dhcp: manage dhcp-aurore

group_vars/all/vars.yml

@@ -78,10 +78,13 @@ radius_pg_replication_password: "{{ vault_re2o_db_user_passwords.replication }}"
 radius_pg_re2o_ro_password: "{{ vault_re2o_db_user_passwords.re2o_ro }}"
 
 
+# DHCP
+dhcp_failover_enabled: true
 apartment_block_dhcp: "{{ apartment_block }}"
 
 
-
 # Careful, this is not byte-aligned, just nibble-aligned (RIPE gave us a /28).
 # However, we ALWAYS keep the trailing 0 to have byte alignment.
 ipv6_base_prefix: "2a09:6840"
+
+is_aurore_host: "{{ 'aurore_vm' in group_names }}"

group_vars/aurore/main.yml

@@ -2,3 +2,4 @@
 apartment_block: aurore
 apartment_block_id: 0
 router_ip_suffix: 254
+dhcp_failover_enabled: false

network.yml

@@ -1,17 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Set up DHCP servers.
-- hosts: dhcp-*.adm.auro.re, !dhcp-aurore*.adm.auro.re
+- hosts: dhcp-*.adm.auro.re
-  vars:
-    service_repo: https://gitlab.federez.net/re2o/dhcp.git
-    service_name: dhcp
-    service_version: master
-    service_config:
-      hostname: re2o.auro.re
-      username: service-user
-      password: "{{ vault_serviceuser_passwd }}"
   roles:
-    - re2o-service
     - isc-dhcp-server
 
 

roles/isc-dhcp-server/handlers/main.yml

@@ -1,4 +1,14 @@
+- name: force run dhcp re2o-service
+  shell: /var/local/re2o-services/dhcp/main.py --force
+  become_user: re2o-services
+
 - name: restart dhcpd
   systemd:
     state: restarted
     name: isc-dhcp-server
+
+- name: restart rsyslog
+  systemd:
+    name: rsyslog
+    state: restarted
+

roles/isc-dhcp-server/tasks/main.yml

@@ -1,4 +1,24 @@
 ---
+- name: Install dhcp (re2o-service)
+  import_role:
+    name: re2o-service
+  vars:
+    service_repo: https://gitlab.federez.net/re2o/dhcp.git
+    service_name: dhcp
+    service_version: master
+    service_config:
+      hostname: re2o.auro.re
+      username: service-user
+      password: "{{ vault_serviceuser_passwd }}"
+
+- name: Ensure appropriate permissions on dhcp re2o service
+  file:
+    path: /var/local/re2o-services/dhcp/
+    state: directory
+    owner: re2o-services
+    group: nogroup
+    recurse: yes
+
 - name: Install isc-dhcp-server
   apt:
     update_cache: true
@@ -21,6 +41,7 @@
   lineinfile:
     path: /etc/rsyslog.conf
     line: "local7.* /var/log/dhcp/dhcpd.log"
+  notify: restart rsyslog
 
 - name: Configure dhcp log rotation
   template:
@@ -38,14 +59,9 @@
     day: "*"
     weekday: "*"
     month: "*"
-    user: root
+    user: re2o-services
     job: "/usr/bin/python3 /var/local/re2o-services/dhcp/main.py"
 
-- name: restart rsyslog
-  systemd:
-    name: rsyslog
-    state: restarted
-
 - name: Configure /etc/default/isc-dhcp-server
   template:
     src: default/isc-dhcp-server.j2
@@ -58,12 +74,31 @@
     src: dhcp/dhcp-failover.conf.j2
     dest: /etc/dhcp/dhcp-failover.conf
     mode: 0600
-  when: dhcp_failover is defined
+  when: dhcp_failover_enabled
   notify: restart dhcpd
 
-- name: Configure dhcpd.conf
+- name: Configure dhcpd.conf (regular service)
   template:
     src: dhcp/dhcpd.conf.j2
     dest: /etc/dhcp/dhcpd.conf
     mode: 0600
   notify: restart dhcpd
+  when: not is_aurore_host
+
+- name: Configure dhcpd.conf (aurore service)
+  template:
+    src: dhcp/dhcpd-aurore.conf.j2
+    dest: /etc/dhcp/dhcpd.conf
+    mode: 0600
+  notify: restart dhcpd
+  when: is_aurore_host
+
+- name: force run dhcp re2o-service
+  shell: /var/local/re2o-services/dhcp/main.py --force
+  become_user: re2o-services
+
+- name: Ensure dhcpd is running
+  service:
+    name: isc-dhcp-server
+    state: started
+    enabled: true

roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2

@@ -14,5 +14,11 @@
 
 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+
+{% if is_aurore_host %}
+INTERFACESv4="ens19"
+INTERFACESv6=""
+{% else %}
 INTERFACESv4="ens19 ens20 ens21"
 INTERFACESv6=""
+{% endif %}

roles/isc-dhcp-server/templates/dhcp/dhcpd-aurore.conf.j2

@@ -0,0 +1,36 @@
+# {{ ansible_managed }}
+
+default-lease-time 86400;
+max-lease-time 86400;
+
+# The MTU theoretically could go as high as 1496 (4-byte VLAN tag).
+option interface-mtu {{ mtu }};
+option root-path "/";
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# Aurore topology
+subnet 45.66.110.0 netmask 255.255.255.0 {
+       interface "ens19";
+       option subnet-mask 255.255.255.0;
+       option broadcast-address 45.66.110.255;
+       option routers 45.66.110.{{ router_ip_suffix }};
+       option domain-name-servers 45.66.110.{{ dns_host_suffix_main }}, {{ backup_dns_servers|join(', ') }};
+       option domain-name "adh.auro.re";
+       option domain-search "adh.auro.re";
+       include "/var/local/re2o-services/dhcp/generated/dhcp.adh.auro.re.list";
+
+       deny unknown-clients;
+}