File dhcpsync.8 of Package dhcp

.\" Automatically generated by Pod::Man version 1.15
.\" Sun Jan 27 15:29:23 2002
.\"
.\" Standard preamble:
.\" ======================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R

.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  | will give a
.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used
.\" to do unbreakable dashes and therefore won't be available.  \*(C` and
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
.\" index entries marked with X<> in POD.  Of course, you'll have to process
.\" the output yourself in some meaningful fashion.
.if \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.\"
.\" For nroff, turn off justification.  Always turn off hyphenation; it
.\" makes way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.bd B 3
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ======================================================================
.\"
.IX Title "DHCPSYNC.8 1"
.TH DHCPSYNC.8 1 "1.10" "2002-01-27" " "
.UC
.SH "NAME"
dhcpsync \- synchronize \s-1DHCP\s0 configuration file
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
[ KEY=keyfile ] [ SHARED=/path/to/conffile ] [ SLEEP=seconds ] \fBdhcpsync\fR <hostname of slave>
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This script shows how to detect if the dhcpd configuration has changed, 
and sync a shared conf file to the slave, and restart both servers. 
.Ip "o" 4
It is run on the master failover peer 
.Ip "o" 4
It uses rsync over ssh with an enforced command on the slave.
.Ip "o" 4
It relies on all include files being mentioned in \f(CW\*(C`DHCPD_CONF_INCLUDE_FILES\*(C'\fR in 
/etc/rc.config.d/dhcpd.rc.config. These files are looked at to find out 
whether one of the config files is newer than dhcpd's pid file 
('\fBrcdhcpd probe\fR')
.PP
\&\fBdhcpsync\fR should actually be usable without modification. But you need to do
some configuration, read on. 
.SH "CONFIGURATION"
.IX Header "CONFIGURATION"
In this example, host1 is the master, host2 is the slave.
.PP
A key can be generated like this: 
(save the key in /root/.ssh/dhcp-share, and press enter when asked 
for the passphrase.)
.PP
.Vb 11
\&  root@host1 ~ # ssh-keygen -C 'dhcp-share@host1'
\&  Generating public/private rsa1 key pair.
\&  Enter file in which to save the key (/root/.ssh/identity): 
\&                                             /root/.ssh/dhcp-share
\&  Enter passphrase (empty for no passphrase):
\&  Enter same passphrase again:
\&  Your identification has been saved in /root/.ssh/dhcp-share.
\&  Your public key has been saved in /root/.ssh/dhcp-share.pub.
\&  The key fingerprint is:
\&  21:11:ec:20:00:42:2f:20:7e:1f:df:6a:d1:25:3d:81 dhcp-share@host1
\&  root@host1 ~ #
.Ve
Now you add the key to the authorized_keys file on the slave (host2):
.PP
.Vb 2
\&  root@host1 ~ # cat ~/.ssh/dhcp-share.pub | ssh root@host2 \e
\&        'mkdir -p .ssh; cat >> .ssh/authorized_keys'
.Ve
(This will append the key to an existing authorized_keys file, or create one.) 
.PP
To protect the root account (you could as well use another account, of
course), you can edit .ssh/authorized_keys on host2 like this:
(Thereby, only the forced command can be executed, and only from host1.)
.PP
.Vb 9
\&  from="host1",command="rsync --server -vlogDtprc . /etc//dhcpd.con
\&  f.shared; logger dhcpsync: restarting dhcpd; /etc/init.d/dhcpd tr
\&  y-restart",no-port-forwarding,no-X11-forwarding,no-agent-forwardi
\&  ng,no-pty 1024 35 15374502219051682029939108886754918218659904062
\&  39933745099888497383649196106925140349057243770084885129581786366
\&  05465027720474718409180919631615923416064825206960144541025646589
\&  06475280304001588034598721095438582948133259768243300555751330261
\&  946744924207972755699883176592160263892584211118353855811030877 d
\&  hcp-share@host1
.Ve
To run \fBdhcpsync\fR, you must specify the hostname of the \f(CW\*(C`SLAVE\*(C'\fR by putting it
into the environment,
.PP
.Vb 1
\&  root@host1 ~ # SLAVE=host2 dhcpsync
.Ve
or, alternatively, giving the name as the first argument:
.PP
.Vb 1
\&  root@host1 ~ # dhcpsync host2
.Ve
.SH "CHANGING THE DEFAULTS"
.IX Header "CHANGING THE DEFAULTS"
Please refer to the \s-1FILES\s0 section to see what the defaults are. 
.PP
The name of the file to be synced can be overridden from the environment
(bash example):
.PP
.Vb 1
\&  root@host1 ~ # SHARED="some_other_file" dhcpsync host2
.Ve
Likewise, the ssh key to be used to authenticate can be specified via the
\&\f(CW\*(C`KEY\*(C'\fR variable. 
.SH "AUTOMATION"
.IX Header "AUTOMATION"
The script can be run from cron, such as: 
.PP
.Vb 1
\&  -* * * * *   root   /usr/sbin/dhcpsync host2
.Ve
.SH "FILES"
.IX Header "FILES"
.Vb 2
\& /etc/dhcpd.conf.shared   default conf file that is to be synced
\& /root/.ssh/dhcp-share    default file name of the ssh1 private key
.Ve
.SH "AUTHORS"
.IX Header "AUTHORS"
.Vb 1
\&        Peter Poeml <poeml@suse.de>
.Ve
.SH "BUGS"
.IX Header "BUGS"
If you feel that this script could be improved, please submit a bug report!
.PP
Someone who has access to the private key and the master's \s-1IP\s0 address can
overwrite the configuration file, possibly causing harm. 
.PP
After an offline time of the secondary machine, it would in fact have to pull a fresh
config before starting up on next reboot.
.SH "DISCLAIMER"
.IX Header "DISCLAIMER"
\&\fBdhcpsync\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdhcpd\fR\|(8), /usr/share/doc/packages/dhcp/*