From 5cab753ea8ae132ee4d57cd32d62b98b806f012d Mon Sep 17 00:00:00 2001
From: Maxime Bombar <bombar@crans.org>
Date: Mon, 3 Aug 2020 01:21:05 +0200
Subject: [PATCH] [dhcp] Sanitize dhcp configuration
---
group_vars/dhcp.yml | 164 ++++++++----------
host_vars/dhcp.adm.crans.org.yml | 7 +
.../templates/default/isc-dhcp-server.j2 | 3 +-
.../templates/dhcp/dhcpd.conf.j2 | 2 +-
4 files changed, 84 insertions(+), 92 deletions(-)
diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml
index 314f2b0d..5054673b 100644
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@@ -6,93 +6,77 @@ dhcp:
- { key: "interface-mtu", value: "1496" }
global_parameters: []
subnets:
- - {
- network: "10.51.0.0/16",
- deny_unknown: False,
- interface: "eth4",
- default_lease_time: "600",
- max_lease_time: "7200",
- routers: "10.51.0.10",
- dns: ["10.51.0.152", "10.51.0.4"],
- domain_name: "accueil.crans.org",
- domain_search: "accueil.crans.org",
- options:
- [
- { key: "time-servers", value: "10.51.0.10" },
- { key: "ntp-servers", value: "10.51.0.10" },
- { key: "ip-forwarding", value: "off" },
- ],
- range: ["10.51.1.0", "10.51.255.255"],
- }
- - {
- network: "10.231.148.0/24",
- deny_unknown: False,
- interface: "eth2",
- default_lease_time: "8600",
- routers: "10.231.148.254",
- dns: ["10.231.148.152", "10.231.148.4"],
- domain_name: "borne.crans.org",
- domain_search: "borne.crans.org",
- options:
- [
- { key: "time-servers", value: "10.231.148.98" },
- { key: "ntp-servers", value: "10.231.148.98" },
- { key: "ip-forwarding", value: "off" },
- ],
- lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list",
- }
- - {
- network: "185.230.78.0/24",
- deny_unknown: True,
- interface: "enp1s3",
- default_lease_time: "86400",
- routers: "185.230.78.254",
- dns: ["185.230.78.152", "185.230.78.4"],
- domain_name: "adh.crans.org",
- domain_search: "adh.crans.org",
- options:
- [
- { key: "time-servers", value: "185.230.79.98" },
- { key: "ntp-servers", value: "185.230.79.98" },
- { key: "ip-forwarding", value: "off" },
- { key: "smtp-server", value: "185.230.79.39" },
- ],
- lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list",
- }
- - {
- network: "10.54.0.0/19",
- deny_unknown: True,
- interface: "eth6",
- default_lease_time: "86400",
- routers: "10.54.0.254",
- dns: ["10.54.0.152", "10.54.0.4"],
- domain_name: "fil.crans.org",
- domain_search: "fil.crans.org",
- options:
- [
- { key: "time-servers", value: "185.230.79.98" },
- { key: "ntp-servers", value: "185.230.79.98" },
- { key: "ip-forwarding", value: "off" },
- { key: "smtp-server", value: "185.230.79.39" },
- ],
- lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list",
- }
- - {
- network: "10.53.0.0/19",
- deny_unknown: False, # For Federez
- interface: "ens2",
- default_lease_time: "86400",
- routers: "10.53.0.254",
- dns: ["10.53.0.152", "10.53.0.4"],
- domain_name: "wifi.crans.org",
- domain_search: "wifi.crans.org",
- options:
- [
- { key: "time-servers", value: "185.230.79.98" },
- { key: "ntp-servers", value: "185.230.79.98" },
- { key: "ip-forwarding", value: "off" },
- { key: "smtp-server", value: "185.230.79.39" },
- ],
- lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list",
- range: ["10.53.21.0", "10.53.25.254"]
- }
+ - network: "10.51.0.0/16"
+ deny_unknown: False
+ vlan: "accueil"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ routers: "10.51.0.10"
+ dns: ["10.51.0.152", "10.51.0.4"]
+ domain_name: "accueil.crans.org"
+ domain_search: "accueil.crans.org"
+ options:
+ - { key: "time-servers", value: "10.51.0.10" }
+ - { key: "ntp-servers", value: "10.51.0.10" }
+ - { key: "ip-forwarding", value: "off" }
+ range: ["10.51.1.0", "10.51.255.255"]
+
+ - network: "10.231.148.0/24"
+ deny_unknown: False
+ vlan: "bornes"
+ default_lease_time: "8600"
+ routers: "10.231.148.254"
+ dns: ["10.231.148.152", "10.231.148.4"]
+ domain_name: "borne.crans.org"
+ domain_search: "borne.crans.org"
+ options:
+ - { key: "time-servers", value: "10.231.148.98" }
+ - { key: "ntp-servers", value: "10.231.148.98" }
+ - { key: "ip-forwarding", value: "off" }
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list"
+
+ - network: "185.230.78.0/24"
+ deny_unknown: True
+ vlan: "fil_pub"
+ default_lease_time: "86400"
+ routers: "185.230.78.254"
+ dns: ["185.230.78.152", "185.230.78.4"]
+ domain_name: "adh.crans.org"
+ domain_search: "adh.crans.org"
+ options:
+ - { key: "time-servers", value: "185.230.79.98" }
+ - { key: "ntp-servers", value: "185.230.79.98" }
+ - { key: "ip-forwarding", value: "off" }
+ - { key: "smtp-server", value: "185.230.79.39" }
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
+
+ - network: "10.54.0.0/19"
+ deny_unknown: True
+ vlan: "fil_new"
+ default_lease_time: "86400"
+ routers: "10.54.0.254"
+ dns: ["10.54.0.152", "10.54.0.4"]
+ domain_name: "fil.crans.org"
+ domain_search: "fil.crans.org"
+ options:
+ - { key: "time-servers", value: "185.230.79.98" }
+ - { key: "ntp-servers", value: "185.230.79.98" }
+ - { key: "ip-forwarding", value: "off" }
+ - { key: "smtp-server", value: "185.230.79.39" }
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list"
+
+ - network: "10.53.0.0/19"
+ deny_unknown: False # For Federez
+ vlan: "wifi_new"
+ default_lease_time: "86400"
+ routers: "10.53.0.254"
+ dns: ["10.53.0.152", "10.53.0.4"]
+ domain_name: "wifi.crans.org"
+ domain_search: "wifi.crans.org"
+ options:
+ - { key: "time-servers", value: "185.230.79.98" }
+ - { key: "ntp-servers", value: "185.230.79.98" }
+ - { key: "ip-forwarding", value: "off" }
+ - { key: "smtp-server", value: "185.230.79.39" }
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list"
+ range: ["10.53.21.0", "10.53.25.254"]
diff --git a/host_vars/dhcp.adm.crans.org.yml b/host_vars/dhcp.adm.crans.org.yml
index f8fc096c..76d339f7 100644
--- a/host_vars/dhcp.adm.crans.org.yml
+++ b/host_vars/dhcp.adm.crans.org.yml
@@ -1,4 +1,11 @@
---
+interfaces:
+ adm: eth1
+ bornes: eth2
+ accueil: eth4
+ fil_new: eth6
+ wifi_new: ens2
+ fil_pub: enp1s3
# rsync_client
to_backup:
diff --git a/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2 b/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
index e769a8dd..a3ffa54d 100644
--- a/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
+++ b/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2
@@ -14,5 +14,6 @@
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
-INTERFACESv4="{{ dhcp | json_query('subnets[].interface[]') | join(" ") }}"
+{# Awesome query to get all the interfaces used by dhcp server #}
+INTERFACESv4="{{ dhcp | json_query('subnets[].vlan[]') | map('extract', interfaces) | join(' ') }}"
INTERFACESv6=""
diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
index 70b5f5e0..427cce50 100644
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@@ -36,7 +36,7 @@ include "./dhcp-failover.conf";
{% for subnet in dhcp.subnets %}
subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
- interface "{{ subnet.interface }}";
+ interface "{{ interfaces[subnet.vlan] }}";
{% if subnet.default_lease_time is defined %}
default-lease-time {{ subnet.default_lease_time }};
{% endif %}
--
GitLab