[Dnsmasq-discuss] [PATCH] DHCPv6 - Multiple reservations for single host
Simon Kelley
simon at thekelleys.org.uk
Fri Jan 10 21:25:22 GMT 2020
On 08/01/2020 09:32, Harald Jensås wrote:
> On Tue, 2020-01-07 at 21:51 +0000, Simon Kelley wrote:
>> On 23/12/2019 11:24, Harald Jensas wrote:
>>> Hi,
>>>
>>> The patch below is a slight alteration to a possible solution
>>> discussed in
>>> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011289.html
>>> .
>>>
>>> My approach here does not require making dhcp-host conditional on a
>>> tag. However, making dhcp-host conditional on a tag would be a nice
>>> addition that could be introduced as a follow up to this to have a
>>> match on the tag of the final OS to keep the provisioned system
>>> consistently configured with a specific address can be very handy.
>>> For
>>> the Openstack use-case I am working in, this however is'nt
>>> necessary.
>>>
>>> I have confirmed that the patch below together with a small change
>>> in
>>> Openstack Ironic (see: https://review.opendev.org/700002) solved
>>> the
>>> long standing issue when doing network booting and node
>>> provisioning
>>> in combination with static only dhcp configuration.
>>>
>>> We are looking forward to comments and feedback regarding this
>>> approach.
>>>
>>> Thank you!
>>>
>>
>> If I've understood correctly, this looks like it might be a viable
>> solution. Question: how many addresses do you configure for each
>> host,
>> and is this fragile if the boot process changes, for instance to add
>> new
>> steps?
>
> Thank you for reviewing this!
>
> I have tested using 4 addresses in total, I should be able to do with 2
> addresses with the workflow I tested with which is OVMF-UEFI->iPXE-
>> LinuxDeployRamdisk->Final OS. OVMF-UEFI uses two addresses just to do
> PXE, but it is kind enough to release both addresses before executing
> the network boot program. Then iPXE uses one, and the deploy ramdisk
> one. Depending on wheater the deploy ramdisk does a release or not
> before rebooting a third address would be used by the final OS. (This
> is where dhcp-host conditional on a tag would be handy to control the
> address of the final OS.)
>
> In the openstack use case the dhcp-config is changed to have just a
> single dhcp-host entry prior to booting into the final os, openstack's
> networking service takes care of issuing a release during this step
> making sure the leased addresses are released. (This is why the dhcp-
> host conditional on a tag is'nt required in the openstack use case.
>
> The number of addresses is indeed fragile, adding another bootstep
> could increase the number of addresses needed. Also an unexpected reset
> of the booting system would lock up addresses that where not released,
> mainly problem with UEFI firmware that likes to generate new IAID's
> every time it boots ...
>
> As digression, Pali Rohár `honor assignment based on MAC address`
> patch is less fragile for this use case. I recognize it breaks other
> parts of the DHCPv6 RFC, see my comments on a previous post in this
> thread. Should we consider his approach if the patch can be re-worked
> to be an opt-in via configuration and a note in docs that the behaviour
> is not following RFC?
Pali has done good work on this and I appreciate it. The objection to
that approach is both the RFC non-compliance, and also the fact that it
absolutely depends on dnsmasq being able to determine the MAC address
of a client. Doing that is fragile, and it would be good to have a
mechanism which didn't rely on it. Does openstack rely on identifying a
host by MAC address, or could it be made to work if the DHCP server
didn't know the MAC address of a client? Even if openstack relies on MAC
addresses (and I understand the provisioning reasons for doing that), a
mechanism to support chain-netbooting without knowing MAC addresses is a
more generally useful thing that one which only works when the MAC
address is determinable.
>
>> Could we add new syntax to dhcp-host which allows it to configure
>> a range of addresses, rather than having a number of dhcp-host
>> entries
>> for each stage of the boot process? That would be a bigger change,
>> but
>> might be a neater solution?
>>
>
> I went for multiple dhcp-host entries because that accidentally happens
> to be what openstack neutron already write in the dnsmasq configuration
> when multiple ip addresses are added to a port in openstack.
>
> Supporting either a list of addresses or a range of addresses in the
> dhcp-host syntax might be neater. (I am biased to keeping it to
> multiple dhcp-host entries due to how openstack currently works, but it
> would be reasonably small work to change|fix openstack in case ...)
>
> If we add dhcp-host conditional on a tag, one could use short lease
> time, like 1m, on entries without a tag that the boot process uses. And
> a longer lease time on the entry tagged for the final os. Doing so
> could ease the issue of leases being held after an unexpected reset
> during boot process. An argument to keep the multiple dhcp-host
> entries?
The best of all possible worlds might be both: a dhcp-host tagged to be
active when the final OS is not the client, which gives out a set of
addresses on short leases, thus removing the steps-to-boot and lost
addresses fragilities: with IPv6 there could be a range of 128 or 256
addresses to go at. Plus a dhcp-host tagged to be active only for the
final OS boot, with a long lease time and fixed address.
As a general principle, dnsmasq tries to not depend on the order of
configuration lines to control behaviour - in almost all cases the
behaviour is defined not to matter on order, and if order appears to
matter then the behaviour is, strictly speaking, undefined. I guess that
what you have at the moment kind of violates that principle.
>
>> I guess that the final adddress that the host ends up with depends on
>> the number of addresses allocated by other parts of the boot process,
>> but as the DNS entry ends up pointing to that final address (does it?
>> -
>> need to check this) that's not a problem.
>>
>
> Yes, the final address of the host depend on the number of address that
> where allocated during the boot process.
>
> Good point regarding DNS, I did'nt check how DNS entries are maintained
> before you mentioned it. Your assumption that the DNS entry point to
> the last address leased is correct. See annotated log below.
>
>
> Jan 08 10:02:03 server.example.com systemd[1]: Started DNS caching server..
> Jan 08 10:02:03 server.example.com dnsmasq[1444]: started, version 2.80-102-g7d04e17 cachesize 150
> Jan 08 10:02:03 server.example.com dnsmasq[1444]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
> Jan 08 10:02:03 server.example.com dnsmasq-dhcp[1444]: DHCPv6, static leases only on fd12:3456:789a:1::afff, lease time 10m
> Jan 08 10:02:03 server.example.com dnsmasq[1444]: using only locally-known addresses for domain mydomain.net
> Jan 08 10:02:03 server.example.com dnsmasq[1444]: reading /etc/resolv.dnsmasq
> Jan 08 10:02:03 server.example.com dnsmasq[1444]: using only locally-known addresses for domain mydomain.net
> Jan 08 10:02:03 server.example.com dnsmasq[1444]: using nameserver 192.168.122.1#53
> Jan 08 10:02:03 server.example.com dnsmasq[1444]: cleared cache
>
> /** No entries in the cache */
>
> Jan 08 10:02:16 server.example.com dnsmasq[1444]: time 1578474136
> Jan 08 10:02:16 server.example.com dnsmasq[1444]: cache size 150, 0/0 cache insertions re-used unexpired cache entries.
> Jan 08 10:02:16 server.example.com dnsmasq[1444]: queries forwarded 0, queries answered locally 0
> Jan 08 10:02:16 server.example.com dnsmasq[1444]: queries for authoritative zones 0
> Jan 08 10:02:16 server.example.com dnsmasq[1444]: pool memory in use 0, max 0, allocated 0
> Jan 08 10:02:16 server.example.com dnsmasq[1444]: server 192.168.122.1#53: queries sent 0, retried or failed 0
> Jan 08 10:02:16 server.example.com dnsmasq[1444]: Host Address Flags Expires
> Jan 08 10:02:16 server.example.com dnsmasq[1444]: bind F I
>
> /** Initial DHCPv6 request from OVMF UEFI is serviced, fd12:3456:789a:1::bacc is leased. */
>
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 available DHCPv6 subnet: fd12:3456:789a:1::aaaa/64
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 client MAC address: 52:54:00:3f:5c:c0
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 DHCPSOLICIT(eth1) 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 DHCPADVERTISE(eth1) fd12:3456:789a:1::bacc 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c host1
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 requested options: 23:dns-server
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 tags: ctlplane-subnet, known, dhcpv6, eth1
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 18 option: 1 client-id 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0...
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 14 option: 2 server-id 00:01:00:01:25:a8:56:f2:52:54:00:b5:b2:8f
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 40 option: 3 ia-na IAID=1073085951 T1=300 T2=525
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 nest size: 24 option: 5 iaaddr fd12:3456:789a:1::bacc PL=600 VL=600
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 9 option: 13 status 0 success
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 1 option: 7 preference 0
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 16 option: 23 dns-server fd12:3456:789a:1::1
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14233087 sent size: 7 option: 39 FQDN host1
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 available DHCPv6 subnet: fd12:3456:789a:1::aaaa/64
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 client MAC address: 52:54:00:3f:5c:c0
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 DHCPREQUEST(eth1) 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 DHCPREPLY(eth1) fd12:3456:789a:1::bacc 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c host1
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 requested options: 23:dns-server
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 tags: ctlplane-subnet, known, dhcpv6, eth1
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 18 option: 1 client-id 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0...
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 14 option: 2 server-id 00:01:00:01:25:a8:56:f2:52:54:00:b5:b2:8f
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 40 option: 3 ia-na IAID=1073085951 T1=300 T2=525
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 nest size: 24 option: 5 iaaddr fd12:3456:789a:1::bacc PL=600 VL=600
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 9 option: 13 status 0 success
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 16 option: 23 dns-server fd12:3456:789a:1::1
> Jan 08 10:02:27 server.example.com dnsmasq-dhcp[1444]: 14298623 sent size: 21 option: 39 FQDN host1.mydomain.net
>
> /** DNS entry points to fd12:3456:789a:1::bacc */
>
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: time 1578474152
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: cache size 150, 0/0 cache insertions re-used unexpired cache entries.
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: queries forwarded 0, queries answered locally 0
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: queries for authoritative zones 0
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: pool memory in use 0, max 0, allocated 0
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: server 192.168.122.1#53: queries sent 0, retried or failed 0
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: Host Address Flags Expires
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: net F D Wed Jan 8 10:12:27 2020
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: host1.mydomain.net fd12:3456:789a:1::bacc 6FR D Wed Jan 8 10:12:27 2020
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: bind F I
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: host1 fd12:3456:789a:1::bacc 6F D Wed Jan 8 10:12:27 2020
> Jan 08 10:02:32 server.example.com dnsmasq[1444]: mydomain.net F D Wed Jan 8 10:12:27 2020
>
> /** DHCPv6 request from OVMF UEFI PXE boot is serviced, fd12:3456:789a:1::aacc is leased. */
>
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 available DHCPv6 subnet: fd12:3456:789a:1::aaaa/64
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 vendor class: 343
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 client MAC address: 52:54:00:3f:5c:c0
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 DHCPSOLICIT(eth1) 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 DHCPADVERTISE(eth1) fd12:3456:789a:1::aacc 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c host1
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 requested options: 59:bootfile-url, 60:bootfile-param, 23:dns-server,
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 requested options: 16:vendor-class
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 tags: ctlplane-subnet, known, efi6, dhcpv6, eth1
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 18 option: 1 client-id 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0...
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 14 option: 2 server-id 00:01:00:01:25:a8:56:f2:52:54:00:b5:b2:8f
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 40 option: 3 ia-na IAID=3217423454 T1=300 T2=525
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 nest size: 24 option: 5 iaaddr fd12:3456:789a:1::aacc PL=600 VL=600
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 9 option: 13 status 0 success
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 1 option: 7 preference 0
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 37 option: 59 bootfile-url tftp://[fd12:3456:789a:1::1]/ipxe.efi
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 16 option: 23 dns-server fd12:3456:789a:1::1
> Jan 08 10:03:33 server.example.com dnsmasq-dhcp[1444]: 14364159 sent size: 7 option: 39 FQDN host1
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 available DHCPv6 subnet: fd12:3456:789a:1::aaaa/64
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 vendor class: 343
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 client MAC address: 52:54:00:3f:5c:c0
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 DHCPREQUEST(eth1) 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 DHCPREPLY(eth1) fd12:3456:789a:1::aacc 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0:4f:57:ed:5c host1
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 requested options: 59:bootfile-url, 60:bootfile-param, 23:dns-server,
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 requested options: 16:vendor-class
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 tags: ctlplane-subnet, known, efi6, dhcpv6, eth1
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 18 option: 1 client-id 00:04:90:b3:fe:05:c8:ed:73:42:a5:7d:55:a0...
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 14 option: 2 server-id 00:01:00:01:25:a8:56:f2:52:54:00:b5:b2:8f
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 40 option: 3 ia-na IAID=3217423454 T1=300 T2=525
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 nest size: 24 option: 5 iaaddr fd12:3456:789a:1::aacc PL=600 VL=600
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 9 option: 13 status 0 success
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 37 option: 59 bootfile-url tftp://[fd12:3456:789a:1::1]/ipxe.efi
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 16 option: 23 dns-server fd12:3456:789a:1::1
> Jan 08 10:03:38 server.example.com dnsmasq-dhcp[1444]: 14429695 sent size: 21 option: 39 FQDN host1.mydomain.net
>
> /** DNS entry now points to fd12:3456:789a:1::aacc */
>
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: time 1578474219
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: cache size 150, 0/0 cache insertions re-used unexpired cache entries.
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: queries forwarded 0, queries answered locally 0
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: queries for authoritative zones 0
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: pool memory in use 0, max 0, allocated 0
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: server 192.168.122.1#53: queries sent 0, retried or failed 0
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: Host Address Flags Expires
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: net F D Wed Jan 8 10:13:38 2020
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: host1.mydomain.net fd12:3456:789a:1::aacc 6FR D Wed Jan 8 10:13:38 2020
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: bind F I
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: host1 fd12:3456:789a:1::aacc 6F D Wed Jan 8 10:13:38 2020
> Jan 08 10:03:39 server.example.com dnsmasq[1444]: mydomain.net F D Wed Jan 8 10:13:38 2020
>
>
Good, that solves that question.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list