From f5cf25c9b719fe95cf62bc0b4fab0a6265ce7cc6 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Fri, 5 Feb 2021 20:11:18 +0100
Subject: [PATCH 1/2] [dhcp] dont clone git from /tmp
---
group_vars/dhcp.yml | 54 +++++++++++++------
host_vars/routeur-daniel.adm.crans.org.yml | 1 +
host_vars/routeur-jack.adm.crans.org.yml | 2 +-
plays/dhcp.yml | 3 ++
roles/isc-dhcp-server/handlers/main.yml | 1 +
roles/isc-dhcp-server/tasks/main.yml | 8 +--
.../templates/dhcp/dhcpd.conf.j2 | 40 +++++++-------
roles/re2o-dhcp/tasks/main.yml | 2 +-
.../templates/cron.d/re2o-services-dhcp.j2 | 2 +-
9 files changed, 72 insertions(+), 41 deletions(-)
diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml
index 0266042b..a92e2867 100644
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@@ -1,22 +1,10 @@
---
-
-dhcp:
+glob_dhcp:
authoritative: True
global_options:
- { key: "interface-mtu", value: "1500" }
global_parameters: []
subnets:
- - network: "100.64.0.0/16"
- deny_unknown: True
- vlan: "adh_nat"
- default_lease_time: "600"
- max_lease_time: "7200"
- routers: "100.64.0.99"
- dns: ["100.64.0.99"]
- domain_name: "adh-nat.crans.org"
- domain_search: "adh-nat.crans.org"
- options: []
- lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- network: "185.230.78.0/24"
deny_unknown: True
vlan: "adh"
@@ -28,6 +16,17 @@ dhcp:
domain_search: "adh.crans.org"
options: []
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
+ - network: "100.64.0.0/16"
+ deny_unknown: True
+ vlan: "adh_nat"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ routers: "100.64.0.99"
+ dns: ["100.64.0.99"]
+ domain_name: "adh-nat.crans.org"
+ domain_search: "adh-nat.crans.org"
+ options: []
+ lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh-nat.crans.org.list"
- network: "172.16.32.0/22"
deny_unknown: True
vlan: "infra"
@@ -38,12 +37,37 @@ dhcp:
domain_search: "infra.crans.org"
options: []
lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.infra.crans.org.list"
+ - network: "172.16.14.0/24"
+ vlan: "accueil"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ dns: ["172.16.14.99"]
+ domain_name: "accueil.crans.org"
+ domain_search: "accueil.crans.org"
+ ranges:
+ - min: 172.16.14.1
+ max: 172.16.14.98
+ - min: 172.16.14.100
+ max: 172.16.14.254
+ options: []
+ - network: 100.65.0.0/16
+ vlan: "federez"
+ default_lease_time: "600"
+ max_lease_time: "7200"
+ routers: "100.65.0.99"
+ dns: ["100.65.0.99"]
+ domain_name: "federez.net"
+ domain_search: "federez.net"
+ ranges:
+ - min: 100.65.1.0
+ max: 100.65.255.254
+ options: []
re2o:
server: re2o.adm.crans.org
service_user: "ploptotoisverysecure"
service_password: "ploptotoisverysecure"
- dhcp:
- uri: "/tmp/re2o-dhcp.git"
mail_server: smtp.adm.crans.org
+glob_re2o_dhcp:
+ uri: "https://gitlab.adm.crans.org/nounous/re2o-dhcp.git"
diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml
index 450e7f92..6dcac2b5 100644
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@@ -8,6 +8,7 @@ interfaces:
adh_nat: ens23
zayo: enp1s3
federez: enp1s4
+ accueil: ens1
firewall:
version: HEAD
diff --git a/host_vars/routeur-jack.adm.crans.org.yml b/host_vars/routeur-jack.adm.crans.org.yml
index ce28f34d..87723feb 100644
--- a/host_vars/routeur-jack.adm.crans.org.yml
+++ b/host_vars/routeur-jack.adm.crans.org.yml
@@ -7,7 +7,7 @@ interfaces:
adh: ens22
adh_nat: ens23
zayo: enp1s3
- federez: enp1s4
+# federez: enp1s4
accueil: ens1
firewall:
diff --git a/plays/dhcp.yml b/plays/dhcp.yml
index a87df802..969229ef 100755
--- a/plays/dhcp.yml
+++ b/plays/dhcp.yml
@@ -2,6 +2,9 @@
---
# Deploy DHCP server
- hosts: dhcp
+ vars:
+ dhcp: "{{ glob_dhcp | default({}) | combine(loc_dhcp | default({})) }}"
+ re2o_dhcp: "{{ glob_re2o_dhcp | default({}) | combine(loc_re2o_dhcp | default({})) }}"
roles:
- isc-dhcp-server
- re2o-services
diff --git a/roles/isc-dhcp-server/handlers/main.yml b/roles/isc-dhcp-server/handlers/main.yml
index 46de7456..e2f3f11d 100644
--- a/roles/isc-dhcp-server/handlers/main.yml
+++ b/roles/isc-dhcp-server/handlers/main.yml
@@ -4,3 +4,4 @@
name: isc-dhcp-server
state: restarted
enabled: true
+ when: not ansible_check_mode
diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc-dhcp-server/tasks/main.yml
index 64cdec8e..e406553c 100644
--- a/roles/isc-dhcp-server/tasks/main.yml
+++ b/roles/isc-dhcp-server/tasks/main.yml
@@ -13,13 +13,13 @@
src: default/isc-dhcp-server.j2
dest: /etc/default/isc-dhcp-server
mode: 0600
- notify:
- - restart dhcp server
+# notify:
+# - restart dhcp server
- name: Configure isc-dhcp-server
template:
src: dhcp/dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
mode: 0600
- notify:
- - restart dhcp server
+# notify:
+# - restart dhcp server
diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
index 2a52f3d6..b38a95f6 100644
--- a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
+++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
@@ -36,40 +36,42 @@ include "./dhcp-failover.conf";
{% for subnet in dhcp.subnets %}
subnet {{ subnet.network | ipaddr('network') }} netmask {{ subnet.network | ipaddr('netmask') }} {
- interface "{{ interfaces[subnet.vlan] }}";
+ interface "{{ interfaces[subnet.vlan] }}";
{% if subnet.default_lease_time is defined %}
- default-lease-time {{ subnet.default_lease_time }};
+ default-lease-time {{ subnet.default_lease_time }};
{% endif %}
{% if subnet.max_lease_time is defined %}
- max-lease-time {{ subnet.max_lease_time }};
+ max-lease-time {{ subnet.max_lease_time }};
{% endif %}
- option subnet-mask {{ subnet.network | ipaddr('netmask') }};
- option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
+ option subnet-mask {{ subnet.network | ipaddr('netmask') }};
+ option broadcast-address {{ subnet.network | ipaddr('broadcast') }};
{% if subnet.routers is defined %}
- option routers {{ subnet.routers }};
+ option routers {{ subnet.routers }};
{% endif %}
- option domain-name-servers {{ subnet.dns | join(", ") }};
- option domain-name "{{ subnet.domain_name }}";
- option domain-search "{{ subnet.domain_search }}";
+ option domain-name-servers {{ subnet.dns | join(", ") }};
+ option domain-name "{{ subnet.domain_name }}";
+ option domain-search "{{ subnet.domain_search }}";
{% for option in subnet.options %}
- option {{ option.key }} {{ option.value }};
+ option {{ option.key }} {{ option.value }};
{% endfor %}
{% if subnet.lease_file is defined %}
- include "{{ subnet.lease_file }}";
+ include "{{ subnet.lease_file }}";
{% endif %}
-{% if subnet.range is defined %}
- pool {
+{% if subnet.ranges is defined %}
+ pool {
{% if dhcp.failover is defined %}
- failover peer {{ dhcp.failover.name }}
+ failover peer {{ dhcp.failover.name }}
{% endif %}
- range {{ subnet.range | join(" ")}};
- }
+{% for pool in subnet.ranges %}
+ range {{ pool.min }} {{ pool.max }};
+{% endfor %}
+ }
{% endif %}
-{% if subnet.deny_unknown %}
- deny unknown-clients;
+{% if subnet.deny_unknown is defined and subnet.deny_unknown %}
+ deny unknown-clients;
{% else %}
- allow unknown-clients;
+ allow unknown-clients;
{% endif %}
}
{% endfor %}
diff --git a/roles/re2o-dhcp/tasks/main.yml b/roles/re2o-dhcp/tasks/main.yml
index cc11df72..410be869 100644
--- a/roles/re2o-dhcp/tasks/main.yml
+++ b/roles/re2o-dhcp/tasks/main.yml
@@ -19,7 +19,7 @@
- name: Clone re2o-dhcp repository
git:
- repo: "{{ re2o.dhcp.uri }}"
+ repo: "{{ re2o_dhcp.uri }}"
dest: /var/local/re2o-services/dhcp
version: crans
umask: '002'
diff --git a/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2 b/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
index 7632df1b..0f47c5c9 100644
--- a/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
+++ b/roles/re2o-dhcp/templates/cron.d/re2o-services-dhcp.j2
@@ -1,2 +1,2 @@
{{ ansible_header | comment }}
-* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py
+* * * * * root /usr/bin/python3 /var/local/re2o-services/dhcp/main.py --force
--
GitLab
From d03eed8abe46e455622edfd1c51d099506234b34 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Fri, 5 Feb 2021 20:18:24 +0100
Subject: [PATCH 2/2] [re2o-services] PEPCRANSIFIED
---
group_vars/dhcp.yml | 9 +++++----
plays/dhcp.yml | 1 +
.../templates/re2o-services/config.ini.j2 | 10 +++++-----
3 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml
index a92e2867..bbdadaaa 100644
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@@ -63,11 +63,12 @@ glob_dhcp:
max: 100.65.255.254
options: []
-re2o:
+glob_re2o_services:
server: re2o.adm.crans.org
- service_user: "ploptotoisverysecure"
- service_password: "ploptotoisverysecure"
+ service:
+ user: services
+ password: "{{ vault_re2o_service_password }}"
+ mail_server: "{{ glob_smtp }}"
-mail_server: smtp.adm.crans.org
glob_re2o_dhcp:
uri: "https://gitlab.adm.crans.org/nounous/re2o-dhcp.git"
diff --git a/plays/dhcp.yml b/plays/dhcp.yml
index 969229ef..8426d0e5 100755
--- a/plays/dhcp.yml
+++ b/plays/dhcp.yml
@@ -4,6 +4,7 @@
- hosts: dhcp
vars:
dhcp: "{{ glob_dhcp | default({}) | combine(loc_dhcp | default({})) }}"
+ re2o_services: "{{ glob_re2o_services | default({}) | combine(loc_re2o_services | default({})) }}"
re2o_dhcp: "{{ glob_re2o_dhcp | default({}) | combine(loc_re2o_dhcp | default({})) }}"
roles:
- isc-dhcp-server
diff --git a/roles/re2o-services/templates/re2o-services/config.ini.j2 b/roles/re2o-services/templates/re2o-services/config.ini.j2
index 38cbd755..81aed4ae 100644
--- a/roles/re2o-services/templates/re2o-services/config.ini.j2
+++ b/roles/re2o-services/templates/re2o-services/config.ini.j2
@@ -1,9 +1,9 @@
-{{ ansible_header | comment(decoration='; ') }}
+{{ ansible_header | comment(decoration='# ') }}
[Re2o]
-hostname = {{ re2o.server }}
-username = {{ re2o.service_user }}
-password = {{ re2o.service_password }}
+hostname = {{ re2o_services.server }}
+username = {{ re2o_services.service.user }}
+password = {{ re2o_services.service.password }}
[Mail]
-mailserver = {{ mail_server }}
+mailserver = {{ re2o_services.mail_server }}
port = 25
--
GitLab