Kea DHCP : コントロールエージェント2025/10/17

	Kea コントロールエージェントを起動すると、API 経由で Kea DHCP を操作することができます。
[1]	Kea コントロールエージェントを起動します。

dlp:~ #

vi /etc/kea/kea-dhcp4.conf

"Dhcp4": {
    // 以下 追記
    "control-socket": {
        "socket-type": "unix",
        "socket-name": "/var/run/kea/kea4-ctrl-socket"
    },
.....
.....

dlp:~ #

vi /etc/kea/kea-ctrl-agent.conf

    // 20行目 : リスンするアドレス
    "http-host": "127.0.0.1",

    // 27行目 : リスンするポート
    "http-port": 8000,

    // 39行目 : 認証の設定
    "authentication": {
        "type": "basic",
        "realm": "Kea Control Agent",
        "directory": "/etc/kea",
        "clients": [
            {
                "user": "kea-api",
                "password-file": "kea-api-password"
            }
        ]
    },

    // 69行目 : [kea-dhcp4.conf] に設定したソケットファイルと合わせる
    "control-sockets": {
        "dhcp4": {
            "socket-type": "unix",
            "socket-name": "/var/run/kea/kea4-ctrl-socket"
        },

dlp:~ #

echo -n password > /etc/kea/kea-api-password

dlp:~ #

chown root:keadhcp /etc/kea/kea-api-password

dlp:~ #

chmod 640 /etc/kea/kea-api-password

dlp:~ #

systemctl reload kea-dhcp4

dlp:~ #

systemctl enable --now kea-ctrl-agent

[2]	Firewalld 稼働中且つ他ホストからもアクセスする場合はサービスポートの許可が必要です。

dlp:~ #

firewall-cmd --add-port=8000/tcp

success
dlp:~ #

firewall-cmd --runtime-to-permanent

success

[3]	API 経由でのコマンド投入例です。

dlp:~ #

curl -u kea-api -s -H "Content-Type: application/json" -d '{"command": "list-commands", "service": ["dhcp4"]}' localhost:8000 | jq

Enter host password for user 'kea-api':   # 設定した管理パスワードで応答
[
  {
    "arguments": [
      "build-report",
      "config-backend-pull",
      "config-get",
      "config-hash-get",
      "config-reload",
      "config-set",
      "config-test",
      "config-write",
      "dhcp-disable",
      "dhcp-enable",
      "leases-reclaim",
      "list-commands",
      "server-tag-get",
      "shutdown",
      "statistic-get",
      "statistic-get-all",
      "statistic-remove",
      "statistic-remove-all",
      "statistic-reset",
      "statistic-reset-all",
      "statistic-sample-age-set",
      "statistic-sample-age-set-all",
      "statistic-sample-count-set",
      "statistic-sample-count-set-all",
      "status-get",
      "subnet4-select-test",
      "subnet4o6-select-test",
      "version-get"
    ],
    "result": 0
  }
]

dlp:~ #

curl -u kea-api -s -H "Content-Type: application/json" -d '{"command": "config-get", "service": ["dhcp4"]}' localhost:8000 | jq

Enter host password for user 'kea-api':
[
  {
    "arguments": {
      "Dhcp4": {
        "allocator": "iterative",
        "authoritative": false,
        "boot-file-name": "",
        "cache-threshold": 0.25,
        "calculate-tee-times": false,
        "control-sockets": [
          {
            "socket-name": "/var/run/kea/kea4-ctrl-socket",
            "socket-type": "unix"
          }
        ],
.....
.....

dlp:~ #

curl -u kea-api -s -H "Content-Type: application/json" -d '{"command": "statistic-get-all", "service": ["dhcp4"]}' localhost:8000 | jq

Enter host password for user 'kea-api':
[
  {
    "arguments": {
      "cumulative-assigned-addresses": [
        [
          0,
          "2025-10-17 14:55:19.354433"
        ]
      ],
      "declined-addresses": [
        [
          0,
          "2025-10-17 14:55:19.354430"
        ]
      ],
      "pkt4-ack-received": [
        [
          0,
          "2025-10-17 14:55:19.327637"
        ]
      ],
.....
.....