Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. pxe clients and pools (Brendan Kearney)
2. Re: pxe clients and pools (Niall O'Reilly)
3. Re: pxe clients and pools (Simon Hobson)
4. Re: pxe clients and pools (Brendan Kearney)
5. Re: pxe clients and pools (Niall O'Reilly)
6. Re: pxe clients and pools (Simon Hobson)
7. dhcp failover behalve (Julie Xu)
----------------------------------------------------------------------
Message: 1
Date: Sat, 15 Oct 2016 14:17:59 -0400
From: Brendan Kearney <bpk...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: pxe clients and pools
Message-ID: <6e4369e0-1023-165e-fab0-b769041c4...@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
list members,
i have a bit of a quandary. i use dhcp and pxe to build machines and
that is working well. once the machine is built, i have the machine on
the same subnet, but want it to get an IP from a different pool. this
does not seem to be happening, and i am looking for a best practice.
take the below config:
subnet 192.168.1.0 netmask 255.255.255.0 {
allow client-updates;
default-lease-time 7200;
max-lease-time 86400;
one-lease-per-client true;
ping-check true;
option domain-name "bpk2.com";
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
option ntp-servers ntp.bpk2.com;
option netbios-name-servers nas.bpk2.com;
option wpad-url "http://wpad.bpk2.com/wpad.dat ";
ddns-domainname "bpk2.com";
# ignore bootp;
pool {
# KNOWN HOSTS - COMPUTERS
# HOSTS IN THIS POOL MUST USE THE PROXY FOR INTERNET
ACCESS, PER FIREWALL POLICY
class "MSFT" {
match if option vendor-class-identifier ~= "^MSFT";
vendor-option-space MSFT;
option MSFT.disable-netbios 2;
}
range 192.168.1.50 192.168.1.99;
allow members of "proxied-clients";
failover peer "dhcp-failover";
} # END POOL
pool {
# KNOWN HOSTS - GADGETS
# HOSTS IN THIS POOL CAN USE THE PROXY FOR INTERNET
ACCESS, BUT DO NOT HAVE TO, PER FIREWALL POLICY
#max-lease-time 300;
class "MSFT" {
match if option vendor-class-identifier ~= "^MSFT";
vendor-option-space MSFT;
option MSFT.disable-netbios 2;
}
range 192.168.1.100 192.168.1.149;
allow members of "unproxied-clients";
failover peer "dhcp-failover";
} # END POOL
pool {
# UNKNOWN HOSTS
# HOSTS IN THIS POOL CAN USE THE PROXY FOR INTERNET
ACCESS, BUT DO NOT HAVE TO, PER FIREWALL POLICY
#max-lease-time 300;
class "MSFT" {
match if option vendor-class-identifier ~= "^MSFT";
vendor-option-space MSFT;
option MSFT.disable-netbios 2;
}
range 192.168.1.150 192.168.1.199;
allow unknown-clients;
failover peer "dhcp-failover";
} # END POOL
pool {
# PXE BOOT HOSTS
# HOSTS IN THIS POOL ARE BOOTED FROM THE PXE SERVER
#max-lease-time 300;
# allow booting;
# allow bootp;
class "pxe-clients" {
match if substring(option
vendor-class-identifier, 0, 9) = "PXEClient";
next-server tftp.bpk2.com;
filename "linux-install/pxelinux.0";
}
range 192.168.1.200 192.168.1.249;
failover peer "dhcp-failover";
} # END POOL
} # END SUBNET
i built a machine, and it is defined as a member of the
"proxied-clients" subclass, based on hardware identifier or mac
address. what happens is NetworkManager issues a DHCPREQUEST for the IP
it has or had last. Even if i were to clear the leases from the dhcp
servers, NM would still request an IP from the pxe client range.
how can i manage this so that i can have pxe clients in the one pool
when needed, but once they are done building, they get an ip from an
appropriate pool, based on the criteria of that pool?
thanks,
brendan
------------------------------
Message: 2
Date: Sat, 15 Oct 2016 19:40:54 +0100
From: "Niall O'Reilly" <niall.orei...@ucd.ie>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>, Brendan Kearney
<bpk...@gmail.com>
Subject: Re: pxe clients and pools
Message-ID: <690aaf83-f076-4392-af0e-aadc89943...@email.android.com>
Content-Type: text/plain; charset=UTF-8
On 15 October 2016 19:17:59 GMT+01:00, Brendan Kearney <bpk...@gmail.com> wrote:
> Even if i were to clear the leases from the dhcp
>servers, NM would still request an IP from the pxe client range.
>
>how can i manage this so that i can have pxe clients in the one pool
>when needed, but once they are done building, they get an ip from an
>appropriate pool, based on the criteria of that pool?
>
Class definitions aren't useful inside a pool. Move them out, and eliminate
duplicates.
You haven't set any criteria (allow/deny) in your pool definitions.
--
Sent from Kaiten Mail. Please excuse my brevity.
------------------------------
Message: 3
Date: Sat, 15 Oct 2016 19:49:02 +0100
From: Simon Hobson <dh...@thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: pxe clients and pools
Message-ID: <2dc58919-19fa-4acf-83c3-ae35029c6...@thehobsons.co.uk>
Content-Type: text/plain; charset=us-ascii
Brendan Kearney <bpk...@gmail.com> wrote:
> ... take the below config:
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
> ...
> pool {
> # KNOWN HOSTS - COMPUTERS
> # HOSTS IN THIS POOL MUST USE THE PROXY FOR INTERNET ACCESS,
> PER FIREWALL POLICY
> class "MSFT" {
> match if option vendor-class-identifier ~= "^MSFT";
> vendor-option-space MSFT;
> option MSFT.disable-netbios 2;
> }
> range 192.168.1.50 192.168.1.99;
> allow members of "proxied-clients";
> failover peer "dhcp-failover";
> } # END POOL
>
> pool {
> # KNOWN HOSTS - GADGETS
> # HOSTS IN THIS POOL CAN USE THE PROXY FOR INTERNET ACCESS,
> BUT DO NOT HAVE TO, PER FIREWALL POLICY
> #max-lease-time 300;
> class "MSFT" {
> match if option vendor-class-identifier ~= "^MSFT";
> vendor-option-space MSFT;
> option MSFT.disable-netbios 2;
> }
> range 192.168.1.100 192.168.1.149;
> allow members of "unproxied-clients";
> failover peer "dhcp-failover";
> } # END POOL
>
> pool {
> # UNKNOWN HOSTS
> # HOSTS IN THIS POOL CAN USE THE PROXY FOR INTERNET ACCESS,
> BUT DO NOT HAVE TO, PER FIREWALL POLICY
> #max-lease-time 300;
> class "MSFT" {
> match if option vendor-class-identifier ~= "^MSFT";
> vendor-option-space MSFT;
> option MSFT.disable-netbios 2;
> }
> range 192.168.1.150 192.168.1.199;
> allow unknown-clients;
> failover peer "dhcp-failover";
> } # END POOL
>
> pool {
> # PXE BOOT HOSTS
> # HOSTS IN THIS POOL ARE BOOTED FROM THE PXE SERVER
> #max-lease-time 300;
> # allow booting;
> # allow bootp;
> class "pxe-clients" {
> match if substring(option vendor-class-identifier, 0,
> 9) = "PXEClient";
> next-server tftp.bpk2.com;
> filename "linux-install/pxelinux.0";
> }
> range 192.168.1.200 192.168.1.249;
> failover peer "dhcp-failover";
> } # END POOL
> } # END SUBNET
>
> i built a machine, and it is defined as a member of the "proxied-clients"
> subclass, based on hardware identifier or mac address. what happens is
> NetworkManager issues a DHCPREQUEST for the IP it has or had last. Even if i
> were to clear the leases from the dhcp servers, NM would still request an IP
> from the pxe client range.
My "bible"* is at work, so I can't check - but IIRC class statements are global
in scope. Putting them inside a subnet or pool declaration doesn't work - and
IIRC can create some very strange inheritance effects. So move them all to the
global scope, and have one, and only one, class definition of any name.
Also, several of your pools are lacking allow/deny statements. Don't mix allow
& deny in one pool as the results are "non-intuitive". If you allow members of
one class, then implicitly, anything not in that class is denied.
* The DHCP Handbook by Ralph Droms and Ted Lemon
------------------------------
Message: 4
Date: Sat, 15 Oct 2016 14:52:59 -0400
From: Brendan Kearney <bpk...@gmail.com>
To: Niall O'Reilly <niall.orei...@ucd.ie>, Users of ISC DHCP
<dhcp-users@lists.isc.org>
Subject: Re: pxe clients and pools
Message-ID: <9d44e85d-b08b-5733-7c11-9d77d46c5...@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
On 10/15/2016 02:40 PM, Niall O'Reilly wrote:
>
> On 15 October 2016 19:17:59 GMT+01:00, Brendan Kearney <bpk...@gmail.com>
> wrote:
>> Even if i were to clear the leases from the dhcp
>> servers, NM would still request an IP from the pxe client range.
>>
>> how can i manage this so that i can have pxe clients in the one pool
>> when needed, but once they are done building, they get an ip from an
>> appropriate pool, based on the criteria of that pool?
>>
> Class definitions aren't useful inside a pool. Move them out, and eliminate
> duplicates.
>
> You haven't set any criteria (allow/deny) in your pool definitions.
good point on the classes. did not know that. odd, though that any of
it works at all. when i am not in this odd ball scenario, the host
always gets an IP from the correct pool. is it just a happy accident,
or something else?
my concern is that the pxe build process results in an IP being
requested a couple of times, as i have been told. the pxe client makes
a request, and then the installer (anaconda, in my case) makes a
request. anytime after the pxe client makes the request, the vendor
classs identifier will not be the pxe client, and the installer will get
an IP from a pool not meant for pxe building.
------------------------------
Message: 5
Date: Sat, 15 Oct 2016 19:59:57 +0100
From: "Niall O'Reilly" <niall.orei...@ucd.ie>
To: Brendan Kearney <bpk...@gmail.com>, Users of ISC DHCP
<dhcp-users@lists.isc.org>
Subject: Re: pxe clients and pools
Message-ID: <2c746342-00a7-4e38-9a81-93ed55ddf...@email.android.com>
Content-Type: text/plain; charset=UTF-8
On 15 October 2016 19:52:59 GMT+01:00, Brendan Kearney <bpk...@gmail.com> wrote:
> anytime after the pxe client makes the request, the vendor
>classs identifier will not be the pxe client, and the installer will
>get
>an IP from a pool not meant for pxe building.
Make sure every pool has a permit (allow/deny) directive. Only some (which I
missed before) have.
And what Simon said.
--
Sent from Kaiten Mail. Please excuse my brevity.
------------------------------
Message: 6
Date: Sat, 15 Oct 2016 20:09:43 +0100
From: Simon Hobson <dh...@thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: pxe clients and pools
Message-ID: <c3f50208-6583-4436-b344-ce0303227...@thehobsons.co.uk>
Content-Type: text/plain; charset=us-ascii
Brendan Kearney <bpk...@gmail.com> wrote:
> my concern is that the pxe build process results in an IP being requested a
> couple of times, as i have been told. the pxe client makes a request, and
> then the installer (anaconda, in my case) makes a request. anytime after the
> pxe client makes the request, the vendor classs identifier will not be the
> pxe client, and the installer will get an IP from a pool not meant for pxe
> building.
You will need to arrange for the installer to also match a class and allow it
to use the same pool.
------------------------------
Message: 7
Date: Sun, 16 Oct 2016 08:44:45 +0000
From: Julie Xu <j...@westernsydney.edu.au>
To: "dhcp-users@lists.isc.org" <dhcp-users@lists.isc.org>
Subject: dhcp failover behalve
Message-ID:
<abcd499ac5326b4f828dbb3933cfe87ee1a07...@hirt.ad.uws.edu.au>
Content-Type: text/plain; charset="us-ascii"
Hi,
When dhcp failover setup, for a dynamic range on a subnet, when first dhcp
server offline, I will expect all machine in the subnet will get second dhcp
server for the service to give a new ip address, or to confirm the use of
existed ip address which the machine is using.
And I believe, most pairs in my control is working this way. But, one pair is
not working as others. If the first dhcp server offline, than the machine who
was get ip address from the server, has problem to get ip address from second
dhcp server.
Could anyone advise what is the correct action the dhcp server should do? and
is there any special configuration required to make the service continue even
one of the server is offline?
Any comments will be appreciated
Thanks in advance
Julie Xu
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20161016/1e39c9d2/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 96, Issue 18
******************************************
