pxe clients and pools

list members,

i have a bit of a quandary.  i use dhcp and pxe to build machines and
that is working well.  once the machine is built, i have the machine on
the same subnet, but want it to get an IP from a different pool.  this
does not seem to be happening, and i am looking for a best practice.  
take the below config:

subnet 192.168.1.0 netmask 255.255.255.0 {
         allow client-updates;
         default-lease-time 7200;
         max-lease-time 86400;
         one-lease-per-client true;
         ping-check true;
         option domain-name "bpk2.com";
         option subnet-mask 255.255.255.0;
         option broadcast-address 192.168.1.255;
         option routers 192.168.1.254;
         option domain-name-servers ns01.bpk2.com,ns02.bpk2.com;
         option ntp-servers ntp.bpk2.com;
         option netbios-name-servers nas.bpk2.com;
         option wpad-url "http://wpad.bpk2.com/wpad.dat ";
         ddns-domainname "bpk2.com";
         # ignore bootp;

         pool {
                 # KNOWN HOSTS - COMPUTERS
                 # HOSTS IN THIS POOL MUST USE THE PROXY FOR INTERNET
ACCESS, PER FIREWALL POLICY
                 class "MSFT" {
                         match if option vendor-class-identifier ~= "^MSFT";
                         vendor-option-space MSFT;
                         option MSFT.disable-netbios 2;
                 }
                 range 192.168.1.50 192.168.1.99;
                 allow members of "proxied-clients";
                 failover peer "dhcp-failover";
         } # END POOL

         pool {
                 # KNOWN HOSTS - GADGETS
                 # HOSTS IN THIS POOL CAN USE THE PROXY FOR INTERNET
ACCESS, BUT DO NOT HAVE TO, PER FIREWALL POLICY
                 #max-lease-time 300;
                 class "MSFT" {
                         match if option vendor-class-identifier ~= "^MSFT";
                         vendor-option-space MSFT;
                         option MSFT.disable-netbios 2;
                 }
                 range 192.168.1.100 192.168.1.149;
                 allow members of "unproxied-clients";
                 failover peer "dhcp-failover";
         } # END POOL

         pool {
                 # UNKNOWN HOSTS
                 # HOSTS IN THIS POOL CAN USE THE PROXY FOR INTERNET
ACCESS, BUT DO NOT HAVE TO, PER FIREWALL POLICY
                 #max-lease-time 300;
                 class "MSFT" {
                         match if option vendor-class-identifier ~= "^MSFT";
                         vendor-option-space MSFT;
                         option MSFT.disable-netbios 2;
                 }
                 range 192.168.1.150 192.168.1.199;
                 allow unknown-clients;
                 failover peer "dhcp-failover";
         } # END POOL

         pool {
                 # PXE BOOT HOSTS
                 # HOSTS IN THIS POOL ARE BOOTED FROM THE PXE SERVER
                 #max-lease-time 300;
                 # allow booting;
                 # allow bootp;
                 class "pxe-clients" {
                         match if substring(option
vendor-class-identifier, 0, 9) = "PXEClient";
                         next-server tftp.bpk2.com;
                         filename "linux-install/pxelinux.0";
                 }
                 range 192.168.1.200 192.168.1.249;
                 failover peer "dhcp-failover";
         } # END POOL
} # END SUBNET

i built a machine, and it is defined as a member of the
"proxied-clients" subclass, based on hardware identifier or mac
address.  what happens is NetworkManager issues a DHCPREQUEST for the IP
it has or had last.  Even if i were to clear the leases from the dhcp
servers, NM would still request an IP from the pxe client range.

how can i manage this so that i can have pxe clients in the one pool
when needed, but once they are done building, they get an ip from an
appropriate pool, based on the criteria of that pool?

thanks,

brendan

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 15 October 2016 19:17:59 GMT+01:00, Brendan Kearney <[hidden email]> wrote:
> Even if i were to clear the leases from the dhcp
>servers, NM would still request an IP from the pxe client range.
>
>how can i manage this so that i can have pxe clients in the one pool
>when needed, but once they are done building, they get an ip from an
>appropriate pool, based on the criteria of that pool?
>

Class definitions aren't useful inside a pool. Move them out, and eliminate duplicates.

You haven't set any criteria (allow/deny) in your pool definitions.
--
Sent from Kaiten Mail. Please excuse my brevity.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Brendan Kearney <[hidden email]> wrote:

My "bible"* is at work, so I can't check - but IIRC class statements are global in scope. Putting them inside a subnet or pool declaration doesn't work - and IIRC can create some very strange inheritance effects. So move them all to the global scope, and have one, and only one, class definition of any name.

Also, several of your pools are lacking allow/deny statements. Don't mix allow & deny in one pool as the results are "non-intuitive". If you allow members of one class, then implicitly, anything not in that class is denied.


* The DHCP Handbook by Ralph Droms and Ted Lemon

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 10/15/2016 02:40 PM, Niall O'Reilly wrote:
good point on the classes.  did not know that.  odd, though that any of
it works at all.  when i am not in this odd ball scenario, the host
always gets an IP from the correct pool.  is it just a happy accident,
or something else?

my concern is that the pxe build process results in an IP being
requested a couple of times, as i have been told.  the pxe client makes
a request, and then the installer (anaconda, in my case) makes a
request.  anytime after the pxe client makes the request, the vendor
classs identifier will not be the pxe client, and the installer will get
an IP from a pool not meant for pxe building.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

On 15 October 2016 19:52:59 GMT+01:00, Brendan Kearney <[hidden email]> wrote:
>  anytime after the pxe client makes the request, the vendor
>classs identifier will not be the pxe client, and the installer will
>get
>an IP from a pool not meant for pxe building.

Make sure every pool has a permit (allow/deny) directive. Only some (which I missed before) have.

And what Simon said.

--
Sent from Kaiten Mail. Please excuse my brevity.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Brendan Kearney <[hidden email]> wrote:

> my concern is that the pxe build process results in an IP being requested a couple of times, as i have been told.  the pxe client makes a request, and then the installer (anaconda, in my case) makes a request.  anytime after the pxe client makes the request, the vendor classs identifier will not be the pxe client, and the installer will get an IP from a pool not meant for pxe building.

You will need to arrange for the installer to also match a class and allow it to use the same pool.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users