verify signatures, after importing the ISC key from https://www.isc.org/pgpkey/ please run this set of commands:

version=2.1.7; \
for i in .asc .sha1.asc .sha256.asc .sha512.asc; do \
  gpg --verify kea-enterprise-$version.tar.gz$i kea-enterprise-$version.tar.gz; \
done

For ISC subscribers, change to the -prv repository, and insert your token into the query. Change the keyword to specify which hooks to download. The possible values include premium, subscription and enterprise.

version=2.1.7 hooks=premium; \
  for file in kea-$hooks-$version.tar.gz kea-$hooks-$version.tar.gz.asc kea-$hooks-$version.tar.gz.sha1.asc kea-$hooks-$version.tar.gz.sha256.asc kea-$hooks-$version.tar.gz.sha512.asc;  do \
  curl -O https://dl.cloudsmith.io/<your-customer-token-here>/isc/kea-2-1-prv/raw/versions/$version/$file; \
done

and use a similar script to verify signatures:

version=2.1.7 hooks=premium; \
for i in .asc .sha1.asc .sha256.asc .sha512.asc; do \
  gpg --verify kea-$hooks-$version.tar.gz$i kea-$hooks-$version.tar.gz; \
done

Note that in the examples above you will need to replace kea-2-1 with the major version and 2.1.7 with the minor version (this is supported only for Kea 2.1.7 and later versions).

Kea Installation

After configuring the repositories on a host machine, the Kea packages can be installed. As there are several packages, we can choose to install only the parts of Kea that are required. The dependencies between packages are set up so any dependent packages will be pulled in as well.

The following command installs the base Kea software for DHCPv4.

Deb version:

apt install isc-kea-dhcp4-server

RPM version:

yum install isc-kea

With the RPMs, DHCPv4 and DHCPv6 are put into one package, whereas with debs there are two separate packages.

The following command installs the Kea hooks.

RPM version:

yum install isc-kea-hooks

With the RPMs, all hooks are put into one package, while debs hooks libraries are included in the base package (isc-kea-common) which is always installed.

The following command installs a particular Kea premium hooks library.

Deb version:

apt install isc-kea-premium-flex-id

RPM version:

yum install isc-kea-premium-flex-id

So now Kea is installed and can be configured; the configuration files are located in the /etc/kea/ folder.

Packages do not include Kea-ctrl

The Kea Control Agent is not included in these packages because it is assumed the user would use systemd instead to start and stop Kea.

To start, stop, or restart Kea daemons, systemctl should be used.

Deb version:

systemctl enable isc-kea-dhcp4-server
systemctl start isc-kea-dhcp4-server
systemctl stop isc-kea-dhcp4-server

RPM version:

systemctl enable kea-dhcp4-server
systemctl start kea-dhcp4-server
systemctl stop kea-dhcp4-server

There is a difference between deb and RPMs: deb services have the isc- prefix.