Skip to content

Commit

Permalink
Add a note about KEA not supporting SSL connections to the database
Browse files Browse the repository at this point in the history 
isc-projects/kea#15
  • Loading branch information
Jiv Dhaliwal committed Oct 22, 2020
1 parent 849d965 commit 902be44
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,21 +20,25 @@ See the target `run` in the [Makefile](./Makefile)
Deployments are automated in the CI pipeline. See [buildspec.yml](./buildspec.yml)

## Automated Testing

To run the tests locally run

```bash
$ make test
```

This will first clear out any leases in the local database. We run `perfdhcp` to emulate a number of clients and multiple [DORA](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Operation) cycles. We then check how many leases have been created to ensure the server is operating as expected. The `dhcp_test.sh` will exit with a non zero exit code if all of the leases have not been created.

## Container Health Checks
To ensure that an invalid task does not get into the production ecs cluster, a boostrap script has been writen. This uses ```perfdhcp``` to ensure that an IP can be leased. If this fails, a notification will be sent to the critical notifcation topic and forwarded to developers. This check is not done locally.

To ensure that an invalid task does not get into the production ecs cluster, a boostrap script has been writen. This uses `perfdhcp` to ensure that an IP can be leased. If this fails, a notification will be sent to the critical notifcation topic and forwarded to developers. This check is not done locally.

## Manual Testing

- Run `ifconfig` to find the name for the docker-compose network interface.
- Run
`sudo nmap --script broadcast-dhcp-discover -e <NETWORK_INTERFACE>`
`sudo nmap --script broadcast-dhcp-discover -e <NETWORK_INTERFACE>`

- The dhcp server should respond with an offer. EG:

```bash
Expand All @@ -54,3 +58,7 @@ To ensure that an invalid task does not get into the production ecs cluster, a b
## ISC Kea version

At the time of writing, the stable release for ISC Kea is [version 1.6](https://cloudsmith.io/~isc/repos/kea-1-6/packages/).

## Considerations

KEA currently does not support connecting to the database over SSL. See [kea#15](https://github.com/isc-projects/kea/pull/15)

0 comments on commit 902be44

Please sign in to comment.