Join Log in
Score:1
avatar Server

DHCPv6 fixed assigment

cn flag
Marlon Goncalves

Trying to assign fixed ipv6 addresses to my coreos master and worker nodes from my Centos in order to have dual stack running on the cluster. However I am having a hard time getting it to assign the fixed ip addresses that I am hard-coding in the dhcp6.conf file as follows:

[root@ocp-svc ~]# cat /etc/dhcp/dhcpd6.conf
#
# DHCPv6 Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd6.conf.example
#   see dhcpd.conf(5) man page
#
authoritative;
ddns-update-style interim;
allow booting;
allow bootp;
allow unknown-clients;
ignore client-updates;
default-lease-time 14400;
max-lease-time 14400;


subnet6 fd00::/64 {
 range6 fd::1000 fd::2000
 option dhcp6.name-servers fd00::1;
 option dhcp6.domain-search "ocp.lan";
}
host otherclient {
        # This host entry is hopefully matched if the client supplies a DUID-LL
        # or DUID-LLT containing this MAC address.
        hardware ethernet 00:0c:29:5e:d2:37;
        fixed-address6 fd00::211;
}

I am using the following system:

[root@ocp-svc performanceoperator]# cat /etc/redhat-release
CentOS Linux release 8.5.2111

Have also added the following two lines in the config in order to allow SE linux to access the directory:

ausearch -c 'dhcpd' --raw | audit2allow -M my-dhcpd
semodule -X 300 -i my-dhcpd.pp
systemctl restart dhcpd

And saw this messages in the messages log facility:

Dec 13 19:52:13 ocp-svc systemd[1]: Stopping DHCPv4 Server Daemon...
Dec 13 19:52:13 ocp-svc systemd[1]: dhcpd.service: Succeeded.
Dec 13 19:52:13 ocp-svc systemd[1]: Stopped DHCPv4 Server Daemon.
Dec 13 19:52:13 ocp-svc systemd[1]: Starting DHCPv4 Server Daemon...
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Internet Systems Consortium DHCP Server 4.3.6
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Copyright 2004-2017 Internet Systems Consortium.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: All rights reserved.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: For info, please visit https://www.isc.org/software/dhcp/
Dec 13 19:52:13 ocp-svc dhcpd[199778]: ldap_gssapi_principal is not set,GSSAPI Authentication for LDAP will not be used
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Dec 13 19:52:13 ocp-svc dbus-daemon[1024]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.14' (uid=0 pid=1001 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper)
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Config file: /etc/dhcp/dhcpd.conf
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Database file: /var/lib/dhcpd/dhcpd.leases
Dec 13 19:52:13 ocp-svc dhcpd[199778]: PID file: /var/run/dhcpd.pid
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Source compiled to use binary-leases
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Wrote 0 deleted host decls to leases file.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Wrote 0 new dynamic host decls to leases file.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Wrote 1 leases to leases file.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Listening on LPF/ens224/00:0c:29:70:9c:d0/192.168.22.0/24
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Sending on   LPF/ens224/00:0c:29:70:9c:d0/192.168.22.0/24
Dec 13 19:52:13 ocp-svc dhcpd[199778]:
Dec 13 19:52:13 ocp-svc dhcpd[199778]: No subnet declaration for ens192 (192.168.0.139).
Dec 13 19:52:13 ocp-svc dhcpd[199778]: ** Ignoring requests on ens192.  If this is not what
Dec 13 19:52:13 ocp-svc dhcpd[199778]:   you want, please write a subnet declaration
Dec 13 19:52:13 ocp-svc dhcpd[199778]:   in your dhcpd.conf file for the network segment
Dec 13 19:52:13 ocp-svc dhcpd[199778]:   to which interface ens192 is attached. **
Dec 13 19:52:13 ocp-svc dhcpd[199778]:
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Sending on   Socket/fallback/fallback-net
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Server starting service.
Dec 13 19:52:13 ocp-svc systemd[1]: Started DHCPv4 Server Daemon.
Dec 13 19:52:14 ocp-svc dbus-daemon[1024]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Dec 13 19:52:15 ocp-svc dbus-daemon[1024]: [system] Activating service name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.224' (uid=995 pid=199781 comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" label="system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023") (using servicehelper)
Dec 13 19:52:16 ocp-svc dbus-daemon[1024]: [system] Successfully activated service 'org.fedoraproject.SetroubleshootPrivileged'

Checked the dhcpd service status which also looks good:

[root@ocp-svc ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2021-12-13 20:05:21 CST; 8s ago
     Docs: man:dhcpd(8)
           man:dhcpd.conf(5)
 Main PID: 213030 (dhcpd)
   Status: "Dispatching packets..."
    Tasks: 1 (limit: 101086)
   Memory: 10.2M
   CGroup: /system.slice/dhcpd.service
           └─213030 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid

Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]: No subnet declaration for ens192 (192.168.0.139).
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]: ** Ignoring requests on ens192.  If this is not what
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:    you want, please write a subnet declaration
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:    in your dhcpd.conf file for the network segment
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:    to which interface ens192 is attached. **
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]: Sending on   Socket/fallback/fallback-net
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]: Server starting service.
Dec 13 20:05:21 ocp-svc.lab.ocp.lan systemd[1]: Started DHCPv4 Server Daemon.

Could anyone shed some light here on what else I could be missing here? Any help is tremendously appreciated.

I added the following now to comply with SElinux (dhcpd6) after some research....but still didn't do much...argh...

[root@ocp-svc etc]# ausearch -c 'dhcpd6' --raw | audit2allow -M my-dhcpd6
Nothing to do
[root@ocp-svc etc]# semodule -i my-dhcpd6.pp
190
0 + 0
Ron Maupin avatar
us flag
Ron Maupin
Using the `fd00::/64` network is misusing ULA. You are allowed to assign prefixes in the `fd00::/8` range, but the next 40 bits must be randomly assigned, giving you a `/48` prefix from which you can derive 65,536 `/64` networks. Using `fd00::/64` is forbidder by the RFC.
0
Reply
Score:0
avatar Server
in flag
NiKiZe

dhcpd is started when you probably want dhcpd6

subnet6 fd00::/64 { and range6 fd:: are not matching.

host declaration is outside subnet

An attempt at re-arranging that hopefully works.

subnet6 fd00::/64 {
 range6 fd00::1000 fd00::2000
 option dhcp6.name-servers fd00::1;
 option dhcp6.domain-search "ocp.lan";

 host otherclient {
        # This host entry is hopefully matched if the client supplies a DUID-LL
        # or DUID-LLT containing this MAC address.
        hardware ethernet 00:0c:29:5e:d2:37;
        fixed-address6 fd00::211;
 }
}

I would try to use a probably more uniqe range, just to simplify any possible future merge with other nets, see https://en.wikipedia.org/wiki/Unique_local_address#Attempts_of_registration_and_allocation

For example use: fd00:10c9:: for 1an - 0cp.

0 + 0
cn flag
Marlon Goncalves
nice catch. thx. unfortunately those changes didn't change the fact that IPV6 is not being assigned on a fixed base... ``` [root@ocp-bootstrap ~]# ip a 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:5e:d2:37 brd ff:ff:ff:ff:ff:ff inet 192.168.22.200/24 brd 192.168.22.255 scope global dynamic noprefixroute ens192 valid_lft 14327sec preferred_lft 14327sec inet6 fe80::f1bd:ad86:761e:415c/64 scope link noprefixroute valid_lft forever preferred_lft forever ```
0
Reply
in flag
NiKiZe
did you try `dhcpd6` instead of `dhcpd` ?
0
Reply
cn flag
Marlon Goncalves
yeah I am using dhcpd6 cat /etc/dhcp/dhcpd6.conf the fact that ipv6 doesn't have broadcast might need some other components that I might not be aware of... any other suggestions? this can't be this hard.... https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-dhcp_for_ipv6_dhcpv6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_the_radvd_daemon_for_ipv6_routers
0
Reply
cn flag
Marlon Goncalves
added some more context in the description above @NiKiZe
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.