Fix kea-dhcp4 startup failure after trixie upgrade

[yxieca]

Why I did it

Fixes #26845

After the trixie upgrade, kea-dhcp4 (version 2.6.3) fails to start in the dhcp_server container. Kea 2.6 enforces strict path validation that was not present in earlier versions:

• Log output path must be under /var/log/kea/ (not /var/log/)
• Lease file path must be under /var/lib/kea/ (not /tmp/)
• Control socket must be under /run/kea/ with mode 750

Without this fix, kea-dhcp4 exits with:

DHCP4_CONFIG_LOAD_FAIL: invalid path specified: '/var/log', supported path is '/var/log/kea'
DHCP4_INIT_FAIL: failed to initialize Kea server

Work item tracking

• Microsoft ADO:

How I did it

1. Created required directories with correct permissions in both Dockerfile.j2 (build time) and docker_init.sh (runtime):

   • /run/kea (mode 750)
   • /var/log/kea
   • /var/lib/kea

2. Updated all path references across config files, templates, and Python code:

   • Log: /var/log/kea-dhcp.log → /var/log/kea/kea-dhcp4.log
   • Lease: /tmp/kea-lease.csv → /var/lib/kea/kea-lease.csv
   • Socket: /var/run/kea/kea4-ctrl-socket → /run/kea/kea4-ctrl-socket

3. Updated unit tests (test_dhcp_cfggen.py, test_smart_switch.py, conftest.py) to match new paths.

Files changed (11):

• dockers/docker-dhcp-server/Dockerfile.j2
• dockers/docker-dhcp-server/docker_init.sh
• dockers/docker-dhcp-server/kea-dhcp4-init.conf
• dockers/docker-dhcp-server/kea-dhcp4.conf.j2
• src/sonic-dhcp-utilities/dhcp_utilities/dhcpservd/dhcp_cfggen.py
• src/sonic-dhcp-utilities/dhcp_utilities/dhcpservd/dhcp_lease.py
• src/sonic-dhcp-utilities/dhcp_utilities/dhcpservd/dhcpservd.py
• src/sonic-dhcp-utilities/tests/conftest.py
• src/sonic-dhcp-utilities/tests/test_data/kea-dhcp4.conf.j2
• src/sonic-dhcp-utilities/tests/test_dhcp_cfggen.py
• src/sonic-dhcp-utilities/tests/test_smart_switch.py

How to verify it

Manual verification on KVM testbed (VS image):

1. Reproduced the failure — reverted paths to old values inside the container, started kea-dhcp4:

   DHCP4_CONFIG_LOAD_FAIL: invalid path in `output`: invalid path specified:
     '/var/log', supported path is '/var/log/kea'
   DHCP4_INIT_FAIL: failed to initialize Kea server
   

2. Verified the fix — with corrected paths, kea-dhcp4 starts successfully:

   DHCP4_CONFIG_COMPLETE: DHCPv4 server has completed configuration: added IPv4 subnets: 1
   DHCP4_STARTED: Kea DHCPv4 server version 2.6.3 started
   

3. End-to-end DHCP handshake — sent DHCP Discover from PTF container via scapy:

   • Kea received DHCPDISCOVER, offered IP 192.168.0.2
   • Kea received DHCPREQUEST, sent DHCPACK
   • Lease persisted to /var/lib/kea/kea-lease.csv
   • Control socket functional at /run/kea/kea4-ctrl-socket
   • All directories created with correct permissions

4. Kea status via control socket confirmed healthy operation:

   {"result": 0, "arguments": {"pid": 38, "uptime": 1212, "sockets": {"status": "ready"}}}

Which release branch to backport (provide reason below if selected)

• 202305
• 202311
• 202405
• 202411
• 202505
• 202511

Tested branch

• master (VS image built from 9a40754bd, manual KVM testbed verification)

Description for the changelog

Fix kea-dhcp4 startup failure in dhcp_server container after trixie upgrade by updating log, lease, and socket paths to comply with Kea 2.6 strict path validation.

[mssonicbld]

/azp run Azure.sonic-buildimage

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[Copilot]

Pull request overview

Fixes Kea DHCPv4 startup failures in the dhcp_server container after the Debian trixie upgrade by aligning Kea config/runtime paths with Kea 2.6+ strict path validation rules (log/lease/control socket directories).

Changes:

• Create required Kea directories at build time and runtime, including enforcing /run/kea permissions (750).
• Update Kea DHCPv4 config/templates and DHCP utilities code to use /var/log/kea/…, /var/lib/kea/…, and /run/kea/… paths.
• Update unit tests and test data templates to match the new paths.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
dockers/docker-dhcp-server/Dockerfile.j2	Creates /run/kea, /var/log/kea, /var/lib/kea and applies required /run/kea mode.
dockers/docker-dhcp-server/docker_init.sh	Ensures required Kea directories exist at container start and enforces /run/kea mode 750.
dockers/docker-dhcp-server/kea-dhcp4-init.conf	Updates default (initial) Kea config to compliant log/lease/control-socket paths.
dockers/docker-dhcp-server/kea-dhcp4.conf.j2	Updates rendered Kea config log output path to /var/log/kea/… and uses /run/kea control socket.
src/sonic-dhcp-utilities/dhcp_utilities/dhcpservd/dhcp_cfggen.py	Updates default lease file path used by the Kea config generator.
src/sonic-dhcp-utilities/dhcp_utilities/dhcpservd/dhcp_lease.py	Updates default lease file path used by the lease reader/handler.
src/sonic-dhcp-utilities/dhcp_utilities/dhcpservd/dhcpservd.py	Updates lease file path used by dhcpservd’s LeaseManager.
src/sonic-dhcp-utilities/tests/conftest.py	Updates mocked lease_path to match new default lease location.
src/sonic-dhcp-utilities/tests/test_data/kea-dhcp4.conf.j2	Updates test template log path to /var/log/kea/….
src/sonic-dhcp-utilities/tests/test_dhcp_cfggen.py	Updates expected rendered Kea config dict and expected lease_path.
src/sonic-dhcp-utilities/tests/test_smart_switch.py	Updates expected rendered Kea config dict paths for smart switch scenario.