From 0a51ee02a33080134bf1eb1783cbe752a2e5ca3a Mon Sep 17 00:00:00 2001
From: Tobias Hachmer <tobias@hachmer.de>
Date: Thu, 28 Dec 2017 22:10:09 +0100
Subject: [PATCH] Role service-dhcpd: change dhcp daemon to kea

---
 inventory/group_vars/all                      |  2 +
 roles/handlers/handlers/main.yml              |  6 --
 roles/service-dhcpd/README.md                 |  8 +-
 roles/service-dhcpd/handlers/main.yml         |  5 ++
 roles/service-dhcpd/tasks/main.yml            | 38 ++++-----
 roles/service-dhcpd/templates/dhcpd.conf.j2   | 28 -------
 .../service-dhcpd/templates/kea_dhcp4.conf.j2 | 81 +++++++++++++++++++
 roles/service-dhcpd/vars/main.yml             | 19 +++++
 8 files changed, 125 insertions(+), 62 deletions(-)
 create mode 100644 roles/service-dhcpd/handlers/main.yml
 delete mode 100644 roles/service-dhcpd/templates/dhcpd.conf.j2
 create mode 100644 roles/service-dhcpd/templates/kea_dhcp4.conf.j2
 create mode 100644 roles/service-dhcpd/vars/main.yml

diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 458482e..9d158ff 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -32,6 +32,7 @@ meshes:
     dnssl:
       - ffmz.org
       - user.ffmz.org
+    kea_dnssl_binary: "0466666d7a036f72670004757365729000"
     batman:
       it: 10000
       gw: server 96mbit/96mbit
@@ -90,6 +91,7 @@ meshes:
     dnssl:
       - ffwi.org
       - user.ffwi.org
+    kea_dnssl_binary: "0466667769036f72670004757365729000"
     batman:
       it: 10000
       gw: server 96mbit/96mbit
diff --git a/roles/handlers/handlers/main.yml b/roles/handlers/handlers/main.yml
index b0dd612..c89973c 100644
--- a/roles/handlers/handlers/main.yml
+++ b/roles/handlers/handlers/main.yml
@@ -28,12 +28,6 @@
     name: bird6
     state: reloaded
 
-- name: restart isc dhcp server
-  systemd:
-    name: isc-dhcp-server
-    enabled: yes
-    state: restarted
-
 - name: restart fastd intragate instances
   systemd:
     name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
diff --git a/roles/service-dhcpd/README.md b/roles/service-dhcpd/README.md
index 45d5742..7e1dcb2 100644
--- a/roles/service-dhcpd/README.md
+++ b/roles/service-dhcpd/README.md
@@ -1,11 +1,10 @@
 # Ansible role service-dhcpd
 
-Diese Ansible role installiert und konfiguriert den isc dhcp daemon.
+Diese Ansible role installiert und konfiguriert den kea dhcp daemon.
 Wir nutzen diesen nur zur Verteilung von IPv4-Adressen.
 
-- installiert isc-dhcp-server
-- setzt interfaces in /etc/default/isc-dhcp-server
-- schreibt dhcpd.conf
+- installiert kea-dhcp4-server
+- schreibt kea-dhcp4.conf
 
 ## Benötigte Variablen
 
@@ -19,6 +18,7 @@ meshes:
     ipv4_network:
     dnssl:
       - $domain # string
+    kea_dnssl_binary: # kea < 1.2 only supports dnssl data in hex format
     iface_mtu: # integer
 ´´´
 - Host Variable `magic`
diff --git a/roles/service-dhcpd/handlers/main.yml b/roles/service-dhcpd/handlers/main.yml
new file mode 100644
index 0000000..50b5e0f
--- /dev/null
+++ b/roles/service-dhcpd/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart kea-dhcp4-server
+  systemd:
+    name: kea-dhcp4-server
+    state: restarted
diff --git a/roles/service-dhcpd/tasks/main.yml b/roles/service-dhcpd/tasks/main.yml
index f4a82a1..e6f7fc8 100644
--- a/roles/service-dhcpd/tasks/main.yml
+++ b/roles/service-dhcpd/tasks/main.yml
@@ -1,34 +1,24 @@
 ---
 - name: install dhcp packages
   package:
-    name: isc-dhcp-server
+    name: "{{ item }}"
     state: present
+  with_items: "{{ kea_packages }}"
 
-- name: concatenate meshbridge interfaces
-  set_fact:
-    dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}br{% if not loop.last %} {% endif %}{% endfor %}"
-
-- name: set ipv4 interfaces isc dhcp should listen on
-  lineinfile:
-    path: /etc/default/isc-dhcp-server
-    regexp: '^INTERFACESv4="'
-    line: 'INTERFACESv4="{{ dhcp_interfaces }}"'
-  notify: restart isc dhcp server
-
-- name: set ipv6 interfaces isc dhcp should listen on
-  lineinfile:
-    path: /etc/default/isc-dhcp-server
-    regexp: '^INTERFACESv6="'
-    line: 'INTERFACESv6=""'
-
-- name: configure isc dhcp server
+- name: configure kea dhcp server
   template:
-    src: dhcpd.conf.j2
-    dest: /etc/dhcp/dhcpd.conf
-  notify: restart isc dhcp server
+    src: kea_dhcp4.conf.j2
+    dest: /etc/kea/kea-dhcp4.conf
+  notify: restart kea-dhcp4-server
 
-- name: enable systemd unit isc-dhcp-server
+- name: remove kea init file if present
+  file:
+    path: /etc/init.d/kea-dhcp4-server
+    state: absent
+  notify: reload systemd
+
+- name: enable systemd unit kea
   systemd:
-    name: isc-dhcp-server
+    name: kea-dhcp4-server
     enabled: yes
     state: started
diff --git a/roles/service-dhcpd/templates/dhcpd.conf.j2 b/roles/service-dhcpd/templates/dhcpd.conf.j2
deleted file mode 100644
index 80a7c76..0000000
--- a/roles/service-dhcpd/templates/dhcpd.conf.j2
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-# {{ ansible_managed }}
-#
-ddns-update-style none;
-
-authoritative;
-server-name "{{ inventory_hostname_short }}";
-
-log-facility local7;
-
-default-lease-time 300;
-min-lease-time 300;
-max-lease-time 300;
-
-{% for mesh in meshes %}
-# DHCP subnet for site {{ mesh.site_name }} ({{ mesh.site_code }})
-subnet {{ mesh.ipv4_network | ipaddr('network') }} netmask {{ mesh.ipv4_network | ipaddr('netmask') }} {
-	range {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('network') }} {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('broadcast') }};
-	option routers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
-	option domain-name-servers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
-	option domain-search {% for domain in mesh.dnssl %}"{{ domain }}"{% if not loop.last %}, {% endif %}{% endfor %};
-	option ntp-servers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
-	option interface-mtu {{ mesh.iface_mtu }};
-}
-{% if not loop.last %}
-
-{% endif %}
-{% endfor %}
diff --git a/roles/service-dhcpd/templates/kea_dhcp4.conf.j2 b/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
new file mode 100644
index 0000000..00fe543
--- /dev/null
+++ b/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
@@ -0,0 +1,81 @@
+#
+# {{ ansible_managed }}
+#
+{
+
+"Dhcp4":
+{
+  "interfaces-config": {
+    "interfaces": [
+{% for mesh in meshes %}
+{% if not loop.last %}
+      "{{ mesh.id }}br",
+{% else %}
+      "{{ mesh.id }}br"
+{% endif %}
+{% endfor %}
+    ]
+  },
+  "lease-database": {
+    "type": "memfile",
+    "persist": true,
+    "lfc-interval": {{ kea_lease_database['lfc_interval'] }}
+  },
+  "expired-leases-processing": {
+    "reclaim-timer-wait-time": {{ kea_expired_leases_processing['reclaim_timer_wait_time'] }},
+    "flush-reclaimed-timer-wait-time": {{ kea_expired_leases_processing['flush_reclaimed_timer_wait_time'] }} ,
+    "hold-reclaimed-time": {{ kea_expired_leases_processing['hold_reclaimed_time'] }},
+    "max-reclaim-leases": {{ kea_expired_leases_processing['max_reclaim_leases'] }},
+    "max-reclaim-time": {{ kea_expired_leases_processing['max_reclaim_time'] }},
+    "unwarned-reclaim-cycles": {{ kea_expired_leases_processing['unwarned_reclaim_cycles'] }}
+  },
+  "valid-lifetime": {{ kea_lease_time }},
+  "subnet4": [
+{% for mesh in meshes %}
+    {
+      "subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}",
+      "pools": [ { "pool": "{{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('range_usable') }}" } ],
+      "option-data": [
+        {
+          "name": "routers",
+          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
+        },
+        {
+          "name": "time-servers",
+          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
+        },
+        {
+          "name": "domain-name-servers",
+          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
+        },
+        {
+          "name": "domain-search",
+          "data": "{{ mesh.kea_dnssl_binary }}",
+          "csv-format": false
+        }
+      ]
+{% if not loop.last %}
+    },
+{% else %}
+    }
+  ]
+{% endif %}
+{% endfor %}
+},
+"Logging":
+{
+  "loggers": [
+    {
+      "name": "kea-dhcp4",
+      "output_options": [
+          {
+            "output": "/var/log/kea-dhcp4.log"
+          }
+      ],
+      "severity": "WARN",
+      "debuglevel": 0
+    },
+  ]
+}
+
+}
diff --git a/roles/service-dhcpd/vars/main.yml b/roles/service-dhcpd/vars/main.yml
new file mode 100644
index 0000000..aa9d25f
--- /dev/null
+++ b/roles/service-dhcpd/vars/main.yml
@@ -0,0 +1,19 @@
+---
+kea_packages:
+  - kea-admin
+  - kea-common
+  - kea-dhcp4-server
+  - kea-doc
+
+kea_lease_database:
+  lfc_interval: 900
+
+kea_expired_leases_processing:
+  reclaim_timer_wait_time: 10
+  flush_reclaimed_timer_wait_time: 25
+  hold_reclaimed_time: 1800
+  max_reclaim_leases: 100
+  max_reclaim_time: 250
+  unwarned_reclaim_cycles: 5
+
+kea_lease_time: 300