[dhcp] dont clone git from /tmp

2021-02-05 20:11:18 +01:00 · 2021-02-05 20:11:18 +01:00 · f5cf25c9b7
parent ff864b50a1
commit f5cf25c9b7
9 changed files with 72 additions and 41 deletions
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@ -1,22 +1,10 @@
 ---
-
+glob_dhcp:
 dhcp:
  authoritative: True
  global_options:
    - { key: "interface-mtu", value: "1500" }
  global_parameters: []
  subnets:
    - network: "100.64.0.0/16"
      deny_unknown: True
      vlan: "adh_nat"
      default_lease_time: "600"
      max_lease_time: "7200"
      routers: "100.64.0.99"
      dns: ["100.64.0.99"]
      domain_name: "adh-nat.crans.org"
      domain_search: "adh-nat.crans.org"
      options: []
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
    - network: "185.230.78.0/24"
      deny_unknown: True
      vlan: "adh"
@ -28,6 +16,17 @@ dhcp:
      domain_search: "adh.crans.org"
      options: []
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
    - network: "100.64.0.0/16"
      deny_unknown: True
      vlan: "adh_nat"
      default_lease_time: "600"
      max_lease_time: "7200"
      routers: "100.64.0.99"
      dns: ["100.64.0.99"]
      domain_name: "adh-nat.crans.org"
      domain_search: "adh-nat.crans.org"
      options: []
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
    - network: "172.16.32.0/22"
      deny_unknown: True
      vlan: "infra"
@ -38,12 +37,37 @@ dhcp:
      domain_search: "infra.crans.org"
      options: []
      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.infra.crans.org.list"
    - network: "172.16.14.0/24"
      vlan: "accueil"
      default_lease_time: "600"
      max_lease_time: "7200"
      dns: ["172.16.14.99"]
      domain_name: "accueil.crans.org"
      domain_search: "accueil.crans.org"
      ranges:
        - min: 172.16.14.1
          max: 172.16.14.98
        - min: 172.16.14.100
          max: 172.16.14.254
      options: []
    - network: 100.65.0.0/16
      vlan: "federez"
      default_lease_time: "600"
      max_lease_time: "7200"
      routers: "100.65.0.99"
      dns: ["100.65.0.99"]
      domain_name: "federez.net"
      domain_search: "federez.net"
      ranges:
        - min: 100.65.1.0
          max: 100.65.255.254
      options: []
 re2o:
  server: re2o.adm.crans.org
  service_user: "ploptotoisverysecure"
  service_password: "ploptotoisverysecure"
  dhcp:
    uri: "/tmp/re2o-dhcp.git"
 mail_server: smtp.adm.crans.org
 glob_re2o_dhcp:
  uri: "https://gitlab.adm.crans.org/nounous/re2o-dhcp.git"
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@ -8,6 +8,7 @@ interfaces:
  adh_nat: ens23
  zayo: enp1s3
  federez: enp1s4
  accueil: ens1
 firewall:
  version: HEAD
--- a/host_vars/routeur-jack.adm.crans.org.yml
+++ b/host_vars/routeur-jack.adm.crans.org.yml
@ -7,7 +7,7 @@ interfaces:
  adh: ens22
  adh_nat: ens23
  zayo: enp1s3
-  federez: enp1s4
+#  federez: enp1s4
  accueil: ens1
 firewall:
--- a/plays/dhcp.yml
+++ b/plays/dhcp.yml
@ -2,6 +2,9 @@
 ---
 # Deploy DHCP server
 - hosts: dhcp
  vars:
    dhcp: "{{ glob_dhcp | default({}) | combine(loc_dhcp | default({})) }}"
    re2o_dhcp: "{{ glob_re2o_dhcp | default({}) | combine(loc_re2o_dhcp | default({})) }}"
  roles:
    - isc-dhcp-server
    - re2o-services
--- a/roles/isc-dhcp-server/handlers/main.yml
+++ b/roles/isc-dhcp-server/handlers/main.yml
@ -4,3 +4,4 @@
    name: isc-dhcp-server
    state: restarted
    enabled: true
  when: not ansible_check_mode
--- a/roles/isc-dhcp-server/tasks/main.yml
+++ b/roles/isc-dhcp-server/tasks/main.yml
@ -13,13 +13,13 @@
    src: default/isc-dhcp-server.j2
    dest: /etc/default/isc-dhcp-server
    mode: 0600
-  notify:
+#  notify:
-    - restart dhcp server
+#    - restart dhcp server
 - name: Configure isc-dhcp-server
  template:
    src: dhcp/dhcpd.conf.j2
    dest: /etc/dhcp/dhcpd.conf
    mode: 0600
-  notify:
+#  notify:
-    - restart dhcp server
+#    - restart dhcp server
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@ -57,16 +57,18 @@ subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipad
 {% if subnet.lease_file is defined %}
 	include "{{ subnet.lease_file }}";
 {% endif %}
-{% if subnet.range is defined %}
+{% if subnet.ranges is defined %}
 	pool {
  {% if dhcp.failover is defined %}
 		failover peer {{ dhcp.failover.name }}
  {% endif %}
-          range {{ subnet.range | join(" ")}};
+{% for pool in subnet.ranges %}
 		range {{ pool.min }} {{ pool.max }};
 {% endfor %}
 	}
  {% endif %}
-{% if subnet.deny_unknown %}
+{% if subnet.deny_unknown is defined and subnet.deny_unknown %}
 	deny unknown-clients;
 {% else %}
 	allow unknown-clients;
--- a/roles/re2o-dhcp/tasks/main.yml
+++ b/roles/re2o-dhcp/tasks/main.yml
@ -19,7 +19,7 @@
 - name: Clone re2o-dhcp repository
  git:
-    repo: "{{ re2o.dhcp.uri }}"
+    repo: "{{ re2o_dhcp.uri }}"
    dest: /var/local/re2o-services/dhcp
    version: crans
    umask: '002'
--- a/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
+++ b/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
@ -1,2 +1,2 @@
 {{ ansible_header | comment }}
-* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py
+* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py --force
`@ -1,2 +1,2 @@`
	`{{ ansible_header \| comment }}`	`{{ ansible_header \| comment }}`
	`* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py`	`* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py --force`