diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml
new file mode 100644
index 0000000000000000000000000000000000000000..314f2b0d778a33ca3606b394e22d9fd3d6e677cf
--- /dev/null
+++ b/group_vars/dhcp.yml
@@ -0,0 +1,98 @@
+---
+
+dhcp:
+ authoritative: True
+ global_options:
+ - { key: "interface-mtu", value: "1496" }
+ global_parameters: []
+ subnets:
+ - {
+ network: "10.51.0.0/16",
+ deny_unknown: False,
+ interface: "eth4",
+ default_lease_time: "600",
+ max_lease_time: "7200",
+ routers: "10.51.0.10",
+ dns: ["10.51.0.152", "10.51.0.4"],
+ domain_name: "accueil.crans.org",
+ domain_search: "accueil.crans.org",
+ options:
+ [
+ { key: "time-servers", value: "10.51.0.10" },
+ { key: "ntp-servers", value: "10.51.0.10" },
+ { key: "ip-forwarding", value: "off" },
+ ],
+ range: ["10.51.1.0", "10.51.255.255"],
+ }
+ - {
+ network: "10.231.148.0/24",
+ deny_unknown: False,
+ interface: "eth2",
+ default_lease_time: "8600",
+ routers: "10.231.148.254",
+ dns: ["10.231.148.152", "10.231.148.4"],
+ domain_name: "borne.crans.org",
+ domain_search: "borne.crans.org",
+ options:
+ [
+ { key: "time-servers", value: "10.231.148.98" },
+ { key: "ntp-servers", value: "10.231.148.98" },
+ { key: "ip-forwarding", value: "off" },
+ ],
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list",
+ }
+ - {
+ network: "185.230.78.0/24",
+ deny_unknown: True,
+ interface: "enp1s3",
+ default_lease_time: "86400",
+ routers: "185.230.78.254",
+ dns: ["185.230.78.152", "185.230.78.4"],
+ domain_name: "adh.crans.org",
+ domain_search: "adh.crans.org",
+ options:
+ [
+ { key: "time-servers", value: "185.230.79.98" },
+ { key: "ntp-servers", value: "185.230.79.98" },
+ { key: "ip-forwarding", value: "off" },
+ { key: "smtp-server", value: "185.230.79.39" },
+ ],
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list",
+ }
+ - {
+ network: "10.54.0.0/19",
+ deny_unknown: True,
+ interface: "eth6",
+ default_lease_time: "86400",
+ routers: "10.54.0.254",
+ dns: ["10.54.0.152", "10.54.0.4"],
+ domain_name: "fil.crans.org",
+ domain_search: "fil.crans.org",
+ options:
+ [
+ { key: "time-servers", value: "185.230.79.98" },
+ { key: "ntp-servers", value: "185.230.79.98" },
+ { key: "ip-forwarding", value: "off" },
+ { key: "smtp-server", value: "185.230.79.39" },
+ ],
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list",
+ }
+ - {
+ network: "10.53.0.0/19",
+ deny_unknown: False, # For Federez
+ interface: "ens2",
+ default_lease_time: "86400",
+ routers: "10.53.0.254",
+ dns: ["10.53.0.152", "10.53.0.4"],
+ domain_name: "wifi.crans.org",
+ domain_search: "wifi.crans.org",
+ options:
+ [
+ { key: "time-servers", value: "185.230.79.98" },
+ { key: "ntp-servers", value: "185.230.79.98" },
+ { key: "ip-forwarding", value: "off" },
+ { key: "smtp-server", value: "185.230.79.39" },
+ ],
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list",
+ range: ["10.53.21.0", "10.53.25.254"]
+ }
diff --git a/hosts b/hosts
index 5bf049cfd729ed358dc11706d3bf85ac12bc82c1..1c974fcbd17508587d494b72cbf99c08c8f01bd7 100644
--- a/hosts
+++ b/hosts
@@ -4,6 +4,11 @@
# > We name servers according to location, then type.
# > Then we regroup everything in global geographic and type groups.
+
+[dhcp]
+dhcp.adm.crans.org
+
+
[router]
odlyd.adm.crans.org
eap.adm.crans.org
diff --git a/plays/dhcp.yml b/plays/dhcp.yml
index 07cd132b3a6a8d9ad78eebe30a7e03cd8ee0aa00..4bf5865948253c7b8c2cc856ff121426c0a2ab1f 100755
--- a/plays/dhcp.yml
+++ b/plays/dhcp.yml
@@ -2,7 +2,5 @@
---
# Deploy DHCP server
- hosts: dhcp.adm.crans.org
- vars:
- dhcp:
- authoritative: true
- roles: ["isc-dhcp-server"]
+ roles:
+ - isc-dhcp-server
diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
index 8be15508f963b474656ead4319279a681e9beaaa..70b5f5e0b27b980f96d6edf96d8da8d347149536 100644
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@@ -1,15 +1,14 @@
# dhcpd.conf
-{{ ansible_header | comment }}
-# option definitions common to all supported networks...
-#option domain-name "example.org";
-#option domain-name-servers ns1.example.org, ns2.example.org;
+{{ ansible_header | comment }}
-# We have tagged network so use last 4 bytes for tag (1500 max)
-option interface-mtu 1496;
+{% for option in dhcp.global_options %}
+option {{ option.key }} {{ option.value }};
+{% endfor %}
-default-lease-time 600;
-max-lease-time 7200;
+{% for parameter in dhcp.global_parameters %}
+{{ parameter.key }} {{ parameter.value }};
+{% endfor %}
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
@@ -27,6 +26,48 @@ authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
-#log-facility local7;
+log-facility local7;
+
+
+{% if dhcp.failover is defined %}
+include "./dhcp-failover.conf";
+{% endif %}
+
-# TODO
+{% for subnet in dhcp.subnets %}
+subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
+ interface "{{ subnet.interface }}";
+{% if subnet.default_lease_time is defined %}
+ default-lease-time {{ subnet.default_lease_time }};
+{% endif %}
+{% if subnet.max_lease_time is defined %}
+ max-lease-time {{ subnet.max_lease_time }};
+{% endif %}
+ option subnet-mask {{ subnet.network | ipaddr('netmask') }};
+ option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
+ option routers {{ subnet.routers }};
+ option domain-name-servers {{ subnet.dns | join(", ") }};
+ option domain-name "{{ subnet.domain_name }}";
+ option domain-search "{{ subnet.domain_search }}";
+{% for option in subnet.options %}
+ option {{ option.key }} {{ option.value }};
+{% endfor %}
+{% if subnet.lease_file is defined %}
+ include "{{ subnet.lease_file }}";
+{% endif %}
+{% if subnet.range is defined %}
+ pool {
+ {% if dhcp.failover is defined %}
+ failover peer {{ dhcp.failover.name }}
+ {% endif %}
+ range {{ subnet.range | join(" ")}};
+ }
+ {% endif %}
+
+{% if subnet.deny_unknown %}
+ deny unknown-clients;
+{% else %}
+ allow unknown-clients;
+{% endif %}
+}
+{% endfor %}