On 3/15/07, Darren Dunham <dunhamd at pacbell.net> wrote: > (But you'd need to wait for some other changes to the networking before you > can run a DHCP server in a zone. I don't think that's possible today).
In my lab, I have DHCP servers working in sparse non-global zones today, even with S10U3. They keys to getting it to work are: 1. Add net_rawaccess and /dev/ip when configuring the zone. 2. Remove privileges=all from the dhcp service 3. Manually set the interface list in /etc/inet/dhcpsvc.conf I do have some concerns regarding the ability to update the ARP table with this configuration, which will likely go away once each zone can have its own IP stack. (Perhaps this is in Nevada now, I forget and haven't had a chance to test the last ~10 builds.) A more detailed tour of the steps for those that need a bit more detail follows... When configuring the zone: set limitpriv = default,net_rawaccess add device set match=/dev/ip Inside the zone, remove "privileges='all'" from the start method of /var/svc/manifest/network/dhcp-server.xml. You will then need to notify SMF of this change. There is likely a shorter version of this, but the following should definitely do it: svcadm disable network/dhcp-server svccfg delete network/dhcp-server svccfg import /var/svc/manifest/network/dhcp-server.xml Disclaimers apply (e.g. that file will be overwritten by patches, etc.). In real life I create a different service in the /var/svc/manifest/site directory and create dependencies that ensure that my service and network/dhcp-server do not run at the same time. For dhcp-server to really run, you need to update /etc/inet/dhcpsvc.conf to list the INTERFACES=. A good idea would be to automatically update that on boot before dhcp-server starts so that it has the right virtual interface in there across reboots when zones may come up in different order. I have also noticed the following when the DHCP server gives out a lease: in.dhcpd[22624]: [ID 480883 daemon.error] ADD: Cannot modify ARP table to add: 10.11.12.13 It seems as though the zone would require the sys_net_config privilege to force entries into the ARP table. When serving addresses on the same subnet, this seems to have no impact. I have not tried cross-subnet DHCP services with this config yet. I don't fully understand the impact of the comment at http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.lib/in.dhcpd/interfaces.c#1402 yet. Mike -- Mike Gerdts http://mgerdts.blogspot.com/
