[dhcp] dont clone git from /tmp

2021-02-05 20:11:18 +01:00 · 2021-02-05 20:11:18 +01:00 · f5cf25c9b7
parent ff864b50a1
commit f5cf25c9b7
9 changed files with 72 additions and 41 deletions
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@ -1,22 +1,10 @@
 ---
-
-dhcp:
+glob_dhcp:
  authoritative: True
  global_options:
    - { key: "interface-mtu", value: "1500" }
  global_parameters: []
  subnets:
-    - network: "100.64.0.0/16"
-      deny_unknown: True
-      vlan: "adh_nat"
-      default_lease_time: "600"
-      max_lease_time: "7200"
-      routers: "100.64.0.99"
-      dns: ["100.64.0.99"]
-      domain_name: "adh-nat.crans.org"
-      domain_search: "adh-nat.crans.org"
-      options: []
-      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
    - network: "185.230.78.0/24"
      deny_unknown: True
      vlan: "adh"
@ -28,6 +16,17 @@ dhcp:
      domain_search: "adh.crans.org"
      options: []
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
+    - network: "100.64.0.0/16"
+      deny_unknown: True
+      vlan: "adh_nat"
+      default_lease_time: "600"
+      max_lease_time: "7200"
+      routers: "100.64.0.99"
+      dns: ["100.64.0.99"]
+      domain_name: "adh-nat.crans.org"
+      domain_search: "adh-nat.crans.org"
+      options: []
+      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
    - network: "172.16.32.0/22"
      deny_unknown: True
      vlan: "infra"
@ -38,12 +37,37 @@ dhcp:
      domain_search: "infra.crans.org"
      options: []
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.infra.crans.org.list"
+    - network: "172.16.14.0/24"
+      vlan: "accueil"
+      default_lease_time: "600"
+      max_lease_time: "7200"
+      dns: ["172.16.14.99"]
+      domain_name: "accueil.crans.org"
+      domain_search: "accueil.crans.org"
+      ranges:
+        - min: 172.16.14.1
+          max: 172.16.14.98
+        - min: 172.16.14.100
+          max: 172.16.14.254
+      options: []
+    - network: 100.65.0.0/16
+      vlan: "federez"
+      default_lease_time: "600"
+      max_lease_time: "7200"
+      routers: "100.65.0.99"
+      dns: ["100.65.0.99"]
+      domain_name: "federez.net"
+      domain_search: "federez.net"
+      ranges:
+        - min: 100.65.1.0
+          max: 100.65.255.254
+      options: []

 re2o:
  server: re2o.adm.crans.org
  service_user: "ploptotoisverysecure"
  service_password: "ploptotoisverysecure"
-  dhcp:
-    uri: "/tmp/re2o-dhcp.git"

 mail_server: smtp.adm.crans.org
+glob_re2o_dhcp:
+  uri: "https://gitlab.adm.crans.org/nounous/re2o-dhcp.git"
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@ -8,6 +8,7 @@ interfaces:
  adh_nat: ens23
  zayo: enp1s3
  federez: enp1s4
+  accueil: ens1

 firewall:
  version: HEAD
--- a/host_vars/routeur-jack.adm.crans.org.yml
+++ b/host_vars/routeur-jack.adm.crans.org.yml
@ -7,7 +7,7 @@ interfaces:
  adh: ens22
  adh_nat: ens23
  zayo: enp1s3
-  federez: enp1s4
+#  federez: enp1s4
  accueil: ens1

 firewall:
--- a/plays/dhcp.yml
+++ b/plays/dhcp.yml
@ -2,6 +2,9 @@
 ---
 # Deploy DHCP server
 - hosts: dhcp
+  vars:
+    dhcp: "{{ glob_dhcp | default({}) | combine(loc_dhcp | default({})) }}"
+    re2o_dhcp: "{{ glob_re2o_dhcp | default({}) | combine(loc_re2o_dhcp | default({})) }}"
  roles:
    - isc-dhcp-server
    - re2o-services
--- a/roles/isc-dhcp-server/handlers/main.yml
+++ b/roles/isc-dhcp-server/handlers/main.yml
@ -4,3 +4,4 @@
    name: isc-dhcp-server
    state: restarted
    enabled: true
+  when: not ansible_check_mode
--- a/roles/isc-dhcp-server/tasks/main.yml
+++ b/roles/isc-dhcp-server/tasks/main.yml
@ -13,13 +13,13 @@
    src: default/isc-dhcp-server.j2
    dest: /etc/default/isc-dhcp-server
    mode: 0600
-  notify:
-    - restart dhcp server
+#  notify:
+#    - restart dhcp server

 - name: Configure isc-dhcp-server
  template:
    src: dhcp/dhcpd.conf.j2
    dest: /etc/dhcp/dhcpd.conf
    mode: 0600
-  notify:
-    - restart dhcp server
+#  notify:
+#    - restart dhcp server
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@ -36,40 +36,42 @@ include "./dhcp-failover.conf";

 {% for subnet in dhcp.subnets %}
 subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
-       interface "{{ interfaces[subnet.vlan]  }}";
+	interface "{{ interfaces[subnet.vlan]  }}";
 {% if subnet.default_lease_time is defined %}
-       default-lease-time {{ subnet.default_lease_time }};
+	default-lease-time {{ subnet.default_lease_time }};
 {% endif %}
 {% if subnet.max_lease_time is defined %}
-       max-lease-time {{ subnet.max_lease_time }};
+	max-lease-time {{ subnet.max_lease_time }};
 {% endif %}
-       option subnet-mask {{ subnet.network | ipaddr('netmask') }};
-       option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
+	option subnet-mask {{ subnet.network | ipaddr('netmask') }};
+	option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
 {% if subnet.routers is defined %}
-       option routers {{ subnet.routers }};
+	option routers {{ subnet.routers }};
 {% endif %}
-       option domain-name-servers {{ subnet.dns | join(", ") }};
-       option domain-name "{{ subnet.domain_name }}";
-       option domain-search "{{ subnet.domain_search }}";
+	option domain-name-servers {{ subnet.dns | join(", ") }};
+	option domain-name "{{ subnet.domain_name }}";
+	option domain-search "{{ subnet.domain_search }}";
 {% for option in subnet.options %}
-       option {{ option.key }} {{ option.value }};
+	option {{ option.key }} {{ option.value }};
 {% endfor %}
 {% if subnet.lease_file is defined %}
-       include "{{ subnet.lease_file }}";
+	include "{{ subnet.lease_file }}";
 {% endif %}
-{% if subnet.range is defined %}
-       pool {
+{% if subnet.ranges is defined %}
+	pool {
  {% if dhcp.failover is defined %}
-    failover peer {{ dhcp.failover.name }}
+		failover peer {{ dhcp.failover.name }}
  {% endif %}
-          range {{ subnet.range | join(" ")}};
-       }
+{% for pool in subnet.ranges %}
+		range {{ pool.min }} {{ pool.max }};
+{% endfor %}
+	}
  {% endif %}

-{% if subnet.deny_unknown %}
-       deny unknown-clients;
+{% if subnet.deny_unknown is defined and subnet.deny_unknown %}
+	deny unknown-clients;
 {% else %}
-       allow unknown-clients;
+	allow unknown-clients;
 {% endif %}
 }
 {% endfor %}
--- a/roles/re2o-dhcp/tasks/main.yml
+++ b/roles/re2o-dhcp/tasks/main.yml
@ -19,7 +19,7 @@

 - name: Clone re2o-dhcp repository
  git:
-    repo: "{{ re2o.dhcp.uri }}"
+    repo: "{{ re2o_dhcp.uri }}"
    dest: /var/local/re2o-services/dhcp
    version: crans
    umask: '002'
--- a/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
+++ b/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
@ -1,2 +1,2 @@
 {{ ansible_header | comment }}
-* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py
+* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py --force