dhcp-users Digest, Vol 117, Issue 15

Mon, 30 Jul 2018 05:00:42 -0700 

Send dhcp-users mailing list submissions to
        dhcp-users@lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
        dhcp-users-requ...@lists.isc.org

You can reach the person managing the list at
        dhcp-users-ow...@lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."


Today's Topics:

   1. Re: dhcpd (failover peer setup) going and staying in failover
      state (Nathan H?sken)
   2. How to sync a Linux secondary DHCP server? (Sandra Schlichting)


----------------------------------------------------------------------

Message: 1
Date: Sun, 29 Jul 2018 17:18:04 -0400
From: Nathan H?sken <nat...@wintercloud.de>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: dhcpd (failover peer setup) going and staying in failover
        state
Message-ID:
        
<geoR3huRZ-3fVv-mEhODbXD-0REGXvk8xtvCbfvZwC2GYqz8MZb9rBrnWo4FwQ5cJTznwpmdgNTlklTp5eaUxQszfGPC3M7yEAfdUo9aeFc=@wintercloud.de>
        
Content-Type: text/plain; charset="utf-8"

Hi,
I found the solution.
The solution to my problem can be found here: 
https://www.centos.org/forums/viewtopic.php?t=54348

To quote the important part:

SELINUX. That is what was stopping the DHCP failover cluster from forming.

The [guide to configuring DHCP 
failover](https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Failover.html)
 from the ISC knowledge base, suggested using TCP ports 519 and 520 for the 
failover protocol communications between the two cluster members. If you look 
in my example configurations above, I have dutifully done that. I also made 
sure to allow those ports through the firewalld (although I got the same result 
with the firewalld halted). Yet, the cluster still would not form. "unexpected 
error"
(...)
To make my cluster form, I removed the port statements from the failover 
declaration sections of /etc/dhcp/dhcpd.conf, which has the effect of making 
DHCPD listen on the default ports as listed in /etc/services
(...)
edited my firewalld service file I created for the dhcp failover protocol to 
reflect default port 647
Best,
Nathan
??????? Original Message ???????
On 29 July 2018 12:25 PM, Nathan H?sken <nat...@wintercloud.de> wrote:

> Hi,
>
> I have stup dhcpd (isc-dhcpd-4.2.5) in a 2 peers failover setup. I start the 
> service on both peers and get (example from the primary):
>
> -------------------------------------------- Output of service dhcpd status -l
> Redirecting to /bin/systemctl status  -l dhcpd.service
> ? dhcpd.service - DHCPv4 Server Daemon
>    Loaded: loaded (/etc/systemd/system/dhcpd.service; enabled; vendor preset: 
> disabled)
>    Active: active (running) since So 2018-07-29 10:18:34 UTC; 1min 36s ago
>      Docs: man:dhcpd(8)
>            man:dhcpd.conf(5)
> Main PID: 31729 (dhcpd)
>    Status: "Dispatching packets..."
>    CGroup: /system.slice/dhcpd.service
>            ??31729 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd 
> -group dhcpd --no-pid eth1
>
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: For 
> info, please visit https://www.isc.org/software/dhcp/
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Not 
> searching LDAP since ldap-server, ldap-port and ldap-base-dn were not 
> specified in the config file
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Wrote 0 
> leases to leases file.
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: 
> Listening on LPF/eth1/0a:1b:c4:00:61:7c/192.168.123.0/24
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Sending 
> on   LPF/eth1/0a:1b:c4:00:61:7c/192.168.123.0/24
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Sending 
> on   Socket/fallback/fallback-net
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: 
> failover peer failover-partner-secondary: I move from recover to startup
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf systemd[1]: Started 
> DHCPv4 Server Daemon.
> Jul 29 10:18:49 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: 
> failover peer failover-partner-secondary: I move from startup to recover
> Jul 29 10:20:04 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: 
> failover peer failover-partner-secondary: unexpected error
> --------------------------------------------
>
> I get the same log on the secondary, only that it is reporting the primary is 
> going to startup recovery.
>
> Here are my configs
> -------------------------------------------- /etc/dhcpd/dhcpd.conf on primary
>
> option domain-name "wntr.cloud";
> option domain-name-servers 192.168.123.1 ,192.168.123.2;
>
> default-lease-time 600;
> max-lease-time 7200;
>
> failover peer "failover-partner-secondary" {
>     primary;
>     address 192.168.123.1;
>     port 519;
>     peer address 192.168.123.2;
>     peer port 520;
>     mclt 3600;
>     split 128;
>     load balance max seconds 3;
> }
>
> subnet 192.168.123.0 netmask 255.255.255.0 {
>   option broadcast-address        192.168.123.255;
>   option subnet-mask              255.255.255.0;
>   pool {
>     failover peer "failover-partner-secondary";
>     range   192.168.123.100   192.168.123.254 ;
>   }
> }
> --------------------------------------------
>
> -------------------------------------------- /etc/dhcpd/dhcpd.conf on 
> secondary
>
> option domain-name "wntr.cloud";
> option domain-name-servers 192.168.123.1 ,192.168.123.2;
>
> default-lease-time 600;
> max-lease-time 7200;
>
> failover peer "failover-partner-primary" {
>     secondary;
>     address 192.168.123.2;
>     port 520;
>     peer address 192.168.123.1;
>     peer port 519;
>     load balance max seconds 3;
> }
>
> subnet 192.168.123.0 netmask 255.255.255.0 {
>   option broadcast-address        192.168.123.255;
>   option subnet-mask              255.255.255.0;
>   pool {
>     failover peer "failover-partner-primary";
>     range   192.168.123.100   192.168.123.254 ;
>   }
> }
> --------------------------------------------
>
> I can communicate over ports 519/520 (udp) which I tried using netcat.
>
> Any Ideas on how to debug this?
>
> Thanks!
> Nathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://lists.isc.org/pipermail/dhcp-users/attachments/20180729/8d05e0e9/attachment-0001.html>

------------------------------

Message: 2
Date: Mon, 30 Jul 2018 13:15:19 +0200
From: Sandra Schlichting <littlesandr...@gmail.com>
To: dhcp-users@lists.isc.org
Subject: How to sync a Linux secondary DHCP server?
Message-ID:
        <CAELiMBPnYX9L8U66=ppL_RypsMb=qp_0zeokwfkzypo9kky...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

Dear all =)

In this article [1] they don't explain how the secondary DHCP server
gets synced and in this one [2] they sync the files with home made
scripts.

**Question**

Having a secondary DHCP server is good practice I'd say, so can it
really be correct, that DHCP on Linux doesn't have an official a way
to sync config, leases and reservations to the secondary?

  [1]: 
https://www.lisenet.com/2018/configure-dhcp-failover-with-dynamic-dns-on-centos-7/
  [2]: https://steronius.blogspot.com/2015/10/dhcp-failover-on-rhel-7.html

Hugs,
Sandra =)


------------------------------

Subject: Digest Footer

_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users


------------------------------

End of dhcp-users Digest, Vol 117, Issue 15
*******************************************

Reply via email to