Commit 7c6ac927 authored by Hugo LEVY-FALK's avatar Hugo LEVY-FALK

Configure DHCP with re2o

parent a11320ea
# Aurore Ansible configuration
[defaults]
# Use Aurore inventory
inventory = ./hosts.yaml
# Custom header in templates
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# Do not create retry files
retry_files_enabled = False
# Do not use cows (with cowsay)
nocows = 1
# Do more parallelism
forks = 15
#[privilege_escalation]
# Use sudo to get priviledge access
#become = True
# Ask for password
#become_ask_pass = True
[diff]
# TO know what changed
always = yes
---
# Install Matrix Synapse on corresponding containers
- hosts: dhcp
remote_user: root
vars_prompt:
- name: service_daemon_pass
prompt: "Enter the password for the service user to connect to re2o"
private: yes
roles:
- dhcp
......@@ -4,7 +4,56 @@ all:
gateway: 10.7.0.254
re2o_address: re2o.rezometz.org
service_user: service-daemon
ntp_server: 193.48.224.215
www_server:
- 193.48.225.242
- 193.48.225.247
irc_server: 193.48.225.244
smtp_server: 193.48.225.249
children:
dhcp:
vars:
lists:
- dhcp.rez
- dhcp.rezometz.org
federez:
interface: eth2
routers: 10.20.254.254
dns: 80.67.188.188
subnet: 10.20.0.0
subnet_mask: 255.255.0.0
broadcast: 10.20.255.255
pool_begin: 10.20.1.1
pool_end: 10.20.253.254
subnets:
- name: adherents
interface: eth3
subnet: 10.69.0.0
netmask: 255.255.240.0
broadcast: 10.69.15.255
routers: 10.69.9.254
dns:
- 10.69.9.127
- 10.69.9.128
domain_name: rez
- name: bornes
interface: eth1
subnet: 10.8.0.0
netmask: 255.255.0.0
broadcast: 10.8.255.255
dns:
- 10.8.0.127
- 10.8.0.128
domain_name: rez
hosts:
10.7.0.127:
address: 10.7.0.127
peer_address: 10.7.0.128
primary: primary
10.7.0.128:
address: 10.7.0.128
peer_address: 10.7.0.127
primary: secondary
gateways:
hosts:
10.7.0.57:
......
- name: Install isc-dhcp-server
apt:
name: isc-dhcp-server
- name: Copy configuration
template:
src: dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
mode: 0644
- name: DHCP failover
template:
src: dhcp-failover.conf.j2
dest: /etc/dhcp/dhcp-failover.conf
mode: 0644
- name: Install iso8601
apt:
name: python3-iso8601
- name: Get re2o-service for dhcp
git:
repo: https://gitlab.federez.net/re2o/dhcp.git
dest: /usr/local/dhcp
force: yes
- name: Create generated directory
file:
path: /usr/local/dhcp/generated
state: directory
mode: 0755
- name: Configure service
template:
src: config.ini.j2
dest: /usr/local/dhcp/config.ini
mode: 0600
- name: Create crontab
cron:
cron_file: re2o-services
name: Update dhcp lists
user: root
job: "cd /usr/local/dhcp/ && /usr/bin/python3 /usr/local/dhcp/main.py > /dev/null 2>&1"
[Re2o]
hostname = {{ re2o_address }}
username = {{ service_user }}
password = {{ service_daemon_pass }}
failover peer "dhcp-failover" {
{{ primary }};
split 255;
mclt 3600;
address {{ address }};
port 647;
peer address {{ peer_address }};
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
default-lease-time 18000;
max-lease-time 21600;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
option ntp-servers {{ ntp_server }};
option www-server {{ www_server|join(', ') }};
option irc-server {{ irc_server }};
option smtp-server {{ smtp_server }};
include "/etc/dhcp/dhcp-failover.conf";
#Vlan federez
subnet {{ federez.subnet }} netmask {{ federez.subnet_mask }} {
interface {{ federez.interface }};
option routers {{ federez.routers }};
option domain-name-servers {{ federez.dns }};
option subnet-mask {{ federez.subnet_mask }};
option broadcast-address {{ federez.subnet_mask }};
pool {
range {{ federez.pool_begin }} {{ federez.pool_end }};
failover peer "dhcp-failover";
}
}
{% for list in lists %}
include "/usr/local/dhcp/generated/{{ list }}.list";
{% endfor %}
{% for subnet in subnets %}
# Subnet {{ subnet.name }}
subnet subnet.subnet netmask {{ subnet.netmask }} {
interface {{ subnet.interface }};
option subnet-mask {{ subnet.netmask }};
option broadcast-address {{ subnet.broadcast }};
{% if 'routers' in subnet %}option routers {{ subnet.routers }};{% endif %}
option domain-name-servers {{ subnet.dns | join(", ") }};
option domain-name {{ subnet.domain_name }};
deny unknown-clients;
}
{% endfor %}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment