Restarting DHCP safely whilst avoiding partner-down state
Terry Burton
tez at terryburton.co.uk
Fri May 13 18:46:16 UTC 2016
On 13 May 2016 at 19:02, Chuck Anderson <cra at wpi.edu> wrote:
> On Fri, May 13, 2016 at 04:02:23PM +0100, Terry Burton wrote:
>> On 13 May 2016 at 15:57, Chuck Anderson <cra at wpi.edu> wrote:
>> > On Fri, May 13, 2016 at 03:23:25PM +0100, Terry Burton wrote:
>> >> On 13 May 2016 at 14:22, Chuck Anderson <cra at wpi.edu> wrote:
>> >> > I don't know if a corrupted lease file would cause a failure to start
>> >> > the dhcp server, or if it would just go unnoticed, perhaps with a log
>> >> > message. But like I said, we've never had a failure to start the
>> >> > server that was caused by a lease file issue.
>> >>
>> >> In our experience leases files corrupted by other means can cause a
>> >> failure to start. I don't recall whether that was due to mere
>> >> truncation though...
>> >
>> > There is also the -T parameter to test the lease file:
>> >
>> > The -T flag can be used to test the lease database file in a similar way.
>> >
>> > It might be a good idea to also use this test before restarting.
>> > While it won't fix a corrupted lease file, it may prevent you from
>> > losing all DHCP service due to a failure to restart.
>>
>> I think this will require the leases file to be closed at the point of
>> testing, i.e. the daemon has already exited.
>>
>> For the more general issue with systemd verifying the configuration
>> see: https://lists.freedesktop.org/archives/systemd-devel/2016-May/036481.html
>
> Is there a way to signal dhcpd to write out the lease file so it can
> be checked?
Then you're examining the crime scene before the murder is committed.
> It seems that dhcpd needs a journaling mechanism similar to named,
> where it writes the changes to a .jnl file and periodically
> incorporates those changes into the main zone file.
That would seem to be a good idea, however it may not be necessary. By
default dhcpd calls fsync after writing a lease into the leases file
and before issuing the DHCP response to the client. If the server can
detect and remove an incomplete lease at the end of the file then all
should be well. Perhaps it does?...
More information about the dhcp-users
mailing list