4.3.0 DHCP failover stop working after upgrade

Sleidex · March 19, 2018, 12:29pm

Hello, i have DHCP failover configuration based on Univention and https://kb.isc.org/article/AA-00502/31 documentation.
It works on 4.2.3 but don’t work after 4.3 upgrade.

/var/log/syslog:


failover peer dc: I move from recover to startup
Mar 19 12:24:59 dc1 dhcpd[24832]: failover peer declaration with no referring pools.
Mar 19 12:24:59 dc1 dhcpd[24832]: In order to use failover, you MUST refer to your main failover declaration
Mar 19 12:24:59 dc1 dhcpd[24832]: in each pool declaration.   You MUST NOT use range declarations outside
Mar 19 12:24:59 dc1 dhcpd[24832]: of pool declarations.
Mar 19 12:24:59 dc1 dhcpd[24832]: 
Mar 19 12:24:59 dc1 dhcpd[24832]: If you think you have received this message due to a bug rather
Mar 19 12:24:59 dc1 dhcpd[24832]: than a configuration issue please read the section on submitting
Mar 19 12:24:59 dc1 dhcpd[24832]: bugs on either our web page at www.isc.org or in the README file
Mar 19 12:24:59 dc1 dhcpd[24832]: before submitting a bug.  These pages explain the proper
Mar 19 12:24:59 dc1 dhcpd[24832]: process and the information we find helpful for debugging..

I checked all configuration . they are the same as on my production 4.2.3 version.

root@dc1:~# cat /etc/dhcp/local.conf
# This can be used to modify local DHCP configuration options
failover peer "dc" {
        primary;
        address dc1.xxxxx.localnet;
        port 519;
        peer address dc2.xxxxx.localnet;
        peer port 520;
        max-response-delay 60;
        max-unacked-updates 10;
        mclt 3600;
        split 128;
        load balance max seconds 3;
    }


authoritative;
ddns-update-style none;
 
on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
set ClientName = pick-first-value(option host-name, config-option-host-name, client-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", ClientName));
execute("/usr/local/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, ClientName);
}
 
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
log(concat("Release: IP: ", ClientIP));
execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
}
 
on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
# cannot get a ClientMac here, apparently this only works when actually receiving a packet
log(concat("Expired: IP: ", ClientIP));
# cannot get a ClientName here, for some reason that always fails
execute("/usr/local/bin/dhcp-dyndns.sh", "delete", ClientIP, "", "0");
}

Moritz_Bunkus · March 20, 2018, 9:04am

Hey,

I’d like to see the full configuration. Can you please do the following:

In the file /etc/dhcp/dhcpd.conf there’s a commented-out line # ldap-debug-file "/var/log/dhcp-ldap-startup.log"; Please remove that comment character so that the line becomes active.
Re-start your DHCP server: systemctl restart univention-dhcp.service
Post the output of /var/log/dhcp-ldap-startup.log

Thanks.

Kind regards,
mosu

Sleidex · March 20, 2018, 9:16am

Hallo, my conf is ok. It’s bug:

https://forge.univention.org/bugzilla/show_bug.cgi?id=46607

Moritz_Bunkus · March 20, 2018, 9:18am

Ah, I see. Shouldn’t be too long then.Just deactivate the failover block in the configuration of one of your DHCP servers and shut down the second one (systemctl stop univention-dhcp) until the patched package’s been released.

Sleidex · March 20, 2018, 9:21am

i don’t make upgrades on production servers without test. I got this error on test clone platform, so all good for me, thank you:) I could wait till stable 4.3.0 version.

Moritz_Bunkus · March 20, 2018, 9:29am

Good to hear I generally wait a couple of weeks before upgrading my production servers to a new release (e.g. from 4.1-x to 4.2, or from 4.2-x to 4.3) so that corner cases such as yours can get taken care of.

Moritz_Bunkus · March 21, 2018, 12:47pm

Hey,

UCS 4.3 Erratum 1 has just been released addressing this problem:

A new erratum update is available for Univention Corporate Server 4.3.
It is applicable to the following patch-levels: 0.
It addresses the following problem:

Program component: isc-dhcp
Reference: bug 46607
Fixed version: 4.3.5-3+deb9u1A~4.3.0.201803131309

This update addresses the following issue:

Fix DHCP failover configuration.

mosu