infra
/
ansible
4
5
Fork 5
Code Issues 6 Pull Requests Activity

Compare commits

merge into: infra:master
Branches Tags
infra:master
infra:kea
infra:pizza
...
pull from: infra:kea
Branches Tags
infra:master
infra:kea
infra:pizza

3 Commits
master ... kea

Author SHA1 Message Date
Kishi85 065f105f9f kea: Configure control agent necessary for HA 2024-05-13 18:32:00 +02:00
Kishi85 9235672954 kea: Add DHCP4 HA config (hot-standby) 2024-05-13 18:06:35 +02:00
Markus e185703198 kea: new role (replaces dhcpd) [WIP] 2024-04-19 15:10:44 +02:00
4 changed files with 333 additions and 0 deletions
Show Stats Expand all files Collapse all files

7
roles/kea/handlers/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Restart kea-dhcp4-server
service: name=kea-dhcp4-server state=restarted
- name: Restart kea-ctrl-agent
service: name=kea-ctrl-agent state=restarted

28
roles/kea/tasks/main.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: Install the kea dhcp server
apt:
name:
- kea-ctrl-agent
- kea-dhcp4-server
- kea-dhcp-ddns-server
- name: Configure the kea dhcp4 server
template:
src: kea/kea-dhcp4.conf.j2
dest: /etc/kea/kea-dhcp4.conf
# validate: kea-dhcp4 -t %s
notify: Restart kea-dhcp4-server
- name: Start the kea dhcp server
service: name=kea-dhcp4-server state=started enabled=yes
- name: Configure the kea control agent
template:
src: kea/kea-ctrl-agent.conf.j2
dest: /etc/kea/kea-ctrl-agent.conf
# validate: kea-ctrl-agent -t %s
notify: Restart kea-ctrl-agent
- name: Start the kea control agent
service: name=kea-ctrl-agent state=started enabled=yes

67
roles/kea/templates/kea/kea-ctrl-agent.conf.j2 Normal file
View File

@ -0,0 +1,67 @@
// This is an example of a configuration for Control-Agent (CA) listening
// for incoming HTTP traffic. This is necessary for handling API commands,
// in particular lease update commands needed for HA setup.
{
"Control-agent":
{
// We need to specify where the agent should listen to incoming HTTP
// queries.
"http-host": "0.0.0.0",
// This specifies the port CA will listen on.
"http-port": 8000,
"control-sockets":
{
// This is how the Agent can communicate with the DHCPv4 server.
"dhcp4":
{
"comment": "socket to DHCP4 server",
"socket-type": "unix",
"socket-name": "/tmp/kea4-ctrl-socket"
},
// Location of the DHCPv6 command channel socket.
//"dhcp6":
//{
// "socket-type": "unix",
// "socket-name": "/tmp/kea6-ctrl-socket"
//},
// Location of the D2 command channel socket.
//"d2":
//{
// "socket-type": "unix",
// "socket-name": "/tmp/kea-ddns-ctrl-socket",
// "user-context": { "in-use": false }
//}
},
// Similar to other Kea components, CA also uses logging.
"loggers": [
{
"name": "kea-ctrl-agent",
"output_options": [
{
"output": "/var/log/kea-ctrl-agent.log",
// Several additional parameters are possible in addition
// to the typical output. Flush determines whether logger
// flushes output to a file. Maxsize determines maximum
// filesize before the file is being rotated. maxver
// specifies the maximum number of rotated files being
// kept.
"flush": true,
"maxsize": 204800,
"maxver": 4,
// We use pattern to specify custom log message layout
"pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
}
],
"severity": "INFO",
"debuglevel": 0 // debug level only applies when severity is set to DEBUG.
}
]
}
}

231
roles/kea/templates/kea/kea-dhcp4.conf.j2 Normal file
View File

@ -0,0 +1,231 @@
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "{{ ansible_default_ipv4['interface'] }}" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea/kea4-ctrl-socket"
},
// HA requires two hooks libraries to be loaded: libdhcp_lease_cmds.so and
// libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
// The latter implements high availability feature for Kea. Note the library name
// should be the same, but the path is OS specific.
"hooks-libraries": [
// The lease_cmds library must be loaded because HA makes use of it to
// deliver lease updates to the server as well as synchronize the
// lease database after failure.
{
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
},
{
// The HA hooks library should be loaded.
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
"parameters": {
// Each server should have the same HA configuration, except for the
// "this-server-name" parameter.
"high-availability": [ {
// This parameter points to this server instance. The respective
// HA peers must have this parameter set to their own names.
"this-server-name": "{{ inventory_hostname.split('.')[0] }}",
// The HA mode is set to hot-standby. In this mode, the active server handles
// all the traffic. The standby takes over if the primary becomes unavailable.
"mode": "hot-standby",
// Heartbeat is to be sent every 10 seconds if no other control
// commands are transmitted.
"heartbeat-delay": 10000,
// Maximum time for partner's response to a heartbeat, after which
// failure detection is started. This is specified in milliseconds.
// If we don't hear from the partner in 60 seconds, it's time to
// start worrying.
"max-response-delay": 60000,
// The following parameters control how the server detects the
// partner's failure. The ACK delay sets the threshold for the
// 'secs' field of the received discovers. This is specified in
// milliseconds.
"max-ack-delay": 5000,
// This specifies the number of clients which send messages to
// the partner but appear to not receive any response.
"max-unacked-clients": 5,
// This specifies the maximum timeout (in milliseconds) for the server
// to complete sync. If you have a large deployment (high tens or
// hundreds of thousands of clients), you may need to increase it
// further. The default value is 60000ms (60 seconds).
"sync-timeout": 60000,
"peers": [
// This is the configuration of this server instance.
{
"name": "{{ lookup('dig', dhcpd_primary+'/PTR').split('.')[0] }}",
// This specifies the URL of our server instance. The
// Control Agent must run along with our DHCPv4 server
// instance and the "http-host" and "http-port" must be
// set to the corresponding values.
"url": "http://{{ dhcpd_primary }}:8000/",
// This server is primary. The other one must be
// secondary.
"role": "primary"
},
// This is the configuration of our HA peer.
{
"name": "{{ lookup('dig', dhcpd_secondary+'/PTR').split('.')[0] }}",
// Specifies the URL on which the partner's control
// channel can be reached. The Control Agent is required
// to run on the partner's machine with "http-host" and
// "http-port" values set to the corresponding values.
"url": "http://{{ dhcpd_secondary }}:8000/",
// The partner is a secondary. Our is primary.
"role": "standby"
}
]
} ]
}
}
],
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"option-data": [
{
"name": "domain-name-servers",
"data": "{{ name_servers | join(', ') }}"
},
{
"name": "domain-name",
"data": "binary.kitchen"
},
{
"name": "domain-search",
"data": "binary.kitchen"
}
],
"subnet4": [
{
"subnet": "172.23.1.0/24",
"option-data": [
{
"name": "routers",
"data": "172.23.1.1"
}
],
"reservations": [
{
"hw-address": "44:48:c1:ce:a9:00",
"ip-address": "172.23.1.41",
"hostname": "ap01"
},
{
"hw-address": "74:9e:75:ce:93:54",
"ip-address": "172.23.1.44",
"hostname": "ap04"
},
{
"hw-address": "bc:9f:e4:c3:6f:aa",
"ip-address": "172.23.1.45",
"hostname": "ap05"
},
{
"hw-address": "94:b4:0f:c0:1d:a0",
"ip-address": "172.23.1.46",
"hostname": "ap06"
}
]
},
{
"subnet": "172.23.2.0/24",
"option-data": [
{
"name": "routers",
"data": "172.23.2.1"
}
]
},
{
"subnet": "172.23.3.0/24",
"pools": [ { "pool": "172.23.3.10 - 172.23.3.230" } ],
"option-data": [
{
"name": "routers",
"data": "172.23.3.1"
},
{
"name": "domain-search",
"data": "binary.kitchen, users.binary.kitchen"
}
],
"reservations": [
{
"hw-address": "1a:1b:1c:1d:1e:1f",
"ip-address": "172.23.3.201",
"hostname": "special-snowflake",
"option-data": [ {
"name": "domain-name-servers",
"data": "10.1.1.202, 10.1.1.203"
} ]
}
]
},
{
"subnet": "172.23.4.0/24",
"pools": [ { "pool": "172.23.4.10 - 172.23.4.240" } ],
"option-data": [
{
"name": "routers",
"data": "172.23.4.1"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "stdout",
"pattern": "%-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}