On 06/08/18 10:27, m.roth@xxxxxxxxx wrote:
John Hodrien wrote:
On Fri, 8 Jun 2018, m.roth@xxxxxxxxx wrote:
We've been required to encrypt h/ds, and so have been rolling that out
over the last year or so. Thing is, you need to put in a password, of
course, to boot the system. My manager found a way to allow us to reboot
without being at the system's keyboard, a package called clevis. Works
fine... except in a couple of very special cases.
Those systems, the problem is that, due to older software, and *very*
expensive licenses that are tied to a MAC address, I have to spoof the
MAC address since my users got new(er) machines.
Clevis is trying to contact its password server, using the *real* MAC
address, but our DHCP has to serve the *spoofed* MAC address. I know,
from trying, that I can't have two entries for the same system. Can anyone
suggest a solution?
Nothing wrong with having two MAC addresses listed for one IP. With ISC
DHCP the label for a host has to be unique, but the hostname doesn't.
The IP's not the problem, it's dhcpd gagging on two entries, two MAC
addresses, for the same server name - think dhcpd.conf.local
When I have a machine that can comes with different MAC addresses, and I
have to give it the same IP, here is what I have in DHCP server
configuration (Mac addresses and IP address are obfuscated below):
# tricky machine
host tricky {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address A.B.C.D;
}
# tricky machine again
host tricky1 {
hardware ethernet yy:yy:yy:yy:yy:yy;
fixed-address A.B.C.D;
}
# and a bunch of other configs for the same machine
The only trouble here will be if both MAC addresses request IP and and
are both present, in that case DHCP server will offer that same static
IP to the second request from different MAC address as well, but DHCP
client (if smart) will check the presence of the IP address on the
network already, and will not use that IP if it is already used and will
send new request, and this will go on till first hardware stops using
that IP address.
Those are "tricky", "tricky1", ... labels that John mentioned should be
unique, and they are only known to DHCP server.
<rant>
There are a bunch of Out Of Band management creeps that sit on the
first network interface and come up when AC is connected no matter
whether the system is up or not. And they come with different MAC
address. And these are the ones that you can not assign the same IP as
that the machine itself is supposed to have. Sorry about little rant,
these creepy things are sysadmin's disaster, - UNIX sysadmin's disaster
I meant. Or Windows sysadmin's best friend, I figure. Like in the phrase
I'm stealing from one Windows sysadmin whom I respect a lot: "Did you
try to power cycle the machine and see if it solves that?"
</rant>
I hope, this helps.
Valeri
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
--
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
