Role service-dhcpd: change dhcp daemon to kea

2017-12-28 22:10:09 +01:00 · 2017-12-28 22:10:09 +01:00 · 0a51ee02a3
commit 0a51ee02a3
parent 7abc41ee92
8 changed files with 125 additions and 62 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -32,6 +32,7 @@ meshes:
    dnssl:
      - ffmz.org
      - user.ffmz.org
+    kea_dnssl_binary: "0466666d7a036f72670004757365729000"
    batman:
      it: 10000
      gw: server 96mbit/96mbit
@ -90,6 +91,7 @@ meshes:
    dnssl:
      - ffwi.org
      - user.ffwi.org
+    kea_dnssl_binary: "0466667769036f72670004757365729000"
    batman:
      it: 10000
      gw: server 96mbit/96mbit
--- a/roles/handlers/handlers/main.yml
+++ b/roles/handlers/handlers/main.yml
@ -28,12 +28,6 @@
    name: bird6
    state: reloaded

- name: restart isc dhcp server
-  systemd:
-    name: isc-dhcp-server
-    enabled: yes
-    state: restarted
-
 - name: restart fastd intragate instances
  systemd:
    name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
--- a/roles/service-dhcpd/README.md
+++ b/roles/service-dhcpd/README.md
@ -1,11 +1,10 @@
 # Ansible role service-dhcpd

-Diese Ansible role installiert und konfiguriert den isc dhcp daemon.
+Diese Ansible role installiert und konfiguriert den kea dhcp daemon.
 Wir nutzen diesen nur zur Verteilung von IPv4-Adressen.

- installiert isc-dhcp-server
- setzt interfaces in /etc/default/isc-dhcp-server
- schreibt dhcpd.conf
+- installiert kea-dhcp4-server
+- schreibt kea-dhcp4.conf

 ## Benötigte Variablen

@ -19,6 +18,7 @@ meshes:
    ipv4_network:
    dnssl:
      - $domain # string
+    kea_dnssl_binary: # kea < 1.2 only supports dnssl data in hex format
    iface_mtu: # integer
 ´´´
 - Host Variable `magic`
--- a/roles/service-dhcpd/handlers/main.yml
+++ b/roles/service-dhcpd/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart kea-dhcp4-server
+  systemd:
+    name: kea-dhcp4-server
+    state: restarted
--- a/roles/service-dhcpd/tasks/main.yml
+++ b/roles/service-dhcpd/tasks/main.yml
@ -1,34 +1,24 @@
 ---
 - name: install dhcp packages
  package:
-    name: isc-dhcp-server
+    name: "{{ item }}"
    state: present
+  with_items: "{{ kea_packages }}"

- name: concatenate meshbridge interfaces
-  set_fact:
-    dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}br{% if not loop.last %} {% endif %}{% endfor %}"
-
- name: set ipv4 interfaces isc dhcp should listen on
-  lineinfile:
-    path: /etc/default/isc-dhcp-server
-    regexp: '^INTERFACESv4="'
-    line: 'INTERFACESv4="{{ dhcp_interfaces }}"'
-  notify: restart isc dhcp server
-
- name: set ipv6 interfaces isc dhcp should listen on
-  lineinfile:
-    path: /etc/default/isc-dhcp-server
-    regexp: '^INTERFACESv6="'
-    line: 'INTERFACESv6=""'
-
- name: configure isc dhcp server
+- name: configure kea dhcp server
  template:
-    src: dhcpd.conf.j2
-    dest: /etc/dhcp/dhcpd.conf
-  notify: restart isc dhcp server
+    src: kea_dhcp4.conf.j2
+    dest: /etc/kea/kea-dhcp4.conf
+  notify: restart kea-dhcp4-server

- name: enable systemd unit isc-dhcp-server
+- name: remove kea init file if present
+  file:
+    path: /etc/init.d/kea-dhcp4-server
+    state: absent
+  notify: reload systemd
+
+- name: enable systemd unit kea
  systemd:
-    name: isc-dhcp-server
+    name: kea-dhcp4-server
    enabled: yes
    state: started
--- a/roles/service-dhcpd/templates/dhcpd.conf.j2
+++ b/roles/service-dhcpd/templates/dhcpd.conf.j2
@ -1,28 +0,0 @@
-#
-# {{ ansible_managed }}
-#
-ddns-update-style none;
-
-authoritative;
-server-name "{{ inventory_hostname_short }}";
-
-log-facility local7;
-
-default-lease-time 300;
-min-lease-time 300;
-max-lease-time 300;
-
-{% for mesh in meshes %}
-# DHCP subnet for site {{ mesh.site_name }} ({{ mesh.site_code }})
-subnet {{ mesh.ipv4_network | ipaddr('network') }} netmask {{ mesh.ipv4_network | ipaddr('netmask') }} {
-	range {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('network') }} {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('broadcast') }};
-	option routers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
-	option domain-name-servers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
-	option domain-search {% for domain in mesh.dnssl %}"{{ domain }}"{% if not loop.last %}, {% endif %}{% endfor %};
-	option ntp-servers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
-	option interface-mtu {{ mesh.iface_mtu }};
-}
-{% if not loop.last %}
-
-{% endif %}
-{% endfor %}
--- a/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
+++ b/roles/service-dhcpd/templates/kea_dhcp4.conf.j2
@ -0,0 +1,81 @@
+#
+# {{ ansible_managed }}
+#
+{
+
+"Dhcp4":
+{
+  "interfaces-config": {
+    "interfaces": [
+{% for mesh in meshes %}
+{% if not loop.last %}
+      "{{ mesh.id }}br",
+{% else %}
+      "{{ mesh.id }}br"
+{% endif %}
+{% endfor %}
+    ]
+  },
+  "lease-database": {
+    "type": "memfile",
+    "persist": true,
+    "lfc-interval": {{ kea_lease_database['lfc_interval'] }}
+  },
+  "expired-leases-processing": {
+    "reclaim-timer-wait-time": {{ kea_expired_leases_processing['reclaim_timer_wait_time'] }},
+    "flush-reclaimed-timer-wait-time": {{ kea_expired_leases_processing['flush_reclaimed_timer_wait_time'] }} ,
+    "hold-reclaimed-time": {{ kea_expired_leases_processing['hold_reclaimed_time'] }},
+    "max-reclaim-leases": {{ kea_expired_leases_processing['max_reclaim_leases'] }},
+    "max-reclaim-time": {{ kea_expired_leases_processing['max_reclaim_time'] }},
+    "unwarned-reclaim-cycles": {{ kea_expired_leases_processing['unwarned_reclaim_cycles'] }}
+  },
+  "valid-lifetime": {{ kea_lease_time }},
+  "subnet4": [
+{% for mesh in meshes %}
+    {
+      "subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}",
+      "pools": [ { "pool": "{{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('range_usable') }}" } ],
+      "option-data": [
+        {
+          "name": "routers",
+          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
+        },
+        {
+          "name": "time-servers",
+          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
+        },
+        {
+          "name": "domain-name-servers",
+          "data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
+        },
+        {
+          "name": "domain-search",
+          "data": "{{ mesh.kea_dnssl_binary }}",
+          "csv-format": false
+        }
+      ]
+{% if not loop.last %}
+    },
+{% else %}
+    }
+  ]
+{% endif %}
+{% endfor %}
+},
+"Logging":
+{
+  "loggers": [
+    {
+      "name": "kea-dhcp4",
+      "output_options": [
+          {
+            "output": "/var/log/kea-dhcp4.log"
+          }
+      ],
+      "severity": "WARN",
+      "debuglevel": 0
+    },
+  ]
+}
+
+}
--- a/roles/service-dhcpd/vars/main.yml
+++ b/roles/service-dhcpd/vars/main.yml
@ -0,0 +1,19 @@
+---
+kea_packages:
+  - kea-admin
+  - kea-common
+  - kea-dhcp4-server
+  - kea-doc
+
+kea_lease_database:
+  lfc_interval: 900
+
+kea_expired_leases_processing:
+  reclaim_timer_wait_time: 10
+  flush_reclaimed_timer_wait_time: 25
+  hold_reclaimed_time: 1800
+  max_reclaim_leases: 100
+  max_reclaim_time: 250
+  unwarned_reclaim_cycles: 5
+
+kea_lease_time: 300