OMAPI Reservations and peer/failover

glenn.satchell at uniq.com.au glenn.satchell at uniq.com.au
Sat May 29 12:34:01 UTC 2021


On 2021-05-29 05:00, Simon Hobson wrote:
> Gregory Sloop <gregs at sloop.net> wrote:
> 
>> Given what I've been able to dig up on the subject of omapi and peers, 
>> I'm pretty sure you have to run against both, explicitly.
>> 
>> But, additional complication arise!
>> 
>> As noted, a fair bit of reading and searching seems to indicate you 
>> have to run the omshell commands against each server.
>> However, this is particularly interesting (or perhaps troubling.)
>> See: 
>> https://lists.isc.org/mailman/htdig/dhcp-users/2006-July/001102.html
>> 
>> To save you the click, I'll quote...
>> ---
>> "You will have to rerun the statement on both peers.
>> Take careful note of servers that lose their dhcpd.leases files, 
>> you'll have to be able to 0-to-60 them by replaying everything. "
>> ---
>> 
>> There was no expansion on this - and my understanding of it is 
>> somewhat ambiguous.
>> Does this mean that if I have a peer that gets rebuild and the leases 
>> file is deleted, it won't get a copy of the "original" leases file 
>> from it's peer and that all the "reservation" flags will be lost and I 
>> will have to re-run all the omapi commands against the peer which lost 
>> the leases file?
>> 
>> Assuming that's the correct interpretation...
>> I suppose that it's best then, to copy the leases file from the 
>> "still-up' peer to the rebuilt peer. (I can't see a reason not to do 
>> this, but perhaps I'm missing something.)
> 
> That is indeed an odd statement.
> I can completely understand it for a standalone peer - if it loses
> it's leases file then all your OMAPI made changes will be gone.
> 
> But since the a major point of failover is for a server to be able to
> rebuild itself after a disaster, I would have expected failover to
> take care of that. I suggest you do a trial with a test server - my
> expectation is that if you bring up the peer with no leases file, then
> it'll get everything from it's partner.
> 
> However, the warning still holds. Should your shared leases get
> corrupted or lost, then you'd lose all your changes and need to
> re-play them. I'm not sure under what circumstances both servers could
> lose/corrupt their leases, but I'm sure there will be some.
> I know that on a single server, if you remove some addresses from the
> defined ranges, then any leases defined for them will be removed on
> server startup. So, especially if you build a config and run it out to
> both servers at once, it's possible to lose a bunch of leases that
> way.
> 
> Simon

Instead of using a reserved lease, how about just setting it to a really 
long time instead, say 3, 6 or 12 months? Use a class or group for these 
special leases. Since that goes in dhcpd.conf it will survive loss of 
the leases file.

Also note that while the leases recorded in the leases file are the same 
for a failover peer, the actual files are not identical. Various 
settings such as "failover peer state", tstp, tsfp, atsfp, cltt can be 
different. "binding state backup" is a special state for failover. So 
you can't just copy one dhcpd.leases file to the other server.

With a failover setup, the two servers should synchronise their leases 
by themselves, thus a server with an empty leases file should build up 
the information from the other server. You would probably need to look 
at the source to see what fields get copied over during this process, eg 
the reserved field.

So in server/db.c write_lease() has a statement to write out the 
reserved statement to dhcpd.leases:
         if (lease->flags & RESERVED_LEASE)
                 if (fprintf(db_file, "\n  reserved;") < 0)
                         ++errors;

but I still don't know if this gets replicated in a failover 
configuration. Probably need to look in server/failover.c at 
dhcp_failover_startup()

regards,
Glenn


More information about the dhcp-users mailing list