DHCP server

Understand how to install and configure the DHCP server.

The plan shows multiple DHCP servers:

  • Default network - DHCP server (one on each LPAR): This DHCP server assigns static 192.168.122.x/24 IP addresses to all KVM guests on the default NAT interface. They should be already running on all LPARs. To check, run ps aux|grep dnsmasq.

  • 10er network - DHCP server: This DHCP server assigns static 10.128.0.x/14 IP addresses to all OpenShift related KVM guests. Instructions on how to set this up with dhcpd follows.

The DHCP server is used to provide each OpenShift node with the following information:

  • Static IP address

  • Broadcast address

  • Hostname

  • Search domain

  • DNS server hostname

Installation

Perform on bastion guest:

  1. Install the dhcp-server:

    yum install dhcp-server

  2. Assign static IP addresses to all interfaces without IP addresses (when not already done).

    nmcli c modify PROFILE ipv4.addresses 10.128.0.X/14 ipv4.method manual

    This step is required for dhcpd to detect the subnets for each interface.

  3. Edit the DHCP configuration /etc/dhcp/dhcpd.conf. Copy from the Example configuration below.

  4. Optionally configure the firewall (it does not have any effect):

    firewall-cmd --add-service=dhcp --permanent
firewall-cmd --reload

    The reason why those firewall rules do not have any effect is described in why does dhcp work even when UDP port 67 is blocked.

  5. Enable the service.

    systemctl enable dhcpd --now
systemctl status dhcpd

Example configuration

dhcpd.conf

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

# option definitions common to all supported networks...
# option domain-name "example.org";
# option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection)
# log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# NAT to outside
subnet 192.168.122.0 netmask 255.255.255.0 {
  #range 192.168.122.2 192.168.122.254;
  #option broadcast-address 192.168.122.255;
  #default-lease-time 600;
  #max-lease-time 7200;
}

# Main OCP network.
subnet 10.128.0.0 netmask 255.252.0.0 {
  # static assignment works without specifying a range:
  #range 10.128.0.2 10.128.0.254;

  # set our custom nameserver as the one and only DNS server for
  # all guests. We don't have the flexibility of a split DNS setup per guest
  # which could be better in our setup.
  option domain-name-servers ns1.sa.boe;

  # This sets the search domain and allows the guests to
  # resolve e.g. `dig control0 +search`
  option domain-name "ocp0.sa.boe";

  # The following would not work because the default gateway would contain
  # the wrong interface. And you cannot specify the interface here:
  #option routers 192.168.122.1;

  # if you like to use the bastion as router:
  # Note: This option causes a new default route (make sure to not have two)
  #option routers 10.128.0.1;

  option broadcast-address 10.131.255.255;
  #default-lease-time 600;
  #max-lease-time 7200;
}

group {
    # If the use-host-decl-names parameter is true in a given scope,
    # then for every host declaration within that scope, the name provided for
    # the host declaration will be supplied to the client as its hostname.
    use-host-decl-names on;

    host control0.ocp0.sa.boe {
        hardware ethernet 02:9B:17:C0:00:61;
        fixed-address 10.128.0.97;
        #option host-name "control0.ocp0.sa.boe";
    }
    host control1.ocp0.sa.boe {
        hardware ethernet 02:9B:17:C1:00:62;
        fixed-address 10.128.0.98;
        #option host-name "control1.ocp0.sa.boe";
    }
    host control2.ocp0.sa.boe {
        hardware ethernet 02:9B:17:C2:00:63;
        fixed-address 10.128.0.99;
        #option host-name "control1.ocp0.sa.boe";
    }

    host compute0.ocp0.sa.boe {
        hardware ethernet 02:9B:17:00:C0:0A;
        fixed-address 10.128.0.10;
    }
    host compute1.ocp0.sa.boe {
        hardware ethernet 02:9B:17:00:C1:0B;
        fixed-address 10.128.0.11;
    }

    host bootstrap.ocp0.sa.boe {
        hardware ethernet 02:9B:17:00:B0:60;
        fixed-address 10.128.0.96;
    }

    host bastion.sa.boe {
        hardware ethernet 02:9B:17:BB:BB:BB;
        fixed-address 10.128.0.1;
    }

    host loadbalancer1.sa.boe {
        hardware ethernet 02:9B:17:CC:CC:CC;
        fixed-address 10.129.0.1;
    }

    host loadbalancer2.sa.boe {
        hardware ethernet 02:9B:17:DD:DD:DD;
        fixed-address 10.130.0.1;
    }
}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
#  range dynamic-bootp 10.254.239.40 10.254.239.60;
#  option broadcast-address 10.254.239.31;
#  option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
#  range 10.5.5.26 10.5.5.30;
#  option domain-name-servers ns1.internal.example.org;
#  option domain-name "internal.example.org";
#  option routers 10.5.5.1;
#  option broadcast-address 10.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
#  hardware ethernet 0:0:c0:5d:bd:95;
#  filename "vmunix.passacaglia";
#  server-name "toccata.example.com";
#}

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
#  hardware ethernet 08:00:07:26:c0:a5;
#  fixed-address fantasia.example.com;
#}

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
#  subnet 10.17.224.0 netmask 255.255.255.0 {
#    option routers rtr-224.example.org;
#  }
#  subnet 10.0.29.0 netmask 255.255.255.0 {
#    option routers rtr-29.example.org;
#  }
#  pool {
#    allow members of "foo";
#    range 10.17.224.10 10.17.224.250;
#  }
#  pool {
#    deny members of "foo";
#    range 10.0.29.10 10.0.29.230;
#  }
#}