[dhcp] Sanitize dhcp configuration

2020-08-03 01:21:05 +02:00 · 2020-08-03 01:21:05 +02:00 · 5cab753ea8
parent e79124527c
commit 5cab753ea8
4 changed files with 84 additions and 92 deletions
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@ -6,93 +6,77 @@ dhcp:
    - { key: "interface-mtu", value: "1496" }
  global_parameters: []
  subnets:
-    - {
-    network: "10.51.0.0/16",
-    deny_unknown: False,
-    interface: "eth4",
-    default_lease_time: "600",
-    max_lease_time: "7200",
-    routers: "10.51.0.10",
-    dns: ["10.51.0.152", "10.51.0.4"],
-    domain_name: "accueil.crans.org",
-    domain_search: "accueil.crans.org",
+    - network: "10.51.0.0/16"
+      deny_unknown: False
+      vlan: "accueil"
+      default_lease_time: "600"
+      max_lease_time: "7200"
+      routers: "10.51.0.10"
+      dns: ["10.51.0.152", "10.51.0.4"]
+      domain_name: "accueil.crans.org"
+      domain_search: "accueil.crans.org"
      options:
-      [
-        { key: "time-servers", value: "10.51.0.10" },
-        { key: "ntp-servers", value: "10.51.0.10" },
-        { key: "ip-forwarding", value: "off" },
-      ],
-    range: ["10.51.1.0", "10.51.255.255"],
-    }
-    - {
-    network: "10.231.148.0/24",
-    deny_unknown: False,
-    interface: "eth2",
-    default_lease_time: "8600",
-    routers: "10.231.148.254",
-    dns: ["10.231.148.152", "10.231.148.4"],
-    domain_name: "borne.crans.org",
-    domain_search: "borne.crans.org",
+        - { key: "time-servers", value: "10.51.0.10" }
+        - { key: "ntp-servers", value: "10.51.0.10" }
+        - { key: "ip-forwarding", value: "off" }
+      range: ["10.51.1.0", "10.51.255.255"]
+
+    - network: "10.231.148.0/24"
+      deny_unknown: False
+      vlan: "bornes"
+      default_lease_time: "8600"
+      routers: "10.231.148.254"
+      dns: ["10.231.148.152", "10.231.148.4"]
+      domain_name: "borne.crans.org"
+      domain_search: "borne.crans.org"
      options:
-      [
-        { key: "time-servers", value: "10.231.148.98" },
-        { key: "ntp-servers", value: "10.231.148.98" },
-        { key: "ip-forwarding", value: "off" },
-      ],
-    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list",
-    }
-    - {
-    network: "185.230.78.0/24",
-    deny_unknown: True,
-    interface: "enp1s3",
-    default_lease_time: "86400",
-    routers: "185.230.78.254",
-    dns: ["185.230.78.152", "185.230.78.4"],
-    domain_name: "adh.crans.org",
-    domain_search: "adh.crans.org",
+        - { key: "time-servers", value: "10.231.148.98" }
+        - { key: "ntp-servers", value: "10.231.148.98" }
+        - { key: "ip-forwarding", value: "off" }
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list"
+
+    - network: "185.230.78.0/24"
+      deny_unknown: True
+      vlan: "fil_pub"
+      default_lease_time: "86400"
+      routers: "185.230.78.254"
+      dns: ["185.230.78.152", "185.230.78.4"]
+      domain_name: "adh.crans.org"
+      domain_search: "adh.crans.org"
      options:
-      [
-        { key: "time-servers", value: "185.230.79.98" },
-        { key: "ntp-servers", value: "185.230.79.98" },
-        { key: "ip-forwarding", value: "off" },
-        { key: "smtp-server", value: "185.230.79.39" },
-      ],
-    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list",
-    }
-    - {
-    network: "10.54.0.0/19",
-    deny_unknown: True,
-    interface: "eth6",
-    default_lease_time: "86400",
-    routers: "10.54.0.254",
-    dns: ["10.54.0.152", "10.54.0.4"],
-    domain_name: "fil.crans.org",
-    domain_search: "fil.crans.org",
+        - { key: "time-servers", value: "185.230.79.98" }
+        - { key: "ntp-servers", value: "185.230.79.98" }
+        - { key: "ip-forwarding", value: "off" }
+        - { key: "smtp-server", value: "185.230.79.39" }
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
+
+    - network: "10.54.0.0/19"
+      deny_unknown: True
+      vlan: "fil_new"
+      default_lease_time: "86400"
+      routers: "10.54.0.254"
+      dns: ["10.54.0.152", "10.54.0.4"]
+      domain_name: "fil.crans.org"
+      domain_search: "fil.crans.org"
      options:
-      [
-        { key: "time-servers", value: "185.230.79.98" },
-        { key: "ntp-servers", value: "185.230.79.98" },
-        { key: "ip-forwarding", value: "off" },
-        { key: "smtp-server", value: "185.230.79.39" },
-      ],
-    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list",
-    }
-    - {
-    network: "10.53.0.0/19",
-    deny_unknown: False, # For Federez
-    interface: "ens2",
-    default_lease_time: "86400",
-    routers: "10.53.0.254",
-    dns: ["10.53.0.152", "10.53.0.4"],
-    domain_name: "wifi.crans.org",
-    domain_search: "wifi.crans.org",
+        - { key: "time-servers", value: "185.230.79.98" }
+        - { key: "ntp-servers", value: "185.230.79.98" }
+        - { key: "ip-forwarding", value: "off" }
+        - { key: "smtp-server", value: "185.230.79.39" }
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list"
+
+    - network: "10.53.0.0/19"
+      deny_unknown: False # For Federez
+      vlan: "wifi_new"
+      default_lease_time: "86400"
+      routers: "10.53.0.254"
+      dns: ["10.53.0.152", "10.53.0.4"]
+      domain_name: "wifi.crans.org"
+      domain_search: "wifi.crans.org"
      options:
-      [
-        { key: "time-servers", value: "185.230.79.98" },
-        { key: "ntp-servers", value: "185.230.79.98" },
-        { key: "ip-forwarding", value: "off" },
-        { key: "smtp-server", value: "185.230.79.39" },
-      ],
-    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list",
+        - { key: "time-servers", value: "185.230.79.98" }
+        - { key: "ntp-servers", value: "185.230.79.98" }
+        - { key: "ip-forwarding", value: "off" }
+        - { key: "smtp-server", value: "185.230.79.39" }
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list"
      range: ["10.53.21.0", "10.53.25.254"]
-    }
--- a/host_vars/dhcp.adm.crans.org.yml
+++ b/host_vars/dhcp.adm.crans.org.yml
@ -1,4 +1,11 @@
 ---
+interfaces:
+  adm: eth1
+  bornes: eth2
+  accueil: eth4
+  fil_new: eth6
+  wifi_new: ens2
+  fil_pub: enp1s3

 # rsync_client
 to_backup:
--- a/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
+++ b/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
@ -14,5 +14,6 @@

 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
-INTERFACESv4="{{ dhcp | json_query('subnets[].interface[]') | join(" ") }}"
+{# Awesome query to get all the interfaces used by dhcp server #}
+INTERFACESv4="{{ dhcp | json_query('subnets[].vlan[]') | map('extract', interfaces) | join(' ') }}"
 INTERFACESv6=""
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@ -36,7 +36,7 @@ include "./dhcp-failover.conf";

 {% for subnet in dhcp.subnets %}
 subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
-       interface "{{ subnet.interface  }}";
+       interface "{{ interfaces[subnet.vlan]  }}";
 {% if subnet.default_lease_time is defined %}
       default-lease-time {{ subnet.default_lease_time }};
 {% endif %}