Fault Tolerant DHCP
Why i need more than one single server?
Maintenance
Like DNS.
If your DHCP server is down because of a failure (soft or hard), or even if you want to reboot this server for an upgrade, you can't give addresses anymore.
Thats why you need at least two servers.
Congurations
Specific directives
- failover
- primary
- peer
Too easy, we ad some new feature
- Dynamic DNS registrations
- extra boot parameters (PXE)
Setup a DHCP Failover
Directives
The config file are not the same between the master and the failover. We use include settings, because mots of the file is the same, and it's better to do the same change one time.
Master
# Primary DHCP configuration file
failover peer "dhcp" {
primary;
address 10.0.0.1;
port 647;
peer address 10.0.0.2;
peer port 647;
mclt 600;
split 128;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
include "/etc/dhcp/dhcpd-master.conf";
Failover
# Secondary DHCP configuration file
failover peer "dhcp" {
secondary;
address 10.0.0.2;
port 647;
peer address 10.0.0.1;
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
load balance max seconds 3;
}
include "/etc/dhcp/dhcpd-master.conf";
dhcp-master.conf
This is the old dhcpd.conf, we rename/move it to dhcp-master.conf. It also include dhcp-subnet.include file. And we add the dynamic dns entries.
# Add DNS key file for dns <-> dhcp communication
include "/etc/dhcp/rndc.key";
zone my.zone.tdl {
primary 127.0.0.1;
key rndc-key;
}
zone 0.10.in-addr.arpa {
primary 127.0.0.1;
key rndc-key;
}
And of course it's the rndc.key file of DNS server.
Additional features of DHCP
What is PXE
It's Preboot eXecution Environment, you can send ip parameters, boot file, and you can start a totally diskless computer.
For setting it, we add those line in the config file.
#
# PXE option DHCP (see rfc)
#
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option PXE.discovery-control code 6 = unsigned integer 8;
option PXE.discovery-mcast-addr code 7 = ip-address;
option bootfile-name "/boot/netboot.bin";
#
# PXE boot
#
class "PXE" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
option vendor-class-identifier "PXEClient";
vendor-option-space PXE;
option PXE.mtftp-ip 0.0.0.0;
next-server bootserver.my.zone.tld;
}
We also need a tftp server to serve the bootfile-name file (/boot/netboot.bin), we choose tftp-hpa for this, and we don't explain how to setup this server (too easy)
grub (obsolete)
Actualy obsolete, we prefere use gpxe
For net booting grub, we need a grub with network suport, and add thoses settings in the config file. the netboot.bin is a link to grub
# in PXE options DHCP
option grub-config code 150 = text;
#
# the class "PXE"
if exists dhcp-parameter-request-list {
option dhcp-parameter-request-list =
concat(option dhcp-parameter-request-list,96);
}
option grub-config "/boot/grub.lst";
#
syslinux (obsolete)
Actualy obsolete, we prefere use gpxe
we need pxelinux.0 act as netboot.bin. and tftp server must serv at least a valid syslinux default file. so there are no modification in the DHCP config file
gpxe
Holy graal. we have a gpxe undi binary code ast as netboot.bin.We can use gPXE asis, or we can use syslinux over http for booting.
Actualy i use a web server in php to create on the fly a valid syslinux config file.
option space gpxe;
option gpxe-encap-opts code 175 = encapsulate gpxe;
option gpxe.bus-id code 177 = string;
class "PXE" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
option vendor-class-identifier "PXEClient";
vendor-option-space PXE;
option PXE.mtftp-ip 0.0.0.0;
next-server bootserver.my.zone.tld;
# load gpxe boot if and only if it was not loaded before
if exists gpxe.bus-id {
filename "http://bootserver.my.zone.tld/pxelinux.cfg/gpxe.php";
}
}
For the begening you can send a standart syslinux config or a gpxe scpript, or nthing and have pure CLI for booting your hardware.