dhcpsync.8(8)
NAME
dhcpsync - synchronize DHCP configuration file
SYNOPSIS
[ KEY=keyfile ] [ SHARED=/path/to/conffile ] [ SLEEP=sec onds ] dhcpsync <hostname of slave>
DESCRIPTION
This script shows how to detect if the dhcpd configuration
has changed, and sync a shared conf file to the slave, and
restart both servers.
o It is run on the master failover peer
- o It uses rsync over ssh with an enforced command on the
- slave.
- o It relies on all include files being mentioned in
- "DHCPD_CONF_INCLUDE_FILES" in /etc/rc.con
fig.d/dhcpd.rc.config. These files are looked at to
find out whether one of the config files is newer than
dhcpd's pid file ('rcdhcpd probe') - dhcpsync should actually be usable without modification. But you need to do some configuration, read on.
CONFIGURATION
In this example, host1 is the master, host2 is the slave.
- A key can be generated like this: (save the key in
/root/.ssh/dhcp-share, and press enter when asked for the
passphrase.) - root@host1 ~ # ssh-keygen -C 'dhcp-share@host1'
Generating public/private rsa1 key pair.
Enter file in which to save the key (/root/.ssh/identi - ty):
/root/.ssh/dhcpshare
- Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/dhcp - share.
Your public key has been saved in /root/.ssh/dhcp - share.pub.
The key fingerprint is:
21:11:ec:20:00:42:2f:20:7e:1f:df:6a:d1:25:3d:81 dhcp - share@host1
root@host1 ~ # - Now you add the key to the authorized_keys file on the
slave (host2):
root@host1 ~ # cat ~/.ssh/dhcp-share.pub | ssh- root@host2 'mkdir -p .ssh; cat >> .ssh/autho
- rized_keys'
- (This will append the key to an existing authorized_keys
file, or create one.) - To protect the root account (you could as well use another
account, of course), you can edit .ssh/authorized_keys on
host2 like this: (Thereby, only the forced command can be
executed, and only from host1.)
from="host1",command="rsync --server -vlogDtprc .- /etc//dhcpd.con
f.shared; logger dhcpsync: restarting dhcpd; - /etc/init.d/dhcpd re
start",no-port-forwarding,no-X11-forwarding,no-agent - forwarding,n
o-pty 1024 35 - 153745022190516820299391088867549182186599040623906
39933745099888497383649196106925140349057243770084885129581786366
05465027720474718409180919631615923416064825206960144541025646589
06475280304001588034598721095438582948133259768243300555751330261
946744924207972755699883176592160263892584211118353855811030877 - d
hcp-share@host1 - To run dhcpsync, you must specify the hostname of the "SLAVE" by putting it into the environment,
root@host1 ~ # SLAVE=host2 dhcpsync- or, alternatively, giving the name as the first argument:
root@host1 ~ # dhcpsync host2
CHANGING THE DEFAULTS
Please refer to the FILES section to see what the defaults
are.
- The name of the file to be synced can be overridden from
the environment (bash example): - root@host1 ~ # SHARED="some_other_file" dhcpsync host2
- Likewise, the ssh key to be used to authenticate can be
specified via the "KEY" variable.
AUTOMATION
- The script can be run from cron, such as:
- -* * * * * root /usr/sbin/dhcpsync host2
FILES
- /etc/dhcpd.conf.shared default conf file that is to be
- synced
/root/.ssh/dhcp-share default file name of the ssh1 - private key
AUTHORS
Peter Poeml <poeml@suse.de>
BUGS
If you feel that this script could be improved, please
submit a bug report!
Someone who has access to the private key and the master's
IP address can overwrite the configuration file, possibly
causing harm.
DISCLAIMER
dhcpsync is provided ``AS IS'' and any express or implied
warranties, including, but not limited to, the implied
warranties of merchantability and fitness for a particular
purpose are disclaimed.
SEE ALSO
- dhcpd(8), /usr/share/doc/packages/dhcp/*