T6773: RFC-2136 support for Kea DHCP4 server

[abukharov]

Change Summary

This PR introduces support for RFC-2136 DDNS updates in Kea DHCP4 server.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

https://vyos.dev/T6773

Related PR(s)

vyos/vyos-documentation#1561

Component(s) name

dhcp-server

Proposed changes

Introduces new configuration parameters under service dhcp-server and the logic to translate it into Kea 2.4.1 configuration language.

How to test

Set up a Technitium DNS in a container inside VyOS. Set up DDNS updates as follows:

set service dhcp-server dynamic-dns-update send-updates enable
set service dhcp-server dynamic-dns-update use-conflict-resolution enable
set service dhcp-server dynamic-dns-update tsig-key mydomain-net algorithm hmac-sha256
set service dhcp-server dynamic-dns-update tsig-key mydomain-net secret eWF5YW15bGl0dGxla2V5IQ==
set service dhcp-server dynamic-dns-update forward-domain mydomain.net key-name mydomain-net
set service dhcp-server dynamic-dns-update forward-domain mydomain.net dns-server 1 address '172.18.0.254'
set service dhcp-server dynamic-dns-update forward-domain mydomain.net dns-server 1 port 1053

Get the DHCP server to issue some leases and check if the DNS server gets updated.

Smoketest result

sh-5.2# ./test_service_dhcp-server.py
test_dhcp_dynamic_dns_update (__main__.TestServiceDHCPServer.test_dhcp_dynamic_dns_update) ... ok
test_dhcp_exclude_in_range (__main__.TestServiceDHCPServer.test_dhcp_exclude_in_range) ... ok
test_dhcp_exclude_not_in_range (__main__.TestServiceDHCPServer.test_dhcp_exclude_not_in_range) ... ok
test_dhcp_high_availability (__main__.TestServiceDHCPServer.test_dhcp_high_availability) ... ok
test_dhcp_high_availability_standby (__main__.TestServiceDHCPServer.test_dhcp_high_availability_standby) ... ok
test_dhcp_multiple_pools (__main__.TestServiceDHCPServer.test_dhcp_multiple_pools) ... ok
test_dhcp_on_interface_with_vrf (__main__.TestServiceDHCPServer.test_dhcp_on_interface_with_vrf) ... ok
test_dhcp_relay_server (__main__.TestServiceDHCPServer.test_dhcp_relay_server) ... ok
test_dhcp_single_pool_options (__main__.TestServiceDHCPServer.test_dhcp_single_pool_options) ... ok
test_dhcp_single_pool_options_scoped (__main__.TestServiceDHCPServer.test_dhcp_single_pool_options_scoped) ... ok
test_dhcp_single_pool_range (__main__.TestServiceDHCPServer.test_dhcp_single_pool_range) ... ok
test_dhcp_single_pool_static_mapping (__main__.TestServiceDHCPServer.test_dhcp_single_pool_static_mapping) ... ok

----------------------------------------------------------------------
Ran 12 tests in 38.710s

OK
sh-5.2#

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[github-actions]

✅ No issues found in unused-imports check.. Please refer the workflow run

[dmbaturin]

The idea is good, I left some ideas for improvements in the review.

[abukharov]

Did a few cosmetic things. Please let me know what you think about generating that config, DNS servers list and the port 53001 for d2 and I'll get it fixed within a few days.

[sarthurdev]

Seems to be an issue in the XML definition stopping the CI tests. I will try find time later to pinpoint the failing syntax.

[abukharov]

Seems to be an issue in the XML definition stopping the CI tests. I will try find time later to pinpoint the failing syntax.

Was able to figure it out. Should be fine now.

[abukharov]

Everything seems to be fixed now, all tests are green

[abukharov]

So I started productionising this setup, which meant setting up more sophisticated configurations for DHCP. And I quickly realised that this config language wasn't doing what was actually needed. The main problem is that in Kea it makes a difference if an attribute is set to false or not set at all. It's to do with how the DDNS settings cascade to nested scopes.

Let's say you set force-update on the parent scope and don't set anything in the networks/subnets. A valueless leafnode, when it's not set, will result in a false setting, which will override the parent setting. However, in Kea the idea is that when it's not set to either true or false (i.e. the attribute is missing from the configuration file), the setting is inherited from the parent scope, so there is a difference between an attribute missing and set to false.

I've re-implemented the behavioral settings in a way that they can be explicitly set to enabled or disabled, or left out/deleted from config, the latter will result in a removal of the attribute from the output config file. This way I got the whole thing to function properly, even though the language has become a bit more heavyweight.

If you have any ideas about how to make it nicer and easier to understand for the end user, I'm open to suggestions.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[sever-sever]

@abukharov Can you resolve conflicts?

[abukharov]

Hey mate, sure, will try and get it done by the end of tomorrow.

[Copilot]

Copilot reviewed 4 out of 12 changed files in this pull request and generated 2 comments.

Files not reviewed (8)

• data/templates/dhcp-server/kea-dhcp-ddns.conf.j2: Language not supported
• data/templates/dhcp-server/kea-dhcp4.conf.j2: Language not supported
• interface-definitions/include/dhcp/ddns-dns-server.xml.i: Language not supported
• interface-definitions/include/dhcp/ddns-settings.xml.i: Language not supported
• interface-definitions/service_dhcp-server.xml.in: Language not supported
• smoketest/config-tests/basic-vyos: Language not supported
• smoketest/configs/basic-vyos: Language not supported
• src/etc/systemd/system/kea-dhcp-ddns-server.service.d/override.conf: Language not supported

[abukharov]

Can you share an example of config with enable/disable options under different levels?

Hey hey. Yes, unfortunately I can. This is what is happening on one of the devices. The situation is that globally we send ddns-updates except for the IOT scope, which has a_lot of devices, but not the entire one, there are some subnets, for which folks actually care.

I dropped some static mappings and obfuscated a few things:

set service dhcp-server dynamic-dns-update conflict-resolution 'enable'
set service dhcp-server dynamic-dns-update forward-domain fa.ke.in. dns-server 1 address '172.16.72.248'
set service dhcp-server dynamic-dns-update forward-domain fa.ke.in. dns-server 2 address '192.168.125.241'
set service dhcp-server dynamic-dns-update forward-domain fa.ke.in. key-name 'fa-ke-in-update'
set service dhcp-server dynamic-dns-update qualifying-suffix 'fa.ke.in'
set service dhcp-server dynamic-dns-update send-updates 'enable'
set service dhcp-server dynamic-dns-update tsig-key fa-ke-in-update algorithm 'hmac-sha256'
set service dhcp-server dynamic-dns-update tsig-key fa-ke-in-update secret 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx='
set service dhcp-server dynamic-dns-update update-on-renew 'enable'
set service dhcp-server listen-interface 'bond0.2'
set service dhcp-server listen-interface 'bond0.3'
set service dhcp-server listen-interface 'bond0.4'
set service dhcp-server listen-interface 'bond0.5'
set service dhcp-server listen-interface 'bond0.6'
set service dhcp-server listen-interface 'bond0.9'
set service dhcp-server listen-interface 'bond0.10'
set service dhcp-server listen-interface 'bond0.41'
set service dhcp-server listen-interface 'bond0.42'
set service dhcp-server shared-network-name dhcp_cctv authoritative
set service dhcp-server shared-network-name dhcp_cctv description 'DHCP pool CCTV'
set service dhcp-server shared-network-name dhcp_cctv dynamic-dns-update send-updates 'disable'
set service dhcp-server shared-network-name dhcp_cctv dynamic-dns-update update-on-renew 'disable'
set service dhcp-server shared-network-name dhcp_cctv option domain-name 'fa.ke.in'
set service dhcp-server shared-network-name dhcp_cctv option name-server '172.16.72.248'
set service dhcp-server shared-network-name dhcp_cctv option name-server '192.168.125.241'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 option default-router '172.16.6.254'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 range main start '172.16.6.100'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 range main stop '172.16.6.200'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera ip-address '172.16.6.12'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera ip-address '172.16.6.15'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera ip-address '172.16.6.17'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera ip-address '172.16.6.13'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera ip-address '172.16.6.14'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera ip-address '172.16.6.16'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera ip-address '172.16.6.201'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 static-mapping cctv-fakecamera mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_cctv subnet 172.16.6.0/24 subnet-id '600'
set service dhcp-server shared-network-name dhcp_iot authoritative
set service dhcp-server shared-network-name dhcp_iot description 'DHCP pool IoT'
set service dhcp-server shared-network-name dhcp_iot dynamic-dns-update send-updates 'disable'
set service dhcp-server shared-network-name dhcp_iot dynamic-dns-update update-on-renew 'disable'
set service dhcp-server shared-network-name dhcp_iot option domain-name 'fa.ke.in'
set service dhcp-server shared-network-name dhcp_iot option name-server '172.16.72.248'
set service dhcp-server shared-network-name dhcp_iot option name-server '192.168.125.241'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 dynamic-dns-update send-updates 'enable'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 dynamic-dns-update update-on-renew 'enable'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 option default-router '172.16.5.254'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 range main start '172.16.5.100'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 range main stop '172.16.5.200'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot ip-address '172.16.5.201'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot ip-address '172.16.5.182'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot ip-address '172.16.5.129'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-pwr ip-address '172.16.5.60'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-pwr mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-pwr ip-address '172.16.5.62'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-pwr mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-swc ip-address '172.16.5.66'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-swc mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-pwr ip-address '172.16.5.63'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-pwr mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot ip-address '172.16.5.48'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot ip-address '172.16.5.181'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-pwr ip-address '172.16.5.61'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 static-mapping fakeiot-pwr mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.5.0/24 subnet-id '500'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.54.0/24 option default-router '172.16.54.254'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.54.0/24 range main start '172.16.54.100'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.54.0/24 range main stop '172.16.54.200'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.54.0/24 subnet-id '504'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.55.0/24 option default-router '172.16.55.254'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.55.0/24 range main start '172.16.55.100'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.55.0/24 range main stop '172.16.55.200'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.55.0/24 subnet-id '505'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.56.0/24 option default-router '172.16.56.254'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.56.0/24 range main start '172.16.56.100'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.56.0/24 range main stop '172.16.56.200'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.56.0/24 subnet-id '506'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.57.0/24 option default-router '172.16.57.254'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.57.0/24 range main start '172.16.57.100'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.57.0/24 range main stop '172.16.57.200'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.57.0/24 subnet-id '507'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.58.0/24 dynamic-dns-update send-updates 'enable'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.58.0/24 dynamic-dns-update update-on-renew 'enable'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.58.0/24 option default-router '172.16.58.254'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.58.0/24 range main start '172.16.58.100'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.58.0/24 range main stop '172.16.58.200'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.58.0/24 subnet-id '508'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.59.0/24 dynamic-dns-update send-updates 'enable'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.59.0/24 dynamic-dns-update update-on-renew 'enable'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.59.0/24 option default-router '172.16.59.254'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.59.0/24 range main start '172.16.59.100'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.59.0/24 range main stop '172.16.59.200'
set service dhcp-server shared-network-name dhcp_iot subnet 172.16.59.0/24 subnet-id '509'

set service dhcp-server shared-network-name dhcp_mgmt authoritative
set service dhcp-server shared-network-name dhcp_mgmt description 'DHCP pool Management'
set service dhcp-server shared-network-name dhcp_mgmt option domain-name 'fa.ke.in'
set service dhcp-server shared-network-name dhcp_mgmt option name-server '172.16.72.248'
set service dhcp-server shared-network-name dhcp_mgmt option name-server '192.168.125.241'
set service dhcp-server shared-network-name dhcp_mgmt subnet 172.16.9.0/24 option default-router '172.16.9.254'
set service dhcp-server shared-network-name dhcp_mgmt subnet 172.16.9.0/24 range main start '172.16.9.100'
set service dhcp-server shared-network-name dhcp_mgmt subnet 172.16.9.0/24 range main stop '172.16.9.200'
set service dhcp-server shared-network-name dhcp_mgmt subnet 172.16.9.0/24 static-mapping fake ip-address '172.16.9.247'
....
set service dhcp-server shared-network-name dhcp_mgmt subnet 172.16.9.0/24 static-mapping fake mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_mgmt subnet 172.16.9.0/24 subnet-id '900'
set service dhcp-server shared-network-name dhcp_servers authoritative
set service dhcp-server shared-network-name dhcp_servers description 'DHCP pool Servers'
set service dhcp-server shared-network-name dhcp_servers option domain-name 'fa.ke.in'
set service dhcp-server shared-network-name dhcp_servers option name-server '172.16.72.248'
set service dhcp-server shared-network-name dhcp_servers option name-server '192.168.125.241'
set service dhcp-server shared-network-name dhcp_servers subnet 192.168.125.0/24 option default-router '192.168.125.254'
set service dhcp-server shared-network-name dhcp_servers subnet 192.168.125.0/24 range main start '192.168.125.100'
set service dhcp-server shared-network-name dhcp_servers subnet 192.168.125.0/24 range main stop '192.168.125.200'
set service dhcp-server shared-network-name dhcp_servers subnet 192.168.125.0/24 static-mapping fake-cluster ip-address '192.168.125.153'
...
set service dhcp-server shared-network-name dhcp_servers subnet 192.168.125.0/24 static-mapping fake mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_servers subnet 192.168.125.0/24 subnet-id '200'
set service dhcp-server shared-network-name dhcp_vms authoritative
set service dhcp-server shared-network-name dhcp_vms description 'DHCP pool VMs'
set service dhcp-server shared-network-name dhcp_vms option domain-name 'fa.ke.in'
set service dhcp-server shared-network-name dhcp_vms option name-server '172.16.72.248'
set service dhcp-server shared-network-name dhcp_vms option name-server '192.168.125.241'
set service dhcp-server shared-network-name dhcp_vms subnet 10.125.0.0/24 option default-router '10.125.0.254'
set service dhcp-server shared-network-name dhcp_vms subnet 10.125.0.0/24 range main start '10.125.0.100'
set service dhcp-server shared-network-name dhcp_vms subnet 10.125.0.0/24 range main stop '10.125.0.200'
set service dhcp-server shared-network-name dhcp_vms subnet 10.125.0.0/24 static-mapping fake ip-address '10.125.0.25'
...
set service dhcp-server shared-network-name dhcp_vms subnet 10.125.0.0/24 static-mapping fake mac 'xx:xx:xx:xx:xx:xx'
set service dhcp-server shared-network-name dhcp_vms subnet 10.125.0.0/24 subnet-id '1000'
set service dhcp-server shared-network-name dhcp_wired authoritative
set service dhcp-server shared-network-name dhcp_wired description 'DHCP pool Wired'
set service dhcp-server shared-network-name dhcp_wired option domain-name 'fa.ke.in'
set service dhcp-server shared-network-name dhcp_wired option name-server '172.16.72.250'
set service dhcp-server shared-network-name dhcp_wired option name-server '192.168.125.241'
set service dhcp-server shared-network-name dhcp_wired subnet 172.16.3.0/24 option default-router '172.16.3.254'
set service dhcp-server shared-network-name dhcp_wired subnet 172.16.3.0/24 range main start '172.16.3.100'
set service dhcp-server shared-network-name dhcp_wired subnet 172.16.3.0/24 range main stop '172.16.3.200'
set service dhcp-server shared-network-name dhcp_wired subnet 172.16.3.0/24 subnet-id '300'
set service dhcp-server shared-network-name dhcp_wireless authoritative
set service dhcp-server shared-network-name dhcp_wireless description 'DHCP pool Wireless'
set service dhcp-server shared-network-name dhcp_wireless option domain-name 'fa.ke.in'
set service dhcp-server shared-network-name dhcp_wireless option name-server '172.16.72.250'
set service dhcp-server shared-network-name dhcp_wireless option name-server '192.168.125.241'
set service dhcp-server shared-network-name dhcp_wireless subnet 172.16.4.0/24 option default-router '172.16.4.254'
set service dhcp-server shared-network-name dhcp_wireless subnet 172.16.4.0/24 range main start '172.16.4.100'
set service dhcp-server shared-network-name dhcp_wireless subnet 172.16.4.0/24 range main stop '172.16.4.200'
set service dhcp-server shared-network-name dhcp_wireless subnet 172.16.4.0/24 subnet-id '400'

[abukharov]

We got rid of enable/disable wherever possible and would not like to implement it again

I don't like it either, but I'm at a loss as to how we can implement it in a better way without losing too much functionality/flexibility. If you have a suggestion I'm happy to reimplement this part.

[dmbaturin]

I left some comments about the CLI.

Regarding boolean <enable|disable> nodes — it's a guideline, not a dogma, but the guideline is that we do not use them because the value doesn't add new information to the config, and with valueless nodes, it's easier to understand what the default is (e.g., if it's "send-updates" it's clear that by default it doesn't send them; if it's disable-send-updates or similar, then it's clear that it sends them unless they are disabled).

Since nodes that are boolean here are boolean in Kea and clearly have defaults in it, I'm not convinced that <enable|disable> really improves flexibility. I may be wrong, of course.

[dmbaturin]

I understand that it mirrors option names from Kea, but I don't think an exact mirror is always a good thing. The hmac- part adds no new information for the user (of course they are all hashed message authentication code algorithms) and makes completion harder.

I think it should be just md5 sha1 sha224 ... — we can add the hmac- bit in the template.

[dmbaturin]

As far as I can see, these options are all boolean. Is there really a reason not to make it a valueless node send-updates?

[dmbaturin]

I think the name from Kea, override-client-update is clearer than force-update-both. I also cannot see a reason not to make it valueless here. All those things are boolean in the parser grammar, do they have a potential to become tri-state or more?

[dmbaturin]

I find it kinda odd that Kea has separate override-client-update and override-no-update options. I can't infer it from the docs if override-client-update implies override-no-update?

https://kb.isc.org/docs/why-doesnt-my-dns-get-updated-by-kea doesn't explain it well.

I think we may also name this override-no-update, since it's about a behavior that depends on what the client says.

[dmbaturin]

Another boolean node.

[dmbaturin]

One more boolean node.

[abukharov]

I'm not convinced that <enable|disable> really improves flexibility

When I was talking about flexibility, I meant it in a broader sense, as in introduce enough flexibility into the config language to not impair the functionality of Kea.

The problem is, how I described it to @sarthurdev here: #4153 (comment), that the configuration logic in Kea is not binary. so it can't be described with only presence or absence of something.

It also has a state where the attribute value is inherited from the parent scope, so 'enable' means that it's overridden into an enabled state, 'disable' means that it's overridden into a disabled state and means that it's propagated from the parent scope. I also brought up a real use-case in the config snippet above.

In the conversation with @sarthurdev I did an experiment with an alternative language, that was technically fit for purpose, but going this way would significantly bloat the syntax, in a much worse way than <enable|disable>

[github-actions]

CI integration 👍 passed!

Details

CI logs

• CLI Smoketests (no interfaces) 👍 passed
• CLI Smoketests (interfaces only) 👍 passed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed