From e6b2f80b49812c9396585f1c46f0100dbd1f036a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yoha=C3=AF-Eliel=20BERREBY?= Date: Sun, 5 Apr 2020 17:39:27 +0200 Subject: [PATCH] templatisation de la config dhcpd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit non encore testé --- group_vars/fleming/dhcp.yml | 11 +++ group_vars/pacaterie/dhcp.yml | 7 ++ .../templates/dhcp/dhcpd.conf.j2 | 77 ++++++++++++++++--- 3 files changed, 85 insertions(+), 10 deletions(-) create mode 100644 group_vars/fleming/dhcp.yml create mode 100644 group_vars/pacaterie/dhcp.yml diff --git a/group_vars/fleming/dhcp.yml b/group_vars/fleming/dhcp.yml new file mode 100644 index 0000000..97456e9 --- /dev/null +++ b/group_vars/fleming/dhcp.yml @@ -0,0 +1,11 @@ +--- +apartment_block: fleming + +subnet_ids: + ap: 141 + users_wired: 10 + users_wifi: 11 + +failover: + own-address: 10.128.2.254 + peer-address: 10.128.2.154 diff --git a/group_vars/pacaterie/dhcp.yml b/group_vars/pacaterie/dhcp.yml new file mode 100644 index 0000000..043d26d --- /dev/null +++ b/group_vars/pacaterie/dhcp.yml @@ -0,0 +1,7 @@ +--- +apartment_block: pacaterie + +subnet_ids: + ap: 142 + users_wired: 20 + users_wifi: 21 diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 index 3b0da57..93527bd 100644 --- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 +++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 @@ -1,15 +1,16 @@ # dhcpd.conf -# {{ ansible_managed }} +{{ ansible_managed }} -# option definitions common to all supported networks... -#option domain-name "example.org"; -#option domain-name-servers ns1.example.org, ns2.example.org; +default-lease-time 86400; +max-lease-time 86400; -# We have tagged network so use last 4 bytes for tag (1500 max) -option interface-mtu 1496; +# Option definitions common to all supported networks. -default-lease-time 600; -max-lease-time 7200; +# The MTU theoretically could go as high as 1496 (4-byte VLAN tag). +option interface-mtu 1400; +# XXX: hardcoded DNS for now +option domain-name-servers 80.67.169.12, 1.1.1.1; +option root-path "/"; # The ddns-updates-style parameter controls whether or not the server will # attempt to do a DNS update when a lease is confirmed. We default to the @@ -29,5 +30,61 @@ authoritative; # have to hack syslog.conf to complete the redirection). #log-facility local7; -# Aurore topology -# TODO + +# Bornes WiFi +subnet 10.{{ subnet_ids.ap }}.0.0 netmask 255.255.0.0 { + interface "ens19"; + option subnet-mask 255.255.0.0; + option broadcast-address 10.{{ subnet_ids.ap }}.255.255; + option routers 10.{{ subnet_ids.ap }}.0.250; + option domain-name-servers 80.67.169.12, 1.1.1.1; + option domain-name "borne.auro.re"; + option domain-search "borne.auro.re"; + include "/var/local/re2o-services/dhcp/generated/dhcp.borne.auro.re.list"; + + deny unknown-clients; +} + +# Users filaire +subnet 10.{{ subnet_ids.users_wired }}.0.0 netmask 255.255.0.0 { + interface "ens20"; + option subnet-mask 255.255.0.0; + option broadcast-address 10.{{ subnet_ids.users_wired }}.255.255; + option routers 10.{{ subnet_ids.users_wired }}.0.240; + option domain-name "fil.{{ apartment_block }}.auro.re"; + option domain-search "auro.re"; + include "/var/local/re2o-services/dhcp/generated/dhcp.fil.{{ apartment_block }}.auro.re.list"; + + deny unknown-clients; +} + + +# Users WiFi +subnet 10.{{ subnet_ids.users_wired }}.0.0 netmask 255.255.0.0 { + interface "ens21"; + option subnet-mask 255.255.0.0; + option broadcast-address 10.{{ subnet_ids.users_wired }}.255.255; + option routers 10.{{ subnet_ids.users_wired }}.0.240; + option domain-name "wifi.{{ apartment_block }}.auro.re"; + option domain-search "auro.re"; + include "/var/local/re2o-services/dhcp/generated/dhcp.wifi.{{ apartment_block }}.auro.re.list"; + + pool { + range 10.{{ subnet_ids.users_wired }}.8.0 10.{{ subnet_ids.users_wired }}.10.255; + + {% if failover is defined %} + failover peer "dhcp-failover" { + primary; + split 128; + mclt 3600; + address {{ failover.own_address }}; + port 647; + peer address {{ failover.peer_address }}; + peer port 647; + max-response-delay 30; + max-unacked-updates 10; + load balance max seconds 3; + } + {% endif %} + } +}