------------------------------------------------------------------- Wed Jul 6 13:57:08 UTC 2023 - Jorik Cronenberg - Add RuntimeDirectory to kea.service - Update to release 2.4.0 Breaking Changes: * Both MySQL and PostgreSQL database schemas were updated to accommodate upcoming Bulk Leasequery support in DHCPv6. Both schemas were also updated to use dedicated types for storing IPv6 addresses rather than using plain text fields. * Kea now operates in a safer manner and behaves in an RFC-conformant way in some corner cases where it previously sent invalid configuration. Nevertheless, you should review your configuration if you have unusual settings with scenarios where `preferred-lifetime` was greater than `valid-lifetime`. This affects DHCPv6 only. * The API `libreload` command is now deprecated. The command prints a deprecation warning, but otherwise functions normally. It will be removed in future releases. * Auto-generated subnet identifiers are now deprecated. They still work but will be removed in future releases. * The values accepted by recently introduced parameter `operation-target` used in `reservation-*` commands have been renamed. The "primary" was renamed to "memory", and the "alternate" was renamed to "database". Feature Changes: * Multi-threading is now enabled by default * Introduced alternative allocation strategies: iterative, random, and FLQ * Kea DHCPv4 server can now handle multiple `vivco-suboptions` options with different enterprise IDs and multiple vendor options with different enterprise IDs and multiple vivso suboptions. Support has been added for multiple instances of the DHCPv6 vendor-class (code 16) and vendor-opts (code 17) options. Kea now supports specifying multiple options with different enterprise numbers. * The Discovery of Network-designated Resolvers (DNR) options have been implemented for both DHCPv4 and DHCPv6. The options allow configuration of DNS over various transports, such as TLS (DNS-over-TLS or DoT), HTTPS (DNS-over-HTTPS or DoH), and others. As this implementation is based on a draft that has not yet reached RFC publication, use it with caution. * Template classes mechanism, similar to spawning classes in ISC DHCP, has been implemented, but is currently experimental. * Introduced several new types of statistics that can be observed on a per-pool basis. * Broadcast MAC address in DHCPv4 reply * Unless specifically told not to, Kea now keeps leases for a period of time after they are released. This behavior is controlled by `flush-reclaimed-timer-wait-time` and `hold-reclaimed-time`. If both are non-zero, when the client sends a release message the lease is expired; previously, it was deleted from lease storage. The default values are 25 and 3600 respectively. * An address reserved in a global reservation must now lie within the range of the subnet or shared-network selected by Kea; if it does not, the server attempts to allocate an address dynamically. This change applies to both kea-dhcp4 and kea-dhcp6. Previously, the servers would grant a lease for any globally reserved address without regard to its inclusion in the selected subnet. * It is now possible to add an "empty" host reservation without any attribute (e.g. no address, no options, no hostname, no client classes, etc.). This is useful to determine the KNOWN class. * A new flag, `never-send`, allows users to configure a given option globally and then suppress sending it in a particular subnet or shared network. * kea-dhcp4 and kea-dhcp6 support a new parameter, `ddns-ttl-percent`, which allows setting the DNS time-to-live (TTL) as a percentage of a lease lifetime. * A new parameter, `ignore-dhcp-server-identifier` for kea-dhcp4, allows it to accept packets where `server-identifier doesn't match Kea's. * kea-dhcp4 now supports the `offer-lifetime` parameter to allow the temporary allocation of leases during DHCPOFFER. * Added support for Secure Zero Touch Provisioning options, per RFC8572. Kea can now handle DHCPv4 Option code \#143 and DHCPv6 Option code \#136. * Previously, kea-dhcp6 ignored prefix hints from clients and assigned prefixes in the order the pools appeared in the config file. The `prefix-len` and `pd-pools` list now checks the prefix lengths correctly. * The preferred lifetime is now calculated as 0.625 * `valid-lifetime` unless explicitly specified, or if the specified value is higher than the valid lifetime. This should avoid situations where Kea sends configurations that are rejected by clients. * The forensic logging hook now records whether a lease change is an administrative action or an automated HA update. * If using multiple loggers that have a relationship, e.g. `kea-dhcp4` and `kea-dhcp4.packets`, the omitted logger configuration entries in the child are now properly inherited from the root logger, as stated in the ARM. * The lease_cmds hook library supports two new commands, `lease4-write` and `lease6-write`. They are supported by the memfile backend only. The lease_cmds hook library returns a new "conflict" status code, indicating an issue with a lease update due to a mismatch between the received lease and the server's configuration or state. The HA hook library differentiates between this new status and a general error and avoids transitioning to the partner-down state when conflicts occur. The new `max-rejected-lease-updates` parameter sets a limit for the maximum number of conflicts before the server terminates the HA service. * A new command `config-hash-get` returns a SHA-256 hash of the existing configuration. This can be used to easily detect whether a configuration has changed. Existing `config-set` and `config-get` calls return the hash as well. * A new command, `reservation-get-by-address`, is now available in the host_cmds hook library. It returns all host reservations for a given IP address, either in all subnets or in a given subnet. * A new command, `reservation-update` has been added that allows an existing host reservation to be updated. It is implemented as part of the Host Commands premium hook. * New database connection parameters, `read-timeout` and `write-timeout`, control the timeouts in communication with a MySQL database. The `tcp-user-timeout` parameter controls the timeout in communication with a PostgreSQL database. Setting these timeouts can prevent occasional Kea hangs due to issues with database connectivity, and are expected to improve compatibility with HAProxy. Compatibility with recently published PostgreSQL 15 has been improved. Kea can now detect a bug in MariaDB, which incorrectly rejects certain valid constructs as invalid JSON. * The link selection suboption is now optional; previously, Kea always tried to use it when it was present in a packet. Right now, its use is enabled by default, but it can be disabled using the `ignore-rai-link-selection` parameter. * A new `exclude-first-last-24` DHCPv4 compatibility flag was added, which skips addresses in .0 and .255 in subnets larger than /24. * See /usr/share/doc/kea/ChangeLog in the kea-doc package for a complete list of all changes from versions 2.2.0-2.3.8 that are included in this release. ------------------------------------------------------------------- Wed Dec 14 14:51:33 UTC 2022 - Jorik Cronenberg - Separate documentation into kea-doc package - Remove following packages from BuildRequires * docbook-xsl-stylesheets * elinks * libxslt-tools ------------------------------------------------------------------- Thu Aug 18 12:53:21 UTC 2022 - Jan Engelhardt - Update to release 2.2.0 * Kea now features full native support for TLS in HA * PostgreSQL configuration backend * A new hook is dedicated to RBAC. * A new hook limits the rate and number of leases. * A new DDNS Tuning library adds custom behaviors related to Dynamic DNS updates on a per-client basis. * The subnet_cmds hook has been expanded with several new commands: `subnet4-delta-add`, `subnet4-delta-del`, `subnet6-delta-add`, and `subnet6-delta-del`. ------------------------------------------------------------------- Mon Oct 4 23:33:08 UTC 2021 - Jan Engelhardt - Update to release 2.0.0 * In Kea 2.0, the HA component has undergone a substantial architectural change. When HA+MT is enabled, the DHCPv4 and DHCPv6 daemons are now able to open HTTP sockets on their own and connect directly to each other, bypassing the Control Agent (CA). This eliminates the bottlenecks of sequential UNIX socket connection and the need to translate between HTTP and UNIX socket connections. * A new parameter on-fail gives the operator more control over what to do on database connection loss. * The length of the "parking lot queue" is now configurable; a default value of 256 is used. * A new statistic, `packet-queue-size`, has been added that reports packet-queue utilization. ------------------------------------------------------------------- Thu Jun 3 23:21:35 UTC 2021 - Jan Engelhardt - Update to release 1.9.8 * Kea now recognizes requests sent from vendors that include their information in DHCPv6 Vendor Class option (code 16). * Fixed the server ignoring the Subnet Selection option supplied by a client if its query contained a Relay Agent Information (RAI) option without a Link Selection option. ------------------------------------------------------------------- Sat May 15 11:09:40 UTC 2021 - Jan Engelhardt - Update to release 1.9.7 * The Control Agent now supports TLS/HTTPS. * kea-shell supports TLS/HTTPS. * kea-admin now accepts the -P, --port parameter * kea-dhcp4 now supports specifying valid-lifetime in client classes. ------------------------------------------------------------------- Mon Apr 5 10:02:22 UTC 2021 - Samu Voutilainen - Own directory /var/lib/kea, as that is used as default for memfile lease store. ------------------------------------------------------------------- Tue Nov 10 08:04:38 UTC 2020 - Jan Engelhardt - Update to release 1.9.1 * New parameters: ddns-use-conflict-resolution, ip-reservations-unique, ddns-update-on-renew, cache-threshold, cache-max-age. * Support for new IPv6-only-preferred option for DHCPv4. * Added support of basic HTTP authentication in HTTP library, control agent. ------------------------------------------------------------------- Sat Sep 5 22:02:39 UTC 2020 - Jan Engelhardt - Update to release 1.8.0 * User-defined option definitions were not committed, which was fixed. * kea-dhcp4 now rejects inbound client messages that have neither a hardware address nor a client identifier. * Rather than within the 'dhcp-ddns' section, DDNS behavioral parameters may now be specified at global, shared-network, and subnet scopes. * Added support of BOOTP leases with infinite valid lifetime. * Added the -N command line switch that enables experimental multi-threading support. ------------------------------------------------------------------- Wed Apr 22 04:03:08 UTC 2020 - Steve Kowalik - Switch to Python 3 Sphinx due to Python 2 removal. ------------------------------------------------------------------- Mon Sep 9 17:18:55 UTC 2019 - Jan Engelhardt - Update to release 1.6.0 * Corrected multiple occurrences of out of bounds vector reads. * Corrected a bug in the Kea MySQL Configuration Backend which caused the Kea DHCPv6 server to incorrectly require the server tag to be provided with the remote-subnet6-option-set command. * Corrected a bug in the Kea MySQL Configuration Backend which prevented the DHCP servers from discovering and fetching the changes applied with the new commands. * Prevent the DHCP servers from asserting when malformed hostname or FQDN options are received. ------------------------------------------------------------------- Tue Aug 27 14:36:52 UTC 2019 - Adam Majer - Update keyring file - Temporarily hardcode version in upstream URLs ------------------------------------------------------------------- Wed Aug 21 15:08:38 UTC 2019 - Adam Majer - Update to version 1.6.0~beta2 * Default file locations for lease file, server-duid, log files and lock files have changed. Files previously stored in `/var/kea` are now stored in `/var/run/kea`. Server hooks previously installed in `/usr/lib/hooks` are now installed in `/usr/lib/kea/hooks`. The log files are now stored in `/var/log/kea`. * The kea-admin commands (lease-init, lease-version, lease-upgrade) were renamed to better reflect the fact that the database can store much more than just leases. They're now called db-init, db-version, db-upgrade. * The Logging entry in the configuration file has moved to specific daemon sections. This require a simple configuration file modification. You need to move Logging entry from its global scope into the Dhcp4, Dhcp6, DhcpDdns, Control-agent or Netconf scope. Please see 1.6 migration wiki https://gitlab.isc.org/isc-projects/kea/wikis/migrating-to-kea-1.6 For release notes, see https://ftp.isc.org/isc/kea/1.6.0-beta2/Kea160beta2ReleaseNotes.txt - Fix building of perfdhcp - Enable building of kea-shell - Update sonames of all affected libraries and ship only libraries, allowing `ldconfig` to actually make the symlinks - Rework spec file to abstract soversions ------------------------------------------------------------------- Fri Dec 28 23:05:17 UTC 2018 - mardnh@gmx.de - Update to version 1.5.0 * Support for YANG/NETCONF, the ability to store major configuration elements in a YANG model and manipulate it using NETCONF. * Support for global host reservations (previously each host reservation had to be associated with a specific subnet) * Class commands – a new hook that allows dynamic changes to be made to client classes without restarting. * Performance and resiliency improvements to the High Availability hook. * A new congestion control feature to mitigate the effects of heavy DHCP traffic conditions. * Improvements to the High Availability feature, including paged updates between HA pairs to alleviate timeouts. - Run spec-cleaner ------------------------------------------------------------------- Tue Jun 19 22:45:35 UTC 2018 - jengelh@inai.de - Remove unnecessary ldconfig call for kea-hooks: files are outside standard search dirs. - Drop --disable-dependency-tracking, this is already part of %configure. ------------------------------------------------------------------- Mon Jun 18 10:00:52 UTC 2018 - adam.majer@suse.de - update to new upstream release 1.4.0 - fix licence - Mozilla Public License v2.0 - package default hook libraries - regenerate parser and documentation - add ISC keyring (2017 & 2018) ------------------------------------------------------------------- Fri Jun 30 19:55:50 UTC 2017 - jengelh@inai.de - Stop on errors from useradd/groupadd ------------------------------------------------------------------- Thu Jun 30 10:02:50 UTC 2017 - obs@botter.cc - compile in support for MySQL and PostgresQL - add symlink to rckea - add environment variable for PID_FILE_DIR to service file ------------------------------------------------------------------- Sat May 27 13:06:10 UTC 2017 - obs@botter.cc - Update to new upstream release 1.2.0 ------------------------------------------------------------------- Fri Jan 22 11:00:02 UTC 2016 - jengelh@inai.de - Update to new upstream release 1.0.0 ------------------------------------------------------------------- Mon Dec 8 08:38:54 UTC 2014 - jengelh@inai.de - Initial package (version 0.9.g20262) for build.opensuse.org