Ubuntu
isc-dhcp package

Comment 32 for bug 1186662

Revision history for this message

John Center (john-center) wrote on 2015-06-19:

#32

There are a number of things that need to be addressed with the isc-dhcp-server package. I think I've worked through most of the issues, based on items here & ones I've researched; maybe the maintainer or someone else could review this?

1) /etc/default/isc-dhcp-server needs to be updated to enable several env variables & include one more:

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
-#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's leases file (default: /var/lib/dhcp/dhcpd.leases).
+DHCPD_LEASES=/var/lib/dhcp/dhcpd.leases

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
-#DHCPD_PID=/var/run/dhcpd.pid
+DHCPD_PID=/var/run/dhcp-server/dhcpd.pid

# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
@@ -18,4 +21,4 @@

2) /etc/init/isc-dhcp-server.conf sources the default isc-dhcp-server file, but does not include the correct env variable to find dhcpd.conf. It should also set the extended file attributes as mentioned earlier. Finally, it should use the env variables defined in the default isc-dhcp-server file when starting the service:

- if [ -f /etc/ltsp/dhcpd.conf ]; then
- CONFIG_FILE=/etc/ltsp/dhcpd.conf
- else
- CONFIG_FILE=/etc/dhcp/dhcpd.conf
- fi
- if [ ! -f $CONFIG_FILE ]; then
- echo "$CONFIG_FILE does not exist! - Aborting..."
- echo "Please create and configure $CONFIG_FILE to fix the problem."
+ if [ ! -f $DHCPD_CONF ]; then
+ echo "$DHCPD_CONF does not exist! - Aborting..."
+ echo "Please create and configure $DHCPD_CONF to fix the problem."
         stop
         exit 0
     fi

- if ! dhcpd -user dhcpd -group dhcpd -t -q -4 -cf $CONFIG_FILE > /dev/null 2>&1; then
+ if ! dhcpd -user dhcpd -group dhcpd -t -q -4 -cf $DHCPD_CONF > /dev/null 2>&1; then
         echo "dhcpd self-test failed. Please fix the config file."
         echo "The error was: "
- dhcpd -user dhcpd -group dhcpd -t -4 -cf $CONFIG_FILE
+ dhcpd -user dhcpd -group dhcpd -t -4 -cf $DHCPD_CONF
         stop
         exit 0
     fi
@@ -36,12 +31,6 @@

respawn
script
- if [ -f /etc/ltsp/dhcpd.conf ]; then
- CONFIG_FILE=/etc/ltsp/dhcpd.conf
- else
- CONFIG_FILE=/etc/dhcp/dhcpd.conf
- fi
-
. /etc/default/isc-dhcp-server

# Allow dhcp server to write lease and pid file as 'dhcpd' user
@@ -50,10 +39,8 @@

# The leases files need to be root:root even when dropping privileges
[ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
- chown root:root /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
- if [ -e /var/lib/dhcp/dhcpd.leases~ ]; then
- chown root:root /var/lib/dhcp/dhcpd.leases~
- fi
+ setfacl -dm u:dhcpd:rwx /var/lib/dhcp
+ setfacl -m u:dhcpd:rwx /var/lib/dhcp

- exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES
+ exec dhcpd -user dhcpd -group dhcpd -f -4 $OPTIONS -pf $DHCPD_PID -cf $DHCPD_CONF -lf $DHCPD_LEASES $INTERFACES
end script

3) Checks for upstart should be added to the sysvinit script:

. /lib/lsb/init-functions

+check_for_upstart()
+{
+ if init_is_upstart; then
+ exit $1
+ fi
+}
+
# Read init script configuration
[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"

@@ -38,15 +45,18 @@
DESC="ISC DHCP server"
# fallback to default config file
DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf}
-# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
+# try to read pid file name from config file, with fallback to
+/var/run/dhcpd.pid
if [ -z "$DHCPD_PID" ]; then
- DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
+ DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"$.*$"[
+\t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
fi
DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd.pid}"

test_config()
{
- if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
+ if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1;
+then
   echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
   echo "The error was: "
   /usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
@@ -72,6 +82,7 @@

case "$1" in
  start)
+ check_for_upstart 1
   test_config
   log_daemon_msg "Starting $DESC" "$NAME"
   start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
@@ -88,12 +99,14 @@
   fi
   ;;
  stop)
+ check_for_upstart 0
   log_daemon_msg "Stopping $DESC" "$NAME"
   start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
   log_end_msg $?
   rm -f "$DHCPD_PID"
   ;;
  restart | force-reload)
+ check_for_upstart 1
   test_config
   $0 stop
   sleep 2
@@ -103,13 +116,15 @@
   fi
   ;;
  status)
+ check_for_upstart 1
   echo -n "Status of $DESC: "
   check_status -v
   exit "$?"
   ;;
  *)
   echo "Usage: $0 {start|stop|restart|force-reload|status}"
- exit 1
+ exit 1
esac

exit 0

4) The apparmor script needs a minor change to fix a permissions issue (http://svn.linuxmce.org/trac/ticket/2290):

+ # LINUXMCE 14.04 - FIX PERMISSION DENIED
+ /etc/bind/ r,
+ /etc/bind/** r,
+
# isc-dhcp-server-ldap
/etc/ldap/ldap.conf r,

We've been testing these changes & everything appears to be working. I'm not sure if I've created the diffs correctly, but there should be enough info to straighten up the configuration. I haven't looked at the Debian upstream to see if any of this was fixed there.

Hope this helps someone.

-John

There are a number of things that need to be addressed with the isc-dhcp-server package.  I think I've worked through most of the issues, based on items here & ones I've researched; maybe the maintainer or someone else could review this?

1)  /etc/default/isc-dhcp-server needs to be updated to enable several env variables & include one more:

diff -Nru /etc/default/isc-dhcp-server isc-dhcpd-4.2.4/isc-dhcp-server.default 
--- /etc/default/isc-dhcp-server	2015-06-19 17:32:49.849591118 -0400
+++ isc-dhcpd-4.2.4/isc-dhcp-server.default	2015-06-19 17:17:36.537576347 -0400
@@ -7,10 +7,13 @@
 #
 
 # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
-#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's leases file (default: /var/lib/dhcp/dhcpd.leases).
+DHCPD_LEASES=/var/lib/dhcp/dhcpd.leases
 
 # Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
-#DHCPD_PID=/var/run/dhcpd.pid
+DHCPD_PID=/var/run/dhcp-server/dhcpd.pid
 
 # Additional options to start dhcpd with.
 #	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
@@ -18,4 +21,4 @@

2)  /etc/init/isc-dhcp-server.conf  sources the default isc-dhcp-server file, but does not include the correct env variable to find dhcpd.conf.  It should also set the extended file attributes as mentioned earlier.  Finally, it should use the env variables defined in the default isc-dhcp-server file when starting the service:

diff -Nru /etc/init/isc-dhcp-server.conf isc-dhcpd-4.2.4/isc-dhcp-server.conf.init 
--- /etc/init/isc-dhcp-server.conf	2014-04-03 17:51:15.000000000 -0400
+++ isc-dhcpd-4.2.4/isc-dhcp-server.conf.init	2015-06-19 18:38:04.661654434 -0400
@@ -13,22 +13,17 @@
     fi
     . /etc/default/isc-dhcp-server
 
-    if [ -f /etc/ltsp/dhcpd.conf ]; then
-        CONFIG_FILE=/etc/ltsp/dhcpd.conf
-    else
-        CONFIG_FILE=/etc/dhcp/dhcpd.conf
-    fi
-    if [ ! -f $CONFIG_FILE ]; then
-        echo "$CONFIG_FILE does not exist! - Aborting..."
-        echo "Please create and configure $CONFIG_FILE to fix the problem."
+    if [ ! -f $DHCPD_CONF ]; then
+        echo "$DHCPD_CONF does not exist! - Aborting..."
+        echo "Please create and configure $DHCPD_CONF to fix the problem."
         stop
         exit 0
     fi
 
-    if ! dhcpd -user dhcpd -group dhcpd -t -q -4 -cf $CONFIG_FILE > /dev/null 2>&1; then
+    if ! dhcpd -user dhcpd -group dhcpd -t -q -4 -cf $DHCPD_CONF > /dev/null 2>&1; then
         echo "dhcpd self-test failed. Please fix the config file."
         echo "The error was: "
-        dhcpd -user dhcpd -group dhcpd -t -4 -cf $CONFIG_FILE
+        dhcpd -user dhcpd -group dhcpd -t -4 -cf $DHCPD_CONF
         stop
         exit 0
     fi
@@ -36,12 +31,6 @@
 
 respawn
 script
-    if [ -f /etc/ltsp/dhcpd.conf ]; then
-        CONFIG_FILE=/etc/ltsp/dhcpd.conf
-    else
-        CONFIG_FILE=/etc/dhcp/dhcpd.conf
-    fi
-
     . /etc/default/isc-dhcp-server
 
     # Allow dhcp server to write lease and pid file as 'dhcpd' user
@@ -50,10 +39,8 @@
 
     # The leases files need to be root:root even when dropping privileges
     [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
-    chown root:root /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
-    if [ -e /var/lib/dhcp/dhcpd.leases~ ]; then
-        chown root:root /var/lib/dhcp/dhcpd.leases~
-    fi
+    setfacl -dm u:dhcpd:rwx /var/lib/dhcp
+    setfacl -m u:dhcpd:rwx /var/lib/dhcp
 
-    exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES
+    exec dhcpd -user dhcpd -group dhcpd -f -4 $OPTIONS -pf $DHCPD_PID -cf $DHCPD_CONF -lf $DHCPD_LEASES $INTERFACES
 end script

3)  Checks for upstart should be added to the sysvinit script:

diff -Nru /etc/init.d/isc-dhcp-server isc-dhcpd-4.2.4/isc-dhcp-server.initd 
--- /etc/init.d/isc-dhcp-server	2014-04-03 17:51:15.000000000 -0400
+++ isc-dhcpd-4.2.4/isc-dhcp-server.initd	2015-06-19 18:20:49.873637698 -0400
@@ -31,6 +31,13 @@
 
 . /lib/lsb/init-functions
 
+check_for_upstart()
+{
+	if init_is_upstart; then
+		exit $1
+	fi
+}
+
 # Read init script configuration
 [ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
 
@@ -38,15 +45,18 @@
 DESC="ISC DHCP server"
 # fallback to default config file
 DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf}
-# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
+# try to read pid file name from config file, with fallback to
+/var/run/dhcpd.pid
 if [ -z "$DHCPD_PID" ]; then
-	DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
+	DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"$.*$"[
+\t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
 fi
 DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd.pid}"
 
 test_config()
 {
-	if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
+	if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1;
+then
 		echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
 		echo "The error was: "
 		/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
@@ -72,6 +82,7 @@
 
 case "$1" in
 	start)
+		check_for_upstart 1
 		test_config
 		log_daemon_msg "Starting $DESC" "$NAME"
 		start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
@@ -88,12 +99,14 @@
 		fi
 		;;
 	stop)
+		check_for_upstart 0
 		log_daemon_msg "Stopping $DESC" "$NAME"
 		start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
 		log_end_msg $?
 		rm -f "$DHCPD_PID"
 		;;
 	restart | force-reload)
+		check_for_upstart 1
 		test_config
 		$0 stop
 		sleep 2
@@ -103,13 +116,15 @@
 		fi
 		;;
 	status)
+		check_for_upstart 1
 		echo -n "Status of $DESC: "
 		check_status -v
 		exit "$?"
 		;;
 	*)
 		echo "Usage: $0 {start|stop|restart|force-reload|status}"
-		exit 1 
+		exit 1
 esac
 
 exit 0

4)  The apparmor script needs a minor change to fix a permissions issue (http://svn.linuxmce.org/trac/ticket/2290):

diff -Nru /etc/apparmor.d/usr.sbin.dhcpd isc-dhcpd-4.2.4/usr.sbin.dhcpd.apparmor
--- /etc/apparmor.d/usr.sbin.dhcpd	2014-04-03 17:51:15.000000000 -0400
+++ isc-dhcpd-4.2.4/usr.sbin.dhcpd.apparmor	2015-06-19 18:24:30.145641261 -0400
@@ -36,6 +36,10 @@
   /var/log/** rw,
   /{,var/}run/{,dhcp-server/}dhcpd{,6}.pid rw,
 
+ # LINUXMCE 14.04 - FIX PERMISSION DENIED
+  /etc/bind/ r,
+  /etc/bind/** r,
+
   # isc-dhcp-server-ldap
   /etc/ldap/ldap.conf r,

We've been testing these changes & everything appears to be working.  I'm not sure if I've created the diffs correctly, but there should be enough info to straighten up the configuration.  I haven't looked at the Debian upstream to see if any of this was fixed there.

Hope this helps someone.

-John

Ubuntuisc-dhcp package

Comment 32 for bug 1186662

Ubuntu
isc-dhcp package