DHCPv6 fixed assigment

Question

Trying to assign fixed ipv6 addresses to my coreos master and worker nodes from my Centos in order to have dual stack running on the cluster. However I am having a hard time getting it to assign the fixed ip addresses that I am hard-coding in the dhcp6.conf file as follows:

[root@ocp-svc ~]# cat /etc/dhcp/dhcpd6.conf
#
# DHCPv6 Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd6.conf.example
#   see dhcpd.conf(5) man page
#
authoritative;
ddns-update-style interim;
allow booting;
allow bootp;
allow unknown-clients;
ignore client-updates;
default-lease-time 14400;
max-lease-time 14400;


subnet6 fd00::/64 {
 range6 fd::1000 fd::2000
 option dhcp6.name-servers fd00::1;
 option dhcp6.domain-search "ocp.lan";
}
host otherclient {
        # This host entry is hopefully matched if the client supplies a DUID-LL
        # or DUID-LLT containing this MAC address.
        hardware ethernet 00:0c:29:5e:d2:37;
        fixed-address6 fd00::211;
}

I am using the following system:

[root@ocp-svc performanceoperator]# cat /etc/redhat-release
CentOS Linux release 8.5.2111

Have also added the following two lines in the config in order to allow SE linux to access the directory:

ausearch -c 'dhcpd' --raw | audit2allow -M my-dhcpd
semodule -X 300 -i my-dhcpd.pp
systemctl restart dhcpd

And saw this messages in the messages log facility:

Dec 13 19:52:13 ocp-svc systemd[1]: Stopping DHCPv4 Server Daemon...
Dec 13 19:52:13 ocp-svc systemd[1]: dhcpd.service: Succeeded.
Dec 13 19:52:13 ocp-svc systemd[1]: Stopped DHCPv4 Server Daemon.
Dec 13 19:52:13 ocp-svc systemd[1]: Starting DHCPv4 Server Daemon...
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Internet Systems Consortium DHCP Server 4.3.6
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Copyright 2004-2017 Internet Systems Consortium.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: All rights reserved.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: For info, please visit https://www.isc.org/software/dhcp/
Dec 13 19:52:13 ocp-svc dhcpd[199778]: ldap_gssapi_principal is not set,GSSAPI Authentication for LDAP will not be used
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Dec 13 19:52:13 ocp-svc dbus-daemon[1024]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.14' (uid=0 pid=1001 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper)
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Config file: /etc/dhcp/dhcpd.conf
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Database file: /var/lib/dhcpd/dhcpd.leases
Dec 13 19:52:13 ocp-svc dhcpd[199778]: PID file: /var/run/dhcpd.pid
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Source compiled to use binary-leases
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Wrote 0 deleted host decls to leases file.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Wrote 0 new dynamic host decls to leases file.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Wrote 1 leases to leases file.
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Listening on LPF/ens224/00:0c:29:70:9c:d0/192.168.22.0/24
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Sending on   LPF/ens224/00:0c:29:70:9c:d0/192.168.22.0/24
Dec 13 19:52:13 ocp-svc dhcpd[199778]:
Dec 13 19:52:13 ocp-svc dhcpd[199778]: No subnet declaration for ens192 (192.168.0.139).
Dec 13 19:52:13 ocp-svc dhcpd[199778]: ** Ignoring requests on ens192.  If this is not what
Dec 13 19:52:13 ocp-svc dhcpd[199778]:   you want, please write a subnet declaration
Dec 13 19:52:13 ocp-svc dhcpd[199778]:   in your dhcpd.conf file for the network segment
Dec 13 19:52:13 ocp-svc dhcpd[199778]:   to which interface ens192 is attached. **
Dec 13 19:52:13 ocp-svc dhcpd[199778]:
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Sending on   Socket/fallback/fallback-net
Dec 13 19:52:13 ocp-svc dhcpd[199778]: Server starting service.
Dec 13 19:52:13 ocp-svc systemd[1]: Started DHCPv4 Server Daemon.
Dec 13 19:52:14 ocp-svc dbus-daemon[1024]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Dec 13 19:52:15 ocp-svc dbus-daemon[1024]: [system] Activating service name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.224' (uid=995 pid=199781 comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" label="system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023") (using servicehelper)
Dec 13 19:52:16 ocp-svc dbus-daemon[1024]: [system] Successfully activated service 'org.fedoraproject.SetroubleshootPrivileged'

Checked the dhcpd service status which also looks good:

[root@ocp-svc ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2021-12-13 20:05:21 CST; 8s ago
     Docs: man:dhcpd(8)
           man:dhcpd.conf(5)
 Main PID: 213030 (dhcpd)
   Status: "Dispatching packets..."
    Tasks: 1 (limit: 101086)
   Memory: 10.2M
   CGroup: /system.slice/dhcpd.service
           └─213030 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid

Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]: No subnet declaration for ens192 (192.168.0.139).
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]: ** Ignoring requests on ens192.  If this is not what
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:    you want, please write a subnet declaration
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:    in your dhcpd.conf file for the network segment
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:    to which interface ens192 is attached. **
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]:
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]: Sending on   Socket/fallback/fallback-net
Dec 13 20:05:21 ocp-svc.lab.ocp.lan dhcpd[213030]: Server starting service.
Dec 13 20:05:21 ocp-svc.lab.ocp.lan systemd[1]: Started DHCPv4 Server Daemon.

Could anyone shed some light here on what else I could be missing here? Any help is tremendously appreciated.

I added the following now to comply with SElinux (dhcpd6) after some research....but still didn't do much...argh...

[root@ocp-svc etc]# ausearch -c 'dhcpd6' --raw | audit2allow -M my-dhcpd6
Nothing to do
[root@ocp-svc etc]# semodule -i my-dhcpd6.pp

Using the `fd00::/64` network is misusing ULA. You are allowed to assign prefixes in the `fd00::/8` range, but the next 40 bits must be randomly assigned, giving you a `/48` prefix from which you can derive 65,536 `/64` networks. Using `fd00::/64` is forbidder by the RFC. — Ron Maupin, Jan 26 '22 at 22:59

score 0 · Answer 1 · answered Dec 14 '21 at 06:19

0

dhcpd is started when you probably want dhcpd6

subnet6 fd00::/64 { and range6 fd:: are not matching.

host declaration is outside subnet

An attempt at re-arranging that hopefully works.

subnet6 fd00::/64 {
 range6 fd00::1000 fd00::2000
 option dhcp6.name-servers fd00::1;
 option dhcp6.domain-search "ocp.lan";

 host otherclient {
        # This host entry is hopefully matched if the client supplies a DUID-LL
        # or DUID-LLT containing this MAC address.
        hardware ethernet 00:0c:29:5e:d2:37;
        fixed-address6 fd00::211;
 }
}

I would try to use a probably more uniqe range, just to simplify any possible future merge with other nets, see https://en.wikipedia.org/wiki/Unique_local_address#Attempts_of_registration_and_allocation

For example use: fd00:10c9:: for 1an - 0cp.

answered Dec 14 '21 at 06:19

NiKiZe

1,189
7
17

nice catch. thx. unfortunately those changes didn't change the fact that IPV6 is not being assigned on a fixed base... ``` [root@ocp-bootstrap ~]# ip a 2: ens192: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:5e:d2:37 brd ff:ff:ff:ff:ff:ff inet 192.168.22.200/24 brd 192.168.22.255 scope global dynamic noprefixroute ens192 valid_lft 14327sec preferred_lft 14327sec inet6 fe80::f1bd:ad86:761e:415c/64 scope link noprefixroute valid_lft forever preferred_lft forever ``` – Marlon Goncalves Dec 14 '21 at 13:49
did you try `dhcpd6` instead of `dhcpd` ? – NiKiZe Dec 14 '21 at 14:33
yeah I am using dhcpd6 cat /etc/dhcp/dhcpd6.conf the fact that ipv6 doesn't have broadcast might need some other components that I might not be aware of... any other suggestions? this can't be this hard.... https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-dhcp_for_ipv6_dhcpv6 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_the_radvd_daemon_for_ipv6_routers – Marlon Goncalves Dec 14 '21 at 23:40
added some more context in the description above @NiKiZe – Marlon Goncalves Dec 15 '21 at 00:04

DHCPv6 fixed assigment

1 Answers1