Thursday, November 13, 2014

Setting up DHCP in a clustered (heartbeat) for Debian users

Some may want to do this in case you use a HA setup and where DHCP is required to be in HA too. Doing it via heartbeat isn’t good as it doesn’t keep track of IPs already issued and can cause long delays in providing IPs to clients should a failover/failback occur.

For document purpose we will assume the following, please take note and document the IPs as match below in the config files

  • Primary IP 10.10.10.1
  • Secondary IP 10.10.10.2
  • IP range offered to dhcp clients = from 10.10.10.20 to 10.10.10.250
  • Netmask 255.255.255.0 (class B)
  • Gateway is 10.10.10.254
  • NTP is referred to own servers and if you run NTP on the respective servers
  • Be sure if there’s a firewall to allow these servers to communicate per port 647 tcp/udp
  • Monitor the activities in /var/log/syslog
  • This config does NOT handle TFTP options, see add tftp manually if you need

 1) First, install DHCP (on both servers)

#apt-get install isc-dhcp-server

2) Setup rndc key, paste the single liner like below (on both servers)
#echo randomdh | base64
NOTE: Change, “randomdh” to anything you want. The above command should give you an output like this “cmFuZG9tZGgK”. Use this key where applicable, like below; Then paste it into relevant files like shown below;

#nano /etc/rndc.key

cmFuZG9tZGgK

3) Edit the dhcp defaults and ensure that the DHCP is only offering DHCP via the required interface, and in most cases may be eth0, locate work INTERFACES and add accordingly (on both servers)

#nano /etc/default/isc-dhcp-server

INTERFACES="eth0"

4) Edit the DHCPD config file as per below, change items accordingly (on master only)

#nano /etc/dhcp/dhcpd.conf

authoritative;
option domain-name "customername.internal";
option domain-name-servers 10.10.10.1,10.10.10.2;

key rndckey {
algorithm hmac-md5;
secret "cmFuZG9tZGgK";
}

failover peer "failover" {
primary;
address 10.10.10.1;
port 647;
peer address 10.10.10.2;
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
}

subnet 10.10.10.0 netmask 255.255.255.0
{
pool {
failover peer "failover";
range 10.10.10.20 10.10.10.250;
option dhcp-server-identifier 10.10.10.1;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
default-lease-time 43200;
max-lease-time 43200;
option routers 10.10.10.254;
deny dynamic bootp clients;
option ntp-servers 10.10.10.1;
}
allow unknown-clients;
ignore client-updates;
}

5) Restart DHCP (on master only)
#/etc/init.d/isc-dhcp-server restart

6) Edit the DHCPD config file as per below, change items in red (on slave only)

#nano /etc/dhcp/dhcpd.conf

authoritative;
option domain-name "customername.internal";
option domain-name-servers 10.10.10.2,10.10.10.1;

key rndckey {
algorithm hmac-md5;
secret "
mydhcprndckey2014";
}

failover peer "failover" {
secondary;
address 10.10.10.2;
port 647;
peer address 10.10.10.1;
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
load balance max seconds 3;
}

subnet 10.10.10.0 netmask 255.255.255.0
{
pool {
failover peer "failover";
range
10.10.10.20 10.10.10.250;
option dhcp-server-identifier 10.10.10.2
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
default-lease-time 43200;
max-lease-time 43200;
option routers 10.10.10.254;
deny dynamic bootp clients;
option ntp-servers 10.10.10.2;
}

allow unknown-clients;
ignore client-updates;
}

7) Restart DHCP (on slave only)
#/etc/init.d/isc-dhcp-server restart

Post a Comment