On Friday I spend a couple of hours to set up DHCP failover with 2 servers, LDAP and MMC.
DHCPd on server1(LDAP master) was always ON, DHCPd on server2(LDAP slave) was OFF. Also I have LDAP-slurpd replication.
1. Be sure that you have working MMC+DHCP(dynamic range) configuration. To enable Dynamic pool range go to MMC web interface, Network -> DHCP subnets -> 192.168.110.0 (or whatever you have) -> Edit -> Dynamic pool for non-registered DHCP clients.
2. Install an LDAP manager such as LAM - lam.sf.net, browse tree to
DN: cn=192.168.110.0,cn=192.168.110.0,cn=DHCP config,ou=DHCP,dc=domain,dc=com
and you will see something like this:
# Entry 1: cn=192.168.110.0,cn=192.168.110.0,cn=DHCP config,ou=DHCP,dc=do...
dn: cn=192.168.110.0,cn=192.168.110.0,cn=DHCP config,ou=DHCP,dc=domain,dc=com
objectClass: top
objectClass: dhcpPool
objectClass: dhcpOptions
cn: 192.168.110.0
dhcpRange: 192.168.110.100 192.168.110.150
Add a new attribute dhcpStatements and fill 2 values to it (follow attached picture).
After you will have
# Entry 1: cn=192.168.110.0,cn=192.168.110.0,cn=DHCP config,ou=DHCP,dc=do...
dn: cn=192.168.110.0,cn=192.168.110.0,cn=DHCP config,ou=DHCP,dc=domain,dc=com
objectClass: top
objectClass: dhcpPool
objectClass: dhcpOptions
cn: 192.168.110.0
dhcpRange: 192.168.110.100 192.168.110.150
dhcpStatements: failover peer "dhcp-failover"
dhcpStatements: deny dynamic bootp clients
3. Edit on master - server1 /etc/dhcpd.conf
ddns-update-style interim;
log-facility local7;
ldap-server "localhost";
ldap-port 389;
ldap-username "cn=Manager,dc=domain,dc=com";
ldap-password "secret";
ldap-base-dn "dc=domain,dc=com";
ldap-method dynamic;
failover peer "dhcp-failover" {
primary; # declare this to be the primary server
address 192.168.110.1;
port 647;
peer address 192.168.110.2;
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
mclt 1800;
split 128;
}
4. Edit on slave - server2
ddns-update-style interim;
log-facility local7;
ldap-server "localhost";
ldap-port 389;
ldap-username "cn=Manager,dc=domain,dc=com";
ldap-password "secret";
ldap-base-dn "dc=domain,dc=com";
ldap-method dynamic;
failover peer "dhcp-failover" {
secondary; # declare this to be the secondary server
address 192.168.110.2;
port 647;
peer address 192.168.110.1;
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
mclt 1800;
}
5. Restart LDAP, then DHCPD.
You should see in DHCPd's log file of in /var/log/messages on server1 - master server:
May 23 23:41:24 server1 dhcpd: Internet Systems Consortium DHCP Server V3.0.6-Fedora
May 23 23:41:24 server1 dhcpd: Copyright 2004-2007 Internet Systems Consortium.
May 23 23:41:24 server1 dhcpd: All rights reserved.
May 23 23:41:24 server1 dhcpd: For info, please visit http: //www.isc.org/sw/dhcp/
May 23 23:41:24 server1 dhcpd: Internet Systems Consortium DHCP Server V3.0.6-Fedora
May 23 23:41:24 server1 dhcpd: Copyright 2004-2007 Internet Systems Consortium.
May 23 23:41:24 server1 dhcpd: All rights reserved.
May 23 23:41:24 taserver1 dhcpd: For info, please visit http: //www.isc.org/sw/dhcp/
May 23 23:41:24 server1 dhcpd: Wrote 26 leases to leases file.
May 23 23:41:24 server1 dhcpd: Listening on LPF/eth0/00:1d:60:c9:67:b9/192.168.110/24
May 23 23:41:24 server1 dhcpd: Sending on LPF/eth0/00:1d:60:c9:67:b9/192.168.110/24
May 23 23:41:24 server1 dhcpd: Sending on Socket/fallback/fallback-net
May 23 23:41:24 server1 dhcpd: failover peer dhcp-failover: I move from normal to startup
May 23 23:41:24 server1 dhcpd: failover peer dhcp-failover: peer moves from normal to communications-interrupted
May 23 23:41:24 server1 dhcpd: failover peer dhcp-failover: I move from startup to normal
May 23 23:41:25 server1 dhcpd: failover peer dhcp-failover: peer moves from communications-interrupted to normal
May 23 23:41:25 server1 dhcpd: pool 9b82438 192.168.110/24 total 51 free 25 backup 25 lts 0
For server2 - slave:
May 23 23:40:33 server2 dhcpd: Internet Systems Consortium DHCP Server V3.0.6-Fedora
May 23 23:40:33 server2 dhcpd: Copyright 2004-2007 Internet Systems Consortium.
May 23 23:40:33 server2 dhcpd: All rights reserved.
May 23 23:40:33 server2 dhcpd: For info, please visit http: //www.isc.org/sw/dhcp/
May 23 23:40:33 server2 dhcpd: Internet Systems Consortium DHCP Server V3.0.6-Fedora
May 23 23:40:33 server2 dhcpd: Copyright 2004-2007 Internet Systems Consortium.
May 23 23:40:33 server2 dhcpd: All rights reserved.
May 23 23:40:33 server2 dhcpd: For info, please visit http: //www.isc.org/sw/dhcp/
May 23 23:40:33 server2 dhcpd: Wrote 26 leases to leases file.
May 23 23:40:33 server2 dhcpd: Listening on LPF/eth2/00:e0:81:4b:8c:0d/192.168.110/24
May 23 23:40:33 server2 dhcpd: Sending on LPF/eth2/00:e0:81:4b:8c:0d/192.168.110/24
May 23 23:40:33 server2 dhcpd: Sending on Socket/fallback/fallback-net
May 23 23:40:33 server2 dhcpd: failover peer dhcp-failover: I move from normal to startup
May 23 23:40:34 server2 dhcpd: failover peer dhcp-failover: peer moves from normal to communications-interrupted
May 23 23:40:34 server2 dhcpd: failover peer dhcp-failover: I move from startup to normal
May 23 23:40:34 server2 dhcpd: failover peer dhcp-failover: peer moves from communications-interrupted to normal
May 23 23:40:34 server2 dhcpd: pool 9b9c410 192.168.110/24 total 51 free 25 backup 25 lts 0
PS. Later I think is good idea for MMC to put all fail-over related stuff to LDAP and enable/disable it in 1 click :)
