cutover from conf file to ldap

Brendan Kearney bpk678 at gmail.com
Fri May 20 23:03:44 UTC 2016 

On 05/19/2016 10:43 AM, brendan kearney wrote:
>
> I was figuring that to be the case.  There is a startup debug file I 
> can write out to, and will review that again.  I do notice that 
> formatting (line terminators, whitespace , etc) doesnt seem very clean 
> but I am not sure if that makes a difference.
>
> On May 19, 2016 9:25 AM, "dave c" <dhcp at gvtc.drakkar.org 
> <mailto:dhcp at gvtc.drakkar.org>> wrote:
>
>     I've not tried moving config to ldap myself, but it sounds like
>     the key indicator is that message when you were testing the leases
>     file against the ldap config with the -T... that no subnets were
>     found.
>
>     Then when you made the config active, it sounded like the subnets
>     couldn't be found in the config and as a result the devices that
>     had active leases were NAKed and no leases were being issued.
>
>     I don't know if there is a way to have dhcp pull out the configs
>     it acquired from LDAP and display them so you can verify what it's
>     seeing... but the likeliest scenario is that it has enough
>     knowledge and visibility to test clean when using ldap, but not
>     have the shared networks and subnets defined to anchor the leases.
>
>     Dave
>
>     On 5/18/16 18:17, Brendan Kearney wrote:
>
>         running fedora 20, dhcp 4.2.7 (i will be upgrading to f24
>         shortly after it comes out)
>
>         i have put a bunch of effort into setting up ldap to house my
>         configs and all of the directives
>         in my conf file(s) are in ldap at this point.  if i run the below:
>
>         dhcpd -4 -f -t -cf /etc/dhcp/dhcpd.conf.ldap bond0
>
>         i get:
>
>         Internet Systems Consortium DHCP Server 4.2.7
>         Copyright 2004-2014 Internet Systems Consortium.
>         All rights reserved.
>         For info, please visit https://www.isc.org/software/dhcp/
>
>         it seems that no issues exist in the config, as housed in
>         ldap.  if i run the same command with
>         a -T, to test the leases file, every IP in all subnets, pools,
>         etc is reported with the below line:
>
>         lease 192.168.xxx.xxx: no subnet.
>
>         the subnet definition exists in ldap, so i dont know what this
>         might be.  a nuance with the
>         lease file, maybe?  any pointers would be appreciated.
>
>         now, when i cutover from conf files to ldap, what is the
>         proper procedure?  i tried to do so
>         already, and all sorts of problems came from it.  existing
>         leases were getting NAK responses for
>         renewals, and new leases were not being given out.  i even
>         wound up with "peer holds all free
>         leases" errors from both servers.
>
>         i stopped both instances, changed the conf files from static
>         files to a config pointing to ldap
>         for configs, and started one instance. i waited a minute or so
>         and started the second instance.
>
>         i also stopped both instances and removed the leases files
>         from both servers and restarted.  in
>         no scenario was i able to get leases to start being handed
>         out.  because the network is a lab
>         network, i dont have any real requirement for things to stay
>         online at all times.
>
>         am i missing something in my approach?  are there best
>         practices to perform such a change?
>
>         thanks in advance,
>
>         brendan
>         _______________________________________________
>         dhcp-users mailing list
>         dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>         https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>     -- 
>     Dave Calafrancesco
>     _______________________________________________
>     dhcp-users mailing list
>     dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>     https://lists.isc.org/mailman/listinfo/dhcp-users
>
i found the issue with the leases.  it turns out that for some reason 
you have to define one pool in a subnet (looks like the first enumerated 
pool) using the dhcpPoolDN attribute.  oddly, all other pools are found 
and dont require you to explicit define them.

anyway, the tests come back clean now and i restarted using ldap for my 
configs.  again, the NAK and "peer holds all free leases" errors from 
both servers started again.  i have switched back, but what should i be 
looking for now?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20160520/76f75082/attachment-0001.html>

More information about the dhcp-users mailing list