# Kea 1.9.5, February 24th 2021, Release Notes Welcome to Kea 1.9.5, the fifth monthly release of the 1.9 development branch. As with any other development release, use this with caution: development releases are not recommended for production use. This release adds new features, improves existing features, clarifies documentation, and fixes a few bugs. The most notable changes introduced in this version are: **New script hook.** Due to popular demand, a new hook that calls an arbitrary external script has been added. This script may initiate an external process, such as updating routing and firewall rules for provisioned devices. The script is called asynchronously, i.e. Kea starts the script, does not wait for its completion, and continues processing the packet. This approach greatly decreases performance impact. This hook has been only lightly tested; use it with caution and please do share your experience. #899 **Setting lease time for client classes.** Earlier Kea versions allowed setting different lease lifetimes depending on where the device was located in the network (using the global, network, or subnet levels). However, it was impossible to set the lifetime based on device type. This missing capability is now implemented for IPv4, with IPv6 support coming soon. #1635 **TLS support work in progress.** The Kea team continues its work on implementing Transport Layer Security (TLS) in Kea. The ultimate goal is for the Control Agent (CA) to be able to accept HTTPS connections. While the TLS solution is not yet usable, several important milestones have been completed. There are now several new parameters available in the CA configuration: `trust-anchor`, `cert-file`, `key-file`, and `cert-required`. The parameters can be configured, but they are not yet used. A new config example, `doc/examples/agent/https.json`, has been added with some commentary (#1662). Another change updated the asiolink library to be able to handle the future TLS socket types. This is not a user-visible change. #1644 **DB cluster improvements.** Kea does not officially support any database (DB) clustering solutions; we have heard from users who have used clustering solutions with varying results. The ISC team has begun experimenting with Galera, Percona, NDB, and group replication. We set up clusters and ran unit and system tests, and found a few issues to address. The first two improvements make our MySQL libraries run better in a Percona cluster. One ticket updated the MySQL schema with the primary key for forensic logging (#1709), while another fixed several problems in unit tests that manifested themselves only on Percona (#1708). Finally, we are getting ready to run performance tests of multiple Kea instances connected to a DB cluster. To do that reliably, we need to export the list of leases assigned by each instance and then correlate them to check for any duplicates. With that in mind, we extended our `perfdhcp` tool with the ability to export the list of assigned leases. We hope to make good use of that capability in future tests. #1703 **Bug fixes.** Earlier Kea versions could experience a crash when processing a high request rate while the forensic logging hook was configured to write log entries to a database and multi-threading was enabled. This release includes a fix for this problem (#1711). One user reported that Kea used values defined in client classes in a non-deterministic way. The code has been updated to provide consistent behavior for options and fixed fields (#1672). When dealing with client classification, it is possible to encounter a situation when there are subnets and pools available, but the client does not meet the class requirements and is therefore unable to use any of them. In such cases, earlier Kea versions printed cryptic error messages, such as `failed to allocate an IPv4 address after 0 attempt(s)`. This was confusing, so the message has been tweaked; several additional messages explain the reasons why the allocation failed. More details are available to debug the problem. #1701 **MySQL DB upgrade improvements.** Two prior development releases had incorrectly versioned database schema. As a result, when upgrading from 1.9.2 or 1.9.3 to 1.9.4 the `kea-admin` tool incorrectly assumed the schema was already updated, when in fact it was not. This is now corrected (#1698). Upgrading from any earlier Kea versions to 1.9.5 works correctly, and a workaround for upgrading to 1.9.4 is documented in the Known issues list. See the link below. ## Incompatible Changes There are no backward-incompatible changes in this release. ## Known Issues For details on known issues, visit: https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list And for the list of issues marked as bugs: https://gitlab.isc.org/isc-projects/kea/issues?label_name%5B%5D=bug ## Release Model The Kea project has a significant production deployment base with users who are looking for stability, rather than a constant stream of new "bleeding-edge" features. At the same time, we want to continue developing the software and add some new powerful, but difficult-to-implement, features. To meet both of these requirements we have both Stable and Development branches. Stable releases are what you would expect: stable, released infrequently, without new features or significant changes, very well-tested. These can be identified by an even-numbered minor version number. The current stable release is 1.8.2. The older stable version of 1.6.3 is also available. If we discover important bugs that require fixing, we may release additional maintenance versions on the 1.8 branch, but that will be determined on a case-by-case basis. The next major stable version will be 2.0.0. Development releases can be easily identified by an odd minor version number: for example, 1.9.0 is a development release. Subsequent releases on the same minor release branch get numbered with 1.9.1, 1.9.2, and so on. Our goal is to make the development release available on the last Wednesday of each month. There may be exceptions (such as during holidays), but that's the general plan. We encourage users to test the development releases and report back their findings. For more details on the plan, see ISC's Software Support Policy at: https://kb.isc.org/docs/aa-00896 ## Kea Overview Kea is a DHCP implementation developed by Internet Systems Consortium, Inc. that features fully functional DHCPv4 and DHCPv6 servers, a dynamic DNS update daemon, a Control Agent (CA) that provides a REST API to control the DHCP and DNS update servers, an example shell client to connect to the CA, a daemon that is able to retrieve YANG configuration and updates from Sysrepo, and a DHCP performance-measurement tool. Both DHCP servers support server discovery, address assignment, renewal, rebinding, release, decline, information request, DNS updates, client classification, and host reservations. The DHCPv6 server also supports prefix delegation. Lease information is stored in a CSV file by default; it can optionally be stored in a MySQL, PostgreSQL, or Cassandra database instead. Host reservations can be stored in a configuration file, or in a MySQL, PostgreSQL, or Cassandra database. They can also be retrieved from a RADIUS server, although this functionality is somewhat limited. Kea DHCPv4 and DHCPv6 daemons provide support for YANG models, which are stored in a Sysrepo datastore and can be configured via the NETCONF protocol. This text references issue numbers. For more details, visit the Kea GitLab page at: https://gitlab.isc.org/isc-projects/kea/-/issues ## License This version of Kea is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 The premium and subscriber-only hooks libraries are provided in source code form, under the terms of an End User License Agreement (you will get the source code that you can modify freely, but you are not permitted to redistribute it). ## Download Pre-built ISC packages for current versions of the most popular Linux operating systems are available at: https://cloudsmith.io/~isc/repos/ The Kea source and PGP signature for this release may be downloaded from: https://www.isc.org/download The signature was generated with the ISC code-signing key which is available at: https://www.isc.org/pgpkey ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation, at: * https://kea.readthedocs.io/en/latest/ * or via https://kb.isc.org/docs/kea-administrator-reference-manual in HTML, plain text, or PDF formats ISC maintains a public open source code tree, a wiki, an issue tracking system, milestone planning, and a roadmap at: https://gitlab.isc.org/isc-projects/kea We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list at: https://lists.isc.org/mailman/listinfo/kea-users We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea development and maintenance are funded with support subscriptions. For more information on ISC's Kea and DHCP software support see: https://www.isc.org/support/ Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at: https://www.isc.org/community/mailing-List If you have any comments or questions about working with Kea, please share them to the Kea Users List: https://lists.isc.org/mailman/listinfo/kea-users Bugs and feature requests may be submitted via GitLab at: https://gitlab.isc.org/isc-projects/kea/-/issues ## Changes The following summarizes changes since the previous release of 1.9.4: ``` 1872. [build] razvan Library version numbers bumped for Kea 1.9.5 development version. (Gitlab #1713) 1871. [bug] andrei The cache threshold feature introduced in 1.9.4 modified previously versioned schema 9.5. This caused problems for people who had already upgraded to 9.5 which in Kea versions means 1.9.2 and 1.9.3. In this change, the upgrade commands were moved to schema 9.6 and are only applied if the database does not contain the required columns. Affected Kea installments can now be upgraded to 1.9.5 and above seamlessly. (Gitlab #1698) 1870. [bug] razvan Fixed a crash when using the Kea Legal Log Hooks Library with multi-threading. This bug was affecting only database backends. The log file backend was not affected by this bug. (Gitlab #1711) 1869. [func] tmark Kea-dhcp4 now supports specifying valid-lifetime in client classes. Prior to this it could only be specified at the global, shared-network, and subnet scopes. (Gitlab #1635) 1868. [func] andrei The forensic log hook library has gained an auto-increment primary key column in it's logs table. It is now able to function in a MySQL Percona cluster which requires a primary key for all it's tables when configured with pxc_strict_mode = ENFORCING which is also the default value. (Gitlab #1709) 1867. [bug] andrei MySQL connection unit tests have been modified to work with Percona cluster. This change doesn't fix all problems, but it improves the situation sufficiently to be able to run unit tests with positive results on a Percona cluster. (Gitlab #1708) 1866. [func] marcin Added new log messages issued when a dynamic lease allocation fails. The new messages provide comprehensive information about the circumstances in which the failure occurred. In particular, they state whether the client is connected to a shared network or not. If it is, the shared network name is provided. Otherwise, the client's subnet id is logged. The new messages also inform from how many subnets the server attempted to allocate a lease and how many subnets could not be used because of non-matching client classes. (Gitlab #1701) 1865. [func] razvan Implemented the Run Script hooks library which can be used to run external scripts for specific packet processing hook points. There are several exported environment variables available for the script. Currently the implementation is nonblocking and Kea will not wait for the script to finish execution before continuing to the next step. For this reason, the next step provided by the script is ignored. (Gitlab #899) 1864. [func] fdupont New parameters to handle TLS support added in Control Agent config: "trust-anchor", "cert-file", "key-file" and "cert-required". They can be configured, but their values are not yet used. (Gitlab #1662) 1863. [func] andrei The perfdhcp tool now supports the -x l option that exports the assigned leases to stdout in CSV format. This new capability is very useful for the ongoing DB cluster experiments, where we need to correlate leases between multiple Kea instances sharing the same cluster. (Gitlab #1703) 1862. [build] andrei Added execution permissions to the upgrade scripts in Kea's installation. Previously kea-admin db-upgrade would fail with a permission denied error. It started manifesting in 1.9.3 and affected 1.9.4 as well. Additionally, now, when running make in the source repository to recreate scripts e.g. kea-admin, after a change to the .in files e.g. kea-admin.in, they maintain the execution permissions granted in the initial build. This makes development more seamless. (Gitlab #1681) 1861. [bug]* tmark kea-dhcp4 now uses the value for each fixed field (e.g. next-server, server-hostname, boot-file-name) from the first class in query's list of classes that specifies the field. Prior to this it used the value from the last class which specified the field. It may be necessary to revise existing configurations to get the desired values. (Gitlab #1672) ``` Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.