Kea DHCP : コントロールエージェント2025/03/12

	Kea コントロールエージェントを起動すると、API 経由で Kea DHCP を操作することができます。
[1]	Kea コントロールエージェントを起動します。

[root@dlp ~]#

vi /etc/kea/kea-dhcp4.conf

"Dhcp4": {
    // 以下 追記
    "control-socket": {
        "socket-type": "unix",
        "socket-name": "/run/kea/kea4-ctrl-socket"
    },
.....
.....

[root@dlp ~]#

vi /etc/kea/kea-ctrl-agent.conf

    // 20行目 : リスンするアドレス
    "http-host": "127.0.0.1",

    // 27行目 : リスンするポート
    "http-port": 8000,

    // 以下 追記
    "authentication": {
        "type": "basic",
        "realm": "Kea Control Agent",
        "directory": "/etc/kea",
        "clients": [
            {
                "user": "kea-api",
                "password-file": "kea-api-password"
            }
        ]
    },

    // 45行目 : [kea-dhcp4.conf] に設定したソケットファイルと合わせる
    "control-sockets": {
        "dhcp4": {
            "socket-type": "unix",
            "socket-name": "/run/kea/kea4-ctrl-socket"
        },

[root@dlp ~]#

echo -n password > /etc/kea/kea-api-password

[root@dlp ~]#

chown root:kea /etc/kea/kea-api-password

[root@dlp ~]#

chmod 640 /etc/kea/kea-api-password

[root@dlp ~]#

systemctl reload kea-dhcp4

[root@dlp ~]#

systemctl enable --now kea-ctrl-agent

[2]	Firewalld 稼働中且つ他ホストからもアクセスする場合はサービスポートの許可が必要です。

[root@dlp ~]#

firewall-cmd --add-port=8000/tcp

success
[root@dlp ~]#

firewall-cmd --runtime-to-permanent

success

[3]	API 経由でのコマンド投入例です。

[root@dlp ~]#

curl -u kea-api -s -H "Content-Type: application/json" -d '{"command": "list-commands", "service": ["dhcp4"]}' localhost:8000 | jq

Enter host password for user 'kea-api':   # 設定した管理パスワードで応答
[
  {
    "arguments": [
      "build-report",
      "config-backend-pull",
      "config-get",
      "config-hash-get",
      "config-reload",
      "config-set",
      "config-test",
      "config-write",
      "dhcp-disable",
      "dhcp-enable",
      "leases-reclaim",
      "list-commands",
      "server-tag-get",
      "shutdown",
      "statistic-get",
      "statistic-get-all",
      "statistic-remove",
      "statistic-remove-all",
      "statistic-reset",
      "statistic-reset-all",
      "statistic-sample-age-set",
      "statistic-sample-age-set-all",
      "statistic-sample-count-set",
      "statistic-sample-count-set-all",
      "status-get",
      "version-get"
    ],
    "result": 0
  }
]

[root@dlp ~]#

curl -u kea-api -s -H "Content-Type: application/json" -d '{"command": "config-get", "service": ["dhcp4"]}' localhost:8000 | jq

Enter host password for user 'kea-api':
[
  {
    "arguments": {
      "Dhcp4": {
        "allocator": "iterative",
        "authoritative": false,
        "boot-file-name": "",
        "calculate-tee-times": false,
        "control-socket": {
          "socket-name": "/tmp/kea4-ctrl-socket",
          "socket-type": "unix"
        },
.....
.....

[root@dlp ~]#

curl -u kea-api -s -H "Content-Type: application/json" -d '{"command": "statistic-get-all", "service": ["dhcp4"]}' localhost:8000 | jq

Enter host password for user 'kea-api':
[
  {
    "arguments": {
      "cumulative-assigned-addresses": [
        [
          11,
          "2025-03-12 12:43:34.156426"
        ],
        [
          10,
          "2025-03-12 12:41:33.912558"
        ],
        [
          9,
          "2025-03-12 12:37:35.943072"
        ],
.....
.....