Role service-dhcpd: change dhcp daemon to kea

This commit is contained in:
Tobias Hachmer 2017-12-28 22:10:09 +01:00
parent 7abc41ee92
commit 0a51ee02a3
8 changed files with 125 additions and 62 deletions

View file

@ -32,6 +32,7 @@ meshes:
dnssl:
- ffmz.org
- user.ffmz.org
kea_dnssl_binary: "0466666d7a036f72670004757365729000"
batman:
it: 10000
gw: server 96mbit/96mbit
@ -90,6 +91,7 @@ meshes:
dnssl:
- ffwi.org
- user.ffwi.org
kea_dnssl_binary: "0466667769036f72670004757365729000"
batman:
it: 10000
gw: server 96mbit/96mbit

View file

@ -28,12 +28,6 @@
name: bird6
state: reloaded
- name: restart isc dhcp server
systemd:
name: isc-dhcp-server
enabled: yes
state: restarted
- name: restart fastd intragate instances
systemd:
name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"

View file

@ -1,11 +1,10 @@
# Ansible role service-dhcpd
Diese Ansible role installiert und konfiguriert den isc dhcp daemon.
Diese Ansible role installiert und konfiguriert den kea dhcp daemon.
Wir nutzen diesen nur zur Verteilung von IPv4-Adressen.
- installiert isc-dhcp-server
- setzt interfaces in /etc/default/isc-dhcp-server
- schreibt dhcpd.conf
- installiert kea-dhcp4-server
- schreibt kea-dhcp4.conf
## Benötigte Variablen
@ -19,6 +18,7 @@ meshes:
ipv4_network:
dnssl:
- $domain # string
kea_dnssl_binary: # kea < 1.2 only supports dnssl data in hex format
iface_mtu: # integer
´´´
- Host Variable `magic`

View file

@ -0,0 +1,5 @@
---
- name: restart kea-dhcp4-server
systemd:
name: kea-dhcp4-server
state: restarted

View file

@ -1,34 +1,24 @@
---
- name: install dhcp packages
package:
name: isc-dhcp-server
name: "{{ item }}"
state: present
with_items: "{{ kea_packages }}"
- name: concatenate meshbridge interfaces
set_fact:
dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}br{% if not loop.last %} {% endif %}{% endfor %}"
- name: set ipv4 interfaces isc dhcp should listen on
lineinfile:
path: /etc/default/isc-dhcp-server
regexp: '^INTERFACESv4="'
line: 'INTERFACESv4="{{ dhcp_interfaces }}"'
notify: restart isc dhcp server
- name: set ipv6 interfaces isc dhcp should listen on
lineinfile:
path: /etc/default/isc-dhcp-server
regexp: '^INTERFACESv6="'
line: 'INTERFACESv6=""'
- name: configure isc dhcp server
- name: configure kea dhcp server
template:
src: dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
notify: restart isc dhcp server
src: kea_dhcp4.conf.j2
dest: /etc/kea/kea-dhcp4.conf
notify: restart kea-dhcp4-server
- name: enable systemd unit isc-dhcp-server
- name: remove kea init file if present
file:
path: /etc/init.d/kea-dhcp4-server
state: absent
notify: reload systemd
- name: enable systemd unit kea
systemd:
name: isc-dhcp-server
name: kea-dhcp4-server
enabled: yes
state: started

View file

@ -1,28 +0,0 @@
#
# {{ ansible_managed }}
#
ddns-update-style none;
authoritative;
server-name "{{ inventory_hostname_short }}";
log-facility local7;
default-lease-time 300;
min-lease-time 300;
max-lease-time 300;
{% for mesh in meshes %}
# DHCP subnet for site {{ mesh.site_name }} ({{ mesh.site_code }})
subnet {{ mesh.ipv4_network | ipaddr('network') }} netmask {{ mesh.ipv4_network | ipaddr('netmask') }} {
range {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('network') }} {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('broadcast') }};
option routers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
option domain-name-servers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
option domain-search {% for domain in mesh.dnssl %}"{{ domain }}"{% if not loop.last %}, {% endif %}{% endfor %};
option ntp-servers {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
option interface-mtu {{ mesh.iface_mtu }};
}
{% if not loop.last %}
{% endif %}
{% endfor %}

View file

@ -0,0 +1,81 @@
#
# {{ ansible_managed }}
#
{
"Dhcp4":
{
"interfaces-config": {
"interfaces": [
{% for mesh in meshes %}
{% if not loop.last %}
"{{ mesh.id }}br",
{% else %}
"{{ mesh.id }}br"
{% endif %}
{% endfor %}
]
},
"lease-database": {
"type": "memfile",
"persist": true,
"lfc-interval": {{ kea_lease_database['lfc_interval'] }}
},
"expired-leases-processing": {
"reclaim-timer-wait-time": {{ kea_expired_leases_processing['reclaim_timer_wait_time'] }},
"flush-reclaimed-timer-wait-time": {{ kea_expired_leases_processing['flush_reclaimed_timer_wait_time'] }} ,
"hold-reclaimed-time": {{ kea_expired_leases_processing['hold_reclaimed_time'] }},
"max-reclaim-leases": {{ kea_expired_leases_processing['max_reclaim_leases'] }},
"max-reclaim-time": {{ kea_expired_leases_processing['max_reclaim_time'] }},
"unwarned-reclaim-cycles": {{ kea_expired_leases_processing['unwarned_reclaim_cycles'] }}
},
"valid-lifetime": {{ kea_lease_time }},
"subnet4": [
{% for mesh in meshes %}
{
"subnet": "{{ mesh.ipv4_network | ipaddr('network/prefix') }}",
"pools": [ { "pool": "{{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('range_usable') }}" } ],
"option-data": [
{
"name": "routers",
"data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
},
{
"name": "time-servers",
"data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
},
{
"name": "domain-name-servers",
"data": "{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}"
},
{
"name": "domain-search",
"data": "{{ mesh.kea_dnssl_binary }}",
"csv-format": false
}
]
{% if not loop.last %}
},
{% else %}
}
]
{% endif %}
{% endfor %}
},
"Logging":
{
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log"
}
],
"severity": "WARN",
"debuglevel": 0
},
]
}
}

View file

@ -0,0 +1,19 @@
---
kea_packages:
- kea-admin
- kea-common
- kea-dhcp4-server
- kea-doc
kea_lease_database:
lfc_interval: 900
kea_expired_leases_processing:
reclaim_timer_wait_time: 10
flush_reclaimed_timer_wait_time: 25
hold_reclaimed_time: 1800
max_reclaim_leases: 100
max_reclaim_time: 250
unwarned_reclaim_cycles: 5
kea_lease_time: 300