crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[dhcp] dont clone git from /tmp

certbot_on_virtu
_shirenn 2021-02-05 20:11:18 +01:00 committed by pa
parent ff864b50a1
commit f5cf25c9b7
9 changed files with 72 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
group_vars/dhcp.yml
View File

@ -1,22 +1,10 @@
--- ---
glob_dhcp:
dhcp:
authoritative: True authoritative: True
global_options: global_options:
- { key: "interface-mtu", value: "1500" } - { key: "interface-mtu", value: "1500" }
global_parameters: [] global_parameters: []
subnets: subnets:
- network: "100.64.0.0/16"
deny_unknown: True
vlan: "adh_nat"
default_lease_time: "600"
max_lease_time: "7200"
routers: "100.64.0.99"
dns: ["100.64.0.99"]
domain_name: "adh-nat.crans.org"
domain_search: "adh-nat.crans.org"
options: []
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- network: "185.230.78.0/24" - network: "185.230.78.0/24"
deny_unknown: True deny_unknown: True
vlan: "adh" vlan: "adh"
@ -28,6 +16,17 @@ dhcp:
domain_search: "adh.crans.org" domain_search: "adh.crans.org"
options: [] options: []
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list" lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
- network: "100.64.0.0/16"
deny_unknown: True
vlan: "adh_nat"
default_lease_time: "600"
max_lease_time: "7200"
routers: "100.64.0.99"
dns: ["100.64.0.99"]
domain_name: "adh-nat.crans.org"
domain_search: "adh-nat.crans.org"
options: []
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- network: "172.16.32.0/22" - network: "172.16.32.0/22"
deny_unknown: True deny_unknown: True
vlan: "infra" vlan: "infra"
@ -38,12 +37,37 @@ dhcp:
domain_search: "infra.crans.org" domain_search: "infra.crans.org"
options: [] options: []
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.infra.crans.org.list" lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.infra.crans.org.list"
- network: "172.16.14.0/24"
vlan: "accueil"
default_lease_time: "600"
max_lease_time: "7200"
dns: ["172.16.14.99"]
domain_name: "accueil.crans.org"
domain_search: "accueil.crans.org"
ranges:
- min: 172.16.14.1
max: 172.16.14.98
- min: 172.16.14.100
max: 172.16.14.254
options: []
- network: 100.65.0.0/16
vlan: "federez"
default_lease_time: "600"
max_lease_time: "7200"
routers: "100.65.0.99"
dns: ["100.65.0.99"]
domain_name: "federez.net"
domain_search: "federez.net"
ranges:
- min: 100.65.1.0
max: 100.65.255.254
options: []
re2o: re2o:
server: re2o.adm.crans.org server: re2o.adm.crans.org
service_user: "ploptotoisverysecure" service_user: "ploptotoisverysecure"
service_password: "ploptotoisverysecure" service_password: "ploptotoisverysecure"
dhcp:
uri: "/tmp/re2o-dhcp.git"
mail_server: smtp.adm.crans.org mail_server: smtp.adm.crans.org
glob_re2o_dhcp:
uri: "https://gitlab.adm.crans.org/nounous/re2o-dhcp.git"

1
host_vars/routeur-daniel.adm.crans.org.yml
View File

@ -8,6 +8,7 @@ interfaces:
adh_nat: ens23 adh_nat: ens23
zayo: enp1s3 zayo: enp1s3
federez: enp1s4 federez: enp1s4
accueil: ens1
firewall: firewall:
version: HEAD version: HEAD

2
host_vars/routeur-jack.adm.crans.org.yml
View File

@ -7,7 +7,7 @@ interfaces:
adh: ens22 adh: ens22
adh_nat: ens23 adh_nat: ens23
zayo: enp1s3 zayo: enp1s3
federez: enp1s4 # federez: enp1s4
accueil: ens1 accueil: ens1
firewall: firewall:

3
plays/dhcp.yml
View File

@ -2,6 +2,9 @@
--- ---
# Deploy DHCP server # Deploy DHCP server
- hosts: dhcp - hosts: dhcp
vars:
dhcp: "{{ glob_dhcp | default({}) | combine(loc_dhcp | default({})) }}"
re2o_dhcp: "{{ glob_re2o_dhcp | default({}) | combine(loc_re2o_dhcp | default({})) }}"
roles: roles:
- isc-dhcp-server - isc-dhcp-server
- re2o-services - re2o-services

1
roles/isc-dhcp-server/handlers/main.yml
View File

@ -4,3 +4,4 @@
name: isc-dhcp-server name: isc-dhcp-server
state: restarted state: restarted
enabled: true enabled: true
when: not ansible_check_mode

8
roles/isc-dhcp-server/tasks/main.yml
View File

@ -13,13 +13,13 @@
src: default/isc-dhcp-server.j2 src: default/isc-dhcp-server.j2
dest: /etc/default/isc-dhcp-server dest: /etc/default/isc-dhcp-server
mode: 0600 mode: 0600
notify: # notify:
- restart dhcp server # - restart dhcp server
- name: Configure isc-dhcp-server - name: Configure isc-dhcp-server
template: template:
src: dhcp/dhcpd.conf.j2 src: dhcp/dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf dest: /etc/dhcp/dhcpd.conf
mode: 0600 mode: 0600
notify: # notify:
- restart dhcp server # - restart dhcp server

40
roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
View File

@ -36,40 +36,42 @@ include "./dhcp-failover.conf";
{% for subnet in dhcp.subnets %} {% for subnet in dhcp.subnets %}
subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} { subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
interface "{{ interfaces[subnet.vlan] }}"; interface "{{ interfaces[subnet.vlan] }}";
{% if subnet.default_lease_time is defined %} {% if subnet.default_lease_time is defined %}
default-lease-time {{ subnet.default_lease_time }}; default-lease-time {{ subnet.default_lease_time }};
{% endif %} {% endif %}
{% if subnet.max_lease_time is defined %} {% if subnet.max_lease_time is defined %}
max-lease-time {{ subnet.max_lease_time }}; max-lease-time {{ subnet.max_lease_time }};
{% endif %} {% endif %}
option subnet-mask {{ subnet.network | ipaddr('netmask') }}; option subnet-mask {{ subnet.network | ipaddr('netmask') }};
option broadcast-address {{ subnet.network | ipaddr('broadcast') }}; option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
{% if subnet.routers is defined %} {% if subnet.routers is defined %}
option routers {{ subnet.routers }}; option routers {{ subnet.routers }};
{% endif %} {% endif %}
option domain-name-servers {{ subnet.dns | join(", ") }}; option domain-name-servers {{ subnet.dns | join(", ") }};
option domain-name "{{ subnet.domain_name }}"; option domain-name "{{ subnet.domain_name }}";
option domain-search "{{ subnet.domain_search }}"; option domain-search "{{ subnet.domain_search }}";
{% for option in subnet.options %} {% for option in subnet.options %}
option {{ option.key }} {{ option.value }}; option {{ option.key }} {{ option.value }};
{% endfor %} {% endfor %}
{% if subnet.lease_file is defined %} {% if subnet.lease_file is defined %}
include "{{ subnet.lease_file }}"; include "{{ subnet.lease_file }}";
{% endif %} {% endif %}
{% if subnet.range is defined %} {% if subnet.ranges is defined %}
pool { pool {
{% if dhcp.failover is defined %} {% if dhcp.failover is defined %}
failover peer {{ dhcp.failover.name }} failover peer {{ dhcp.failover.name }}
{% endif %} {% endif %}
range {{ subnet.range | join(" ")}}; {% for pool in subnet.ranges %}
} range {{ pool.min }} {{ pool.max }};
{% endfor %}
}
{% endif %} {% endif %}
{% if subnet.deny_unknown %} {% if subnet.deny_unknown is defined and subnet.deny_unknown %}
deny unknown-clients; deny unknown-clients;
{% else %} {% else %}
allow unknown-clients; allow unknown-clients;
{% endif %} {% endif %}
} }
{% endfor %} {% endfor %}

2
roles/re2o-dhcp/tasks/main.yml
View File

@ -19,7 +19,7 @@
- name: Clone re2o-dhcp repository - name: Clone re2o-dhcp repository
git: git:
repo: "{{ re2o.dhcp.uri }}" repo: "{{ re2o_dhcp.uri }}"
dest: /var/local/re2o-services/dhcp dest: /var/local/re2o-services/dhcp
version: crans version: crans
umask: '002' umask: '002'

2
roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
View File

@ -1,2 +1,2 @@
{{ ansible_header | comment }} {{ ansible_header | comment }}
* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py * * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py --force