WIP: DHCP server #95

Draft
jeltz wants to merge 6 commits from dhcp into master
10 changed files with 0 additions and 335 deletions
Showing only changes of commit 1938cc24da - Show all commits

View file

@ -1,9 +0,0 @@
#!/usr/bin/env ansible-playbook
---
- hosts: dhcp-*.adm.auro.re
vars:
update_motd:
unbound: isc-dhcp-server est déployé.
roles:
- isc_dhcp_server
- update_motd

View file

@ -1,14 +0,0 @@
---
- name: force run dhcp re2o-service
command: /var/local/re2o-services/dhcp/main.py --force
become_user: re2o-services
- name: restart dhcpd
systemd:
state: restarted
name: isc-dhcp-server
- name: restart rsyslog
systemd:
name: rsyslog
state: restarted

View file

@ -1,111 +0,0 @@
---
- name: Install dhcp (re2o-service)
import_role:
name: re2o_service
vars:
service_repo: https://gitlab.federez.net/re2o/dhcp.git
service_name: dhcp
service_version: master
service_config:
hostname: re2o.auro.re
username: service-user
password: "{{ vault_serviceuser_passwd }}"
- name: Ensure appropriate permissions on dhcp re2o service
file:
path: /var/local/re2o-services/dhcp/
state: directory
owner: re2o-services
group: nogroup
recurse: true
mode: 0755
- name: Install isc-dhcp-server
apt:
update_cache: true
name: isc-dhcp-server
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
notify: restart dhcpd
- name: Ensure dhcp log directory exists
file:
path: /var/log/dhcp
owner: root
group: root
mode: u=rwx,g=rx,a=rx
state: directory
- name: Ensure rsyslog knows where to send dhcp logs
lineinfile:
path: /etc/rsyslog.conf
line: "local7.* /var/log/dhcp/dhcpd.log"
notify: restart rsyslog
- name: Configure dhcp log rotation
template:
src: logrotate.d/dhcp.j2
dest: /etc/logrotate.d/dhcp
mode: 0644
- name: set up cron to reload dhcp re2o service
cron:
# Do not change this name or idempotence *might* be lost.
name: dhcp-re2o-service
cron_file: re2o-services
minute: "*/2"
hour: "*"
day: "*"
weekday: "*"
month: "*"
user: root
job: "/usr/bin/python3 /var/local/re2o-services/dhcp/main.py"
- name: Configure /etc/default/isc-dhcp-server
template:
src: default/isc-dhcp-server.j2
dest: /etc/default/isc-dhcp-server
mode: 0644
notify: restart dhcpd
- name: Configure dhcp-failover.conf
template:
src: dhcp/dhcp-failover.conf.j2
dest: /etc/dhcp/dhcp-failover.conf
mode: 0600
when: dhcp_failover_enabled
notify: restart dhcpd
- name: Configure dhcpd.conf
template:
src: dhcp/dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
mode: 0600
notify: restart dhcpd
- name: Configure subnets.conf (regular service)
template:
src: dhcp/regular-subnets.conf.j2
dest: /etc/dhcp/subnets.conf
mode: 0600
notify: restart dhcpd
when: not is_aurore_host
- name: Configure subnets.conf (aurore service)
template:
src: dhcp/aurore-subnets.conf.j2
dest: /etc/dhcp/subnets.conf
mode: 0600
notify: restart dhcpd
when: is_aurore_host
- name: force run dhcp re2o-service
command: /var/local/re2o-services/dhcp/main.py --force
- name: Ensure dhcpd is running
service:
name: isc-dhcp-server
state: started
enabled: true

View file

@ -1,24 +0,0 @@
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
{% if is_aurore_host %}
INTERFACESv4="ens19"
INTERFACESv6=""
{% else %}
INTERFACESv4="ens19 ens20 ens21 ens22 ens23"
INTERFACESv6=""
{% endif %}

View file

@ -1,12 +0,0 @@
subnet 45.66.110.0 netmask 255.255.255.0 {
interface "ens19";
option subnet-mask 255.255.255.0;
option broadcast-address 45.66.110.255;
option routers 45.66.110.{{ router_ip_suffix }};
option domain-name-servers 45.66.110.{{ dns_host_suffix_main }}, {{ backup_dns_servers|join(', ') }};
option domain-name "adh.auro.re";
option domain-search "adh.auro.re";
include "/var/local/re2o-services/dhcp/generated/dhcp.adh.auro.re.list";
deny unknown-clients;
}

View file

@ -1,31 +0,0 @@
failover peer "dhcp-failover" {
{% if inventory_hostname == dhcp_failover.primary_host %}
primary;
# MCLT = Maximum Client Lead Time.
# Must be specified on the primary, forbidden on the secondary.
mclt 3600;
# Address or DNS name on which this node listens for connections
# from its failover peer.
address {{ dhcp_failover.primary_host }};
peer address {{ dhcp_failover.secondary_host }};
# Load balancing.
split 128;
{% endif %}
{% if inventory_hostname == dhcp_failover.secondary_host %}
secondary;
# Address and peer address are reversed on the secondary node.
address {{ dhcp_failover.secondary_host }};
peer address {{ dhcp_failover.primary_host }};
{% endif %}
# The following options can be shared between primary and
# secondary failover peers.
port 647;
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}

View file

@ -1,25 +0,0 @@
default-lease-time 86400;
max-lease-time 86400;
# Option definitions common to all supported networks.
option interface-mtu {{ mtu }};
option root-path "/";
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
log-facility local7;
{% if dhcp_failover_enabled %}
include "/etc/dhcp/dhcp-failover.conf";
{% endif %}
include "/etc/dhcp/subnets.conf";

View file

@ -1,94 +0,0 @@
# Bornes WiFi
subnet 10.{{ subnet_ids.ap }}.0.0 netmask 255.255.0.0 {
interface "ens19";
option subnet-mask 255.255.0.0;
option broadcast-address 10.{{ subnet_ids.ap }}.255.255;
option routers 10.{{ subnet_ids.ap }}.0.250;
option domain-name "borne.auro.re";
option domain-search "borne.auro.re";
option domain-name-servers 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.borne.auro.re.list";
deny unknown-clients;
}
# Users filaire
subnet 10.{{ subnet_ids.users_wired }}.0.0 netmask 255.255.0.0 {
interface "ens20";
option subnet-mask 255.255.0.0;
option broadcast-address 10.{{ subnet_ids.users_wired }}.255.255;
option routers 10.{{ subnet_ids.users_wired }}.0.{{ router_ip_suffix }};
option domain-name "fil.{{ apartment_block_dhcp }}.auro.re";
option domain-search "auro.re";
option domain-name-servers 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.fil.{{ apartment_block_dhcp }}.auro.re.list";
deny unknown-clients;
}
# Users WiFi
subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 {
interface "ens21";
option subnet-mask 255.255.0.0;
option broadcast-address 10.{{ subnet_ids.users_wifi }}.255.255;
option routers 10.{{ subnet_ids.users_wifi }}.0.{{ router_ip_suffix }};
option domain-name "wifi.{{ apartment_block_dhcp }}.auro.re";
option domain-search "auro.re";
option domain-name-servers 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.wifi.{{ apartment_block_dhcp }}.auro.re.list";
pool {
range 10.{{ subnet_ids.users_wifi }}.8.0 10.{{ subnet_ids.users_wifi }}.10.255;
{% if dhcp_failover is defined %}
failover peer "dhcp-failover";
{% endif %}
}
}
# Banni
subnet 10.{{ subnet_ids.users_banni }}.0.0 netmask 255.255.0.0 {
interface "ens22";
option subnet-mask 255.255.0.0;
option broadcast-address 10.{{ subnet_ids.users_banni }}.255.255;
option routers 10.{{ subnet_ids.users_banni }}.0.{{ router_ip_suffix }};
option domain-name "banni.{{ apartment_block_dhcp }}.auro.re";
option domain-search "auro.re";
option domain-name-servers 10.{{ subnet_ids.users_banni }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.users_banni }}.0.{{ dns_host_suffix_backup }};
pool {
range 10.{{ subnet_ids.users_banni }}.1.0 10.{{ subnet_ids.users_banni }}.2.255;
{% if dhcp_failover is defined %}
failover peer "dhcp-failover";
{% endif %}
}
}
# Accueil
subnet 10.{{ subnet_ids.users_accueil }}.0.0 netmask 255.255.0.0 {
interface "ens23";
option subnet-mask 255.255.0.0;
option broadcast-address 10.{{ subnet_ids.users_accueil }}.255.255;
option routers 10.{{ subnet_ids.users_accueil }}.0.{{ router_ip_suffix }};
option domain-name "accueil.{{ apartment_block_dhcp }}.auro.re";
option domain-search "auro.re";
option domain-name-servers 10.{{ subnet_ids.users_accueil }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.users_accueil }}.0.{{ dns_host_suffix_backup }};
pool {
range 10.{{ subnet_ids.users_accueil }}.1.0 10.{{ subnet_ids.users_accueil }}.2.255;
{% if dhcp_failover is defined %}
failover peer "dhcp-failover";
{% endif %}
}
}

View file

@ -1,11 +0,0 @@
/var/log/dhcp/dhcpd.log {
# common options
daily
rotate 365
missingok
compress
delaycompress
notifempty
copytruncate
}

View file

@ -1,4 +0,0 @@
---
dhcp_failover:
primary_host: dhcp-{{ apartment_block }}.adm.auro.re
secondary_host: dhcp-{{ apartment_block }}-backup.adm.auro.re