diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml
index 0266042b9b467f4a77fad89ef665c0ebd0b4d8e0..bbdadaaa7c87740736d76716e85bf4c3399dde74 100644
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@@ -1,22 +1,10 @@
---
-
-dhcp:
+glob_dhcp:
authoritative: True
global_options:
- { key: "interface-mtu", value: "1500" }
global_parameters: []
subnets:
- - network: "100.64.0.0/16"
- deny_unknown: True
- vlan: "adh_nat"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "100.64.0.99"
- dns: ["100.64.0.99"]
- domain_name: "adh-nat.crans.org"
- domain_search: "adh-nat.crans.org"
- options: []
- lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- network: "185.230.78.0/24"
deny_unknown: True
vlan: "adh"
@@ -28,6 +16,17 @@ dhcp:
domain_search: "adh.crans.org"
options: []
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
+ - network: "100.64.0.0/16"
+ deny_unknown: True
+ vlan: "adh_nat"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ routers: "100.64.0.99"
+ dns: ["100.64.0.99"]
+ domain_name: "adh-nat.crans.org"
+ domain_search: "adh-nat.crans.org"
+ options: []
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- network: "172.16.32.0/22"
deny_unknown: True
vlan: "infra"
@@ -38,12 +37,38 @@ dhcp:
domain_search: "infra.crans.org"
options: []
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.infra.crans.org.list"
+ - network: "172.16.14.0/24"
+ vlan: "accueil"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ dns: ["172.16.14.99"]
+ domain_name: "accueil.crans.org"
+ domain_search: "accueil.crans.org"
+ ranges:
+ - min: 172.16.14.1
+ max: 172.16.14.98
+ - min: 172.16.14.100
+ max: 172.16.14.254
+ options: []
+ - network: 100.65.0.0/16
+ vlan: "federez"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ routers: "100.65.0.99"
+ dns: ["100.65.0.99"]
+ domain_name: "federez.net"
+ domain_search: "federez.net"
+ ranges:
+ - min: 100.65.1.0
+ max: 100.65.255.254
+ options: []
-re2o:
+glob_re2o_services:
server: re2o.adm.crans.org
- service_user: "ploptotoisverysecure"
- service_password: "ploptotoisverysecure"
- dhcp:
- uri: "/tmp/re2o-dhcp.git"
+ service:
+ user: services
+ password: "{{ vault_re2o_service_password }}"
+ mail_server: "{{ glob_smtp }}"
-mail_server: smtp.adm.crans.org
+glob_re2o_dhcp:
+ uri: "https://gitlab.adm.crans.org/nounous/re2o-dhcp.git"
diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml
index 450e7f92f991976e5d444e40f9b8f03f4eec42b1..6dcac2b5dca4f1b9b85026dbce70fd02669184bd 100644
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@@ -8,6 +8,7 @@ interfaces:
adh_nat: ens23
zayo: enp1s3
federez: enp1s4
+ accueil: ens1
firewall:
version: HEAD
diff --git a/host_vars/routeur-jack.adm.crans.org.yml b/host_vars/routeur-jack.adm.crans.org.yml
index ce28f34d133abc0ed6af02b35f4b0516b239f614..87723febc99763cc6455f14829aa5566acad14ed 100644
--- a/host_vars/routeur-jack.adm.crans.org.yml
+++ b/host_vars/routeur-jack.adm.crans.org.yml
@@ -7,7 +7,7 @@ interfaces:
adh: ens22
adh_nat: ens23
zayo: enp1s3
- federez: enp1s4
+# federez: enp1s4
accueil: ens1
firewall:
diff --git a/plays/dhcp.yml b/plays/dhcp.yml
index a87df80208d252ed9143caff8716c9db8f2d1413..8426d0e5a28cf04ef1fc1f4c7e455736c621e33d 100755
--- a/plays/dhcp.yml
+++ b/plays/dhcp.yml
@@ -2,6 +2,10 @@
---
# Deploy DHCP server
- hosts: dhcp
+ vars:
+ dhcp: "{{ glob_dhcp | default({}) | combine(loc_dhcp | default({})) }}"
+ re2o_services: "{{ glob_re2o_services | default({}) | combine(loc_re2o_services | default({})) }}"
+ re2o_dhcp: "{{ glob_re2o_dhcp | default({}) | combine(loc_re2o_dhcp | default({})) }}"
roles:
- isc-dhcp-server
- re2o-services
diff --git a/roles/isc-dhcp-server/handlers/main.yml b/roles/isc-dhcp-server/handlers/main.yml
index 46de7456e4b3c64bb6f9b96c6bb7fa06585ad9a4..e2f3f11d4bc79c1a6d61a85e53c1ca2033b6ea5a 100644
--- a/roles/isc-dhcp-server/handlers/main.yml
+++ b/roles/isc-dhcp-server/handlers/main.yml
@@ -4,3 +4,4 @@
name: isc-dhcp-server
state: restarted
enabled: true
+ when: not ansible_check_mode
diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc-dhcp-server/tasks/main.yml
index 64cdec8e2577929d678e28ae3e6e958328b519f2..e406553c4bcdbb73ad7b82f2bbec65605f8599d0 100644
--- a/roles/isc-dhcp-server/tasks/main.yml
+++ b/roles/isc-dhcp-server/tasks/main.yml
@@ -13,13 +13,13 @@
src: default/isc-dhcp-server.j2
dest: /etc/default/isc-dhcp-server
mode: 0600
- notify:
- - restart dhcp server
+# notify:
+# - restart dhcp server
- name: Configure isc-dhcp-server
template:
src: dhcp/dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
mode: 0600
- notify:
- - restart dhcp server
+# notify:
+# - restart dhcp server
diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
index 2a52f3d611523469414f4226d5265976ce69c697..b38a95f61491a731ee6a10f4d88505bdc304c1dd 100644
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@@ -36,40 +36,42 @@ include "./dhcp-failover.conf";
{% for subnet in dhcp.subnets %}
subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
- interface "{{ interfaces[subnet.vlan] }}";
+ interface "{{ interfaces[subnet.vlan] }}";
{% if subnet.default_lease_time is defined %}
- default-lease-time {{ subnet.default_lease_time }};
+ default-lease-time {{ subnet.default_lease_time }};
{% endif %}
{% if subnet.max_lease_time is defined %}
- max-lease-time {{ subnet.max_lease_time }};
+ max-lease-time {{ subnet.max_lease_time }};
{% endif %}
- option subnet-mask {{ subnet.network | ipaddr('netmask') }};
- option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
+ option subnet-mask {{ subnet.network | ipaddr('netmask') }};
+ option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
{% if subnet.routers is defined %}
- option routers {{ subnet.routers }};
+ option routers {{ subnet.routers }};
{% endif %}
- option domain-name-servers {{ subnet.dns | join(", ") }};
- option domain-name "{{ subnet.domain_name }}";
- option domain-search "{{ subnet.domain_search }}";
+ option domain-name-servers {{ subnet.dns | join(", ") }};
+ option domain-name "{{ subnet.domain_name }}";
+ option domain-search "{{ subnet.domain_search }}";
{% for option in subnet.options %}
- option {{ option.key }} {{ option.value }};
+ option {{ option.key }} {{ option.value }};
{% endfor %}
{% if subnet.lease_file is defined %}
- include "{{ subnet.lease_file }}";
+ include "{{ subnet.lease_file }}";
{% endif %}
-{% if subnet.range is defined %}
- pool {
+{% if subnet.ranges is defined %}
+ pool {
{% if dhcp.failover is defined %}
- failover peer {{ dhcp.failover.name }}
+ failover peer {{ dhcp.failover.name }}
{% endif %}
- range {{ subnet.range | join(" ")}};
- }
+{% for pool in subnet.ranges %}
+ range {{ pool.min }} {{ pool.max }};
+{% endfor %}
+ }
{% endif %}
-{% if subnet.deny_unknown %}
- deny unknown-clients;
+{% if subnet.deny_unknown is defined and subnet.deny_unknown %}
+ deny unknown-clients;
{% else %}
- allow unknown-clients;
+ allow unknown-clients;
{% endif %}
}
{% endfor %}
diff --git a/roles/re2o-dhcp/tasks/main.yml b/roles/re2o-dhcp/tasks/main.yml
index cc11df72bfedb238676fc679d24c407295c0ecf2..410be8698f21d6b6cbf7dac628e3a277fc0cce55 100644
--- a/roles/re2o-dhcp/tasks/main.yml
+++ b/roles/re2o-dhcp/tasks/main.yml
@@ -19,7 +19,7 @@
- name: Clone re2o-dhcp repository
git:
- repo: "{{ re2o.dhcp.uri }}"
+ repo: "{{ re2o_dhcp.uri }}"
dest: /var/local/re2o-services/dhcp
version: crans
umask: '002'
diff --git a/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2 b/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
index 7632df1b26b47eabaf01de17741bb7a84bb368c0..0f47c5c9f4743ab0250b9d807a859eba6ca9ea91 100644
--- a/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
+++ b/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
@@ -1,2 +1,2 @@
{{ ansible_header | comment }}
-* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py
+* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py --force
diff --git a/roles/re2o-services/templates/re2o-services/config.ini.j2 b/roles/re2o-services/templates/re2o-services/config.ini.j2
index 38cbd7554e55271ba68ad11af06b7daddaf652d6..81aed4ae78f7609b70e6e6d09dabf44c3e3edca7 100644
--- a/roles/re2o-services/templates/re2o-services/config.ini.j2
+++ b/roles/re2o-services/templates/re2o-services/config.ini.j2
@@ -1,9 +1,9 @@
-{{ ansible_header | comment(decoration='; ') }}
+{{ ansible_header | comment(decoration='# ') }}
[Re2o]
-hostname = {{ re2o.server }}
-username = {{ re2o.service_user }}
-password = {{ re2o.service_password }}
+hostname = {{ re2o_services.server }}
+username = {{ re2o_services.service.user }}
+password = {{ re2o_services.service.password }}
[Mail]
-mailserver = {{ mail_server }}
+mailserver = {{ re2o_services.mail_server }}
port = 25