dhcpd (failover peer setup) going and staying in failover state

Nathan Hüsken nathan at wintercloud.de
Sun Jul 29 21:18:04 UTC 2018


Hi,
I found the solution.
The solution to my problem can be found here: https://www.centos.org/forums/viewtopic.php?t=54348

To quote the important part:

SELINUX. That is what was stopping the DHCP failover cluster from forming.

The [guide to configuring DHCP failover](https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Failover.html) from the ISC knowledge base, suggested using TCP ports 519 and 520 for the failover protocol communications between the two cluster members. If you look in my example configurations above, I have dutifully done that. I also made sure to allow those ports through the firewalld (although I got the same result with the firewalld halted). Yet, the cluster still would not form. "unexpected error"
(...)
To make my cluster form, I removed the port statements from the failover declaration sections of /etc/dhcp/dhcpd.conf, which has the effect of making DHCPD listen on the default ports as listed in /etc/services
(...)
edited my firewalld service file I created for the dhcp failover protocol to reflect default port 647
Best,
Nathan
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On 29 July 2018 12:25 PM, Nathan Hüsken <nathan at wintercloud.de> wrote:

> Hi,
>
> I have stup dhcpd (isc-dhcpd-4.2.5) in a 2 peers failover setup. I start the service on both peers and get (example from the primary):
>
> -------------------------------------------- Output of service dhcpd status -l
> Redirecting to /bin/systemctl status  -l dhcpd.service
> ● dhcpd.service - DHCPv4 Server Daemon
>    Loaded: loaded (/etc/systemd/system/dhcpd.service; enabled; vendor preset: disabled)
>    Active: active (running) since So 2018-07-29 10:18:34 UTC; 1min 36s ago
>      Docs: man:dhcpd(8)
>            man:dhcpd.conf(5)
> Main PID: 31729 (dhcpd)
>    Status: "Dispatching packets..."
>    CGroup: /system.slice/dhcpd.service
>            └─31729 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid eth1
>
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: For info, please visit https://www.isc.org/software/dhcp/
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Wrote 0 leases to leases file.
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Listening on LPF/eth1/0a:1b:c4:00:61:7c/192.168.123.0/24
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Sending on   LPF/eth1/0a:1b:c4:00:61:7c/192.168.123.0/24
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Sending on   Socket/fallback/fallback-net
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: I move from recover to startup
> Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf systemd[1]: Started DHCPv4 Server Daemon.
> Jul 29 10:18:49 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: I move from startup to recover
> Jul 29 10:20:04 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: unexpected error
> --------------------------------------------
>
> I get the same log on the secondary, only that it is reporting the primary is going to startup recovery.
>
> Here are my configs
> -------------------------------------------- /etc/dhcpd/dhcpd.conf on primary
>
> option domain-name "wntr.cloud";
> option domain-name-servers 192.168.123.1 ,192.168.123.2;
>
> default-lease-time 600;
> max-lease-time 7200;
>
> failover peer "failover-partner-secondary" {
>     primary;
>     address 192.168.123.1;
>     port 519;
>     peer address 192.168.123.2;
>     peer port 520;
>     mclt 3600;
>     split 128;
>     load balance max seconds 3;
> }
>
> subnet 192.168.123.0 netmask 255.255.255.0 {
>   option broadcast-address        192.168.123.255;
>   option subnet-mask              255.255.255.0;
>   pool {
>     failover peer "failover-partner-secondary";
>     range   192.168.123.100   192.168.123.254 ;
>   }
> }
> --------------------------------------------
>
> -------------------------------------------- /etc/dhcpd/dhcpd.conf on secondary
>
> option domain-name "wntr.cloud";
> option domain-name-servers 192.168.123.1 ,192.168.123.2;
>
> default-lease-time 600;
> max-lease-time 7200;
>
> failover peer "failover-partner-primary" {
>     secondary;
>     address 192.168.123.2;
>     port 520;
>     peer address 192.168.123.1;
>     peer port 519;
>     load balance max seconds 3;
> }
>
> subnet 192.168.123.0 netmask 255.255.255.0 {
>   option broadcast-address        192.168.123.255;
>   option subnet-mask              255.255.255.0;
>   pool {
>     failover peer "failover-partner-primary";
>     range   192.168.123.100   192.168.123.254 ;
>   }
> }
> --------------------------------------------
>
> I can communicate over ports 519/520 (udp) which I tried using netcat.
>
> Any Ideas on how to debug this?
>
> Thanks!
> Nathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20180729/8d05e0e9/attachment.html>


More information about the dhcp-users mailing list