kea: T6211: add VRF support for KEA dhcp server

[davi2367]

Change summary

The change adds support for VRF in the KEA DHCP-server

Change implemtes desired config from T6211

set interfaces ethernet eth0 address '192.168.1.1/24'
set interfaces ethernet eth0 vrf foo
set vrf name foo service dhcp-server shared-network-name eth1 option default-router '192.168.1.1'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 lease '300'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default start '192.168.1.10'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 range default stop '192.168.1.100'
set vrf name foo service dhcp-server shared-network-name eth1 subnet 192.168.1.0/24 subnet-id '1'
set vrf name foo table '101'

Unsure if tests should be placed in the VRF segment or in the DHCP segment - therefor no tests are added for the VRF part - yet

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

https://vyos.dev/T6211

Related PR(s)

vyos/vyos-documentation#1637

How to test / Smoketest result

ran tests locally and the pass - a new test was added for vrf to ensure it is checked

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[Copilot]

Pull Request Overview

Adds VRF support to the KEA DHCP server by extending control-socket calls, CLI commands, templates, systemd units, and configuration mode scripts to accept and propagate a --vrf parameter.

• Extended dhcp.py and underlying Kea API (vyos/kea.py) to accept vrf/vrf_name
• Updated service definitions, systemd overrides, op-mode XML, interface definitions, and Jinja templates for VRF support
• Adapted smoke tests and configuration mode scripts to inject VRF context via argv

Reviewed Changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/op_mode/dhcp.py	Updated commands to accept --vrf, modified function signatures and service names, but introduced mis-wired pool sizing
python/vyos/kea.py	Extended Kea API calls (_ctrl_socket_command, lease/config getters) to include vrf_name
src/conf_mode/service_dhcp-server.py & service_dhcpv6-…	Detect VRF context via argv and set config/control-socket paths accordingly
src/etc/systemd/system/kea-dhcp*[email protected]/…	Added ip vrf exec overrides for DHCP4, DHCP6, and DDNS units
op-mode-definitions/.xml.in & interface-definitions/	Added <tagNode name="vrf"> blocks for new CLI commands and VRF under interface definitions
data/templates/dhcp-server/kea-dhcp*.j2	Conditionally generate control-socket paths based on vrf_context

Comments suppressed due to low confidence (5)

src/op_mode/dhcp.py:177

• config is not defined inside _get_pool_size. You need to pass the active configuration object into _get_pool_size or capture it from the outer scope.

subnets = config.list_nodes(f'{base} subnet')

src/op_mode/dhcp.py:196

• The call to _get_pool_size does not pass the vrf argument, so pool sizes will always be computed for the global context rather than the selected VRF. Change to _get_pool_size(pool=p, family=family, vrf=vrf).

size = _get_pool_size(family=family, pool=p)

src/op_mode/dhcp.py:85

• [nitpick] The parameter name sorted shadows the built-in Python sorted function. Consider renaming it to sort_key or sort_by for clarity.

def _get_raw_server_leases(config, family='inet', vrf='', pool=None, sorted=None, state=[], origin=None)

smoketest/scripts/cli/test_service_dhcp-server.py:100

• [nitpick] There are no smoke tests for the new VRF-aware show_server_leases commands. Add tests for show dhcp-server leases vrf <name> to validate CLI and config output.

def verify_service_running(self):

src/system/on-dhcp-event.sh:33

• [nitpick] Indentation around this line is inconsistent with surrounding lines, which could affect readability or heredoc parsing. Align it with the other commands in this block.

config = kea_get_active_config('4', '')

[sever-sever]

Please combine ten commits into a single commit, e.g. with git rebase -i HEAD~10

[sarthurdev]

CI tests failing:

DEBUG - Running Testcase: /usr/libexec/vyos/tests/smoke/cli/test_service_dhcp-server.py
DEBUG - test_dhcp_dynamic_dns_update (__main__.TestServiceDHCPServer.test_dhcp_dynamic_dns_update) ... ERROR
DEBUG - test_dhcp_exclude_in_range (__main__.TestServiceDHCPServer.test_dhcp_exclude_in_range) ... ERROR
DEBUG - test_dhcp_exclude_not_in_range (__main__.TestServiceDHCPServer.test_dhcp_exclude_not_in_range) ... ERROR
DEBUG - test_dhcp_high_availability (__main__.TestServiceDHCPServer.test_dhcp_high_availability) ... ERROR
DEBUG - test_dhcp_high_availability_standby (__main__.TestServiceDHCPServer.test_dhcp_high_availability_standby) ... ERROR
DEBUG - test_dhcp_hostsd_lease_sync (__main__.TestServiceDHCPServer.test_dhcp_hostsd_lease_sync) ... ERROR
DEBUG - test_dhcp_multiple_pools (__main__.TestServiceDHCPServer.test_dhcp_multiple_pools) ... ERROR
DEBUG - test_dhcp_on_interface_with_vrf (__main__.TestServiceDHCPServer.test_dhcp_on_interface_with_vrf) ... ERROR
DEBUG - test_dhcp_relay_server (__main__.TestServiceDHCPServer.test_dhcp_relay_server) ... ERROR
DEBUG - test_dhcp_single_pool_options (__main__.TestServiceDHCPServer.test_dhcp_single_pool_options) ... ERROR
DEBUG - test_dhcp_single_pool_options_scoped (__main__.TestServiceDHCPServer.test_dhcp_single_pool_options_scoped) ... ERROR
DEBUG - test_dhcp_single_pool_range (__main__.TestServiceDHCPServer.test_dhcp_single_pool_range) ... ERROR
DEBUG - test_dhcp_single_pool_static_mapping (__main__.TestServiceDHCPServer.test_dhcp_single_pool_static_mapping) ... ERROR
DEBUG - 
DEBUG - ======================================================================
DEBUG - ERROR: test_dhcp_dynamic_dns_update (__main__.TestServiceDHCPServer.test_dhcp_dynamic_dns_update)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_service_dhcp-server.py", line 1262, in test_dhcp_dynamic_dns_update
DEBUG -     config = read_file(KEA4_CONF)
DEBUG -              ^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file
DEBUG -     raise e
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file
DEBUG -     with open(fname, 'r') as f:
DEBUG -          ^^^^^^^^^^^^^^^^

[github-actions]

CI integration ❌ failed!

Details

CI logs

• CLI Smoketests (no interfaces) ❌ failed
• CLI Smoketests (interfaces only) 👍 passed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed

[davi2367]

Current failing tests seem to be in conntrack-sync witht the firewall

DEBUG - ======================================================================
DEBUG - ERROR: test_conntrack_ignore (__main__.TestSystemConntrack.test_conntrack_ignore)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/test_system_conntrack.py", line 235, in test_conntrack_ignore
DEBUG -     self.cli_commit()
DEBUG -   File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 103, in cli_commit
DEBUG -     out = self._session.commit()
DEBUG -           ^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 280, in commit
DEBUG -     out = self.__run_command([COMMIT])
DEBUG -           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
DEBUG -   File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 210, in __run_command
DEBUG -     raise ConfigSessionError(output)
DEBUG - vyos.configsession.ConfigSessionError: [ system conntrack ]
DEBUG - 
DEBUG - WARNING: It is prefered to define ipv4 conntrack ignore rules in
DEBUG - <firewall ipv4 prerouting raw> section
DEBUG - 
DEBUG - 
DEBUG - WARNING: It is prefered to define ipv6 conntrack ignore rules in
DEBUG - <firewall ipv6 prerouting raw> section
DEBUG - 
DEBUG - Failed to apply configuration: /run/nftables-ct.conf:12:56-58: Error:
DEBUG - Basetype of type internet network service is not bitmask         meta
DEBUG - l4proto udp ip saddr  192.0.2.1 th dport  500,4500 counter notrack
DEBUG - comment "ignore-3"
DEBUG - ^^^
DEBUG - [[system conntrack]] failed
DEBUG - [ firewall ]
DEBUG - 
DEBUG - WARNING: It is prefered to define ipv4 conntrack ignore rules in
DEBUG - <firewall ipv4 prerouting raw> section
DEBUG - 
DEBUG - 
DEBUG - WARNING: It is prefered to define ipv6 conntrack ignore rules in
DEBUG - <firewall ipv6 prerouting raw> section
DEBUG - 
DEBUG - dependent nat: dependent system_conntrack: Failed to apply
DEBUG - configuration: /run/nftables-ct.conf:12:56-58: Error: Basetype of type
DEBUG - internet network service is not bitmask         meta l4proto udp ip
DEBUG - saddr  192.0.2.1 th dport  500,4500 counter notrack comment "ignore-3"
DEBUG - ^^^
DEBUG - [[firewall]] failed
DEBUG - Commit failed

[davi2367]

Changes have been implemented, and i'm currently using a image with this merge for testing

The failing smoketest is for conntrack, and does't seem related to this merge