From 9b07fc9001be5c5e631727f8e08c748ad1bdf5bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yoha=C3=AF-Eliel=20BERREBY?= <yberreby@protonmail.ch>
Date: Fri, 11 Sep 2020 15:05:57 +0200
Subject: [PATCH] dhcp: manage dhcp-aurore

---
 group_vars/all/vars.yml                       |  5 +-
 group_vars/aurore/main.yml                    |  1 +
 network.yml                                   | 11 +---
 roles/isc-dhcp-server/handlers/main.yml       | 10 ++++
 roles/isc-dhcp-server/tasks/main.yml          | 51 ++++++++++++++++---
 .../templates/default/isc-dhcp-server.j2      |  6 +++
 .../templates/dhcp/dhcpd-aurore.conf.j2       | 36 +++++++++++++
 7 files changed, 101 insertions(+), 19 deletions(-)
 create mode 100644 roles/isc-dhcp-server/templates/dhcp/dhcpd-aurore.conf.j2

diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index b2ae5d8..6c1d978 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -78,10 +78,13 @@ radius_pg_replication_password: "{{ vault_re2o_db_user_passwords.replication }}"
 radius_pg_re2o_ro_password: "{{ vault_re2o_db_user_passwords.re2o_ro }}"
 
 
+# DHCP
+dhcp_failover_enabled: true
 apartment_block_dhcp: "{{ apartment_block }}"
 
 
-
 # Careful, this is not byte-aligned, just nibble-aligned (RIPE gave us a /28).
 # However, we ALWAYS keep the trailing 0 to have byte alignment.
 ipv6_base_prefix: "2a09:6840"
+
+is_aurore_host: "{{ 'aurore_vm' in group_names }}"
diff --git a/group_vars/aurore/main.yml b/group_vars/aurore/main.yml
index 7cf0189..4111f79 100644
--- a/group_vars/aurore/main.yml
+++ b/group_vars/aurore/main.yml
@@ -2,3 +2,4 @@
 apartment_block: aurore
 apartment_block_id: 0
 router_ip_suffix: 254
+dhcp_failover_enabled: false
diff --git a/network.yml b/network.yml
index fe69d7f..a65c87b 100755
--- a/network.yml
+++ b/network.yml
@@ -1,17 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Set up DHCP servers.
-- hosts: dhcp-*.adm.auro.re, !dhcp-aurore*.adm.auro.re
-  vars:
-    service_repo: https://gitlab.federez.net/re2o/dhcp.git
-    service_name: dhcp
-    service_version: master
-    service_config:
-      hostname: re2o.auro.re
-      username: service-user
-      password: "{{ vault_serviceuser_passwd }}"
+- hosts: dhcp-*.adm.auro.re
   roles:
-    - re2o-service
     - isc-dhcp-server
 
 
diff --git a/roles/isc-dhcp-server/handlers/main.yml b/roles/isc-dhcp-server/handlers/main.yml
index 2df3eac..840463c 100644
--- a/roles/isc-dhcp-server/handlers/main.yml
+++ b/roles/isc-dhcp-server/handlers/main.yml
@@ -1,4 +1,14 @@
+- name: force run dhcp re2o-service
+  shell: /var/local/re2o-services/dhcp/main.py --force
+  become_user: re2o-services
+
 - name: restart dhcpd
   systemd:
     state: restarted
     name: isc-dhcp-server
+
+- name: restart rsyslog
+  systemd:
+    name: rsyslog
+    state: restarted
+
diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc-dhcp-server/tasks/main.yml
index 13ba3b7..877c3e5 100644
--- a/roles/isc-dhcp-server/tasks/main.yml
+++ b/roles/isc-dhcp-server/tasks/main.yml
@@ -1,4 +1,24 @@
 ---
+- name: Install dhcp (re2o-service)
+  import_role:
+    name: re2o-service
+  vars:
+    service_repo: https://gitlab.federez.net/re2o/dhcp.git
+    service_name: dhcp
+    service_version: master
+    service_config:
+      hostname: re2o.auro.re
+      username: service-user
+      password: "{{ vault_serviceuser_passwd }}"
+
+- name: Ensure appropriate permissions on dhcp re2o service
+  file:
+    path: /var/local/re2o-services/dhcp/
+    state: directory
+    owner: re2o-services
+    group: nogroup
+    recurse: yes
+
 - name: Install isc-dhcp-server
   apt:
     update_cache: true
@@ -21,6 +41,7 @@
   lineinfile:
     path: /etc/rsyslog.conf
     line: "local7.* /var/log/dhcp/dhcpd.log"
+  notify: restart rsyslog
 
 - name: Configure dhcp log rotation
   template:
@@ -38,14 +59,9 @@
     day: "*"
     weekday: "*"
     month: "*"
-    user: root
+    user: re2o-services
     job: "/usr/bin/python3 /var/local/re2o-services/dhcp/main.py"
 
-- name: restart rsyslog
-  systemd:
-    name: rsyslog
-    state: restarted
-
 - name: Configure /etc/default/isc-dhcp-server
   template:
     src: default/isc-dhcp-server.j2
@@ -58,12 +74,31 @@
     src: dhcp/dhcp-failover.conf.j2
     dest: /etc/dhcp/dhcp-failover.conf
     mode: 0600
-  when: dhcp_failover is defined
+  when: dhcp_failover_enabled
   notify: restart dhcpd
 
-- name: Configure dhcpd.conf
+- name: Configure dhcpd.conf (regular service)
   template:
     src: dhcp/dhcpd.conf.j2
     dest: /etc/dhcp/dhcpd.conf
     mode: 0600
   notify: restart dhcpd
+  when: not is_aurore_host
+
+- name: Configure dhcpd.conf (aurore service)
+  template:
+    src: dhcp/dhcpd-aurore.conf.j2
+    dest: /etc/dhcp/dhcpd.conf
+    mode: 0600
+  notify: restart dhcpd
+  when: is_aurore_host
+
+- name: force run dhcp re2o-service
+  shell: /var/local/re2o-services/dhcp/main.py --force
+  become_user: re2o-services
+
+- name: Ensure dhcpd is running
+  service:
+    name: isc-dhcp-server
+    state: started
+    enabled: true
diff --git a/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2 b/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
index 83f7cae..c7f6a53 100644
--- a/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
+++ b/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
@@ -14,5 +14,11 @@
 
 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+
+{% if is_aurore_host %}
+INTERFACESv4="ens19"
+INTERFACESv6=""
+{% else %}
 INTERFACESv4="ens19 ens20 ens21"
 INTERFACESv6=""
+{% endif %}
diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd-aurore.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd-aurore.conf.j2
new file mode 100644
index 0000000..d2e6b54
--- /dev/null
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd-aurore.conf.j2
@@ -0,0 +1,36 @@
+# {{ ansible_managed }}
+
+default-lease-time 86400;
+max-lease-time 86400;
+
+# The MTU theoretically could go as high as 1496 (4-byte VLAN tag).
+option interface-mtu {{ mtu }};
+option root-path "/";
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# Aurore topology
+subnet 45.66.110.0 netmask 255.255.255.0 {
+       interface "ens19";
+       option subnet-mask 255.255.255.0;
+       option broadcast-address 45.66.110.255;
+       option routers 45.66.110.{{ router_ip_suffix }};
+       option domain-name-servers 45.66.110.{{ dns_host_suffix_main }}, {{ backup_dns_servers|join(', ') }};
+       option domain-name "adh.auro.re";
+       option domain-search "adh.auro.re";
+       include "/var/local/re2o-services/dhcp/generated/dhcp.adh.auro.re.list";
+
+       deny unknown-clients;
+}