When isc-dhcp-server and AppArmor module are working together, leases file rotation problem often occurs, because there are no file privileges. It is a common problem, more information can be found here: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662. The dhcp.leases file rotation problem may lead to DHCP server unstable operation.
dhcp.leases file rotation problems diagnostics
DHCP server's logs analysis
When restarting isc-dhcp-server, the following entries can be found in logs.
Feb 27 05:43:17 gateway dhcpd: Can't create new lease file: Permission denied
When leases file size is exceeded by several gigabytes, the following errors may occur during DHCP server restart
/var/lib/dhcp/dhcpd.leases: file is too long to buffer.
Checking lease files creation date
Run the command:
$ ls -l /var/lib/dhcp/ -rw-r--r-- 1 root root 41634468 Nov. 27 08:53 dhcpd.leases -rw-r--r-- 1 root root 40987441 Nov. 27 08:11 dhcpd.leases~
dhcpd.leases~ creation date should not differ from dhcpd.leases file by more than 1 hour. Rerun ls -l /var/lib/dhcp/ command and make sure the size of dhcpd.leases increases. If the conditions are met, dhcpd.leases file rotation works normally.
If the time difference is more than 1 hour, and dhcpd.leases file is significantly larger than dhcpd.leases~, rotation does not work.
Rotation failure example:
$ ls -l /var/lib/dhcp/ total 114776 -rw-r--r-- 1 root root 9644913 Nov 27 06:02 dhcpd.leases~ -rw-r--r-- 1 root root 107878109 Nov 27 09:56 dhcpd.leases
Configuring file rotation on the server
To configure dhcpd.leases rotation, change dhcpd user to root in DHCP server configuration file (only those lines that need changes are given below):
if ! dhcpd -user root -group root -t -q -4 -cf $CONFIG_FILE > /dev/null 2>&1; then dhcpd -user root -group root -t -4 -cf $CONFIG_FILE chown root:root /var/run/dhcp-server chown root:root /var/lib/dhcp /var/lib/dhcp/dhcpd.leases chown root:root /var/lib/dhcp/dhcpd.leases~ exec dhcpd -user root -group root -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES
Change /run/dhcp-server/dhcpd.pid owner from dhcp to root:
chown root:root /run/dhcp-server/dhcpd.pid
When configuration is changed, restart DHCP server using the command:
sudo service isc-dhcp-server restart
After that, check if DHCP server operates correctly:
$ tail -f /var/log/dhcp.log Nov 27 13:01:49 vagrant-ubuntu-trusty-64 dhcpd: All rights reserved. Nov 27 13:01:49 vagrant-ubuntu-trusty-64 dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Nov 27 13:01:49 vagrant-ubuntu-trusty-64 dhcpd: Internet Systems Consortium DHCP Server 4.2.4 Nov 27 13:01:49 vagrant-ubuntu-trusty-64 dhcpd: Copyright 2004-2012 Internet Systems Consortium. Nov 27 13:01:49 vagrant-ubuntu-trusty-64 dhcpd: All rights reserved. Nov 27 13:01:49 vagrant-ubuntu-trusty-64 dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Nov 27 13:01:49 vagrant-ubuntu-trusty-64 dhcpd: Wrote 0 class decls to leases file. Nov 27 13:01:49 vagrant-ubuntu-trusty-64 dhcpd: Wrote 3210 leases to leases file. Nov 27 13:01:50 vagrant-ubuntu-trusty-64 dhcpd: DHCPREQUEST for 172.30.3.252 from e0:d9:e3:50:71:e1 (WEP-2ac) via eth2 Nov 27 13:01:50 vagrant-ubuntu-trusty-64 dhcpd: DHCPACK on 172.30.3.252 to e0:d9:e3:50:71:e1 (WEP-2ac) via eth2 Nov 27 13:02:04 vagrant-ubuntu-trusty-64 dhcpd: DHCPREQUEST for 172.30.3.235 from a8:f9:4b:aa:36:59 via eth2 Nov 27 13:02:04 vagrant-ubuntu-trusty-64 dhcpd: DHCPACK on 172.30.3.235 to a8:f9:4b:aa:36:59 via eth