T6773: RFC-2136 support for Kea DHCP4 server

[abukharov]

Change Summary

This PR introduces support for RFC-2136 DDNS updates in Kea DHCP4 server.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

https://vyos.dev/T6773

Related PR(s)

vyos/vyos-documentation#1561

Component(s) name

dhcp-server

Proposed changes

Introduces new configuration parameters under service dhcp-server and the logic to translate it into Kea 2.4.1 configuration language.

How to test

Set up a Technitium DNS in a container inside VyOS. Set up DDNS updates as follows:

set service dhcp-server dynamic-dns-update send-updates
set service dhcp-server dynamic-dns-update use-conflict-resolution
set service dhcp-server dynamic-dns-update tsig-key-name mydomain-net algorithm hmac-sha256
set service dhcp-server dynamic-dns-update tsig-key-name mydomain-net secret eWF5YW15bGl0dGxla2V5IQ==
set service dhcp-server dynamic-dns-update forward-ddns-domain-name mydomain.net key-name mydomain-net
set service dhcp-server dynamic-dns-update forward-ddns-domain-name mydomain.net dns-server 1 address '172.18.0.254'
set service dhcp-server dynamic-dns-update forward-ddns-domain-name mydomain.net dns-server 1 port 1053

Get the DHCP server to issue some leases and check if the DNS server gets updated.

Smoketest result

sh-5.2# ./test_service_dhcp-server.py
test_dhcp_dynamic_dns_update (__main__.TestServiceDHCPServer.test_dhcp_dynamic_dns_update) ... ok
test_dhcp_exclude_in_range (__main__.TestServiceDHCPServer.test_dhcp_exclude_in_range) ... ok
test_dhcp_exclude_not_in_range (__main__.TestServiceDHCPServer.test_dhcp_exclude_not_in_range) ... ok
test_dhcp_high_availability (__main__.TestServiceDHCPServer.test_dhcp_high_availability) ... ok
test_dhcp_high_availability_standby (__main__.TestServiceDHCPServer.test_dhcp_high_availability_standby) ... ok
test_dhcp_multiple_pools (__main__.TestServiceDHCPServer.test_dhcp_multiple_pools) ... ok
test_dhcp_on_interface_with_vrf (__main__.TestServiceDHCPServer.test_dhcp_on_interface_with_vrf) ... ok
test_dhcp_relay_server (__main__.TestServiceDHCPServer.test_dhcp_relay_server) ... ok
test_dhcp_single_pool_options (__main__.TestServiceDHCPServer.test_dhcp_single_pool_options) ... ok
test_dhcp_single_pool_options_scoped (__main__.TestServiceDHCPServer.test_dhcp_single_pool_options_scoped) ... ok
test_dhcp_single_pool_range (__main__.TestServiceDHCPServer.test_dhcp_single_pool_range) ... ok
test_dhcp_single_pool_static_mapping (__main__.TestServiceDHCPServer.test_dhcp_single_pool_static_mapping) ... ok

----------------------------------------------------------------------
Ran 12 tests in 38.710s

OK
sh-5.2#

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

❌

[github-actions]

✅ No issues found in unused-imports check.. Please refer the workflow run

[dmbaturin]

The idea is good, I left some ideas for improvements in the review.

[dmbaturin]

This feels rather fragile. Do you think it's possible to rework the logic so that the JSON in question is produced from a dict at once, rather than by glueing chunks together?

[dmbaturin]

In Kea's config, the ip-address is the required option and the "primary key" of server entries. It also has hostname key which is currently ignored, but that we could add to make servers easier to identify visually.

My feeling is that the server number here is just extra information — as far as I can see from the docs, the order of servers in the list has no special meaning to Kea.

Unless I'm missing anything here, I would make it set dns-server ns1.example.com ip-address 192.0.2.10 (which would generate {'ip-address': '192.0.2.10', 'hostname': 'ns1.example.com'}).

[dmbaturin]

I wonder if these ports should be configurable, in case someone is already running something on 53001.

[github-actions]

CI integration ❌ failed!

Details

CI logs

• CLI Smoketests (no interfaces) ❌ failed
• CLI Smoketests (interfaces only) ❌ failed
• Config tests ❌ failed
• RAID1 tests ❌ failed
• TPM tests ❌ failed

[abukharov]

Did a few cosmetic things. Please let me know what you think about generating that config, DNS servers list and the port 53001 for d2 and I'll get it fixed within a few days.

[sarthurdev]

Seems to be an issue in the XML definition stopping the CI tests. I will try find time later to pinpoint the failing syntax.