我正在尝试创建备份 DHCP 服务器。服务器时间同步。主服务器启动正常。辅助服务器无法启动。/var/log/messages 中的错误是:
Sep 15 14:47:45 stream dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Sep 15 14:47:45 stream dhcpd: All rights reserved.
Sep 15 14:47:45 stream dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Sep 15 14:47:45 stream dhcpd: /etc/dhcp/dhcpd.conf line 25: invalid statement in peer declaration
Sep 15 14:47:45 stream dhcpd: #011max-response-default
Sep 15 14:47:45 stream dhcpd: ^
Sep 15 14:47:45 stream dhcpd: /etc/dhcp/dhcpd.conf line 41: failover peer dhcp-failover: not found
Sep 15 14:47:45 stream dhcpd: failover peer "dhcp-failover"
Sep 15 14:47:45 stream dhcpd: ^
Sep 15 14:47:45 stream dhcpd: /etc/dhcp/dhcpd.conf line 49: failover peer dhcp-failover: not found
Sep 15 14:47:45 stream dhcpd: failover peer "dhcp-failover"
Sep 15 14:47:45 stream dhcpd: ^
Sep 15 14:47:45 stream dhcpd: WARNING: Host declarations are global. They are not limited to the scope you declared them in.
Sep 15 14:47:45 stream dhcpd: /etc/dhcp/dhcpd.conf line 70: failover peer dhcp-failover: not found
Sep 15 14:47:45 stream dhcpd: failover peer "dhcp-failover"
Sep 15 14:47:45 stream dhcpd: ^
Sep 15 14:47:45 stream dhcpd: /etc/dhcp/dhcpd.conf line 78: failover peer dhcp-failover: not found
Sep 15 14:47:45 stream dhcpd: failover peer "dhcp-failover"
Sep 15 14:47:45 stream dhcpd: ^
Sep 15 14:47:45 stream dhcpd: Configuration file errors encountered -- exiting
Sep 15 14:47:45 stream dhcpd:
Sep 15 14:47:45 stream dhcpd: This version of ISC DHCP is based on the release available
Sep 15 14:47:45 stream dhcpd: on ftp.isc.org. Features have been added and other changes
Sep 15 14:47:45 stream dhcpd: have been made to the base software release in order to make
Sep 15 14:47:45 stream dhcpd: it work better with this distribution.
Sep 15 14:47:45 stream dhcpd:
Sep 15 14:47:45 stream dhcpd: Please report for this software via the CentOS Bugs Database:
Sep 15 14:47:45 stream dhcpd: http://bugs.centos.org/
Sep 15 14:47:45 stream dhcpd:
Sep 15 14:47:45 stream dhcpd: exiting.
配置文件内容:
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see 'man 5 dhcpd.conf'
#
option domain-name "eng.foo.com";
option domain-name-servers ns0.eng.foo.com, ns1.eng.foo.com;
option ntp-servers ntp.eng.foo.com;
#option time-servers ntp.eng.foo.com;
default-lease-time 3600;
max-lease-time 7200;
authoritative;
log-facility local7;
failover peer "dhcp-failover" {
secondary;
address 10.0.1.70;
port 647;
peer address 10.0.1.11;
peer port 647;
max-response-default 30;
max-unacked-updates 10;
load balance max seconds 3;
}
#
# Management subnet
#
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.1;
option domain-search "eng.foo.com", "foo.com";
# Unknown clients get this pool
pool {
failover peer "dhcp-failover";
max-lease-time 300;
range 10.0.0.240 10.0.0.249;
allow unknown-clients;
}
# Known clients get this pool
pool {
failover peer "dhcp-failover";
max-lease-time 28800;
range 10.0.0.150 10.0.0.199;
deny unknown-clients;
}
include "/etc/dhcp/dhcpd.conf-engmgmt";
}
#
# Data subnet
#
subnet 10.0.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.1.255;
option routers 10.0.1.1;
option domain-search "eng.foo.com", "foo.com";
# Unknown clients get this pool
pool {
failover peer "dhcp-failover";
max-lease-time 300;
range 10.0.1.240 10.0.1.249;
allow unknown-clients;
}
# Known clients get this pool
pool {
failover peer "dhcp-failover";
max-lease-time 28800;
range 10.0.1.150 10.0.1.199;
deny unknown-clients;
}
# For centos network installs
if substring (option vendor-class-identifier, 0, 8) = "anaconda" {
filename "/autohome/distro/ks/";
next-server eng-data.eng.foo.com;
}
# For PXE network installs
if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
filename "pxelinux.0";
next-server eng-data.eng.foo.com;
}
# For KVM PXE network installs
if substring (option vendor-class-identifier, 0, 9) = "Etherboot" {
filename "pxelinux.0";
next-server eng-data.eng.foo.com;
}
include "/etc/dhcp/dhcpd.conf-engdata";
}
答案1
此答案专门针对那些在复制后遇到此类错误的人此示例配置来自 ISC 网站。该页面上的破折号编码存在细微错误。
在 vim 中,如果在命令模式下将光标放在第一个破折号上max-response-default
并按下,您将看到 unicode 值。现在,如果您删除破折号,将其替换为您自己的破折号,然后再次检查,它将具有 ASCII/unicode 值 45。ga
8208
将故障转移配置中的所有 Unicode 破折号替换为 ASCII 破折号,配置应该可以成功加载。
答案2
似乎第 25 行左右存在配置问题,很可能是 max-response-default。那不应该是 max-response-delay 吗?
答案3
最明显的问题似乎是辅助服务器无法通过指定的端口与主服务器进行通信。
- 您能从辅助节点 ping 通主节点吗?
- iptables 是否配置为允许在端口 647 上进行通信?
除此之外,根据 ISC 的说法,DHCP 服务不会进行大量检查以确保配置正确,如果设置不正确,它会以奇怪的方式失败。因此,如果不是网络问题,那么一定是配置问题。例如,配置文件中的一个遗漏似乎是在启用了故障转移的段上禁用 bootp。您最好在两台服务器上都使用主 dhcp 配置,然后使用包含主配置的主/次对等声明,这将排除配置不匹配的可能性。
要快速了解设置 dhcp 故障转移场景的主要要求,请参阅:http://webcache.googleusercontent.com/search?q=cache:tbaPhUwlbdsJ:consultancy.edvoncken.net/index.php/HOWTO_Configure_DHCP_failover+&cd=1&hl=en&ct=clnk&gl=us
编辑:啊,哎呀,我错过了下面 gertvdijk 指出的那一行。看来应该是 max-response-delay,而不是 max-response-default。