1.. _admin: 2 3*************************** 4Kea Database Administration 5*************************** 6 7.. _kea-database-version: 8 9Databases and Database Version Numbers 10====================================== 11 12Kea may be configured to use a database as storage for leases or as a 13source of servers' configurations and host reservations (i.e. static 14assignments of addresses, prefixes, options, etc.). As Kea is 15updated, new database schemas are introduced to facilitate new 16features and correct discovered issues with the existing schemas. 17 18Each version of Kea expects a particular structure in the backend and 19checks for this by examining the version of the database it is using. 20Separate version numbers are maintained for the backends, independent of the 21version of Kea itself. It is possible that the backend version will stay 22the same through several Kea revisions; similarly, it is possible that 23the version of the backend may go up several revisions during a single Kea 24version upgrade. Versions for each backend are also independent, so an increment in 25the MySQL backend version does not imply an increment in that of 26PostgreSQL. 27 28Backend versions are specified in a major.minor format. The minor number 29is increased when there are backward-compatible changes introduced: for 30example, when a new index is added. It is desirable but not mandatory 31to apply such a change; running an older backend version is possible. 32(Although, in the example given, running without the new index may 33introduce a performance penalty.) On the other hand, the 34major number is increased when an incompatible change is introduced: for 35example, an extra column is added to a table. If Kea attempts to run on a 36backend that is too old (as indicated by a mismatched backend major 37version number), it will fail; administrative action is 38required to upgrade the backend. 39 40.. _kea-admin: 41 42The kea-admin Tool 43================== 44 45To manage the databases, Kea provides the ``kea-admin`` tool. It can 46initialize a new backend, check its version number, perform a backend 47upgrade, and dump lease data to a text file. 48 49``kea-admin`` takes two mandatory parameters: ``command`` and 50``backend``. Additional, non-mandatory options may be specified. The 51currently supported commands are: 52 53- ``db-init`` — Initializes a new database schema. This is useful 54 during a new Kea installation. The database is initialized to the 55 latest version supported by the version of the software being 56 installed. 57 58- ``db-version`` — Reports the database backend version number. This 59 is not necessarily equal to the Kea version number, as each backend 60 has its own versioning scheme. 61 62- ``db-upgrade`` — Conducts a database schema upgrade. This is 63 useful when upgrading Kea. 64 65- ``lease-dump`` — Dumps the contents of the lease database (for MySQL, 66 PostgreSQL, or CQL backends) to a CSV (comma-separated values) text 67 file. The first line of the file contains the column names. This is 68 meant to be used as a diagnostic tool, so it provides a portable, 69 human-readable form of the lease data. 70 71.. note:: 72 73 In versions of Kea earlier than 1.6.0, the `db-init`, `db-version`, and 74 `db-upgrade` commands were named `lease-init`, `lease-version`, and 75 `lease-upgrade`, respectively. 76 77``backend`` specifies the type of backend database. The currently 78supported types are: 79 80- ``memfile`` — Lease information is stored on disk in a text file. 81 82- ``mysql`` — Information is stored in a MySQL relational database. 83 84- ``pgsql`` — Information is stored in a PostgreSQL relational 85 database. 86 87- ``cql`` — Information is stored in an Apache Cassandra database. 88 This backend is deprecated. 89 90Additional parameters may be needed, depending on the setup and 91specific operation: username, password, and database name or the 92directory where specific files are located. See the appropriate manual 93page for details (``man 8 kea-admin``). 94 95.. _supported-databases: 96 97Supported Backends 98================== 99 100The following table presents the capabilities of available backends. 101Please refer to the specific sections dedicated to each backend to 102better understand their capabilities and limitations. Choosing the right 103backend is essential for the success of the deployment. 104 105.. table:: List of available backends 106 107 +---------------+----------------+----------------+---------------+--------------+ 108 | Feature | Memfile | MySQL | PostgreSQL | CQL | 109 | | | | | (Cassandra) | 110 +===============+================+================+===============+==============+ 111 | Status | Stable | Stable | Stable | Deprecated | 112 | | | | | | 113 +---------------+----------------+----------------+---------------+--------------+ 114 | Data format | CSV file | SQL RMDB | SQL RMDB | NoSQL | 115 | | | | | database | 116 | | | | | (Cassandra) | 117 +---------------+----------------+----------------+---------------+--------------+ 118 | Leases | yes | yes | yes | yes | 119 +---------------+----------------+----------------+---------------+--------------+ 120 | Host | no | yes | yes | yes | 121 | reservations | | | | | 122 | | | | | | 123 +---------------+----------------+----------------+---------------+--------------+ 124 | Options | no | yes | yes | yes | 125 | defined on | | | | | 126 | per host | | | | | 127 | basis | | | | | 128 +---------------+----------------+----------------+---------------+--------------+ 129 | Configuration | no | yes | no | no | 130 | backend | | | | | 131 | | | | | | 132 +---------------+----------------+----------------+---------------+--------------+ 133 134Memfile 135------- 136 137The memfile backend is able to store lease information, but cannot 138store host reservation details; these must be stored in the 139configuration file. (There are no plans to add a host reservations 140storage capability to this backend.) 141 142No special initialization steps are necessary for the memfile backend. 143During the first run, both ``kea-dhcp4`` and ``kea-dhcp6`` create 144an empty lease file if one is not present. Necessary disk-write 145permission is required. 146 147.. _memfile-upgrade: 148 149Upgrading Memfile Lease Files From an Earlier Version of Kea 150~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 151 152There are no special steps required to upgrade memfile lease files 153between versions of Kea. During startup, the 154servers check the schema version of the lease files against their 155own. If there is a mismatch, the servers automatically launch the 156LFC process to convert the files to the server's schema version. While 157this mechanism is primarily meant to ease the process of upgrading to 158newer versions of Kea, it can also be used for downgrading should the 159need arise. When upgrading, any values not present in the original lease 160files are assigned appropriate default values. When downgrading, any 161data present in the files but not in the server's schema are 162dropped. To convert the files manually prior to starting the 163servers, run the lease file cleanup (LFC) process. See :ref:`kea-lfc` for more information. 164 165.. _mysql-database: 166 167MySQL 168----- 169 170MySQL is able to store leases, host reservations, options defined on a 171per-host basis, and a subset of the server configuration parameters 172(serving as a configuration backend). 173 174.. _mysql-database-create: 175 176First-Time Creation of the MySQL Database 177~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 178 179Before preparing any Kea-specific database and tables, the MySQL database 180must be configured to use the system timezone. It is recommended to use UTC 181as the timezone for both the system and the MySQL database. 182 183To check the system timezone: 184 185 .. code-block:: console 186 187 date +%Z 188 189To check the MySQL timezone: 190 191 .. code-block:: mysql 192 193 mysql> SELECT @@system_time_zone; 194 mysql> SELECT @@global.time_zone; 195 mysql> SELECT @@session.time_zone; 196 197To configure the MySQL timezone for a specific server, please refer to the 198installed version documentation. 199 200Usually the setting is configured in the [mysqld] section in /etc/mysql/my.cnf, 201/etc/mysql/mysql.cnf, /etc/mysql/mysqld.cnf, or 202/etc/mysql/mysql.conf.d/mysqld.cnf. 203 204 .. code-block:: ini 205 206 [mysqld] 207 # using default-time-zone 208 default-time-zone='+00:00' 209 210 # or using timezone 211 timezone='UTC' 212 213When setting up the MySQL database for the first time, the 214database area must be created within MySQL, and the MySQL user ID under 215which Kea will access the database must be set up. This needs to be done manually, 216rather than via ``kea-admin``. 217 218To create the database: 219 2201. Log into MySQL as "root": 221 222 .. code-block:: console 223 224 $ mysql -u root -p 225 Enter password: 226 mysql> 227 2282. Create the MySQL database: 229 230 .. code-block:: mysql 231 232 mysql> CREATE DATABASE database_name; 233 234 (``database_name`` is the name chosen for the database.) 235 2363. Create the user under which Kea will access the database (and give it 237 a password), then grant it access to the database tables: 238 239 .. code-block:: mysql 240 241 mysql> CREATE USER 'user-name'@'localhost' IDENTIFIED BY 'password'; 242 mysql> GRANT ALL ON database-name.* TO 'user-name'@'localhost'; 243 244 (``user-name`` and ``password`` are the user ID and password used to 245 allow Kea access to the MySQL instance. All apostrophes in the 246 command lines above are required.) 247 2484. Create the database. 249 250 Exit the MySQL client 251 252 .. code-block:: mysql 253 254 mysql> quit 255 Bye 256 257 Then use the ``kea-admin`` tool to create the database. 258 259 .. code-block:: console 260 261 $ kea-admin db-init mysql -u database-user -p database-password -n database-name 262 263 While it is possible to create the database from within the MySQL client, we recommend 264 using the ``kea-admin`` tool as it performs some necessary validations to ensure Kea can 265 access the database at runtime. Among those checks is verification that the schema does not contain 266 any pre-existing tables; any pre-existing tables must be removed 267 manually. An additional check examines the user's ability to create functions and 268 triggers. The following error indicates that the user does not have the necessary 269 permissions to create functions or triggers: 270 271 .. code-block:: console 272 273 ERROR 1419 (HY000) at line 1: You do not have the SUPER privilege and binary logging is 274 enabled (you *might* want to use the less safe log_bin_trust_function_creators variable) 275 ERROR/kea-admin: mysql_can_create cannot trigger, check user permissions, mysql status = 1 276 mysql: [Warning] Using a password on the command line interface can be insecure. 277 ERROR/kea-admin: Create failed, the user, keatest, has insufficient privileges. 278 279 The simplest way around this is to set the global MySQL variable, 280 ``log_bin_trust_function_creators``, to 1 via the MySQL client. 281 Note this must be done as a user with SUPER privileges: 282 283 .. code-block:: mysql 284 285 mysql> set @@global.log_bin_trust_function_creators = 1; 286 Query OK, 0 rows affected (0.00 sec) 287 288 To create the database with MySQL directly, follow these steps: 289 290 .. code-block:: mysql 291 292 mysql> CONNECT database-name; 293 mysql> SOURCE path-to-kea/share/kea/scripts/mysql/dhcpdb_create.mysql 294 295 (where "path-to-kea" is the location where Kea is installed.) 296 297 The database may also be dropped manually as follows: 298 299 .. code-block:: mysql 300 301 mysql> CONNECT database-name; 302 mysql> SOURCE path-to-kea/share/kea/scripts/mysql/dhcpdb_drop.mysql 303 304 (where "path-to-kea" is the location where Kea is installed.) 305 306.. warning:: 307 Dropping the database results in the unrecoverable loss of any data it contains. 308 309 3105. Exit MySQL: 311 312 .. code-block:: mysql 313 314 mysql> quit 315 Bye 316 317If the tables were not created in Step 4, run the ``kea-admin`` tool 318to create them now: 319 320.. code-block:: console 321 322 $ kea-admin db-init mysql -u database-user -p database-password -n database-name 323 324Do not do this if the tables were created in Step 4. ``kea-admin`` 325implements rudimentary checks; it will refuse to initialize a database 326that contains any existing tables. To start from scratch, 327all data must be removed manually. (This process is a manual operation 328on purpose, to avoid accidentally irretrievable mistakes by ``kea-admin``.) 329 330.. _mysql-upgrade: 331 332Upgrading a MySQL Database From an Earlier Version of Kea 333~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 334 335Sometimes a new Kea version uses a newer database schema, so the 336existing database needs to be upgraded. This can be done using the 337``kea-admin db-upgrade`` command. 338 339To check the current version of the database, use the following command: 340 341.. code-block:: console 342 343 $ kea-admin db-version mysql -u database-user -p database-password -n database-name 344 345(See :ref:`kea-database-version` 346for a discussion about versioning.) If the version does not match the 347minimum required for the new version of Kea (as described in the release 348notes), the database needs to be upgraded. 349 350Before upgrading, please make sure that the database is backed up. The 351upgrade process does not discard any data, but depending on the nature 352of the changes, it may be impossible to subsequently downgrade to an 353earlier version. 354 355To perform an upgrade, issue the following command: 356 357.. code-block:: console 358 359 $ kea-admin db-upgrade mysql -u database-user -p database-password -n database-name 360 361.. note:: 362 363 To search host reservations by hostname, it is critical that the collation of 364 the hostname column in the host table be case-insensitive. Fortunately, that 365 is the default in MySQL, but it can be verified via this command: 366 367 .. code-block:: mysql 368 369 mysql> SELECT COLLATION(''); 370 +-----------------+ 371 | COLLATION('') | 372 +-----------------+ 373 | utf8_general_ci | 374 +-----------------+ 375 376 According to mysql's naming convention, when the name ends in ``_ci``, 377 the collation is case-insensitive. 378 379.. _mysql-performance: 380 381Improved Performance With MySQL 382~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 383 384Changing the MySQL internal value ``innodb_flush_log_at_trx_commit`` from the default value 385of ``1`` to ``2`` can result in a huge gain in Kea performance. In some deployments, the 386gain was over 1000% (10 times faster when set to 2, compared to the default value of 1). 387It can be set per-session for testing: 388 389.. code-block:: mysql 390 391 mysql> SET GLOBAL innodb_flush_log_at_trx_commit=2; 392 mysql> SHOW SESSION VARIABLES LIKE 'innodb_flush_log%'; 393 394or permanently in ``/etc/mysql/my.cnf``: 395 396.. code-block:: ini 397 398 [mysqld] 399 innodb_flush_log_at_trx_commit=2 400 401Be aware that changing this value can cause problems during data recovery 402after a crash, so we recommend checking the `MySQL documentation 403<https://dev.mysql.com/doc/refman/8.0/en/innodb-parameters.html#sysvar_innodb_flush_log_at_trx_commit>`__. 404With the default value of 1, MySQL writes changes to disk after every INSERT or UPDATE query 405(in Kea terms, every time a client gets a new lease or renews an existing lease). When 406``innodb_flush_log_at_trx_commit`` is set to 2, MySQL writes the changes at intervals 407no longer than 1 second. Batching writes gives a substantial performance boost. The trade-off, 408however, is that in the worst-case scenario, all changes in the last second before crash 409could be lost. Given the fact that Kea is stable software and crashes very rarely, 410most deployments find it a beneficial trade-off. 411 412.. _pgsql-database: 413 414PostgreSQL 415---------- 416 417PostgreSQL can store leases, host reservations, and options 418defined on a per-host basis. 419 420.. _pgsql-database-create: 421 422First-Time Creation of the PostgreSQL Database 423~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 424 425Before preparing any Kea-specific database and tables, the PostgreSQL database 426must be configured to use the system timezone. It is recommended to use UTC 427as the timezone for both the system and the PostgreSQL database. 428 429To check the system timezone: 430 431 .. code-block:: console 432 433 date +%Z 434 435To check the PostgreSQL timezone: 436 437 .. code-block:: psql 438 439 postgres=# show timezone; 440 postgres=# SELECT * FROM pg_timezone_names WHERE name = current_setting('TIMEZONE'); 441 442To configure the PostgreSQL timezone for a specific server, please refer to the 443installed version documentation. 444 445Usually the setting is configured in the ``postgresql.conf`` with the varying 446version path ``/etc/postgresql/<version>/main/postgresql.conf``, but on some systems 447the files may be located in ``/var/lib/pgsql/data``. 448 449 .. code-block:: ini 450 451 timezone = 'UTC' 452 453The first task is to create both the database and the user under 454which the servers will access it. A number of steps are required: 455 4561. Log into PostgreSQL as "root": 457 458 .. code-block:: console 459 460 $ sudo -u postgres psql postgres 461 Enter password: 462 postgres=# 463 4642. Create the database: 465 466 .. code-block:: psql 467 468 postgres=# CREATE DATABASE database-name; 469 CREATE DATABASE 470 postgres=# 471 472 (``database-name`` is the name chosen for the database.) 473 4743. Create the user under which Kea will access the database (and give it 475 a password), then grant it access to the database: 476 477 .. code-block:: psql 478 479 postgres=# CREATE USER user-name WITH PASSWORD 'password'; 480 CREATE ROLE 481 postgres=# GRANT ALL PRIVILEGES ON DATABASE database-name TO user-name; 482 GRANT 483 postgres=# 484 4854. Exit PostgreSQL: 486 487 .. code-block:: psql 488 489 postgres=# \q 490 Bye 491 $ 492 4935. At this point, create the database tables either 494 using the ``kea-admin`` tool, as explained in the next section 495 (recommended), or manually. To create the tables manually, enter the 496 following command. PostgreSQL will prompt the administrator to enter the 497 new user's password that was specified in Step 3. When the command 498 completes, Kea will return to the shell prompt. The 499 output should be similar to the following: 500 501 .. code-block:: console 502 503 $ psql -d database-name -U user-name -f path-to-kea/share/kea/scripts/pgsql/dhcpdb_create.pgsql 504 Password for user user-name: 505 CREATE TABLE 506 CREATE INDEX 507 CREATE INDEX 508 CREATE TABLE 509 CREATE INDEX 510 CREATE TABLE 511 START TRANSACTION 512 INSERT 0 1 513 INSERT 0 1 514 INSERT 0 1 515 COMMIT 516 CREATE TABLE 517 START TRANSACTION 518 INSERT 0 1 519 COMMIT 520 $ 521 522 ("path-to-kea" is the location where Kea is installed.) 523 524 If instead an error is encountered, such as: 525 526 :: 527 528 psql: FATAL: no pg_hba.conf entry for host "[local]", user "user-name", database "database-name", SSL off 529 530 ... the PostgreSQL configuration will need to be altered. Kea uses 531 password authentication when connecting to the database and must have 532 the appropriate entries added to PostgreSQL's pg_hba.conf file. This 533 file is normally located in the primary data directory for the 534 PostgreSQL server. The precise path may vary depending on the 535 operating system and version, but the default location for PostgreSQL is 536 ``/etc/postgresql/*/main/postgresql.conf``. However, on some systems 537 (notably CentOS 8), the file may reside in ``/var/lib/pgsql/data``. 538 539 Assuming Kea is running on the same host as PostgreSQL, adding lines 540 similar to the following should be sufficient to provide 541 password-authenticated access to Kea's database: 542 543 :: 544 545 local database-name user-name password 546 host database-name user-name 127.0.0.1/32 password 547 host database-name user-name ::1/128 password 548 549 These edits are primarily intended as a starting point, and are not a 550 definitive reference on PostgreSQL administration or database 551 security. Please consult the PostgreSQL user manual before making 552 these changes, as they may expose other databases that are running. It 553 may be necessary to restart PostgreSQL for the changes to 554 take effect. 555 556Initialize the PostgreSQL Database Using ``kea-admin`` 557~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 558 559If the tables were not created manually, do so now by 560running the ``kea-admin`` tool: 561 562.. code-block:: console 563 564 $ kea-admin db-init pgsql -u database-user -p database-password -n database-name 565 566Do not do this if the tables were already created manually. ``kea-admin`` 567implements rudimentary checks; it will refuse to initialize a database 568that contains any existing tables. To start from scratch, 569all data must be removed manually. (This process is a manual operation 570on purpose, to avoid accidentally irretrievable mistakes by ``kea-admin``.) 571 572.. _pgsql-upgrade: 573 574Upgrading a PostgreSQL Database From an Earlier Version of Kea 575~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 576 577The PostgreSQL database schema can be upgraded using the same tool and 578commands as described in :ref:`mysql-upgrade`, with the exception that the "pgsql" 579database backend type must be used in the commands. 580 581Use the following command to check the current schema version: 582 583.. code-block:: console 584 585 $ kea-admin db-version pgsql -u database-user -p database-password -n database-name 586 587Use the following command to perform an upgrade: 588 589.. code-block:: console 590 591 $ kea-admin db-upgrade pgsql -u database-user -p database-password -n database-name 592 593.. _cql-database: 594 595Cassandra 596--------- 597 598Cassandra (sometimes referred to as CQL) is the newest backend added to Kea; initial 599development was contributed by Deutsche Telekom. The Cassandra backend 600is able to store leases, host reservations, and options defined on a 601per-host basis. 602 603.. note:: 604 605 The Cassandra backend was deprecated in Kea 1.9.9. New users are discouraged from 606 using Cassandra and existing users should consider a migration strategy. See 607 :ref:`deprecated` for details. 608 609.. _cql-database-create: 610 611First-Time Creation of the Cassandra Database 612~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 613 614When setting up the Cassandra database for the first time, 615the keyspace area within it must be created. This needs to be done 616manually; it cannot be performed by ``kea-admin``. 617 618To create the database: 619 6201. Export ``CQLSH_HOST`` environment variable: 621 622 .. code-block:: console 623 624 $ export CQLSH_HOST=localhost 625 6262. Log into CQL: 627 628 .. code-block:: console 629 630 $ cqlsh 631 cql> 632 6333. Create the CQL keyspace: 634 635 :: 636 637 cql> CREATE KEYSPACE keyspace-name WITH replication = {'class' : 'SimpleStrategy','replication_factor' : 1}; 638 639 (``keyspace-name`` is the name chosen for the keyspace.) 640 6414. At this point, the database tables can be created. 642 To do this: 643 644 :: 645 646 cqlsh -k keyspace-name -f path-to-kea/share/kea/scripts/cql/dhcpdb_create.cql 647 648 (path-to-kea is the location where Kea is installed.) 649 650It is also possible to exit Cassandra and create the tables using 651the ``kea-admin`` tool. If the tables were not created in Step 4, do so now by 652running the ``kea-admin`` tool: 653 654.. code-block:: console 655 656 $ kea-admin db-init cql -n database-name 657 658Do not do this if the tables were created in Step 4. ``kea-admin`` 659implements rudimentary checks; it will refuse to initialize a database 660that contains any existing tables. To start from scratch, 661all data must be removed manually. (This process is a manual operation 662on purpose, to avoid accidentally irretrievable mistakes by ``kea-admin``.) 663 664.. _cql-upgrade: 665 666Upgrading a Cassandra Database From an Earlier Version of Kea 667~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 668 669Sometimes a new Kea version uses a newer database schema, so the 670existing database needs to be upgraded. This can be done using the 671``kea-admin db-upgrade`` command. 672 673To check the current version of the database, use the following command: 674 675.. code-block:: console 676 677 $ kea-admin db-version cql -n database-name 678 679(See :ref:`kea-database-version` 680for a discussion about versioning.) If the version does not match the 681minimum required for the new version of Kea (as described in the release 682notes), the database needs to be upgraded. 683 684Before upgrading, please make sure that the database is backed up. The 685upgrade process does not discard any data, but depending on the nature 686of the changes, it may be impossible to subsequently downgrade to an 687earlier version. To perform an upgrade, issue the following command: 688 689.. code-block:: console 690 691 $ kea-admin db-upgrade cql -n database-name 692 693Using Read-Only Databases With Host Reservations 694------------------------------------------------ 695 696If a read-only database is used for storing host reservations, Kea must 697be explicitly configured to operate on the database in read-only mode. 698Sections :ref:`read-only-database-configuration4` and 699:ref:`read-only-database-configuration6` describe when such 700a configuration may be required, and how to configure Kea to operate in 701this way for both DHCPv4 and DHCPv6. 702 703Limitations Related to the Use of SQL Databases 704----------------------------------------------- 705 706Year 2038 Issue 707~~~~~~~~~~~~~~~ 708 709The lease expiration time in Kea is stored in the SQL database for each lease 710as a timestamp value. Kea developers have observed that the MySQL database 711does not accept timestamps beyond 2147483647 seconds (the maximum signed 71232-bit number) from the beginning of the UNIX epoch (00:00:00 on 1 713January 1970). Some versions of PostgreSQL do accept greater values, but 714the value is altered when it is read back. For this reason, the lease 715database backends put a restriction on the maximum timestamp to be 716stored in the database, which is equal to the maximum signed 32-bit 717number. This effectively means that the current Kea version cannot store 718leases whose expiration time is later than 2147483647 seconds since the 719beginning of the epoch (around the year 2038). This will be fixed when 720database support for longer timestamps is available. 721