[dhcp] Generate dhcpd.conf

group_vars/dhcp.yml

@@ -0,0 +1,98 @@
+---
+
+dhcp:
+  authoritative: True
+  global_options:
+    - { key: "interface-mtu", value: "1496" }
+  global_parameters: []
+  subnets:
+    - {
+    network: "10.51.0.0/16",
+    deny_unknown: False,
+    interface: "eth4",
+    default_lease_time: "600",
+    max_lease_time: "7200",
+    routers: "10.51.0.10",
+    dns: ["10.51.0.152", "10.51.0.4"],
+    domain_name: "accueil.crans.org",
+    domain_search: "accueil.crans.org",
+    options:
+      [
+        { key: "time-servers", value: "10.51.0.10" },
+        { key: "ntp-servers", value: "10.51.0.10" },
+        { key: "ip-forwarding", value: "off" },
+      ],
+    range: ["10.51.1.0", "10.51.255.255"],
+    }
+    - {
+    network: "10.231.148.0/24",
+    deny_unknown: False,
+    interface: "eth2",
+    default_lease_time: "8600",
+    routers: "10.231.148.254",
+    dns: ["10.231.148.152", "10.231.148.4"],
+    domain_name: "borne.crans.org",
+    domain_search: "borne.crans.org",
+    options:
+      [
+        { key: "time-servers", value: "10.231.148.98" },
+        { key: "ntp-servers", value: "10.231.148.98" },
+        { key: "ip-forwarding", value: "off" },
+      ],
+    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list",
+    }
+    - {
+    network: "185.230.78.0/24",
+    deny_unknown: True,
+    interface: "enp1s3",
+    default_lease_time: "86400",
+    routers: "185.230.78.254",
+    dns: ["185.230.78.152", "185.230.78.4"],
+    domain_name: "adh.crans.org",
+    domain_search: "adh.crans.org",
+    options:
+      [
+        { key: "time-servers", value: "185.230.79.98" },
+        { key: "ntp-servers", value: "185.230.79.98" },
+        { key: "ip-forwarding", value: "off" },
+        { key: "smtp-server", value: "185.230.79.39" },
+      ],
+    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list",
+    }
+    - {
+    network: "10.54.0.0/19",
+    deny_unknown: True,
+    interface: "eth6",
+    default_lease_time: "86400",
+    routers: "10.54.0.254",
+    dns: ["10.54.0.152", "10.54.0.4"],
+    domain_name: "fil.crans.org",
+    domain_search: "fil.crans.org",
+    options:
+      [
+        { key: "time-servers", value: "185.230.79.98" },
+        { key: "ntp-servers", value: "185.230.79.98" },
+        { key: "ip-forwarding", value: "off" },
+        { key: "smtp-server", value: "185.230.79.39" },
+      ],
+    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list",
+    }
+    - {
+    network: "10.53.0.0/19",
+    deny_unknown: False, # For Federez
+    interface: "ens2",
+    default_lease_time: "86400",
+    routers: "10.53.0.254",
+    dns: ["10.53.0.152", "10.53.0.4"],
+    domain_name: "wifi.crans.org",
+    domain_search: "wifi.crans.org",
+    options:
+      [
+        { key: "time-servers", value: "185.230.79.98" },
+        { key: "ntp-servers", value: "185.230.79.98" },
+        { key: "ip-forwarding", value: "off" },
+        { key: "smtp-server", value: "185.230.79.39" },
+      ],
+    lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list",
+    range: ["10.53.21.0", "10.53.25.254"]
+    }

hosts

@@ -4,6 +4,11 @@
 # > We name servers according to location, then type.
 # > Then we regroup everything in global geographic and type groups.
 
+
+[dhcp]
+dhcp.adm.crans.org
+
+
 [router]
 odlyd.adm.crans.org
 eap.adm.crans.org

plays/dhcp.yml

@@ -2,7 +2,5 @@
 ---
 # Deploy DHCP server
 - hosts: dhcp.adm.crans.org
-  vars:
+  roles:
-    dhcp:
+    - isc-dhcp-server
-      authoritative: true
-  roles: ["isc-dhcp-server"]

roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2

@@ -1,15 +1,14 @@
 # dhcpd.conf
+
 {{ ansible_header | comment }}
 
-# option definitions common to all supported networks...
+{% for option in dhcp.global_options %}
-#option domain-name "example.org";
+option {{ option.key }} {{ option.value }};
-#option domain-name-servers ns1.example.org, ns2.example.org;
+{% endfor %}
 
-# We have tagged network so use last 4 bytes for tag (1500 max)
+{% for parameter in dhcp.global_parameters %}
-option interface-mtu 1496;
+{{ parameter.key }} {{ parameter.value }};
-
+{% endfor %}
-default-lease-time 600;
-max-lease-time 7200;
 
 # The ddns-updates-style parameter controls whether or not the server will
 # attempt to do a DNS update when a lease is confirmed. We default to the
@@ -27,6 +26,48 @@ authoritative;
 
 # Use this to send dhcp log messages to a different log file (you also
 # have to hack syslog.conf to complete the redirection).
-#log-facility local7;
+log-facility local7;
 
-# TODO
+
+{% if dhcp.failover is defined %}
+include "./dhcp-failover.conf";
+{% endif %}
+
+
+{% for subnet in dhcp.subnets %}
+subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
+       interface "{{ subnet.interface  }}";
+{% if subnet.default_lease_time is defined %}
+       default-lease-time {{ subnet.default_lease_time }};
+{% endif %}
+{% if subnet.max_lease_time is defined %}
+       max-lease-time {{ subnet.max_lease_time }};
+{% endif %}
+       option subnet-mask {{ subnet.network | ipaddr('netmask') }};
+       option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
+       option routers {{ subnet.routers }};
+       option domain-name-servers {{ subnet.dns | join(", ") }};
+       option domain-name "{{ subnet.domain_name }}";
+       option domain-search "{{ subnet.domain_search }}";
+{% for option in subnet.options %}
+       option {{ option.key }} {{ option.value }};
+{% endfor %}
+{% if subnet.lease_file is defined %}
+       include "{{ subnet.lease_file }}";
+{% endif %}
+{% if subnet.range is defined %}
+       pool {
+  {% if dhcp.failover is defined %}
+    failover peer {{ dhcp.failover.name }}
+  {% endif %}
+          range {{ subnet.range | join(" ")}};
+       }
+  {% endif %}
+
+{% if subnet.deny_unknown %}
+       deny unknown-clients;
+{% else %}
+       allow unknown-clients;
+{% endif %}
+}
+{% endfor %}