Bug 38652 - Allow a way to choose what to set when receiving multiple DHCP options
Allow a way to choose what to set when receiving multiple DHCP options
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: Network
UCS 3.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
:
Depends on: 37689
Blocks: 38316
  Show dependency treegraph
 
Reported: 2015-06-04 18:55 CEST by Daniel Orrego
Modified: 2018-04-14 13:52 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Orrego univentionstaff 2015-06-04 18:55:31 CEST
There seems to be a regression from fixing bug #37689 :-/ After the fix, an external DHCP server modifies important variables for members of a UCS domain, for instance completely overwriting /etc/resolv.conf

In our case we need to set the routes send by an external DHCP but without changing settings for the UCS domain like nameserver{1..3} or domain/search. Maybe if we "catch" somehow what is sent and then choose what to set and what not to? This could be an approach when you don't have control of the external DHCP servers but need some of their options dynamically (without risking the UCS domain)

Please let me know if that is possible, another option would be to simply go back to static/manual configuration for all these settings. (with the challenges at launch -if cloud instance- and initial setup...)

+++ This bug was initially created as a clone of Bug #37689 +++
Comment 1 Philipp Hahn univentionstaff 2015-06-09 15:00:28 CEST
There already are the /etc/dhcp/dhclient-enter-hooks.d/ and /etc/dhcp/dhclient-exit-hooks.d/ directories, which can contain scripts, which are _sourced_ by /sbin/dhclient-script. Those scripts can modify all environment variables of the process and thus influence what /sbin/dhclient-script does.
Comment 2 Daniel Orrego univentionstaff 2015-06-10 11:55:15 CEST
Cool. Thank you.

That should be enough. I will do some tests...
Comment 3 Daniel Orrego univentionstaff 2015-06-16 17:03:07 CEST
After some tests I have found that UCS already includes a hook-script for /etc/resolv.conf in /etc/dhcp/dhclient-exit-hooks.d/resolvconf

The script works well for domain controllers, but it ignores the different UCR variables (nameserver*, dns/search, etc.) when the server is a memberserver!

Currently, an external DHCP server overrides /etc/resolv.conf on joined UCS memberservers.

I don't have a patch, I am using a second script, that runs after the default one, as a workaround to commit /etc/resolv.conf from UCR; but I still think that this is a regression and the default hook-script should include the proper configuration for memberservers.
Comment 4 Stefan Gohmann univentionstaff 2015-07-10 16:51:26 CEST
(In reply to Daniel Orrego from comment #3)
> After some tests I have found that UCS already includes a hook-script for
> /etc/resolv.conf in /etc/dhcp/dhclient-exit-hooks.d/resolvconf
> 
> The script works well for domain controllers, but it ignores the different
> UCR variables (nameserver*, dns/search, etc.) when the server is a
> memberserver!
> 
> Currently, an external DHCP server overrides /etc/resolv.conf on joined UCS
> memberservers.
> 
> I don't have a patch, I am using a second script, that runs after the
> default one, as a workaround to commit /etc/resolv.conf from UCR; but I
> still think that this is a regression and the default hook-script should
> include the proper configuration for memberservers.

I'm not sure. I guess in a lot of other scenarios you will use the given nameserver. Maybe we can add a SDB article for you scenario?
Comment 5 Philipp Hahn univentionstaff 2017-04-21 14:02:34 CEST
Playing games with multiple DHCPd seems dangerous: DHCP leases are exclusive and are NOT merged.
If you need to overwrite certain setting (DNS servers), define a UCR policy to set those value via the LDAP layer.