From 6ae56bc002a12d496be1aad27e28735f66638ce1 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Sat, 21 Jan 2017 17:55:08 +0100 Subject: [PATCH] Add DHCP server role. --- group_vars/all | 4 - group_vars/kitchen | 4 + roles/dhcp/handlers/main.yml | 4 + roles/dhcp/tasks/main.yml | 18 ++++ roles/dhcp/templates/dhcp/dhcpd.conf.j2 | 130 ++++++++++++++++++++++++ site.yml | 1 + 6 files changed, 157 insertions(+), 4 deletions(-) create mode 100644 roles/dhcp/handlers/main.yml create mode 100644 roles/dhcp/tasks/main.yml create mode 100644 roles/dhcp/templates/dhcp/dhcpd.conf.j2 diff --git a/group_vars/all b/group_vars/all index a68ba8f..4716834 100644 --- a/group_vars/all +++ b/group_vars/all @@ -39,10 +39,6 @@ nslcd_base_group: ou=groups,dc=binary-kitchen,dc=de nslcd_base_shadow: ou=people,dc=binary-kitchen,dc=de nslcd_base_passwd: ou=people,dc=binary-kitchen,dc=de -ntp_servers: -- 172.23.1.61 -- 172.23.2.2 - owncloud_domain: oc.binary-kitchen.de owncloud_dbname: owncloud owncloud_dbuser: owncloud diff --git a/group_vars/kitchen b/group_vars/kitchen index 073a34a..7281a15 100644 --- a/group_vars/kitchen +++ b/group_vars/kitchen @@ -1,5 +1,9 @@ --- +dhcpd_failover: true +dhcpd_primary: 172.23.2.3 +dhcpd_secondary: 172.23.2.4 + name_servers: - 172.23.2.1 - 172.23.2.3 diff --git a/roles/dhcp/handlers/main.yml b/roles/dhcp/handlers/main.yml new file mode 100644 index 0000000..6384943 --- /dev/null +++ b/roles/dhcp/handlers/main.yml @@ -0,0 +1,4 @@ +--- + +- name: Restart isc-dhcp-server + service: name=isc-dhcp-server state=restarted diff --git a/roles/dhcp/tasks/main.yml b/roles/dhcp/tasks/main.yml new file mode 100644 index 0000000..ba04908 --- /dev/null +++ b/roles/dhcp/tasks/main.yml @@ -0,0 +1,18 @@ +--- + +- name: Install dhcp server + apt: name={{item}} state=latest + tags: dhcp + with_items: + - isc-dhcp-server + +- name: Configure dhcp server + template: src={{item}}.j2 dest=/etc/{{item}} + tags: dhcp + notify: Restart isc-dhcp-server + with_items: + - dhcp/dhcpd.conf + +- name: Start the dhcp server + service: name=isc-dhcp-server state=started enabled=yes + tags: dhcp diff --git a/roles/dhcp/templates/dhcp/dhcpd.conf.j2 b/roles/dhcp/templates/dhcp/dhcpd.conf.j2 new file mode 100644 index 0000000..cbc6ae2 --- /dev/null +++ b/roles/dhcp/templates/dhcp/dhcpd.conf.j2 @@ -0,0 +1,130 @@ +# dhcpd.conf + +# option definitions common to all supported networks... +option domain-name "binary.kitchen"; +option domain-name-servers {{ name_servers | join(', ') }}; +option ntp-servers {{ ntp_servers | join(', ') }}; + +default-lease-time 3600; +max-lease-time 14400; + +# Use this to enble / disable dynamic dns updates globally. +ddns-update-style none; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +log-facility local7; + +{% if dhcpd_failover == true %} + +# Failover + +failover peer "failover-partner" { +{% if ansible_default_ipv4.address == dhcpd_primary %} + primary; + address {{ dhcpd_primary }}; + peer address {{ dhcpd_secondary }}; +{% elif ansible_default_ipv4.address == dhcpd_secondary %} + secondary; + address {{ dhcpd_secondary }}; + peer address {{ dhcpd_primary }}; +{% endif %} + port 520; + peer port 520; + max-response-delay 60; + max-unacked-updates 10; +{% if ansible_default_ipv4.address == dhcpd_primary %} + mclt 600; + split 255; +{% endif %} + load balance max seconds 3; +} +{% endif %} + +# Binary Kitchen subnets + +# Management +subnet 172.23.1.0 netmask 255.255.255.0 {} + +# Services +subnet 172.23.2.0 netmask 255.255.255.0 { + option routers 172.23.2.254; +} + +# Members +subnet 172.23.3.0 netmask 255.255.255.0 { + option routers 172.23.3.254; + pool { +{% if dhcpd_failover == true %} + failover peer "failover-partner"; +{% endif %} + range 172.23.3.1 172.23.3.240; + } +} + +# Guests +subnet 172.23.4.0 netmask 255.255.255.0 { + option routers 172.23.4.254; + pool { +{% if dhcpd_failover == true %} + failover peer "failover-partner"; +{% endif %} + range 172.23.4.1 172.23.4.240; + } +} + + +# Fixed IPs +host cashdesk { + hardware ethernet 00:0b:ca:94:13:f1; + fixed-address cashdesk.binary.kitchen; +} + +host homer { + hardware ethernet b8:27:eb:24:b2:12; + fixed-address homer.binary.kitchen; +} + +host lock { + hardware ethernet b8:27:eb:5d:e7:6e; + fixed-address lock.binary.kitchen; +} + +host marge { + hardware ethernet b8:27:eb:54:99:1a; + fixed-address 172.23.2.15; +} + +host matrix { + hardware ethernet b8:27:eb:ed:22:58; + fixed-address matrix.binary.kitchen; +} + +host punsch { + hardware ethernet 00:21:85:1b:7f:3d; + fixed-address punsch.binary.kitchen; +} + +host spiegelei { + hardware ethernet 00:23:7d:79:82:8e; + fixed-address spiegelei.binary.kitchen; +} + +host zwiebel { + hardware ethernet b8:27:eb:0d:d1:55; + fixed-address zwiebel.binary.kitchen; +} + +# OMAPI + +omapi-port 7911; +omapi-key omapi_key; + +key omapi_key { + algorithm hmac-md5; + secret KDTrwNNyUOnGtrYo8RBjTzsE35hAjuggm5pxZD3xMuE4PdPyOkjuN/bM1uLLaIL/iGHQb/OmNsqCGqzOMSwhdA==; +} diff --git a/site.yml b/site.yml index 65ec715..b8be98c 100644 --- a/site.yml +++ b/site.yml @@ -10,6 +10,7 @@ hosts: bacon.binary.kitchen roles: - dns + - dhcp - name: Setup monitoring server hosts: nabia.binary.kitchen