WIP: DHCP server #95
15 changed files with 230 additions and 0 deletions
13
filter_plugins/net_utils.py
Normal file
13
filter_plugins/net_utils.py
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
import dns.name
|
||||||
|
|
||||||
|
|
||||||
|
class FilterModule:
|
||||||
|
def filters(self):
|
||||||
|
return {
|
||||||
|
"remove_domain_suffix": remove_domain_suffix,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def remove_domain_suffix(name):
|
||||||
|
parent = dns.name.from_text(name).parent()
|
||||||
|
return parent.to_text()
|
1
hosts
1
hosts
|
@ -89,6 +89,7 @@ dhcp-fleming.adm.auro.re
|
||||||
dhcp-fleming-backup.adm.auro.re
|
dhcp-fleming-backup.adm.auro.re
|
||||||
dns-fleming.adm.auro.re
|
dns-fleming.adm.auro.re
|
||||||
dns-fleming-backup.adm.auro.re
|
dns-fleming-backup.adm.auro.re
|
||||||
|
ntp-1.int.infra.auro.re
|
||||||
prometheus-fleming.adm.auro.re
|
prometheus-fleming.adm.auro.re
|
||||||
#prometheus-fleming-fo.adm.auro.re
|
#prometheus-fleming-fo.adm.auro.re
|
||||||
radius-fleming.adm.auro.re
|
radius-fleming.adm.auro.re
|
||||||
|
|
26
playbooks/chronyd.yml
Executable file
26
playbooks/chronyd.yml
Executable file
|
@ -0,0 +1,26 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
vars:
|
||||||
|
chronyd__allow_networks:
|
||||||
|
- 10.128.0.0/16
|
||||||
|
- 2a09:6840:128::/48
|
||||||
|
chronyd__pools:
|
||||||
|
- 0.pool.ntp.org
|
||||||
|
- 1.pool.ntp.org
|
||||||
|
- 2.pool.ntp.org
|
||||||
|
- 3.pool.ntp.org
|
||||||
|
roles:
|
||||||
|
- chronyd
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- all
|
||||||
|
- "!ntp-1.int.infra.auro.re"
|
||||||
|
- "!unifi"
|
||||||
|
vars:
|
||||||
|
chronyd__pools:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
roles:
|
||||||
|
- chronyd
|
||||||
|
...
|
32
playbooks/ifupdown2.yml
Executable file
32
playbooks/ifupdown2.yml
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
vars:
|
||||||
|
# TODO: netbox
|
||||||
|
ifupdown2__hosts:
|
||||||
|
ntp-1.int.infra.auro.re:
|
||||||
|
ens18:
|
||||||
|
gateways:
|
||||||
|
- 2a09:6840:128::254
|
||||||
|
- 10.128.0.254
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:128::203/56
|
||||||
|
- 10.128.0.203/16
|
||||||
|
ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
|
||||||
|
roles:
|
||||||
|
- ifupdown2
|
||||||
|
|
||||||
|
- hosts:
|
||||||
|
- ntp-1.int.infra.auro.re
|
||||||
|
vars:
|
||||||
|
resolvconf__nameservers:
|
||||||
|
- 2a09:6840:128::127
|
||||||
|
- 10.128.0.127
|
||||||
|
resolvconf__domain: auro.re
|
||||||
|
resolvconf__search:
|
||||||
|
- "{{ inventory_hostname | remove_domain_suffix }}"
|
||||||
|
- auro.re
|
||||||
|
roles:
|
||||||
|
- resolvconf
|
||||||
|
...
|
9
roles/chronyd/defaults/main.yml
Normal file
9
roles/chronyd/defaults/main.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
chronyd__pools: []
|
||||||
|
chronyd__key_file: /etc/chrony/chrony.keys
|
||||||
|
chronyd__drift_file: /var/lib/chrony/chrony.drift
|
||||||
|
chronyd__nts_dump_dir: /var/lib/chrony
|
||||||
|
chronyd__max_update_skew: 100.0
|
||||||
|
chronyd__rtcsync: true
|
||||||
|
chronyd__allow_networks: []
|
||||||
|
...
|
6
roles/chronyd/handlers/main.yml
Normal file
6
roles/chronyd/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Restart chronyd
|
||||||
|
systemd:
|
||||||
|
name: chrony.service
|
||||||
|
state: restarted
|
||||||
|
...
|
32
roles/chronyd/tasks/main.yml
Normal file
32
roles/chronyd/tasks/main.yml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
- name: Uninstall ntp and sntp
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- sntp
|
||||||
|
- ntp
|
||||||
|
- systemd-timesyncd
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Install chronyd
|
||||||
|
apt:
|
||||||
|
name: chrony
|
||||||
|
|
||||||
|
- name: Configure chronyd
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.j2"
|
||||||
|
dest: "/etc/chrony/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
loop:
|
||||||
|
- chrony.conf
|
||||||
|
- chrony.keys
|
||||||
|
notify:
|
||||||
|
- Restart chronyd
|
||||||
|
|
||||||
|
- name: Enable and start chronyd
|
||||||
|
systemd:
|
||||||
|
name: chrony.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
...
|
23
roles/chronyd/templates/chrony.conf.j2
Normal file
23
roles/chronyd/templates/chrony.conf.j2
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for pool in chronyd__pools %}
|
||||||
|
pool {{ pool }} iburst
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
keyfile {{ chronyd__key_file }}
|
||||||
|
driftfile {{ chronyd__drift_file }}
|
||||||
|
ntsdumpdir {{ chronyd__nts_dump_dir }}
|
||||||
|
|
||||||
|
log tracking measurements statistics
|
||||||
|
|
||||||
|
maxupdateskew {{ chronyd__max_update_skew | float }}
|
||||||
|
|
||||||
|
{% if chronyd__rtcsync %}
|
||||||
|
rtcsync
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
leapsectz right/UTC
|
||||||
|
|
||||||
|
{% for network in chronyd__allow_networks %}
|
||||||
|
allow {{ network | ipaddr }}
|
||||||
|
{% endfor %}
|
1
roles/chronyd/templates/chrony.keys.j2
Normal file
1
roles/chronyd/templates/chrony.keys.j2
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{{ ansible_managed | comment }}
|
3
roles/ifupdown2/defaults/main.yml
Normal file
3
roles/ifupdown2/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
ifupdown2__interfaces: {}
|
||||||
|
...
|
9
roles/ifupdown2/handlers/main.yml
Normal file
9
roles/ifupdown2/handlers/main.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Restart networking
|
||||||
|
systemd:
|
||||||
|
name: networking.service
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Bring all interfaces up
|
||||||
|
shell: /usr/sbin/ifup -a
|
||||||
|
...
|
42
roles/ifupdown2/tasks/main.yml
Normal file
42
roles/ifupdown2/tasks/main.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
- name: Gather package facts
|
||||||
|
package_facts:
|
||||||
|
manager: apt
|
||||||
|
|
||||||
|
- name: Check if ifupdown2 is installed
|
||||||
|
set_fact:
|
||||||
|
must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"
|
||||||
|
|
||||||
|
- name: Mask networking before installing ifupdown2
|
||||||
|
systemd:
|
||||||
|
name: networking.service
|
||||||
|
masked: true
|
||||||
|
when: must_mask
|
||||||
|
|
||||||
|
- name: Install ifupdown2
|
||||||
|
apt:
|
||||||
|
name: ifupdown2
|
||||||
|
|
||||||
|
- name: Unmask networking now that ifupdown2 is installed
|
||||||
|
systemd:
|
||||||
|
name: networking.service
|
||||||
|
masked: false
|
||||||
|
when: must_mask
|
||||||
|
|
||||||
|
- name: Configure ifupdown2
|
||||||
|
template:
|
||||||
|
src: interfaces.j2
|
||||||
|
dest: /etc/network/interfaces
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=
|
||||||
|
notify:
|
||||||
|
- Restart networking
|
||||||
|
- Bring all interfaces up
|
||||||
|
|
||||||
|
- name: Enable and start networking
|
||||||
|
systemd:
|
||||||
|
name: networking.service
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
...
|
13
roles/ifupdown2/templates/interfaces.j2
Normal file
13
roles/ifupdown2/templates/interfaces.j2
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for name, iface in ifupdown2__interfaces.items() %}
|
||||||
|
auto {{ name }}
|
||||||
|
iface {{ name }}
|
||||||
|
{% for address in iface.addresses %}
|
||||||
|
address {{ address | ipaddr }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for gateway in iface.gateways | default([]) %}
|
||||||
|
gateway {{ gateway | ipaddr }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% endfor %}
|
9
roles/resolvconf/tasks/main.yml
Normal file
9
roles/resolvconf/tasks/main.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Install resolv.conf
|
||||||
|
template:
|
||||||
|
src: resolv.conf.j2
|
||||||
|
dest: /etc/resolv.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
...
|
11
roles/resolvconf/templates/resolv.conf.j2
Normal file
11
roles/resolvconf/templates/resolv.conf.j2
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% for nameserver in resolvconf__nameservers %}
|
||||||
|
nameserver {{ nameserver | ipaddr }}
|
||||||
|
{% endfor %}
|
||||||
|
{% if resolvconf__domain is defined %}
|
||||||
|
domain {{ resolvconf__domain }}
|
||||||
|
{% endif %}
|
||||||
|
{% if resolvconf__search is defined %}
|
||||||
|
search {{ resolvconf__search | join(" ") }}
|
||||||
|
{% endif %}
|
Loading…
Reference in a new issue