ROCKY9.4上搭建DHCP服务

日期：2024.11.14
内容：在虚拟的LAN网络中(10.31.0.0/24)的ROCKY9.4(10.31.0.1/24)上搭建DHCP服务器，供LAN网络中其余主机自动获取IP地址
参照：

• 鸟哥Linux私房菜
• 马哥教育王晓春老师课程

安装DHCP服务

[root@ROCKY9 ~]# dnf info dhcp-server
Last metadata expiration check: 3:32:54 ago on Wed 13 Nov 2024 11:19:52 PM CST.
Available Packages
Name         : dhcp-server
Epoch        : 12
Version      : 4.4.2
Release      : 19.b1.el9
Architecture : x86_64
Size         : 1.2 M
Source       : dhcp-4.4.2-19.b1.el9.src.rpm
Repository   : baseos
Summary      : Provides the ISC DHCP server
URL          : https://www.isc.org/dhcp/
License      : ISC
Description  : DHCP (Dynamic Host Configuration Protocol) is a protocol which allows: individual devices on an IP network to get their own network: configuration information (IP address, subnetmask, broadcast address,: etc.) from a DHCP server. The overall purpose of DHCP is to make it: easier to administer a large network.: : This package provides the ISC DHCP server.[root@ROCKY9 ~]# rpm -q dhcp-server || yum install -y dhcp-server

啥都别问先备份

[root@ROCKY9 ~]# rpm -qc dhcp-server 
/etc/dhcp/dhcpd.conf
/etc/dhcp/dhcpd6.conf
/etc/openldap/schema/dhcp.schema
/etc/sysconfig/dhcpd
/var/lib/dhcpd/dhcpd.leases
/var/lib/dhcpd/dhcpd6.leases
[root@ROCKY9 ~]# cp /etc/dhcp/dhcpd.conf{,.bak}
[root@ROCKY9 ~]# ll /etc/dhcp/dhcpd.conf*
-rw-r--r--. 1 root root 123 Oct 26  2023 /etc/dhcp/dhcpd.conf
-rw-r--r--. 1 root root 123 Nov 16 00:58 /etc/dhcp/dhcpd.conf.bak

给了一个example例子和一个manual帮助

[root@ROCKY9 ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

example中能用到的

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org
【写在开头的是】支持所有网段的通用定义选项# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
用这个指令发送dhcp日志信息到一个不同的日志文件（应该是指不和系统文件放一起）
【想生效的话】还需要修改syslog.cof文件来完成重新指定# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.
subnet 10.152.187.0 netmask 255.255.255.0 {
}
不对这个网段提供服务，只是声明，帮助dhcp服务器了解网络的拓扑结构。

使用local6记录日志
默认租约60000秒
最大租约600000
dns服务器218.2.2.2，218.4.4.4
配置向lan网段（10.31.0.0）提供DHCP服务
范围10.31.0.100-10.31.0.199
网关 10.31.0.254

[root@ROCKY9 ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
log-facility local6;
default-lease-time 60000;
max-lease-time 600000;
option domain-name-servers 218.2.2.2, 218.4.4.4;subnet 10.31.0.0 netmask 255.255.255.0 {range 10.31.0.100 10.31.0.199;option routers 10.31.0.254;
}

故意漏写最后半个花括号}，语法检测能查出来，语法检测通过再起服务。

[root@ROCKY9 ~]# man dhcpd-t     Test  the  configuration  file.  The server tests the configuration file for correct syntax, butwill not attempt to perform any network operations.  This can be used to test a  new  configura‐tion file automatically before installing it.-cf config-filePath to alternate configuration file.[root@ROCKY9 ~]# dhcpd -t -cf /etc/dhcp/dhcpd.conf
Internet Systems Consortium DHCP Server 4.4.2b1
Copyright 2004-2019 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/etc/dhcp/dhcpd.conf line 13: unexpected end of file^
Configuration file errors encountered -- exitingThis version of ISC DHCP is based on the release available
on ftp.isc.org. Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.Please report issues with this software via: 
https://bugs.rockylinux.org/exiting.

定义local6日志文件存放路径，重启rsyslog.service读取配置文件。
这里先尝试systemctl reload rsyslog.service时没有生效，个人猜测如果写配置文件里，roload可能会生效，在.d目录里新建配置文件，需要restart

[root@ROCKY9 ~]# echo 'local6.*    /var/log/dhcp.log' > /etc/rsyslog.d/dhcp.conf
[root@ROCKY9 ~]# systemctl restart rsyslog.service 

起服务，看日志

[root@ROCKY9 ~]# systemctl enable --now dhcpd
Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.
[root@ROCKY9 ~]# cat /var/log/dhcp.log 
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: Internet Systems Consortium DHCP Server 4.4.2b1
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: Copyright 2004-2019 Internet Systems Consortium.
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: All rights reserved.
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: For info, please visit https://www.isc.org/software/dhcp/
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: Source compiled to use binary-leases
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: Wrote 0 leases to leases file.
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: Listening on LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: Sending on   LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: Sending on   Socket/fallback/fallback-net
Nov 16 02:14:47 ROCKY9 dhcpd[4368]: Server starting service.

在10.31.0.0/24网段创建一个虚拟机，安装ubuntu16用于测试

用于创建ubuntu16虚拟机的脚本

[root@RHEL9 ~]# cat ubuntu16.sh 
#guestcreate.sh
#Date: 2024-11-08
#!/bin/bashbootdev=cdrom
isopath='/data/ISO/ubuntu-16.04.7-server-amd64.iso'guestname=ubuntu16
guestmem=1048576
guestcups=1
hddir=/kvm/
hdsize=10G
hdpath=${hddir}${guestname}.img
vncport=5902
vncpasswd=hatredwanmac=''
dmzmac=''
lanmac='52:54:00:10:31:A0'xmldir=/data/xml/
xmlpath=${xmldir}${guestname}.xmlqemu-img create -f qcow2 ${hdpath} ${hdsize}cat > ${xmlpath} << EOF
<domain type="kvm"><name>${guestname}</name><uuid>$(uuidgen)</uuid><memory>${guestmem}</memory><vcpu>${guestcups}</vcpu><os><type arch="x86_64" machine="q35">hvm</type><boot dev="hd"/></os><features><acpi/><apic/></features><cpu mode="host-passthrough"/><clock offset="utc"><timer name="rtc" tickpolicy="catchup"/><timer name="pit" tickpolicy="delay"/><timer name="hpet" present="no"/></clock><pm><suspend-to-mem enabled="no"/><suspend-to-disk enabled="no"/></pm><devices><emulator>/usr/libexec/qemu-kvm</emulator><disk type="file" device="disk"><driver name="qemu" type="qcow2" discard="unmap"/><source file="${hdpath}"/><target dev="vda" bus="virtio"/></disk><controller type="usb" model="qemu-xhci" ports="15"/><controller type="pci" model="pcie-root"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><console type="pty"/><channel type="unix"><source mode="bind"/><target type="virtio" name="org.qemu.guest_agent.0"/></channel><input type="tablet" bus="usb"/><graphics type="vnc" port="${vncport}" listen="0.0.0.0" passwd="${vncpasswd}"/><video><model type="virtio"/></video><memballoon model="virtio"/><rng model="virtio"><backend model="random">/dev/urandom</backend></rng></devices>
</domain>
EOF[[ -n ${bootdev} ]] && sed -Ei.bak '/    <boot dev="hd"\/>/a \    <boot dev="'''${bootdev}'''"\/>' ${xmlpath}
[[ -n ${isopath} ]] && sed -Ei '/    <controller type="usb" model="qemu-xhci" ports="15"\/>/i \    <disk type="file" device="cdrom">\n      <driver name="qemu" type="raw"\/>\n      <source file="'''${isopath}'''"\/>\n      <target dev="sda" bus="sata"\/>\n      <readonly\/>\n    <\/disk>' ${xmlpath}
[[ -n ${wanmac} ]] && sed -Ei '/    <console type="pty"\/>/i \    <interface type="bridge">\n     <source bridge="WANbridge"/>\n      <mac address="'''${wanmac}'''"\/>\n      <model type="virtio"\/>\n    <\/interface>' ${xmlpath}
[[ -n ${dmzmac} ]] && sed -Ei '/    <console type="pty"\/>/i \    <interface type="bridge">\n     <source bridge="DMZbridge"/>\n      <mac address="'''${dmzmac}'''"\/>\n      <model type="virtio"\/>\n    <\/interface>' ${xmlpath}
[[ -n ${lanmac} ]] && sed -Ei '/    <console type="pty"\/>/i \    <interface type="bridge">\n     <source bridge="LANbridge"/>\n      <mac address="'''${lanmac}'''"\/>\n      <model type="virtio"\/>\n    <\/interface>' ${xmlpath}virsh create ${xmlpath}

在rocky9上监听udp67端口，可以看到在Ubuntu16安装过程中通过dhcp服务获取网络参数的经过，一共抓到了5个包，分别是：
1.ubuntu16客户端Discover寻求dhcp服务，发送了两次共计两个包
2.rocky9服务器端Offer提供地址池中的IP（10.31.0.100）
3.ubuntu16客户端Request需求了地址池中的10.31.0.100这个IP
4.rocky9服务器端ACK回应将IP：10.31.0.100分配给ubuntu16客户端

[root@ROCKY9 ~]# tcpdump udp port 67 -v
dropped privs to tcpdump
tcpdump: listening on enp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:18:45.339182 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:10:31:a0 (oui Unknown), length 300, xid 0x374f0b5b, Flags [none]Client-Ethernet-Address 52:54:00:10:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: DiscoverParameter-Request (55), length 8: Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)Domain-Name (15), Domain-Name-Server (6), Hostname (12), NTP (42)Vendor-Class (60), length 3: "d-i"
01:18:46.340306 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:10:31:a0 (oui Unknown), length 300, xid 0x374f0b5b, secs 1, Flags [none]Client-Ethernet-Address 52:54:00:10:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: DiscoverParameter-Request (55), length 8: Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)Domain-Name (15), Domain-Name-Server (6), Hostname (12), NTP (42)Vendor-Class (60), length 3: "d-i"
01:18:46.340429 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)ROCKY9.bootps > 10.31.0.100.bootpc: BOOTP/DHCP, Reply, length 300, xid 0x374f0b5b, Flags [none]Your-IP 10.31.0.100Client-Ethernet-Address 52:54:00:10:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: OfferServer-ID (54), length 4: ROCKY9Lease-Time (51), length 4: 60000Subnet-Mask (1), length 4: 255.255.255.0Default-Gateway (3), length 4: _gatewayDomain-Name-Server (6), length 8: dns1.ctcdma.com,dns2.ctcdma.com
01:18:46.340655 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:10:31:a0 (oui Unknown), length 300, xid 0x374f0b5b, secs 1, Flags [none]Client-Ethernet-Address 52:54:00:10:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: RequestServer-ID (54), length 4: ROCKY9Requested-IP (50), length 4: 10.31.0.100Parameter-Request (55), length 8: Subnet-Mask (1), BR (28), Time-Zone (2), Default-Gateway (3)Domain-Name (15), Domain-Name-Server (6), Hostname (12), NTP (42)Vendor-Class (60), length 3: "d-i"
01:18:46.359480 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)ROCKY9.bootps > 10.31.0.100.bootpc: BOOTP/DHCP, Reply, length 300, xid 0x374f0b5b, secs 1, Flags [none]Your-IP 10.31.0.100Client-Ethernet-Address 52:54:00:10:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: ACKServer-ID (54), length 4: ROCKY9Lease-Time (51), length 4: 60000Subnet-Mask (1), length 4: 255.255.255.0Default-Gateway (3), length 4: _gatewayDomain-Name-Server (6), length 8: dns1.ctcdma.com,dns2.ctcdma.com

日志记录和监听结果相同

[root@ROCKY9 ~]# tail /var/log/dhcp.log -f
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: Internet Systems Consortium DHCP Server 4.4.2b1
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: Copyright 2004-2019 Internet Systems Consortium.
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: All rights reserved.
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: For info, please visit https://www.isc.org/software/dhcp/
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: Source compiled to use binary-leases
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: Wrote 0 leases to leases file.
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: Listening on LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: Sending on   LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: Sending on   Socket/fallback/fallback-net
Nov 18 01:17:05 ROCKY9 dhcpd[2858]: Server starting service.
Nov 18 01:18:45 ROCKY9 dhcpd[2858]: DHCPDISCOVER from 52:54:00:10:31:a0 via enp1s0
Nov 18 01:18:46 ROCKY9 dhcpd[2858]: DHCPOFFER on 10.31.0.100 to 52:54:00:10:31:a0 via enp1s0
Nov 18 01:18:46 ROCKY9 dhcpd[2858]: DHCPREQUEST for 10.31.0.100 (10.31.0.1) from 52:54:00:10:31:a0 via enp1s0
Nov 18 01:18:46 ROCKY9 dhcpd[2858]: DHCPACK on 10.31.0.100 to 52:54:00:10:31:a0 via enp1s0

给宿主机rhel9（192.168..5.253）配置路由表可以直接访问10.31.0.0/24和172.31.0.0/24这两个网段，下一跳的地址为rhel8（192.168.5.254），先关闭连到WANbridge里的rhel8虚拟机，再up WANbridge

[root@RHEL9 ~]# ip route
default via 192.168.4.1 dev WANbridge proto static metric 428 
192.168.4.0/23 dev WANbridge proto kernel scope link src 192.168.5.253 metric 428 
[root@RHEL9 ~]# nmcli connection modify WANbridge +ipv4.routes "10.31.0.0/24 192.168.5.254"
[root@RHEL9 ~]# nmcli connection modify WANbridge +ipv4.routes "172.31.0.0/24 192.168.5.254"
[root@RHEL9 ~]# virsh list Id   Name       State
--------------------------2    ubuntu16   running3    rocky9     running4    rhel8      running[root@RHEL9 ~]# virsh shutdown rhel8 
Domain 'rhel8' is being shutdown[root@RHEL9 ~]# nmcli connection up WANbridge 
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/18)
[root@RHEL9 ~]# ip route 
default via 192.168.4.1 dev WANbridge proto static metric 428 
10.31.0.0/24 via 192.168.5.254 dev WANbridge proto static metric 428 
172.31.0.0/24 via 192.168.5.254 dev WANbridge proto static metric 428 
192.168.4.0/23 dev WANbridge proto kernel scope link src 192.168.5.253 metric 428 

启动rhel8，在rhel9上发起ssh连接Ubuntu16自动获取到的IP地址，10.31.0.100

[root@RHEL9 ~]# virsh start rhel8 
Domain 'rhel8' started[root@RHEL9 ~]# ssh nova@10.31.0.100
nova@10.31.0.100's password: 
Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 4.4.0-186-generic x86_64)* Documentation:  https://help.ubuntu.com* Management:     https://landscape.canonical.com* Support:        https://ubuntu.com/advantage* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8sjust raised the bar for easy, resilient and secure K8s cluster deployment.https://ubuntu.com/engage/secure-kubernetes-at-the-edge104 packages can be updated.
71 updates are security updates.New release '18.04.6 LTS' available.
Run 'do-release-upgrade' to upgrade to it.Last login: Mon Nov 18 02:41:50 2024 from 192.168.5.253
nova@ubuntu16:~$ 

查看Ubuntu16上的dhcp租约并释放

nova@ubuntu16:~$ cat /var/lib/dhcp/dhclient.enp1s0.leases 
lease {interface "enp1s0";fixed-address 10.31.0.100;option subnet-mask 255.255.255.0;option routers 10.31.0.254;option dhcp-lease-time 60000;option dhcp-message-type 5;option domain-name-servers 218.2.2.2,218.4.4.4;option dhcp-server-identifier 10.31.0.1;renew 1 2024/11/18 22:27:32;rebind 2 2024/11/19 05:29:18;expire 2 2024/11/19 07:34:18;
}
nova@ubuntu16:~$ sudo dhclient -r -lf /var/lib/dhcp/dhclient.enp1s0.leases

在rocky9上的监听结果和日志文件，抓取到release包

[root@ROCKY9 ~]# tcpdump -v udp port 67
dropped privs to tcpdump
tcpdump: listening on enp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:01:14.675478 IP (tos 0x0, ttl 64, id 35562, offset 0, flags [DF], proto UDP (17), length 328)10.31.0.100.bootpc > ROCKY9.bootps: BOOTP/DHCP, Request from 52:54:00:10:31:a0 (oui Unknown), length 300, xid 0x486b7638, Flags [none]Client-IP 10.31.0.100Client-Ethernet-Address 52:54:00:10:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: ReleaseServer-ID (54), length 4: ROCKY9Hostname (12), length 8: "ubuntu16"
[root@ROCKY9 ~]# tail -f /var/log/dhcp.log
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: Internet Systems Consortium DHCP Server 4.4.2b1
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: Copyright 2004-2019 Internet Systems Consortium.
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: All rights reserved.
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: For info, please visit https://www.isc.org/software/dhcp/
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: Source compiled to use binary-leases
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: Wrote 2 leases to leases file.
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: Listening on LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: Sending on   LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: Sending on   Socket/fallback/fallback-net
Nov 18 22:58:11 ROCKY9 dhcpd[1584]: Server starting service.
Nov 18 23:01:14 ROCKY9 dhcpd[1584]: DHCPRELEASE of 10.31.0.100 from 52:54:00:10:31:a0 (ubuntu16) via enp1s0 (found)

在路由rhel8上安装dhcp-relay服务，将dmz网段（172.31.0.0/24）中主机的dhcp转发到lan网段（10.31.0.0/24）中的rocky9（10.31.0.1/24）上。
在dmz（172.31.0.0/24）网段中安装一台centos6虚拟机用于测试。安装过程中centos6无法识别虚拟机virtio类型的硬盘，修改xml文件中硬盘的类型为sata

centos6的xml文件

[root@RHEL9 ~]# cat /data/xml/centos6.xml 
<domain type="kvm"><name>centos6</name><uuid>002c11bb-441d-4b29-be21-85d021755c53</uuid><memory>1048576</memory><vcpu>1</vcpu><os><type arch="x86_64" machine="q35">hvm</type><boot dev="hd"/><boot dev="cdrom"/></os><features><acpi/><apic/></features><cpu mode="host-passthrough"/><clock offset="utc"><timer name="rtc" tickpolicy="catchup"/><timer name="pit" tickpolicy="delay"/><timer name="hpet" present="no"/></clock><pm><suspend-to-mem enabled="no"/><suspend-to-disk enabled="no"/></pm><devices><emulator>/usr/libexec/qemu-kvm</emulator><disk type="file" device="disk"><driver name="qemu" type="qcow2" discard="unmap"/><source file="/kvm/centos6.img"/><target dev="sda" bus="sata"/></disk><disk type="file" device="cdrom"><driver name="qemu" type="raw"/><source file="/data/iso/CentOS-6.10-x86_64-minimal.iso"/><target dev="sdb" bus="sata"/><readonly/></disk><controller type="usb" model="qemu-xhci" ports="15"/><controller type="pci" model="pcie-root"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><controller type="pci" model="pcie-root-port"/><interface type="bridge"><source bridge="DMZbridge"/><mac address="52:54:00:72:31:A0"/></interface><console type="pty"/><channel type="unix"><source mode="bind"/><target type="virtio" name="org.qemu.guest_agent.0"/></channel><input type="tablet" bus="usb"/><graphics type="vnc" port="5902" listen="0.0.0.0" passwd="hatred"/><video><model type="virtio"/></video><memballoon model="virtio"/><rng model="virtio"><backend model="random">/dev/urandom</backend></rng></devices>
</domain>

在rocky9上编辑DHCP配置文件，为172.31.0.0/24网段提供dhcp服务。
编辑完后，检测无语法错误，重启服务

[root@ROCKY9 ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
log-facility local6;
default-lease-time 60000;
max-lease-time 600000;
option domain-name-servers 218.2.2.2, 218.4.4.4;shared-network dmz{subnet 172.31.0.0 netmask 255.255.255.0 {range 172.31.0.100 172.31.0.199;option routers 172.31.0.254;}
}subnet 10.31.0.0 netmask 255.255.255.0 {range 10.31.0.100 10.31.0.199;option routers 10.31.0.254;
}
[root@ROCKY9 ~]# dhcpd -t -cf /etc/dhcp/dhcpd.conf
Internet Systems Consortium DHCP Server 4.4.2b1
Copyright 2004-2019 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
ldap_gssapi_principal is not set,GSSAPI Authentication for LDAP will not be used
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcpd/dhcpd.leases
PID file: /var/run/dhcpd.pid
Source compiled to use binary-leases
[root@ROCKY9 ~]# systemctl restart dhcpd.service 

通过centos6的xml文件创建虚拟机，安装完成后通过vnc登录，使用指令 ~]# ifup eth0 启动网卡，默认通过dhcp获取地址成功

rhel8上dhcp-relay的日志

[root@RHEL8 ~]# tail -f /var/log/dhcprelay.log
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Internet Systems Consortium DHCP Relay Agent 4.3.6
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Copyright 2004-2017 Internet Systems Consortium.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: All rights reserved.
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: For info, please visit https://www.isc.org/software/dhcp/
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp3s0/52:54:00:00:31:10
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Listening on LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   LPF/enp2s0/52:54:00:00:31:72
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Sending on   Socket/fallback
Nov 19 00:30:18 RHEL8 dhcrelay[1513]: Dropped all capabilities.
Nov 19 00:46:00 RHEL8 dhcrelay[1513]: Forwarded BOOTREQUEST for 52:54:00:72:31:a0 to 10.31.0.1
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREPLY for 52:54:00:72:31:a0 to 172.31.0.100
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREQUEST for 52:54:00:72:31:a0 to 10.31.0.1
Nov 19 00:46:01 RHEL8 dhcrelay[1513]: Forwarded BOOTREPLY for 52:54:00:72:31:a0 to 172.31.0.100

rocky9上dhcp的日志

[root@ROCKY9 ~]# tail /var/log/dhcp.log -f
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Internet Systems Consortium DHCP Server 4.4.2b1
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Copyright 2004-2019 Internet Systems Consortium.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: All rights reserved.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: For info, please visit https://www.isc.org/software/dhcp/
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Source compiled to use binary-leases
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Wrote 0 leases to leases file.
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Listening on LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Sending on   LPF/enp1s0/52:54:00:10:31:01/10.31.0.0/24
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Sending on   Socket/fallback/fallback-net
Nov 19 00:35:07 ROCKY9 dhcpd[1989]: Server starting service.
Nov 19 00:46:01 ROCKY9 dhcpd[1989]: DHCPDISCOVER from 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPOFFER on 172.31.0.100 to 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPREQUEST for 172.31.0.100 (10.31.0.1) from 52:54:00:72:31:a0 via 172.31.0.254
Nov 19 00:46:02 ROCKY9 dhcpd[1989]: DHCPACK on 172.31.0.100 to 52:54:00:72:31:a0 via 172.31.0.254

rocky9上udp67端口的监听结果

[root@ROCKY9 ~]# tcpdump -v udp port 67
dropped privs to tcpdump
tcpdump: listening on enp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
00:46:01.439322 IP (tos 0x0, ttl 64, id 438, offset 0, flags [DF], proto UDP (17), length 328)_gateway.bootps > ROCKY9.bootps: BOOTP/DHCP, Request from 52:54:00:72:31:a0 (oui Unknown), length 300, hops 1, xid 0xd6260e35, Flags [none]Gateway-IP 172.31.0.254Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: DiscoverParameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40)YS (41), NTP (42), MTU (26), Unknown (119)Default-Gateway (3)
00:46:02.440770 IP (tos 0x0, ttl 64, id 35258, offset 0, flags [DF], proto UDP (17), length 328)ROCKY9.bootps > 172.31.0.254.bootps: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xd6260e35, Flags [none]Your-IP 172.31.0.100Gateway-IP 172.31.0.254Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: OfferServer-ID (54), length 4: ROCKY9Lease-Time (51), length 4: 60000Subnet-Mask (1), length 4: 255.255.255.0Domain-Name-Server (6), length 8: dns1.ctcdma.com,dns2.ctcdma.comDefault-Gateway (3), length 4: 172.31.0.254
00:46:02.441569 IP (tos 0x0, ttl 64, id 1154, offset 0, flags [DF], proto UDP (17), length 328)_gateway.bootps > ROCKY9.bootps: BOOTP/DHCP, Request from 52:54:00:72:31:a0 (oui Unknown), length 300, hops 1, xid 0xd6260e35, Flags [none]Gateway-IP 172.31.0.254Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: RequestServer-ID (54), length 4: ROCKY9Requested-IP (50), length 4: 172.31.0.100Parameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40)YS (41), NTP (42), MTU (26), Unknown (119)Default-Gateway (3)
00:46:02.444524 IP (tos 0x0, ttl 64, id 35260, offset 0, flags [DF], proto UDP (17), length 328)ROCKY9.bootps > 172.31.0.254.bootps: BOOTP/DHCP, Reply, length 300, hops 1, xid 0xd6260e35, Flags [none]Your-IP 172.31.0.100Gateway-IP 172.31.0.254Client-Ethernet-Address 52:54:00:72:31:a0 (oui Unknown)Vendor-rfc1048 ExtensionsMagic Cookie 0x63825363DHCP-Message (53), length 1: ACKServer-ID (54), length 4: ROCKY9Lease-Time (51), length 4: 60000Subnet-Mask (1), length 4: 255.255.255.0Domain-Name-Server (6), length 8: dns1.ctcdma.com,dns2.ctcdma.comDefault-Gateway (3), length 4: 172.31.0.254

rocky9上的dhcp租约文件

[root@ROCKY9 ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.2b1# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;server-duid "\000\001\000\001.\316/hRT\000\0201\001";lease 10.31.0.100 {starts 1 2024/11/18 17:04:26;ends 2 2024/11/19 09:44:26;cltt 1 2024/11/18 17:04:26;binding state active;next binding state free;rewind binding state free;hardware ethernet 52:54:00:10:31:a0;client-hostname "ubuntu16";
}
lease 172.31.0.100 {starts 1 2024/11/18 17:07:11;ends 2 2024/11/19 09:47:11;cltt 1 2024/11/18 17:07:11;binding state active;next binding state free;rewind binding state free;hardware ethernet 52:54:00:72:31:a0;
}

脚本自动化

[root@centos7 ~]# cat rocky9dhcp.sh 
#rocky9dhcp.sh
#Date: 2024-11-19
#!/bin/bash#安装dhcp服务
rpm -q dhcp-server || yum install -y dhcp-server#备份配置文件
cp /etc/dhcp/dhcpd.conf{,.bak}#编写配置文件
cat << EOF >> /etc/dhcp/dhcpd.conf
log-facility local6;
default-lease-time 60000;
max-lease-time 600000;
option domain-name-servers 218.2.2.2, 218.4.4.4;shared-network dmz{subnet 172.31.0.0 netmask 255.255.255.0 {range 172.31.0.100 172.31.0.199;option routers 172.31.0.254;}
}subnet 10.31.0.0 netmask 255.255.255.0 {range 10.31.0.100 10.31.0.199;option routers 10.31.0.254;
}
EOF#指定日志路径
echo 'local6.*    /var/log/dhcp.log' > /etc/rsyslog.d/dhcp.conf#重启日志服务
systemctl restart rsyslog.service#启动dhcp服务
systemctl enable --now dhcpd.service