Failover | How sync fixed-addresses definition between master and slave

[Patrick Trapp]

I cannot take credit for this design, but we have a slightly different approach that might be more work than you want. But it has worked well for us for many years.

We have three DHCP servers. One, I call it staging, is never in production. We make our changes in staging and run the DHCP verification to make sure we haven't created any syntax errors. If everything appears to be correct, we have a script on staging that pushes our configuration into a git repository. A different script is run on staging that triggers production 1 to stop DHCP, pull the current configuration from git, and restart DHCP. Then it triggers production 2 to follow suit. Neither production server is down very long and they should never be out of sync for more than a second or two.
________________________________
From: dhcp-users <dhcp-users-bounces at lists.isc.org> on behalf of Glenn Satchell <glenn.satchell at uniq.com.au>
Sent: Wednesday, November 27, 2024 01:35
To: Users of ISC DHCP <dhcp-users at lists.isc.org>
Subject: Re: Failover | How sync fixed-addresses definition between master and slave


This email comes from outside the organization.

Do not click links or open attachments unless it is an email you expected to receive.

hi Anton

That's the typical strategy, copying the included config file to the other server. You can script it to do the copy and restart.

regards,
Glenn

On 21 Nov 2024 4:45 pm, Anton Shevtsov <shevtsovay at basealt.ru> wrote:

Hi,

I make failover confuguration, all work fine. But i have one question - how sync fixed-addresses definition between master and slave?

My /etc/dhcp/dhcpd.conf from 'primary' node. Static addresses i moved to static.conf.

Should I copy manually to 'slave' node (after each change to this file, and restart/reload dhcpd service) or are anybody have a best practices?


#primary
authoritative;
update-static-leases on;
one-lease-per-client on;
omapi-port 7911;
omapi-key omapi_key;

failover peer "partner" {
                primary;
                address 172.23.116.20;
                port 519;
                peer address 172.23.116.21;
                peer port 520;
                max-response-delay 60;
                max-unacked-updates 10;
                mclt 3600;
                split 128;
                load balance max seconds 3;
}

key "omapi_key" {
        algorithm hmac-md5;
        secret "--mysecrethere--";
};

subnet 172.23.116.0 netmask 255.255.255.0 {
        option routers                  172.23.116.1;
        option subnet-mask              255.255.255.0;
        option nis-domain               "domen.loc";
        option domain-name              "domen.loc";
        option domain-name-servers      172.23.116.20, 172.23.116.21;
        option ntp-servers      172.23.116.20, 172.23.116.21;

        default-lease-time 21600;
        max-lease-time 43200;
        pool {
                failover peer "partner";
                range 172.23.116.30 172.23.116.250;
                include "/etc/dhcp/static.conf";

        }
}

[root at ns1 dhcp]# cat static.conf
host srv1 {
        hardware ethernet 00:50:56:bb:6f:02;
        fixed-address 172.23.116.23;
}

host win10 {
        hardware ethernet 00:50:56:bb:db:87;
        fixed-address 172.23.116.142;
}





--
Anton

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20241127/7f31c51e/attachment.htm>