Kea DHCP MySQL

時間 2019-11-11

標籤 kea dhcp mysql 欄目 MySQL 简体版

原文原文鏈接

1. 簡介

kea是下一代的dhcp技術，也是ISC開發的。它支持ipv4和ipv6的地址分配，而且還能夠支持動態dns更新。kea從2014年初開始研發，也算是比較新的技術了，而且如今也在更新中。php

kea

如今工做中遇到一些問題。新到貨的服務器要配置帶外ip，以前使用老的DHCP方法根據mac地址綁定IP，可是這樣作總感受不太好。
第1、每一個機房都有一個配置文件，管理起來不方便；
第2、當我須要查詢綁定的結果時，查詢起來也不方便；
第3、配置文件畢竟是文件格式，安全性不太好保障。
由於遇到了上面的種種問題，我就想，有沒有什麼方法能夠把mac與ip的記錄放到數據庫中。這樣更安全可靠好管理，而後在凱哥的指點下，學會了kea這個dhcp服務。
感受很是好，惟一不足的就是有些很實用的功能須要花錢購買，還貴，仍是dollar。html

1.1 支持的平臺

根據官方的說法，他支持的平臺比較多，例如Red Hat Enterprise Linux, CentOS, Fedora 和 FreeBSD等。如今比較新的Kea版本是Kea 1.4.0 。在不少系統上測試都沒問題。而且centos上安裝epel源，能夠直接yum安裝kea（yum install kea），只不過版本比較低。mysql

2. 安裝

這裏的安裝過程，我就按照個人方法來說了，有興趣多瞭解的同窗能夠去官網查看。linux

2.1 安裝數據庫

[root@test01 ~]# cat /etc/centos-release CentOS Linux release 7.4.1708 (Core) [root@test01 ~]# yum install mariadb mariadb-server -y [root@test01 ~]# systemctl start mariadb.service [root@test01 ~]# systemctl enable mariadb.service Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. [root@test01 ~]# mysql_secure_installation

2.2 安裝必要的依賴

[root@test01 ~]# yum install gcc gcc-c++ openssl-devel mariadb-devel libtool automake autoconf -y

2.3 編譯安裝必要的依賴

安裝Boost C++庫，要求版本在1.57以上，否則可能工做的不太好。
這個安裝可能比較慢，要有耐心。sql

[root@test01 ~]# wget https://dl.bintray.com/boostorg/release/1.65.1/source/boost_1_65_1.tar.gz [root@test01 ~]# tar -zxvf boost_1_65_1.tar.gz [root@test01 ~]# cd boost_1_65_1/ [root@test01 boost_1_65_1]# ./bootstrap.sh [root@test01 boost_1_65_1]# ./b2 install

安裝log4cplus，要求版本在1.0.3以上。shell

[root@test01 ~]# wget https://jaist.dl.sourceforge.net/project/log4cplus/log4cplus-stable/2.0.1/log4cplus-2.0.1.tar.gz [root@test01 ~]# tar -zxvf log4cplus-2.0.1.tar.gz [root@test01 ~]# cd log4cplus-2.0.1/ [root@test01 log4cplus-2.0.1]# ./configure [root@test01 log4cplus-2.0.1]# make [root@test01 log4cplus-2.0.1]# make install

2.4 安裝kea

這裏也很是慢，要有耐心。數據庫

[root@test01 ~]# wget http://ftp.isc.org/isc/kea/1.4.0/kea-1.4.0.tar.gz [root@test01 ~]# tar -zxvf kea-1.4.0.tar.gz [root@test01 ~]# cd kea-1.4.0/ [root@test01 kea-1.4.0]# ./configure --with-mysql [root@test01 kea-1.4.0]# make [root@test01 kea-1.4.0]# make install

3. 配置

3.1 簡單的配置驗證

初始化數據庫json

[root@test01 kea-1.4.0]# mysql -u root -p Enter password: ... MariaDB [(none)]> CREATE DATABASE kea; Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> CREATE USER 'kea'@'%' IDENTIFIED BY 'kea'; Query OK, 0 rows affected (0.02 sec) MariaDB [(none)]> GRANT ALL ON kea.* TO 'kea'@'%'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> quit Bye [root@test01 kea-1.4.0]# kea-admin lease-init mysql -u kea -p kea -n kea Checking if there is a database initialized already. Please ignore errors. Initializing database using script /usr/local/share/kea/scripts/mysql/dhcpdb_create.mysql mysql returned status code 0 Lease DB version reported after initialization: 6.0

由於個人測試環境沒有ipv6，因此去掉ipv6服務的啓動。bootstrap

[root@test01 ~]# cd /usr/local/etc/kea/ [root@test01 kea]# vim keactrl.conf dhcp6=no

配置dhcpv4的網絡端口。vim

[root@test01 kea]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:9b:7b:dc brd ff:ff:ff:ff:ff:ff inet 192.168.1.30/24 brd 192.168.1.255 scope global ens33 valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:9b:7b:e6 brd ff:ff:ff:ff:ff:ff inet 192.168.212.1/24 brd 192.168.212.255 scope global ens37 valid_lft forever preferred_lft forever [root@test01 kea]# vim kea-dhcp4.conf "interfaces-config": { "interfaces": ["ens37"] },

配置IP地址段

[root@test01 kea]# vim kea-dhcp4.conf "subnet4": [ { "subnet": "192.168.212.0/24", "pools": [ { "pool": "192.168.212.100 - 192.168.212.200" } ], "option-data": [ { "name": "routers", "data": "192.168.212.201" } ] } ]

啓動kea服務並測試

[root@test01 kea]# keactrl start
INFO/keactrl: Starting /usr/local/sbin/kea-dhcp4 -c /usr/local/etc/kea/kea-dhcp4.conf
INFO/keactrl: kea-ctrl-agent appears to be running, see: PID 97955, PID file: /usr/local/var/kea/kea-ctrl-agent.kea-ctrl-agent.pid.
[root@test01 kea]# keactrl status
DHCPv4 server: active
DHCPv6 server: inactive
DHCP DDNS: inactive
Control Agent: active
Kea DHCPv4 configuration file: /usr/local/etc/kea/kea-dhcp4.conf
Kea DHCPv6 configuration file: /usr/local/etc/kea/kea-dhcp6.conf
Kea DHCP DDNS configuration file: /usr/local/etc/kea/kea-dhcp-ddns.conf
Kea Control Agent configuration file: /usr/local/etc/kea/kea-ctrl-agent.conf
keactrl configuration file: /usr/local/etc/kea/keactrl.conf

客戶端進行測試

[root@test01 ~]# dhclient -v ens33 Internet Systems Consortium DHCP Client 4.2.5 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/ens33/00:0c:29:f9:21:91 Sending on LPF/ens33/00:0c:29:f9:21:91 Sending on Socket/fallback DHCPDISCOVER on ens33 to 255.255.255.255 port 67 interval 6 (xid=0x62beba25) DHCPREQUEST on ens33 to 255.255.255.255 port 67 (xid=0x62beba25) DHCPOFFER from 192.168.212.1 DHCPACK from 192.168.212.1 (xid=0x62beba25) bound to 192.168.212.100 -- renewal in 877 seconds. [root@test01 ~]# ip r default via 192.168.212.201 dev ens33 192.168.128.0/24 dev ens37 proto kernel scope link src 192.168.128.128 192.168.212.0/24 dev ens33 proto kernel scope link src 192.168.212.100 [root@test01 ~]#

查看kea的日誌

[root@test01 kea]# tail -n2 /usr/local/var/log/kea-dhcp4.log 2018-07-07 00:37:53.599 INFO [kea-dhcp4.leases/97980] DHCP4_LEASE_ADVERT [hwtype=1 00:0c:29:f9:21:91], cid=[no info], tid=0x25babe62: lease 192.168.212.100 will be advertised 2018-07-07 00:37:53.600 INFO [kea-dhcp4.leases/97980] DHCP4_LEASE_ALLOC [hwtype=1 00:0c:29:f9:21:91], cid=[no info], tid=0x25babe62: lease 192.168.212.100 has been allocated

至此，基本的功能已經完成

3.2 數據庫綁定ip

配置數據庫的鏈接地址

[root@test01 kea]# pwd /usr/local/etc/kea [root@test01 kea]# vim kea-dhcp4.conf "hosts-database": { "type": "mysql", "name": "kea", "user": "kea", "password": "kea", "host": "192.168.1.30", "port": 3306 },

將mac和ip綁定的配置插到數據庫中

[root@test01 kea]# cat mac_ip.sql START TRANSACTION; ---要分配的IP地址 SET @ipv4_reservation='192.168.212.99'; ---要分配的主機名，有這個功能可是不多用 SET @hostname = 'myhost.example.org'; ---綁定的類型，通常狀況是hw-address，表明mac地址 SET @identifier_type='hw-address'; ---客戶端的mac地址 SET @identifier_value='00:0C:29:F9:21:91'; ---網絡id，這個能夠本身定義 SET @dhcp4_subnet_id=1; ---PXE啓動的時候配置的nextserver，通常不在這裏配，可是也能夠指定 SET @next_server='192.168.212.1'; ---nextserver的主機名 SET @server_hostname='server-name.example.org'; ---PXE啓動的文件，通常是pxelinux.0；若是是efi啓動模式的話，文件不同 SET @boot_file_name='bootfile.efi'; INSERT INTO hosts (dhcp_identifier, dhcp_identifier_type, dhcp4_subnet_id, ipv4_address, hostname, dhcp4_next_server, dhcp4_server_hostname, dhcp4_boot_file_name) VALUES (UNHEX(REPLACE(@identifier_value, ':', '')), (SELECT type FROM host_identifier_type WHERE name=@identifier_type), @dhcp4_subnet_id, INET_ATON(@ipv4_reservation), @hostname, INET_ATON(@next_server), @server_hostname, @boot_file_name); COMMIT;

[root@test01 kea]# mysql -u kea -h 192.168.212.1 -p Enter password: MariaDB [(none)]> use kea; MariaDB [kea]> source mac_ip.sql; MariaDB [kea]> SELECT -> HEX(h.dhcp_identifier) AS dhcp_identifier, -> i.name AS dhcp_identifier_name, -> h.dhcp4_subnet_id AS dhcp4_subnet_id, -> INET_NTOA(h.ipv4_address) AS ipv4_address, -> h.hostname AS hostname -> FROM -> hosts AS h -> INNER JOIN -> host_identifier_type AS i ON h.dhcp_identifier_type = i.type; +-----------------+----------------------+-----------------+----------------+--------------------+ | dhcp_identifier | dhcp_identifier_name | dhcp4_subnet_id | ipv4_address | hostname | +-----------------+----------------------+-----------------+----------------+--------------------+ | 000C29F92191 | hw-address | 1 | 192.168.212.99 | myhost.example.org | +-----------------+----------------------+-----------------+----------------+--------------------+ 1 row in set (0.00 sec) MariaDB [kea]> exit Bye [root@test01 kea]# cd [root@test01 ~]# keactrl reload INFO/keactrl: Reloading kea-dhcp4... INFO/keactrl: kea-dhcp6 isn't running. INFO/keactrl: kea-dhcp-ddns isn't running. INFO/keactrl: Reloading kea-ctrl-agent...

測試成功

[root@test01 ~]# ip r default via 192.168.212.201 dev ens33 192.168.128.0/24 dev ens37 proto kernel scope link src 192.168.128.128 192.168.212.0/24 dev ens33 proto kernel scope link src 192.168.212.100 [root@test01 ~]# [root@test01 ~]# [root@test01 ~]# dhclient -r ens33 [root@test01 ~]# ip r 192.168.128.0/24 dev ens37 proto kernel scope link src 192.168.128.128 [root@test01 ~]# dhclient -v ens33 Internet Systems Consortium DHCP Client 4.2.5 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/ens33/00:0c:29:f9:21:91 Sending on LPF/ens33/00:0c:29:f9:21:91 Sending on Socket/fallback DHCPDISCOVER on ens33 to 255.255.255.255 port 67 interval 6 (xid=0x514a221b) DHCPREQUEST on ens33 to 255.255.255.255 port 67 (xid=0x514a221b) DHCPOFFER from 192.168.212.1 DHCPACK from 192.168.212.1 (xid=0x514a221b) bound to 192.168.212.99 -- renewal in 703 seconds. [root@test01 ~]# ip r default via 192.168.212.201 dev ens33 192.168.128.0/24 dev ens37 proto kernel scope link src 192.168.128.128 192.168.212.0/24 dev ens33 proto kernel scope link src 192.168.212.99 [root@test01 ~]#

至此，數據裏面加入mac和ip的綁定已經成功了

3.3 PXE啓動配置

環境測試。
以前上面加入數據庫的有next-server，因此給服務器pxe啓動的時候能夠看到這麼一步：

好！接下來咱們配置pxe啓動！
首先搭建PXE環境，我上一篇文章有介紹ipxe。
搭建tftp服務。

[root@test01 ~]# yum install tftp tftp-server xinetd [root@test01 ~]# cat /etc/xinetd.d/tftp service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /var/lib/tftpboot disable = no per_source = 11 cps = 100 2 flags = IPv4 } [root@test01 ~]# cd /var/lib/tftpboot/ [root@test01 tftpboot]# wget http://boot.ipxe.org/ipxe.efi [root@test01 tftpboot]# wget http://boot.ipxe.org/undionly.kpxe [root@test01 tftpboot]# systemctl enable xinetd [root@test01 tftpboot]# systemctl restart xinetd [root@test01 ~]# cd /tmp/ [root@test01 tmp]# tftp (to) 192.168.212.1 tftp> get undionly.kpxe tftp> quit [root@test01 tmp]# md5sum undionly.kpxe 758e2d856b69a94fb52cf0b1acc091c1 undionly.kpxe [root@test01 tmp]# md5sum /var/lib/tftpboot/undionly.kpxe 758e2d856b69a94fb52cf0b1acc091c1 /var/lib/tftpboot/undionly.kpxe

搭建http服務。

[root@test01 ~]# yum install httpd [root@test01 ~]# vim /etc/httpd/conf/httpd.conf ServerAdmin root@192.168.212.1 [root@test01 ~]# systemctl enable httpd.service [root@test01 ~]# systemctl start httpd.service [root@test01 ~]# cat /var/www/html/boot/boot_menu.php #!ipxe kernel http://192.168.212.1/boot/vmlinuz initrd=initrd.img initrd http://192.168.212.1/boot/initrd.img boot [root@test01 ~]# cd /var/www/html/boot/ [root@test01 boot]# wget http://mirrors.163.com/centos/6.10/isos/x86_64/CentOS-6.10-x86_64-netinstall.iso [root@test01 boot]# mount -o loop ./CentOS-6.10-x86_64-netinstall.iso /mnt/ [root@test01 boot]# cd /mnt/isolinux/ [root@test01 isolinux]# cp vmlinuz /var/www/html/boot/ [root@test01 isolinux]# cp initrd.img /var/www/html/boot/ [root@test01 isolinux]# cd /var/www/html/boot/ [root@test01 boot]# umount /mnt/ [root@test01 boot]# mv CentOS-6.10-x86_64-netinstall.iso /tmp/ [root@test01 ~]# curl http://192.168.212.1/boot/boot_menu.php #!ipxe kernel http://192.168.212.1/boot/vmlinuz initrd=initrd.img initrd http://192.168.212.1/boot/initrd.img boot [root@test01 ~]#

刪除以前的記錄。
環境搭建好了，理論上沒問題了，刪掉以前hosts記錄。使用sql語句：

DELETE FROM `kea`.`hosts` WHERE `host_id`=1;

配置kea-dhcp4文件。
讓咱們來指定next-server和filename。默認咱們指定的是undionly.kpxe，若是在client-classes中匹配到其它的，那麼優先client-classes裏的。這個我以前的ipxe文章中介紹過

"client-classes": [ { "name": "XClient_iPXE", "test": "substring(option[77].hex,0,4) == 'iPXE'", "boot-file-name": "http://192.168.212.1/boot/boot_menu.php" }, { "name": "HTTPClient", "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00010'", "boot-file-name": "http://192.168.212.1/boot/boot_menu.php" }, { "name": "UEFI-32-1", "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00006'", "boot-file-name": "ipxe/i386/ipxe.efi" }, { "name": "UEFI-32-2", "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00002'", "boot-file-name": "ipxe/i386/ipxe.efi" }, { "name": "UEFI-64-1", "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007'", "boot-file-name": "ipxe.efi" }, { "name": "UEFI-64-2", "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00008'", "boot-file-name": "ipxe.efi" }, { "name": "UEFI-64-3", "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'", "boot-file-name": "ipxe.efi" } // { // "name": "Legacy-1", // "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'", // "boot-file-name": "undionly.kpxe" // } ], "next-server": "192.168.212.1", "boot-file-name": "undionly.kpxe", "subnet4": [ { "subnet": "192.168.212.0/24", "pools": [ { "pool": "192.168.212.100 - 192.168.212.200" } ], "option-data": [ { "name": "routers", "data": "192.168.212.1" }] } ]

注：若是測試不成功，能夠把配置文件中的註釋和一些無關的配置刪掉。這樣文檔看起來更清晰，固然這可能會讓你不清楚每段配置的含義，不要緊，你能夠參考/usr/local/share/doc/kea/kea-guide.txt或是官方文檔。

最後測試並驗證。

這個畫面很差捕捉，爲了好看咱們能夠作一個ipxe的界面。
修改啓動文件，製做界面

[root@test01 boot]# cat /var/www/html/boot/boot_menu.php #!ipxe set menu-timeout 5000 set menu-default PXE isset ${ip} || dhcp isset ${next-server} || set next-server 192.168.212.1 :start menu iPXE Boot Menu item --gap -- -------------------------------- TOOL -------------------------------- item PXE PXE Tool item --gap -- ---------------------------- Advanced options ----------------------- item --key c config Configure settings -- c item shell Drop to iPXE shell item Local Boot from local drive 0x80 item reboot Reboot computer item --key x exit Exit iPXE and continue BIOS boot -- x choose --timeout ${menu-timeout} --default ${menu-default} selected imgfree goto ${selected} :shell echo Type 'exit' to get the back to the menu shell goto start :failed echo Booting failed, dropping to shell goto shell :Local sanboot --no-describe --drive 0x80 goto failed :reboot reboot :exit exit :config config goto start :PXE kernel http://${next-server}/boot/vmlinuz initrd=initrd.img initrd http://${next-server}/boot/initrd.img || goto failed boot || goto failed goto start

重啓獲得以下界面。

3.4 API接口配置

Kea Control Agent是一個守護進程，它用來提供一個管理kea服務的接口。經過http請求傳過來的參數，對kea服務進行操做管理，十分的方便。下面咱們作一下基本的配置，並驗證

[root@test01 kea]# pwd /usr/local/etc/kea [root@test01 kea]# vim kea-ctrl-agent.conf { "Control-agent": { "http-host": "192.168.1.30", "http-port": 8080, "control-sockets": { "dhcp4": { "comment": "main server", "socket-type": "unix", "socket-name": "/path/to/the/unix/socket-v4" }, "dhcp6": { "socket-type": "unix", "socket-name": "/path/to/the/unix/socket-v4", "user-context": { "version": 3 } } }, "hooks-libraries": [ { "library": "/opt/local/control-agent-commands.so", "parameters": { "param1": "foo" } } ] }, "Logging": { "loggers": [ { "name": "kea-ctrl-agent", "severity": "INFO" } ] } } [root@test01 kea]# vim kea-dhcp4.conf "Dhcp4": { "control-socket": { "socket-type": "unix", "socket-name": "/tmp/kea-dhcp4-ctrl.sock" },

測試

[root@test01 kea]# curl -X POST -H "Content-Type: application/json" -d '{ "command": "config-get" }' http://192.168.1.30:8080/ [ { "arguments": { "Control-agent": { "control-sockets": { "dhcp4": { "socket-name": "/tmp/kea-dhcp4-ctrl.sock", "socket-type": "unix" }, "dhcp6": { "socket-name": "/tmp/kea-dhcp6-ctrl.sock", "socket-type": "unix" } }, "hooks-libraries": [ ], "http-host": "192.168.1.30", "http-port": 8080 } }, "result": 0 } ] [root@test01 kea]#

3.5 更高級的功能知曉

1.mac地址和ip綁定的接口。
配置鉤子：

"Dhcp6": { 
    "hooks-libraries": [
        {
            "library": "/path/libdhcp_host_cmds.so"
        }
        ...
    ] 
}

使用方法：

curl -X POST -H "Content-Type: application/json" -d ' { "command": "reservation-add", "arguments": { "reservation": { "subnet-id": 1, "hw-address": "1a:1b:1c:1d:1e:1f", "ip-address": "192.0.2.202" } } ' http://192.168.1.30:8080/ }