Bug 37689 - UCS doesn't apply all DHCP options received
UCS doesn't apply all DHCP options received
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Network
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 4.0-1-errata
Assigned To: Philipp Hahn
Felix Botner
:
Depends on:
Blocks: 38316 38652
  Show dependency treegraph
 
Reported: 2015-02-04 16:39 CET by Daniel Orrego
Modified: 2015-06-04 18:55 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Roadmap discussion (moved)
Max CVSS v3 score:
hahn: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Orrego univentionstaff 2015-02-04 16:39:25 CET
We are having this problem now in UCS instances in Openstack.
an external (non-UCS) DHCP server sends DHCP options like DNS and extra routes, but UCS only applies the addressing info (IP, mask, gateway, etc.) and ignores the rest (DNS and routes).

I see the script in /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes, but either  it doesn't run or it doesn't have any effect on the network configuration.

root@ucsserver:~# cat /var/lib/dhcp/dhclient.eth0.leases 
lease {
  interface "eth0";
  fixed-address 192.168.100.181;
  option subnet-mask 255.255.255.0;
  option dhcp-lease-time 86400;
  option dhcp-message-type 5;
  option domain-name-servers 10.114.138.89,192.168.240.14;
  option dhcp-server-identifier 192.168.100.2;
  option dhcp-renewal-time 43200;
  option rfc3442-classless-static-routes 32,10,114,138,51,192.168.100,254,32,10,114,138,89,192.168.100,254,32,10,170,226,87,192.168.100,254,24,192,168,210,192.168.100,254,24,192,168,240,192.168.100,254,32,169,254,169,254,192.168.100,2;
  option broadcast-address 192.168.100.255;
  option dhcp-rebinding-time 75600;
  option host-name "host-192.168.100-181";
  option domain-name "openstacklocal";
  renew 4 2015/02/05 02:30:57;
  rebind 4 2015/02/05 11:55:48;
  expire 4 2015/02/05 14:55:48;
}
Comment 1 Philipp Hahn univentionstaff 2015-04-22 13:35:57 CEST
base/univention-network-manager/etc/dhcp/dhclient-exit-hooks.d/resolvconf uses "exit 0", which breaks anything: The file is "sourced" by /sbin/dhclient-script (not forked!), as this is required for re-writing the DHCP configuration by those scripts:

$ grep -n exit etc/dhcp/dhclient-exit-hooks.d/resolvconf                                                   
33:test -z "$interface" && exit 0
115:exit 0

$ /sbin/dhclient-script
385 exit_with_hooks 0
141 exit_with_hooks() {
150     if ! run_hookdir /etc/dhcp/dhclient-exit-hooks.d "$@"; then
124 run_hookdir() {
132             run_hook $script "$@" || true
106 run_hook() {
113         . $script "$@"

# ls -1 /etc/dhcp/dhclient-exit-hooks.d/*
/etc/dhcp/dhclient-exit-hooks.d/debug
/etc/dhcp/dhclient-exit-hooks.d/ntp
/etc/dhcp/dhclient-exit-hooks.d/ntpdate
/etc/dhcp/dhclient-exit-hooks.d/resolvconf
/etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes


Trivial patch:
diff --git a/branches/ucs-4.0/ucs-4.0-1/base/univention-network-manager/etc/dhcp/dhclient-exit-hooks.d/resolvconf b/branches/ucs-4.0/ucs-4.0-1/base/univention-network-manager/etc/dhcp/dhclient-exit-hooks.d/resolvconf
index 7dd1a63..bce3aca 100755
--- a/branches/ucs-4.0/ucs-4.0-1/base/univention-network-manager/etc/dhcp/dhclient-exit-hooks.d/resolvconf
+++ b/branches/ucs-4.0/ucs-4.0-1/base/univention-network-manager/etc/dhcp/dhclient-exit-hooks.d/resolvconf
@@ -30,6 +30,7 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
+(
 test -z "$interface" && exit 0
 
 eval "$(univention-config-registry shell)"
@@ -113,3 +114,4 @@ elif [ "$interface_type" = "dhcp" ]; then
 fi
 
 exit 0
+)


After that everything works:

ucr set \
 dhcpd/options/rfc3442-classless-static-routes/121='array of integer 8' \
 dhcpd/options/ms-classless-static-routes/249='array of integer 8'

udm dhcp/service modify \
 --dn "$(udm dhcp/service list | sed -ne 's/^DN: //p;T;q')" \
 --append option='rfc3442-classless-static-routes 24,10,201,17,10,200,17,2;'
#                                                pfx/net------ router-----
# number of octets per $net depends on $pfx={32,24,16,8,0} !!!

Please note that any classless static route thus defines is only applied on the first BOUND (or REBOOT).
If the setting is added or changes later on, it does NOT get applied.

If this is required, the lease must be expired forcefully by denying the clients to re-use their previously assigned address.
- For DHCP-Pools this can be done by the Allow/Deny policy.
- for static assignments the address must be changed manually for all hosts.


FYI: <https://ercpe.de/blog/pushing-static-routes-with-isc-dhcp-server>
Comment 2 Philipp Hahn univentionstaff 2015-04-22 14:08:22 CEST
r60077 | Bug #37689 Net: Fix sourced script using exit
 Patch applied

Package: univention-network-manager
Version: 6.0.0-2.103.201504221359
Branch: ucs_4.0-0
Scope: errata4.0-1

r60078 | Bug #37689 Net: Fix sourced script using exit YAML
 2015-04-22-univention-network-manager.yaml

QA: echo 'echo SUCCESS >>/tmp/37689'>/etc/dhcp/dhclient-exit-hooks.d/zz37689
will only log SUCCESS with the fixed package installed.
Comment 3 Philipp Hahn univentionstaff 2015-04-22 14:27:43 CEST
FYI: rfc3442-classless-static-routes also looks strange:
32 10,114,138,51 192.168.100,254
32 10,114,138,89 192.168.100,254
32 10,170,226,87 192.168.100,254
24,192,168,210 192.168.100,254
24 192,168,240 192.168.100,254
32 169,254,169,254 192.168.100.2

1. Is that last entry correct?
2. As the RFC3442 extension doesn't mix well with the default gateway mechanism, adding a '0,a,b,c,d' entry is recommended for setting the default gateway a.b.c.d
Comment 4 Felix Botner univentionstaff 2015-05-05 16:42:51 CEST
OK - i just tested, if /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes 
     is executed during boot with interfaces/eth0/type=dhcp
OK - YAML
Comment 5 Janek Walkenhorst univentionstaff 2015-05-07 17:39:33 CEST
<http://errata.univention.de/ucs/4.0/184.html>