Role service-dhcpd: change dhcp daemon to kea

2017-12-28 22:10:09 +01:00 · 2017-12-28 22:10:09 +01:00 · 0a51ee02a3
commit 0a51ee02a3
parent 7abc41ee92
8 changed files with 125 additions and 62 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -32,6 +32,7 @@ meshes:
    dnssl:
      - ffmz.org
      - user.ffmz.org
    kea_dnssl_binary: "0466666d7a036f72670004757365729000"
    batman:
      it: 10000
      gw: server 96mbit/96mbit
@ -90,6 +91,7 @@ meshes:
    dnssl:
      - ffwi.org
      - user.ffwi.org
    kea_dnssl_binary: "0466667769036f72670004757365729000"
    batman:
      it: 10000
      gw: server 96mbit/96mbit
--- a/roles/handlers/handlers/main.yml
+++ b/roles/handlers/handlers/main.yml
@ -28,12 +28,6 @@
    name: bird6
    state: reloaded
 - name: restart isc dhcp server
  systemd:
    name: isc-dhcp-server
    enabled: yes
    state: restarted
 - name: restart fastd intragate instances
  systemd:
    name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
--- a/roles/service-dhcpd/README.md
+++ b/roles/service-dhcpd/README.md
@ -1,11 +1,10 @@
 # Ansible role service-dhcpd
-Diese Ansible role installiert und konfiguriert den isc dhcp daemon.
+Diese Ansible role installiert und konfiguriert den kea dhcp daemon.
 Wir nutzen diesen nur zur Verteilung von IPv4-Adressen.
- installiert isc-dhcp-server
+- installiert kea-dhcp4-server
- setzt interfaces in /etc/default/isc-dhcp-server
+- schreibt kea-dhcp4.conf
 - schreibt dhcpd.conf
 ## Benötigte Variablen
@ -19,6 +18,7 @@ meshes:
    ipv4_network:
    dnssl:
      - $domain # string
    kea_dnssl_binary: # kea < 1.2 only supports dnssl data in hex format
    iface_mtu: # integer
 ´´´
 - Host Variable `magic`
--- a/roles/service-dhcpd/handlers/main.yml
+++ b/roles/service-dhcpd/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: restart kea-dhcp4-server
  systemd:
    name: kea-dhcp4-server
    state: restarted
--- a/roles/service-dhcpd/tasks/main.yml
+++ b/roles/service-dhcpd/tasks/main.yml
@ -1,34 +1,24 @@
 ---
 - name: install dhcp packages
  package:
-    name: isc-dhcp-server
+    name: "{{ item }}"
    state: present
  with_items: "{{ kea_packages }}"
- name: concatenate meshbridge interfaces
+- name: configure kea dhcp server
  set_fact:
    dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}br{% if not loop.last %} {% endif %}{% endfor %}"
 - name: set ipv4 interfaces isc dhcp should listen on
  lineinfile:
    path: /etc/default/isc-dhcp-server
    regexp: '^INTERFACESv4="'
    line: 'INTERFACESv4="{{ dhcp_interfaces }}"'
  notify: restart isc dhcp server
 - name: set ipv6 interfaces isc dhcp should listen on
  lineinfile:
    path: /etc/default/isc-dhcp-server
    regexp: '^INTERFACESv6="'
    line: 'INTERFACESv6=""'
 - name: configure isc dhcp server
  template:
-    src: dhcpd.conf.j2
+    src: kea_dhcp4.conf.j2
-    dest: /etc/dhcp/dhcpd.conf
+    dest: /etc/kea/kea-dhcp4.conf
-  notify: restart isc dhcp server
+  notify: restart kea-dhcp4-server
- name: enable systemd unit isc-dhcp-server
+- name: remove kea init file if present
  file:
    path: /etc/init.d/kea-dhcp4-server
    state: absent
  notify: reload systemd
 - name: enable systemd unit kea
  systemd:
-    name: isc-dhcp-server
+    name: kea-dhcp4-server
    enabled: yes
    state: started
--- a/roles/service-dhcpd/templates/dhcpd.conf.j2
+++ b/roles/service-dhcpd/templates/dhcpd.conf.j2
@ -1,28 +0,0 @@
 #
 # {{ ansible_managed }}
 #
 ddns-update-style none;
 authoritative;
 server-name "{{ inventory_hostname_short }}";
 log-facility local7;
 default-lease-time 300;
 min-lease-time 300;
 max-lease-time 300;
 {% for mesh in meshes %}
 # DHCP subnet for site {{ mesh.site_name }} ({{ mesh.site_code }})
 subnet {{ mesh.ipv4_network | ipaddr('network') }} netmask {{ mesh.ipv4_network | ipaddr('netmask') }} {
 	range {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('network') }} {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('broadcast') }};
 	option routers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
 	option domain-name-servers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
 	option domain-search {% for domain in mesh.dnssl %}"{{ domain }}"{% if not loop.last %}, {% endif %}{% endfor %};
 	option ntp-servers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
 	option interface-mtu {{ mesh.iface_mtu }};
 }
 {% if not loop.last %}
 {% endif %}
 {% endfor %}
--- a/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
+++ b/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
@ -0,0 +1,81 @@
 #
 # {{ ansible_managed }}
 #
 {
 "Dhcp4":
 {
  "interfaces-config": {
    "interfaces": [
 {% for mesh in meshes %}
 {% if not loop.last %}
      "{{ mesh.id }}br",
 {% else %}
      "{{ mesh.id }}br"
 {% endif %}
 {% endfor %}
    ]
  },
  "lease-database": {
    "type": "memfile",
    "persist": true,
    "lfc-interval": {{ kea_lease_database['lfc_interval'] }}
  },
  "expired-leases-processing": {
    "reclaim-timer-wait-time": {{ kea_expired_leases_processing['reclaim_timer_wait_time'] }},
    "flush-reclaimed-timer-wait-time": {{ kea_expired_leases_processing['flush_reclaimed_timer_wait_time'] }} ,
    "hold-reclaimed-time": {{ kea_expired_leases_processing['hold_reclaimed_time'] }},
    "max-reclaim-leases": {{ kea_expired_leases_processing['max_reclaim_leases'] }},
    "max-reclaim-time": {{ kea_expired_leases_processing['max_reclaim_time'] }},
    "unwarned-reclaim-cycles": {{ kea_expired_leases_processing['unwarned_reclaim_cycles'] }}
  },
  "valid-lifetime": {{ kea_lease_time }},
  "subnet4": [
 {% for mesh in meshes %}
    {
      "subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}",
      "pools": [ { "pool": "{{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('range_usable') }}" } ],
      "option-data": [
        {
          "name": "routers",
          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
        },
        {
          "name": "time-servers",
          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
        },
        {
          "name": "domain-name-servers",
          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
        },
        {
          "name": "domain-search",
          "data": "{{ mesh.kea_dnssl_binary }}",
          "csv-format": false
        }
      ]
 {% if not loop.last %}
    },
 {% else %}
    }
  ]
 {% endif %}
 {% endfor %}
 },
 "Logging":
 {
  "loggers": [
    {
      "name": "kea-dhcp4",
      "output_options": [
          {
            "output": "/var/log/kea-dhcp4.log"
          }
      ],
      "severity": "WARN",
      "debuglevel": 0
    },
  ]
 }
 }
--- a/roles/service-dhcpd/vars/main.yml
+++ b/roles/service-dhcpd/vars/main.yml
@ -0,0 +1,19 @@
 ---
 kea_packages:
  - kea-admin
  - kea-common
  - kea-dhcp4-server
  - kea-doc
 kea_lease_database:
  lfc_interval: 900
 kea_expired_leases_processing:
  reclaim_timer_wait_time: 10
  flush_reclaimed_timer_wait_time: 25
  hold_reclaimed_time: 1800
  max_reclaim_leases: 100
  max_reclaim_time: 250
  unwarned_reclaim_cycles: 5
 kea_lease_time: 300