Commit 5c5fb533 authored by julian.gethmann's avatar julian.gethmann

Add DHCPd role with failover

* Add a role that adds the DHCP server and a failover server
* Use ansible-vault to encrypt the MAC-address mapping
* Fixes issue 7
parent ce6493d7
- hosts: dhcpd
roles:
- dhcpd
---
primary_dhcpd: 129.13.108.101
secondary_dhcpd: 129.13.108.126
...@@ -91,6 +91,10 @@ las126.las.kit.edu ...@@ -91,6 +91,10 @@ las126.las.kit.edu
# developement # developement
[dhcpd]
las101.las.kit.edu
las126.las.kit.edu
[lab] [lab]
# las93.las.kit.edu # las93.las.kit.edu
......
# dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
# option definitions common to all supported networks...
option domain-name "las.kit.edu";
option domain-name-servers 129.13.64.5, 129.13.96.2;
default-lease-time 60;
max-lease-time 720;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# A slightly different configuration for an internal subnet.
subnet 129.13.108.0 netmask 255.255.255.0 {
range 129.13.108.74 129.13.108.89;
option routers 129.13.108.254;
option broadcast-address 129.13.255.255;
option domain-name "las.kit.edu";
option domain-name-servers 129.13.64.5, 129.13.96.2;
default-lease-time 1800;
max-lease-time 7200;
deny unknown-clients;
}
include "/etc/dhcp/host-list-las";
This diff is collapsed.
---
- name: enable dhcpd
service:
name: dhcpd
enabled: yes
- name: restart dhcpd
service:
name: dhcpd
state: restarted
- name: start dhcpd
service:
name: dhcpd
state: started
---
- name: dhcpd installed
become: true
dnf:
name: dhcp
state: installed
notify:
- start dhcpd
- enable dhcpd
- name: copy mac addresses and config
become: true
copy:
src: "{{ item }}"
dest: "/etc/dhcp/{{ item }}"
backup: yes
owner: root
group: root
validate: /sbin/dhcpd -t -cf %s
decrypt: yes
notify: restart dhcpd
with_items:
- "host-list-las"
- dhcpd.conf
- name: install dhcpd config
become: true
template:
src: dhcpd.j2
dest: /etc/dhcp/dhcpd.conf
backup: yes
validate: /sbin/dhcpd -t -cf %s
notify: restart dhcpd
# dhcpd.conf
#
# {{ ansible_managed }}
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
# option definitions common to all supported networks...
option domain-name "las.kit.edu";
option domain-name-servers 129.13.64.5, 129.13.96.2;
default-lease-time 60;
max-lease-time 720;
# Use this to enble / disable dynamic dns updates globally.
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# failover https://www.madboa.com/geek/dhcp-failover/
# https://kb.isc.org/article/AA-00502/0/A-Basic-Guide-to-Configuring-DHCP-Failover.html
failover peer "dhcp-failover" {
{% if primary_dhcpd == ansible_default_ipv4.address %}
primary;
address {{ primary_dhcpd }};
{% else %}
secondary;
address {{ secondary_dhcpd }};
{% endif %}
port 647;
peer address
{% if primary_dhcpd == ansible_default_ipv4.address %}
{{ secondary_dhcpd }};
{% else %}
{{ primary_dhcpd }};
{% endif %}
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
{% if primary_dhcpd == ansible_default_ipv4.address %}
mclt 1800;
split 128;
{% endif %}
}
# A slightly different configuration for an internal subnet.
subnet 129.13.108.0 netmask 255.255.255.0 {
option routers 129.13.108.254;
option broadcast-address 129.13.255.255;
option domain-name "las.kit.edu";
option domain-name-servers 129.13.64.5, 129.13.96.2;
pool {
failover peer "dhcp-failover";
default-lease-time 1800;
max-lease-time 7200;
range 129.13.108.70 129.13.108.89;
deny unknown-clients;
}
}
include "/etc/dhcp/host-list-las";
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment