-
Print
-
DarkLight
-
PDF
Using Official ISC Packages for Kea
Overview
ISC offers binary packages of Kea DHCP for our users and customers, hosted on Cloudsmith. They are provided along with the source code tarballs for every release.
The open source packages contain the base Kea software and the following hook libraries:
- BOOTP
- Flexible Option
- High Availability
- Lease Commands
- MySQL Configuration Backend
- PostgreSQL Configuration Backend
- Run Script
- Statistics Commands
For a full list of hooks provided by the latest development release, please refer to the list of Available Hook Libraries in the Administrator Reference Manual (ARM). Other hooks are provided under a commercial license, in separate private repositories (see below).
Why Use ISC's Kea Packages?
ISC's Kea packages let you:
- Update quickly and efficiently directly from our repository, in one step, and skip the added step of downloading and building binaries locally;
- Get all the latest bug fixes and features immediately, without waiting for your OS distribution to pick up the changes and release them. We provide binary packages along with sources at the time of each release (sometimes the binaries are posted a few hours later, but generally the same day).
Supported Operating Systems
ISC has created packages for what we think are the most popular operating systems for production DHCP servers. If your preferred operating system is not packaged, you can still build from our published sources.
We provide the following types of packages:
- RPM for RHEL, CentOS, Fedora
- deb for Debian and Ubuntu
- apk for Alpine
- Docker images (introduced with Kea 2.4.0)
Please note that we only provide packages for currently supported versions of an operating system. When we release each new version of Kea, we evaluate the OSes we support. We add packages for newly released operating system versions as we are able to, and remove packages for operating system versions and Kea versions that become end-of-life.
A current list of supported systems and their versions can be found in the Kea documentation.)
ISC-Provided Kea Packages
ISC provides packages for the open source components, as well as the premium, subscriber-only, and enterprise hooks packages.
ISC Packages vs. OS Packages
Kea binaries are available in several packages. RHEL, CentOS, Fedora, Debian, Ubuntu, and Alpine all provide their own Kea packages, which may not be packaged the same way as the ISC-provided packages. To avoid confusing ISC packages with those from other distributors (with the exception of FreeRADIUS packages prior to Kea 2.5.4), all ISC packages start with the isc-kea-
prefix.
Open Source Package Names
These are the names of the open source packages for all supported systems:
Open Source Packages |
Comment |
---|---|
isc-kea |
ISC Kea metapackage (installs everything) |
isc-kea-ctrl-agent |
Kea control socket REST API server |
isc-kea-dhcp-ddns |
Kea DHCP DDNS server |
isc-kea-dhcp4-server or isc-kea-dhcp4 for Alpine |
Kea DHCPv4 server |
isc-kea-dhcp6-server or isc-kea-dhcp6 for Alpine |
Kea DHCPv6 server |
isc-kea-hooks |
Open source hooks package for Kea |
isc-kea-common |
Common libraries and files needed by Kea |
isc-kea-admin |
Kea database administration utilities |
isc-kea-perfdhcp |
DHCP benchmarking tool from ISC |
isc-kea-hooks |
Open source hooks package for Kea |
isc-kea-doc |
Documentation for Kea |
isc-kea-dev or isc-kea-devel for RPM |
Development headers for Kea |
The package names listed above are in use since Kea 2.3.2. For upgrade guidance from a prior version, please refer to the following KB article: Upgrading Beyond Kea 2.3.2.
Commercially Licensed Package Names
ISC Premium package purchasers and support subscribers are entitled to additional hooks not included in the open source. The commercially licensed hooks are distributed in three bundles:
- a bundle for online purchasers of hooks, without ISC support, called Premium;
- a bundle for ISC support customers, called Subscription;
- and one additional hook offered to support customers at the highest SLA level, called Enterprise
Commercially Licensed Hook Packages |
Hook name | Bundle |
---|---|---|
isc-kea-premium-class-cmds |
Classification Commands hook library | Subscriber |
isc-kea-premium-cb-cmds |
Config Backend Commands hook library | Subscriber |
isc-kea-premium-ddns-tuning |
DDNS Tuning hook library | Premium |
isc-kea-premium-flex-id |
Flexible Identifier hook library | Premium |
isc-kea-premium-forensic-log |
Forensic Logging hook library | Premium |
isc-kea-premium-gss-tsig |
GSS-TSIG hook library | Subscriber |
isc-kea-premium-host-cache |
Host Cache hook library | Subscriber |
isc-kea-premium-host-cmds |
Host Commands hook library | Premium |
isc-kea-premium-lease-query |
Leasequery hook library | Subscriber |
isc-kea-premium-limits |
Limits hook library | Subscriber |
isc-kea-premium-radius |
RADIUS hook library | Subscriber |
isc-kea-premium-rbac |
Role-Based Access Control hook library | Enterprise |
isc-kea-premium-subnet-cmds |
Subnet Commands hook library | Subscriber |
For more information about obtaining the subscription and enterprise Kea hook libraries, please contact us at https://www.isc.org/contact. All of the Kea hook libraries are described fully in the Kea ARM.
The names of the FreeRADIUS packages are different on each system, but they do not need to be installed explicitly. They are installed automatically by the packages that require them.
FreeRADIUS Packages |
Comment |
---|---|
freeradius-client |
deb FreeRADIUS client library |
freeradius-client-devel |
deb FreeRADIUS development files |
libfreeradius-client |
RPM FreeRADIUS client library |
libfreeradius-client-dev |
RPM FreeRADIUS development files |
Using the Cloudsmith Repositories
All ISC binary packages for Kea are contained in our repositories on Cloudsmith. Note that the source tarballs are also available alongside the binary packages for Kea 2.2.0 and later versions. We have both open source repositories, which are available to anyone, and private repositories for ISC customers, which require a security token to access.
Open Source Repositories
Packages can be downloaded from our public Cloudsmith repository by following these directions. These instructions are for Kea 2.4, but they can be easily customized for other versions by changing kea-2-4
in the commands to kea-2-2
, etc., as appropriate. If the repositories are configured manually, the 0D9D9A1439E23DB9
part of the GPG key file also needs to be replaced. The current open source repositories on Cloudsmith are:
Repository Name | Comments |
---|---|
kea-1-6 |
EOL stable branch |
kea-1-8 |
EOL stable branch |
kea-2-0 |
EOL stable branch |
kea-2-2 |
old stable branch |
kea-2-4 |
current stable branch |
kea-2-5 |
current development branch |
keama |
migration tool for ISC DHCP migration to Kea |
stork |
GUI management tool for Kea |
docker |
repo for Docker images of open source |
Setting Up Repos on Debian
To install packages, you can quickly setup the repository automatically (recommended):
curl -1sLf \
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' \
| sudo -E bash
If you need to force a specific distribution/release, you can also do that (e.g. if your system is compatible but not identical):
curl -1sLf \
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' \
| sudo -E distro=some-distro codename=some-codename arch=some-arch bash
or you can manually configure it yourself before installing packages:
apt-get install -y debian-keyring # debian only
apt-get install -y debian-archive-keyring # debian only
apt-get install -y apt-transport-https
# For Debian Stretch, Ubuntu 16.04 and later
keyring_location=/usr/share/keyrings/isc-kea-2-4-archive-keyring.gpg
# For Debian Jessie, Ubuntu 15.10 and earlier
keyring_location=/etc/apt/trusted.gpg.d/isc-kea-2-4.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/gpg.0D9D9A1439E23DB9.key' | gpg --dearmor > ${keyring_location}
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/config.deb.txt?distro=debian&codename=bookworm' > /etc/apt/sources.list.d/isc-kea-2-4.list
apt-get update
Note: Please replace debian
and bookworm
(in distro=debian&codename=bookworm
above) with your actual operating system, distribution, and distribution version.
You can remove the repository with:
rm /etc/apt/sources.list.d/isc-kea-2-4.list
apt-get clean
rm -rf /var/lib/apt/lists/*
apt-get update
Setting Up Repos on Fedora/CentOS/RHEL
To install RPM packages, you can quickly setup the repository automatically (recommended):
curl -1sLf \
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.rpm.sh' \
| sudo -E bash
If you need to force a specific distribution/release, you can also do that (e.g. if your system is compatible but not identical):
curl -1sLf \
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.rpm.sh' \
| sudo -E distro=some-distro codename=some-codename arch=some-arch bash
or you can manually configure it yourself before installing packages:
yum install yum-utils pygpgme
rpm --import 'https://dl.cloudsmith.io/public/isc/kea-2-4/cfg/gpg/gpg.0D9D9A1439E23DB9.key'
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/config.rpm.txt?distro=el&codename=9' > /tmp/isc-kea-2-4.repo
yum-config-manager --add-repo '/tmp/isc-kea-2-4.repo'
yum -q makecache -y --disablerepo='*' --enablerepo='isc-kea-2-4'
Note: Please replace el
and 9
(in distro=el&codename=9
above) with your actual distribution/version, and use wildcards when enabling multiple repos.
You can remove the repository with:
rm /etc/yum.repos.d/isc-kea-2-4.repo
rm /etc/yum.repos.d/isc-kea-2-4-source.repo
Setting Up Repos on Alpine
To install packages, you can quickly setup the repository automatically (recommended):
sudo apk add --no-cache bash
curl -1sLf \
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.alpine.sh' \
| sudo -E bash
If you need to force a specific distribution/release, you can also do that (e.g. if your system is compatible but not identical):
sudo apk add --no-cache bash
curl -1sLf \
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.alpine.sh' \
| sudo -E distro=some-distro codename=some-codename arch=some-arch bash
or you can manually configure it yourself before installing packages:
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/rsa.0D9D9A1439E23DB9.key' > /etc/apk/keys/kea-2-4@isc-0D9D9A1439E23DB9.rsa.pub
curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/config.alpine.txt?distro=alpine&codename=v3.18' >> /etc/apk/repositories
apk update
Note: Please replace v3.18
above with your actual distribution version.
You can remove the repository entries with:
$EDITOR /etc/apk/repositories
Remove the /alpine/v3.18/main
line, save then execute:
rm -f /etc/apk/keys/kea-2-4@isc-0D9D9A1439E23DB9.rsa.pub
apk update
Premium Repositories for Commercially Licensed Hooks
Organizations with access to the private repositories (designated with a -prv
suffix in the repository name) should use those locations to retrieve their software; the -prv
repositories contain extra software not included in the open source. These repositories are also updated in case of a security vulnerability, prior to publication of that vulnerability.
These instructions provide information on accessing the private Cloudsmith repositories with a token, indicated with your_token_goes_here
in the commands. If you are an ISC Kea support customer and need a token, please log into our support portal to obtain yours. If you have purchased the Premium hooks bundle online, you should have received a token via email; if you have lost it, please send an email to info@isc.org to request your token.
The instructions are very similar to the ones for the open source repositories, given above. They can be easily customized by altering the URLs; the public
part should be replaced with the token and kea-2-4
with kea-2-4-prv
. For example:
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.rpm.sh'
should be changed to
'https://dl.cloudsmith.io/your_token_goes_here/isc/kea-2-4-prv/setup.rpm.sh'
Resulting in this command for .deb based systems:
curl -1sLf \
'https://dl.cloudsmith.io/your_token_goes_here/isc/kea-2-4-prv/setup.deb.sh' \
| sudo -E bash
For .rpm based systems:
curl -1sLf \
'https://dl.cloudsmith.io/your_token_goes_here/isc/kea-2-4-prv/setup.rpm.sh' \
| sudo -E bash
And for Alpine distributions:
sudo apk add --no-cache bash
curl -1sLf \
'https://dl.cloudsmith.io/your_token_goes_here/isc/kea-2-4-prv/setup.alpine.sh' \
| sudo -E bash
The current private repositories on Cloudsmith are:
Repository Name | Comments |
---|---|
kea-1-6-prv |
EOL stable branch |
kea-1-8-prv |
EOL stable branch |
kea-2-0-prv |
EOL stable branch |
kea-2-2-prv |
old stable branch |
kea-2-4-prv |
current stable branch |
kea-2-5-prv |
current development branch |
docker-prv |
premium docker images |
Premium Repositories for Web-Based Purchases
If you have purchased Premium hooks from ISC's website (without a support contract), you can access them through Cloudsmith. For more information, please consult the Premium Repositories for Commercially Licensed Hooks section. Please note that the Premium hook packages only contain the hooks listed as part of the Premium bundle in this table.
Premium hook purchasers can also download source tarballs through a private link from SendOwl, which is sent via email.
Source Tarballs in the Package Repository
These instructions are only included for the benefit of of users who are not running the software on an officially supported platform. You should only need to follow these instructions if you plan on installing Kea from source. More information on how to do this can be found on the Installation Page in the ARM.
Since Kea 2.2.0, source tarballs are available alongside the binary packages in the Cloudsmith repository. This is a particular convenience for our support subscribers, who can now use the same token to download the source that they have already been using to install the packages.
To download the source tarball and its signatures from Cloudsmith, use the following set of commands, replacing the version string with the current version you wish to download:
version=2.4.0; \
for file in kea-$version.tar.gz kea-$version.tar.gz.asc kea-$version.tar.gz.sha1.asc kea-$version.tar.gz.sha256.asc kea-$version.tar.gz.sha512.asc Kea-$version-ReleaseNotes.txt; do \
curl -O https://dl.cloudsmith.io/public/isc/kea-2-4/raw/versions/$version/$file; \
done
or just a single file:
curl -O https://dl.cloudsmith.io/public/isc/kea-2-4/raw/versions/2.4.0/kea-2.4.0.tar.gz
The tarballs (in contrast to the binary packages) have been signed using ISC's code signing key. To verify signatures, after importing the ISC key from https://www.isc.org/pgpkey/ please run this set of commands:
version=2.4.0; \
for i in .asc .sha1.asc .sha256.asc .sha512.asc; do \
gpg --verify kea-enterprise-$version.tar.gz$i kea-enterprise-$version.tar.gz; \
done
For ISC support subscribers, change to the -prv
repository and insert your token into the query. Change the keyword to specify which hooks to download. The possible values include premium
, subscription
, and enterprise
.
version=2.4.0 hooks=premium; \
for file in kea-$hooks-$version.tar.gz kea-$hooks-$version.tar.gz.asc kea-$hooks-$version.tar.gz.sha1.asc kea-$hooks-$version.tar.gz.sha256.asc kea-$hooks-$version.tar.gz.sha512.asc; do \
curl -O https://dl.cloudsmith.io/<your-customer-token-here>/isc/kea-2-4-prv/raw/versions/$version/$file; \
done
and use a similar script to verify signatures:
version=2.4.0 hooks=premium; \
for i in .asc .sha1.asc .sha256.asc .sha512.asc; do \
gpg --verify kea-$hooks-$version.tar.gz$i kea-$hooks-$version.tar.gz; \
done
Note that in the examples above you will need to replace kea-2-4
and 2.4.0
with the appropriate version that you are planning to use.
Accessing Cloudsmith From Behind a Proxy Server
It is a common scenario to use a forward proxy server as an internet access intermediary. It is possible to configure the proxy to limit access to permit installing Kea packages, without permitting any other traffic.
Assuming the proxy server listens on 192.0.2.1:3128
here is how it could be configured.
The first step involves fetching a script from Cloudsmith servers and running it. Since both the fetching itself of the script and the network activity inside the script are done with curl, we can make use of curl proxying capabilities.
Either set the HTTPS_PROXY
environment variable like this:
HTTPS_PROXY=192.0.2.1:3128 curl -1sLf \
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.alpine.sh' \
| sudo -E bash
or like this:
export HTTPS_PROXY=192.0.2.1:3128
curl -1sLf \
'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.alpine.sh' \
| sudo -E bash
Or configure it persistently in .curlrc
while being mindful that this affects all curl calls on the system:
echo 'proxy = 192.0.2.1:3128' >> ~/.curlrc
If you want package downloads to be proxied as well, it can be configured at the package manager level:
OS | Command |
---|---|
Debian-based | echo 'Acquire::https::Proxy "http://192.0.2.1:3128";' >> /etc/apt/apt.conf.d/proxy.conf |
RPM-based | echo 'proxy=http://192.0.2.1:3128;' >> /etc/dnf/dnf.conf |
Alpine | setup-proxy http://192.0.2.1:3128 |
Installing Kea Packages
After configuring the repositories on a host machine, the Kea packages can be installed. As there are several packages, you can choose to install only the parts of Kea that you require. The dependencies between packages are set up so any dependent packages will be pulled in as well.
The following examples will install the main Kea metapackage which depends on (and consequently installs) all of the components in the open source bundle.
Deb version:
apt install isc-kea
RPM version:
yum install isc-kea
Alpine version:
apk add isc-kea
If you would only like to install specific components, or subpackages, that is also possible. Please refer to the list of packages above to discover which specific packages you need.
Once Kea is installed, it can be configured; the configuration files are located in the /etc/kea/
folder.
Installing Premium Hooks
After setting up the Premium hooks repository, you should be able to install the Kea premium hooks with your platform's package manager.
The following command installs the Flexible Identifier Kea premium hook library; use the same command for other libraries, with the appropriate library name.
Deb version:
apt install isc-kea-premium-flex-id
RPM version:
yum install isc-kea-premium-flex-id
Alpine version:
apk add isc-kea-premium-flex-id
Please refer to the Premium Packages section above to discover names of other premium hooks which you may have access to.
Managing Kea Services
When using the ISC-provided packages, Kea services should be managed using the service manager of your OS.
keactrl
The keactrl
utility is not included in these packages because it is assumed the user will use the operating system's init system to start and stop Kea instead.
Service Names
RPM and Alpine Systems
Service Name | Description |
---|---|
kea-dhcp4 |
DHCPv4 Server |
kea-dhcp6 |
DHCPv6 Server |
kea-dhcp-ddns |
DHCP DDNS Server |
kea-ctrl-agent |
Kea Control Agent - REST API |
Debian Systems
Service Name | Description |
---|---|
isc-kea-dhcp4-server |
DHCPv4 Server |
isc-kea-dhcp6-server |
DHCPv6 Server |
isc-kea-dhcp-ddns-server |
DHCP DDNS Server |
isc-kea-ctrl-agent |
Kea Control Agent - REST API |
Service Management
To start, stop, or restart Kea daemons, systemctl
should be used on Debian/Ubuntu and RPM based systems, and OpenRC should be used on Alpine.
In the following examples, the kea-dhcp4
service is being enabled, started, and stopped. Adjust the commands to the service you wish to manage.
Deb version:
systemctl enable isc-kea-dhcp4-server
systemctl start isc-kea-dhcp4-server
systemctl stop isc-kea-dhcp4-server
RPM version:
systemctl enable kea-dhcp4
systemctl start kea-dhcp4
systemctl stop kea-dhcp4
Alpine version:
rc-update add kea-dhcp4
service kea-dhcp4 start
service kea-dhcp4 stop
Pulling and Using Dockers
Docker images available in the open source repository include:
- kea-dhcp4
- kea-dhcp6
- kea-dhcp-ddns
Pulling (downloading) an image from the Cloudsmith Docker registry can be done using the standard docker pull
command:
docker pull docker.cloudsmith.io/isc/docker/your-image:version
Note: You should replace your-image
with one of the image names (e.g. kea-dhcp4
), and version
with a Kea image name and version string (e.g. 2.5.3.
)
To refer to images after pulling in a Dockerfile, specify the following:
FROM docker.cloudsmith.io/isc/docker/your-image:version
Using the Docker
Using a Docker image for Kea DHCP is complicated! We strongly encourage you to read the README in the Docker repository.
Pulling and Using Premium Dockers
Docker images available in the private repository correspond to the three levels of commercially licensed software: Premium (typically purchased from the ISC website, Subscription (available to all ISC technical support subscribers), and Enterprise (available to ISC support subscribers at the highest levels).
- kea-dhcp4-enterprise
- kea-dhcp4-premium
- kea-dhcp4-subscription
- kea-dhcp6-enterprise
- kea-dhcp6-premium
- kea-dhcp6-subscription
- kea-dhcp-ddns-premium
- kea-dhcp-ddns-subscription
As this is a private registry, you'll need to authenticate to pull images, using the access token issued to you when you either purchased the Premium hooks package or subscribed for support from ISC. Put your own access token in when prompted for a password:
docker login docker.cloudsmith.io
Username: isc/docker-prv
Password: your_token_goes_here
Login Succeeded
Pulling (downloading) an image from the Cloudsmith Docker registry can be done using the standard docker pull command:
docker pull docker.cloudsmith.io/isc/docker-prv/your-image:version
Note: You should replace your-image
and version
in the above with a Kea image name, such as kea-dhcp4-premium
, and a version number, such as 2.5.3
.
To refer to images after pulling in a Dockerfile, specify the following:
FROM docker.cloudsmith.io/isc/docker-prv/your-image:version
Using the Docker
Using a Docker image for Kea DHCP is complicated! We strongly encourage you to read the README in the Docker repository.