On Mon, Apr 3, 2023, at 03:12, Kraishak Mahtha wrote:
> Hi,
>
> While I am checking for the failover section in the kea guide under the
> section
>
> https://kea.readthedocs.io/en/kea-2.2.0/arm/hooks.html?highlight=trust-anchor#https-support
> it says
>
> The three parameters must be either all not specified (HTTPS disabled) or all
> specified (HTTPS enabled)
> --> I tried the case with empty files
> Tried empty values for the fields trust-anchor,cert-file,key-file in
> kea-dhcpd.conf in both primary and secondary but It didn't work then later I
> made empty the fields also in kea-ctrl-agent.conf but still didn't work,
> tried setting the param value require-client-certs and cert-required to false
> but still didn't work
> Again When I replaced it with a certificate file it worked, so I doubt if the
> certificates are mandatory for kea-HA(2.2.0) in the latest version.
'not specified' means 'not specified'; it doesn't mean 'specified but the file
is empty'. That isn't a valid configuration. Certificates are mandatory for TLS
support, and are not used at all if TLS support is not enabled.
>
> And also do we need to run the kea-control agent on both the primary and
> failover servers?
If the control agent is being used for HA support, it has to be running on
every server in the HA group (primary, secondary, and backup).
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users