ISC DHCP Users

dhcpd (failover peer setup) going and staying in failover state

classic Classic list List threaded Threaded
2 messages Options
Nathan Hüsken
Reply | Threaded
Open this post in threaded view
|

dhcpd (failover peer setup) going and staying in failover state

Nathan Hüsken
Hi,

I have stup dhcpd (isc-dhcpd-4.2.5) in a 2 peers failover setup. I start the service on both peers and get (example from the primary):

-------------------------------------------- Output of service dhcpd status -l
Redirecting to /bin/systemctl status  -l dhcpd.service
● dhcpd.service - DHCPv4 Server Daemon
   Loaded: loaded (/etc/systemd/system/dhcpd.service; enabled; vendor preset: disabled)
   Active: active (running) since So 2018-07-29 10:18:34 UTC; 1min 36s ago
     Docs: man:dhcpd(8)
           man:dhcpd.conf(5)
Main PID: 31729 (dhcpd)
   Status: "Dispatching packets..."
           └─31729 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid eth1

Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: For info, please visit https://www.isc.org/software/dhcp/
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Wrote 0 leases to leases file.
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Listening on LPF/eth1/0a:1b:c4:00:61:7c/192.168.123.0/24
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Sending on   LPF/eth1/0a:1b:c4:00:61:7c/192.168.123.0/24
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Sending on   Socket/fallback/fallback-net
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: I move from recover to startup
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf systemd[1]: Started DHCPv4 Server Daemon.
Jul 29 10:18:49 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: I move from startup to recover
Jul 29 10:20:04 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: unexpected error
--------------------------------------------

I get the same log on the secondary, only that it is reporting the primary is going to startup recovery.

Here are my configs
-------------------------------------------- /etc/dhcpd/dhcpd.conf on primary

option domain-name "wntr.cloud";
option domain-name-servers 192.168.123.1 ,192.168.123.2;

default-lease-time 600;
max-lease-time 7200;

failover peer "failover-partner-secondary" {
    primary;
    address 192.168.123.1;
    port 519;
    peer address 192.168.123.2;
    peer port 520;
    mclt 3600;
    split 128;
    load balance max seconds 3;
}

subnet 192.168.123.0 netmask 255.255.255.0 {
  option broadcast-address        192.168.123.255;
  option subnet-mask              255.255.255.0;
  pool {
    failover peer "failover-partner-secondary";
    range   192.168.123.100   192.168.123.254 ;
  }
}
--------------------------------------------

-------------------------------------------- /etc/dhcpd/dhcpd.conf on secondary

option domain-name "wntr.cloud";
option domain-name-servers 192.168.123.1 ,192.168.123.2;

default-lease-time 600;
max-lease-time 7200;

failover peer "failover-partner-primary" {
    secondary;
    address 192.168.123.2;
    port 520;
    peer address 192.168.123.1;
    peer port 519;
    load balance max seconds 3;
}

subnet 192.168.123.0 netmask 255.255.255.0 {
  option broadcast-address        192.168.123.255;
  option subnet-mask              255.255.255.0;
  pool {
    failover peer "failover-partner-primary";
    range   192.168.123.100   192.168.123.254 ;
  }
}
--------------------------------------------

I can communicate over ports 519/520 (udp) which I tried using netcat.

Any Ideas on how to debug this?

Thanks!
Nathan

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Nathan Hüsken
Reply | Threaded
Open this post in threaded view
|

Re: dhcpd (failover peer setup) going and staying in failover state

Nathan Hüsken
Hi,
I found the solution.
The solution to my problem can be found here: https://www.centos.org/forums/viewtopic.php?t=54348

To quote the important part:

SELINUX. That is what was stopping the DHCP failover cluster from forming.

The guide to configuring DHCP failover from the ISC knowledge base, suggested using TCP ports 519 and 520 for the failover protocol communications between the two cluster members. If you look in my example configurations above, I have dutifully done that. I also made sure to allow those ports through the firewalld (although I got the same result with the firewalld halted). Yet, the cluster still would not form. "unexpected error"
(...)
To make my cluster form, I removed the port statements from the failover declaration sections of /etc/dhcp/dhcpd.conf, which has the effect of making DHCPD listen on the default ports as listed in /etc/services
(...)
edited my firewalld service file I created for the dhcp failover protocol to reflect default port 647
Best,
Nathan
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On 29 July 2018 12:25 PM, Nathan Hüsken <[hidden email]> wrote:

Hi,

I have stup dhcpd (isc-dhcpd-4.2.5) in a 2 peers failover setup. I start the service on both peers and get (example from the primary):

-------------------------------------------- Output of service dhcpd status -l
Redirecting to /bin/systemctl status  -l dhcpd.service
● dhcpd.service - DHCPv4 Server Daemon
   Loaded: loaded (/etc/systemd/system/dhcpd.service; enabled; vendor preset: disabled)
   Active: active (running) since So 2018-07-29 10:18:34 UTC; 1min 36s ago
     Docs: man:dhcpd(8)
           man:dhcpd.conf(5)
Main PID: 31729 (dhcpd)
   Status: "Dispatching packets..."
           └─31729 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid eth1

Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: For info, please visit https://www.isc.org/software/dhcp/
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Wrote 0 leases to leases file.
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Listening on LPF/eth1/0a:1b:c4:00:61:7c/192.168.123.0/24
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Sending on   LPF/eth1/0a:1b:c4:00:61:7c/192.168.123.0/24
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: Sending on   Socket/fallback/fallback-net
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: I move from recover to startup
Jul 29 10:18:34 VM-cddd5fc5-4761-492b-a814-2f450c3540cf systemd[1]: Started DHCPv4 Server Daemon.
Jul 29 10:18:49 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: I move from startup to recover
Jul 29 10:20:04 VM-cddd5fc5-4761-492b-a814-2f450c3540cf dhcpd[31729]: failover peer failover-partner-secondary: unexpected error
--------------------------------------------

I get the same log on the secondary, only that it is reporting the primary is going to startup recovery.

Here are my configs
-------------------------------------------- /etc/dhcpd/dhcpd.conf on primary

option domain-name "wntr.cloud";
option domain-name-servers 192.168.123.1 ,192.168.123.2;

default-lease-time 600;
max-lease-time 7200;

failover peer "failover-partner-secondary" {
    primary;
    address 192.168.123.1;
    port 519;
    peer address 192.168.123.2;
    peer port 520;
    mclt 3600;
    split 128;
    load balance max seconds 3;
}

subnet 192.168.123.0 netmask 255.255.255.0 {
  option broadcast-address        192.168.123.255;
  option subnet-mask              255.255.255.0;
  pool {
    failover peer "failover-partner-secondary";
    range   192.168.123.100   192.168.123.254 ;
  }
}
--------------------------------------------

-------------------------------------------- /etc/dhcpd/dhcpd.conf on secondary

option domain-name "wntr.cloud";
option domain-name-servers 192.168.123.1 ,192.168.123.2;

default-lease-time 600;
max-lease-time 7200;

failover peer "failover-partner-primary" {
    secondary;
    address 192.168.123.2;
    port 520;
    peer address 192.168.123.1;
    peer port 519;
    load balance max seconds 3;
}

subnet 192.168.123.0 netmask 255.255.255.0 {
  option broadcast-address        192.168.123.255;
  option subnet-mask              255.255.255.0;
  pool {
    failover peer "failover-partner-primary";
    range   192.168.123.100   192.168.123.254 ;
  }
}
--------------------------------------------

I can communicate over ports 519/520 (udp) which I tried using netcat.

Any Ideas on how to debug this?

Thanks!
Nathan


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page