Tumbleweed ISC DHCP server "can't clone pool group"

Tumbleweed updates starting around a month ago won’t run my ISC dhcpd configuration. I have a shared-netowrk with a subnet in it and two pools in that subnet. It’s setup with a failover peer. Everything works fine with dhcp-server-4.3.5-lp151.5.3 (from leap), but now on tumbleweed 4.3.5-17.1, no go “can’t clone pool group”. This even fails if I comment one of the pools out. Failover requires pools. Any ideas? Below is my config for reference … it’s grown some hair with age.


authoritative;
server-identifier 192.168.242.1; #Must be numeric for Mac Clients
allow bootp;
default-lease-time 28800;
max-lease-time 172800;
ddns-update-style standard;
ddns-domainname "mrf.sonoma.ca.us.";
ddns-rev-domainname "in-addr.arpa.";
deny client-updates;
do-forward-updates on;
update-optimization off;
update-conflict-detection off;
update-static-leases on;

option domain-name "mrf.sonoma.ca.us";
option domain-name-servers 192.168.242.1,192.168.242.3;
option domain-search "mrf.sonoma.ca.us";
option routers 192.168.242.1, 192.168.242.3;
option ntp-servers 192.168.242.1,192.168.242.3;
option time-servers 192.168.242.1,192.168.242.3;
option lpr-servers 192.168.242.1;
option netbios-name-servers 192.168.242.1;

class "xiaomi" {
match if substring (hardware,1,3) = 7c:49:eb;
}

class "dericam" {
match if substring (hardware,1,3) = 14:6b:9c;
}

class "dericam2" {
match if substring (hardware,1,3) = 0c:8c:24;
}

class "microseven" {
match if substring (hardware,1,3) = e0:09:bf;
}

failover peer "failover-gates" {
     primary;
     address 192.168.242.2;
     port 519;
     peer address 192.168.242.3;
     peer port 520;
     max-response-delay 60;
     max-unacked-updates 10;
     mclt 3600;
     split 128;
     load balance max seconds 3;
}     

omapi-port 7911;
omapi-key omapi_key;

key omapi_key {
     algorithm hmac-md5;
     secret xyzzy;
}



# Shared network declaration is used to group subnets which share the same
# physical network together.   The name is specified so that the shared
# network can be referred to in log messages - it serves no other function.
shared-network GATES {
  ddns-updates on;
  subnet 192.168.240.0 netmask 255.255.252.0 {
    authoritative;
    option subnet-mask 255.255.252.0;
    option broadcast-address 192.168.243.255;
    option routers 192.168.242.1, 192.168.242.3;
    default-lease-time 28800;
    max-lease-time 172800;
    allow unknown-clients;
  }
    
  pool {
    failover peer "failover-gates";
    range 192.168.242.20 192.168.243.128;
    deny members of "xiaomi";
    deny members of "dericam";
    deny members of "dericam2";
    deny members of "microseven";
    allow unknown-clients;
   }
    
  pool { #Unclean hosts, no route outside
    #192.168.243.192/26
    failover peer "failover-gates";
    range 192.168.243.192 192.168.243.254;
    allow members of "xiaomi";
    allow members of "dericam";
    allow members of "dericam2";
    allow members of "microseven";
    allow unknown-clients;
    }
}

zone 240.168.192.in-addr.arpa {
   primary 192.168.242.1;
   secondary 192.168.242.3;
   }

zone 241.168.192.in-addr.arpa {
   primary 192.168.242.1;
   secondary 192.168.242.3;
   }

zone 242.168.192.in-addr.arpa {
   primary 192.168.242.1;
   secondary 192.168.242.3;
   }

zone 243.168.192.in-addr.arpa {
   primary 192.168.242.1;
   secondary 192.168.242.3;
   }

zone mrf.sonoma.ca.us {
  primary 192.168.242.1;
   secondary 192.168.242.3;
  }
  

#Ubiquiti mFi power switch. SSH login ubnt:ubnt
host inet-power-switch {
   option host-name "inet-power-switch";
   hardware ethernet 24:A4:3C:D1:0B:16;
   fixed-address inet-power-switch.mrf.sonoma.ca.us;
}
   
host house-fan-bridge {
   option host-name "house-fan-bridge";
   hardware ethernet E4:95:6E:41:5E:4C;
   fixed-address 192.168.242.241;
   }

host solarmon {
   option host-name "solarmon";
   hardware ethernet 00:0f:60:08:75:18;
   fixed-address 192.168.242.242;
   }

host eagle-0093ea {
   option host-name "eagle-0093ea";
   hardware ethernet d8:d5:b9:00:93:ea;
   fixed-address 192.168.242.243;
   }

host wap-hall {
   option host-name "wap-hall";
   hardware ethernet 78:8a:20:48:12:eb;
   fixed-address 192.168.242.128;
   }

host canonea8803 {
   option host-name "canonea8803";
   hardware ethernet d0:c5:d3:43:95:cc;
   fixed-address 192.168.242.9;
   }

host yeelight1 {
   option host-name "yeelight1";
   ddns-hostname "yeelight1";
   hardware ethernet 7c:49:eb:14:d8:5e;
   }

host yeelight2 {
   option host-name "yeelight2";
   ddns-hostname "yeelight2";
   hardware ethernet 7c:49:eb:14:d7:14;
   }

host rearfirecam {
   option host-name "rearfirecam";
   ddns-hostname = "rearfirecam";
   hardware ethernet 14:6b:9c:c8:f8:b6;
   }

host drivewaycam {
   option host-name "drivewaycam";
   ddns-hostname = "drivewaycam";
   hardware ethernet 0c:8c:24:d1:8e:07;
   }

host frontdoorcam {
   option host-name "frontdoorcam";
   ddns-hostname = "frontdoorcam";
   hardware ethernet e0:09:bf:00:3b:b5;
   }

I should note that my primary server is X86_64 and my failover peer is a raspi4 (ARM64). Same problem on both. So, I just downloaded the latest tumbleweed srpm … dhcp-4.3.5-17.1.src.rpm … built and installed, and all’s well. Now I’m really confused.

Is this when attempting to manually configure setup, or an error when an automated service fails?

TSU

Yes, I’ve got the same message with old worked config.
My dhcp_82.conf was compatible with the old Tumbleweed. I haven’t turned it on for a long time.

Is it problem are solved?

root@BELKA:~> dhcpd -4 -cf dhcp_82.conf --no-pid eth_BLACK
Internet Systems Consortium DHCP Server 4.3.6-P1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
can’t clone pool group.

If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging.

exiting.

Usually not advisable to post to an “old” thread.

Same question to you as the @OP (never answered),
How/when are you getting this message?

And,
I would also add…
Do you really have multiple DHCP servers configured which would only then require a pool configuration?

I’m suspecting that anyone asking this question could be simply using a template configuration for DHCP failover but only has one DHCP server installed… In which case of course no pool can be cloned because there would be nothing to clone the pool to.

TSU

I’ve started dhcpd for tests from CLI. I would like to set “static” ip by option82. My config:

default-lease-time 1296000;
max-lease-time 1296000;
ping-check false;
one-lease-per-client true;
deny duplicates;
deny bootp;
option arp-cache-timeout 3600;
option netbios-node-type 1;
ddns-updates off;
ddns-update-style none;
authoritative;
if exists agent.remote-id and exists agent.circuit-id {
if binary-to-ascii(16, 8, “”, substring(option agent.remote-id, 2, 1)) = “0” {
set switch-mac = concat(“0”, binary-to-ascii(16, 8, “”, substring(option agent.remote-id, 2, 1)), “:”, binary-to-ascii(16, 8, “:”, substring(option agent.remote-id, 3, 6)));
} else {
set switch-mac = binary-to-ascii(16, 8, “:”, substring(option agent.remote-id, 2, 6));
}
set client-mac = binary-to-ascii(16, 8, “:”, suffix(hardware,6));
set switch-addr = binary-to-ascii(10, 8, “.”, packet(24, 4));
set switch-port = binary-to-ascii(10, 8, “”, substring(option agent.circuit-id, 5, 1));
set switch-port-vlan = binary-to-ascii(10, 8, “”, substring(option agent.circuit-id, 2, 2));
if option host-name = NULL {
set computer = “NO HOST NAME”;
} else {
set computer = option host-name;
}
set request-code = binary-to-ascii(10, 8, “”, option dhcp-message-type);
log(info, concat(“MY-LEASE: ==”, binary-to-ascii(10, 8, “.”, leased-address), “==”, client-mac, “==”, switch-addr, “==”, switch-mac, “==”, switch-port, “==”, switch-port-vlan, “==”, r
equest-code, “==”, computer));
}

SW: TEST

class “0:001” { match if substring(option agent.remote-id, 2, 6) = 00:ad:24:08:22:76 and binary-to-ascii(10, 8, “”, substring(option agent.circuit-id, 5, 1)) = “1”; }
class “0:002” { match if substring(option agent.remote-id, 2, 6) = 00:ad:24:08:22:76 and binary-to-ascii(10, 8, “”, substring(option agent.circuit-id, 5, 1)) = “2”; }
class “0:003” { match if substring(option agent.remote-id, 2, 6) = 00:ad:24:08:22:76 and binary-to-ascii(10, 8, “”, substring(option agent.circuit-id, 5, 1)) = “3”; }

shared-network “my-test” {
subnet 172.24.0.0 netmask 255.255.0.0 { }
subnet 10.10.10.0 netmask 255.255.255.0 {
option domain-name “my.test”;
option domain-name-servers 8.8.8.8;
option ntp-servers 172.24.0.101;
option ip-forwarding false;

            pool { option routers 10.10.10.1;
                    range 10.10.10.2; allow members of "0:001";
            }

            pool { option routers 10.10.10.1;
                    range 10.10.10.3; allow members of "0:002";
            }

            pool { option routers 10.10.10.1;
                    range 10.10.10.4; allow members of "0:003";
            }
    }

}

I’ve launched command:

root@BELKA:~> dhcpd -4 -cf /root/dhcp_82.conf --no-pid eth_BLACK
Internet Systems Consortium DHCP Server 4.3.6-P1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit ISC DHCP - ISC
can’t clone pool group.

If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging.

exiting.

BUT! I’ve got the src “zypper si dhcp-server” and “rpmbuild -bb dhcp.spec” (i’ve not install new rpm packets) and tryed to start compiled version:

root@BELKA:/usr/src/packages/BUILD/dhcp-4.3.6-P1/server> ./dhcpd -4 -cf /root/dhcp_82.conf --no-pid eth_BLACK
Internet Systems Consortium DHCP Server 4.3.6-P1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit ISC DHCP - ISC
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Config file: /root/dhcp_82.conf
Database file: /var/lib/dhcp/db/dhcpd.leases
PID file: /var/run/dhcpd.pid
Wrote 0 class decls to leases file.
Wrote 1 leases to leases file.
Multiple interfaces match the same shared network: eth_BLACK vlan60
Listening on LPF/eth_BLACK/00:e0:ed:58:df:1e/my-test
Sending on LPF/eth_BLACK/00:e0:ed:58:df:1e/my-test
Sending on Socket/fallback/fallback-net

Why compiled dhcpd is better?

I need it for some tests only, I would like to start dhcpd on eth_BLACK when I’m ready.

First a question:
Based on your objective

I’ve started dhcpd for tests from CLI. I would like to set “static” ip by option82

Are you trying to set up a DHCP relay and and not an actual DHCP server?
If so, that is a different network device, you might try installing and inspecting the related documentation

zypper in dhcp-relay

If you confirm you’re really trying to set a DHCP server and not a relay, I’ll take another close look at what you’ve posted…

TSU

Yes, I have a dhcp-relay on my switch, but why we are talk about relay? My switch is switched off while. I need to start main dhcp server on my computer first. I can start compiled dhcpd from src and can’t start tumbleweed’s dhcpd …
This is a strange problem.

I quoted your statement saying that you were implementing Option 82 which involves a dhcp relay.

Pls clarify your topology…
Are your clients contacting your DHCP server directly, and are you saying that dhcpd running on your Tumbleweed is your authoritative DHCP server?

BTW - Be aware of risks involved by deploying essential network services on a TW machine… When you get things figured out, I highly recommend you re-deploy either to a LEAP or a openSUSE Transcactional Server.

TSU