[dhcp] Sanitize dhcp configuration

2020-08-03 01:21:05 +02:00 · 2020-08-03 01:21:05 +02:00 · 5cab753ea8
parent e79124527c
commit 5cab753ea8
4 changed files with 84 additions and 92 deletions
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@ -6,93 +6,77 @@ dhcp:
    - { key: "interface-mtu", value: "1496" }
  global_parameters: []
  subnets:
-    - {
+    - network: "10.51.0.0/16"
-    network: "10.51.0.0/16",
+      deny_unknown: False
-    deny_unknown: False,
+      vlan: "accueil"
-    interface: "eth4",
+      default_lease_time: "600"
-    default_lease_time: "600",
+      max_lease_time: "7200"
-    max_lease_time: "7200",
+      routers: "10.51.0.10"
-    routers: "10.51.0.10",
+      dns: ["10.51.0.152", "10.51.0.4"]
-    dns: ["10.51.0.152", "10.51.0.4"],
+      domain_name: "accueil.crans.org"
-    domain_name: "accueil.crans.org",
+      domain_search: "accueil.crans.org"
-    domain_search: "accueil.crans.org",
+      options:
-    options:
+        - { key: "time-servers", value: "10.51.0.10" }
-      [
+        - { key: "ntp-servers", value: "10.51.0.10" }
-        { key: "time-servers", value: "10.51.0.10" },
+        - { key: "ip-forwarding", value: "off" }
-        { key: "ntp-servers", value: "10.51.0.10" },
+      range: ["10.51.1.0", "10.51.255.255"]
-        { key: "ip-forwarding", value: "off" },
+
-      ],
+    - network: "10.231.148.0/24"
-    range: ["10.51.1.0", "10.51.255.255"],
+      deny_unknown: False
-    }
+      vlan: "bornes"
-    - {
+      default_lease_time: "8600"
-    network: "10.231.148.0/24",
+      routers: "10.231.148.254"
-    deny_unknown: False,
+      dns: ["10.231.148.152", "10.231.148.4"]
-    interface: "eth2",
+      domain_name: "borne.crans.org"
-    default_lease_time: "8600",
+      domain_search: "borne.crans.org"
-    routers: "10.231.148.254",
+      options:
-    dns: ["10.231.148.152", "10.231.148.4"],
+        - { key: "time-servers", value: "10.231.148.98" }
-    domain_name: "borne.crans.org",
+        - { key: "ntp-servers", value: "10.231.148.98" }
-    domain_search: "borne.crans.org",
+        - { key: "ip-forwarding", value: "off" }
-    options:
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list"
-      [
+
-        { key: "time-servers", value: "10.231.148.98" },
+    - network: "185.230.78.0/24"
-        { key: "ntp-servers", value: "10.231.148.98" },
+      deny_unknown: True
-        { key: "ip-forwarding", value: "off" },
+      vlan: "fil_pub"
-      ],
+      default_lease_time: "86400"
-    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list",
+      routers: "185.230.78.254"
-    }
+      dns: ["185.230.78.152", "185.230.78.4"]
-    - {
+      domain_name: "adh.crans.org"
-    network: "185.230.78.0/24",
+      domain_search: "adh.crans.org"
-    deny_unknown: True,
+      options:
-    interface: "enp1s3",
+        - { key: "time-servers", value: "185.230.79.98" }
-    default_lease_time: "86400",
+        - { key: "ntp-servers", value: "185.230.79.98" }
-    routers: "185.230.78.254",
+        - { key: "ip-forwarding", value: "off" }
-    dns: ["185.230.78.152", "185.230.78.4"],
+        - { key: "smtp-server", value: "185.230.79.39" }
-    domain_name: "adh.crans.org",
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
-    domain_search: "adh.crans.org",
+
-    options:
+    - network: "10.54.0.0/19"
-      [
+      deny_unknown: True
-        { key: "time-servers", value: "185.230.79.98" },
+      vlan: "fil_new"
-        { key: "ntp-servers", value: "185.230.79.98" },
+      default_lease_time: "86400"
-        { key: "ip-forwarding", value: "off" },
+      routers: "10.54.0.254"
-        { key: "smtp-server", value: "185.230.79.39" },
+      dns: ["10.54.0.152", "10.54.0.4"]
-      ],
+      domain_name: "fil.crans.org"
-    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list",
+      domain_search: "fil.crans.org"
-    }
+      options:
-    - {
+        - { key: "time-servers", value: "185.230.79.98" }
-    network: "10.54.0.0/19",
+        - { key: "ntp-servers", value: "185.230.79.98" }
-    deny_unknown: True,
+        - { key: "ip-forwarding", value: "off" }
-    interface: "eth6",
+        - { key: "smtp-server", value: "185.230.79.39" }
-    default_lease_time: "86400",
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list"
-    routers: "10.54.0.254",
+
-    dns: ["10.54.0.152", "10.54.0.4"],
+    - network: "10.53.0.0/19"
-    domain_name: "fil.crans.org",
+      deny_unknown: False # For Federez
-    domain_search: "fil.crans.org",
+      vlan: "wifi_new"
-    options:
+      default_lease_time: "86400"
-      [
+      routers: "10.53.0.254"
-        { key: "time-servers", value: "185.230.79.98" },
+      dns: ["10.53.0.152", "10.53.0.4"]
-        { key: "ntp-servers", value: "185.230.79.98" },
+      domain_name: "wifi.crans.org"
-        { key: "ip-forwarding", value: "off" },
+      domain_search: "wifi.crans.org"
-        { key: "smtp-server", value: "185.230.79.39" },
+      options:
-      ],
+        - { key: "time-servers", value: "185.230.79.98" }
-    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list",
+        - { key: "ntp-servers", value: "185.230.79.98" }
-    }
+        - { key: "ip-forwarding", value: "off" }
-    - {
+        - { key: "smtp-server", value: "185.230.79.39" }
-    network: "10.53.0.0/19",
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list"
-    deny_unknown: False, # For Federez
+      range: ["10.53.21.0", "10.53.25.254"]
    interface: "ens2",
    default_lease_time: "86400",
    routers: "10.53.0.254",
    dns: ["10.53.0.152", "10.53.0.4"],
    domain_name: "wifi.crans.org",
    domain_search: "wifi.crans.org",
    options:
      [
        { key: "time-servers", value: "185.230.79.98" },
        { key: "ntp-servers", value: "185.230.79.98" },
        { key: "ip-forwarding", value: "off" },
        { key: "smtp-server", value: "185.230.79.39" },
      ],
    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list",
    range: ["10.53.21.0", "10.53.25.254"]
    }
--- a/host_vars/dhcp.adm.crans.org.yml
+++ b/host_vars/dhcp.adm.crans.org.yml
@ -1,4 +1,11 @@
 ---
 interfaces:
  adm: eth1
  bornes: eth2
  accueil: eth4
  fil_new: eth6
  wifi_new: ens2
  fil_pub: enp1s3
 # rsync_client
 to_backup:
--- a/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
+++ b/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
@ -14,5 +14,6 @@
 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
-INTERFACESv4="{{ dhcp | json_query('subnets[].interface[]') | join(" ") }}"
+{# Awesome query to get all the interfaces used by dhcp server #}
 INTERFACESv4="{{ dhcp | json_query('subnets[].vlan[]') | map('extract', interfaces) | join(' ') }}"
 INTERFACESv6=""
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@ -36,7 +36,7 @@ include "./dhcp-failover.conf";
 {% for subnet in dhcp.subnets %}
 subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
-       interface "{{ subnet.interface  }}";
+       interface "{{ interfaces[subnet.vlan]  }}";
 {% if subnet.default_lease_time is defined %}
       default-lease-time {{ subnet.default_lease_time }};
 {% endif %}