From ae891d4d89ee1f445939f36d75fc84b1226f6bb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= <xavi@verdnatura.es>
Date: Mon, 3 Mar 2025 15:51:59 +0100
Subject: [PATCH 1/2] refs #8553 - Final works
---
roles/services/handlers/main.yml | 4 ++
roles/services/tasks/dhcp.yml | 56 ++++++++++++++++++++++++++
roles/services/tasks/main.yml | 2 +
roles/services/templates/dhcpd.conf | 58 +++++++++++++++++++++++++++
roles/services/templates/partner.conf | 1 +
roles/services/templates/rndc.key | 4 ++
6 files changed, 125 insertions(+)
create mode 100644 roles/services/tasks/dhcp.yml
create mode 100644 roles/services/templates/dhcpd.conf
create mode 100644 roles/services/templates/partner.conf
create mode 100644 roles/services/templates/rndc.key
diff --git a/roles/services/handlers/main.yml b/roles/services/handlers/main.yml
index 2727cca..fa05b49 100644
--- a/roles/services/handlers/main.yml
+++ b/roles/services/handlers/main.yml
@@ -5,3 +5,7 @@
- name: reload-systemd
command:
cmd: systemctl daemon-reload
+- name: restart-dhcp
+ systemd:
+ name: isc-dhcp-server
+ state: restarted
diff --git a/roles/services/tasks/dhcp.yml b/roles/services/tasks/dhcp.yml
new file mode 100644
index 0000000..a230c8a
--- /dev/null
+++ b/roles/services/tasks/dhcp.yml
@@ -0,0 +1,56 @@
+- name: Install DHCP packages
+ apt:
+ name: isc-dhcp-server
+ state: present
+ install_recommends: no
+- name: Set DHCP configurations from templates
+ template:
+ src: "{{ item }}"
+ dest: "/etc/dhcp/{{ item }}"
+ owner: root
+ group: root
+ mode: "u=rw,g=r,o=r"
+ loop:
+ - dhcpd.conf
+ - partner.conf
+ notify: restart-dhcp
+- name: Set rndc.key from template
+ template:
+ src: rndc.key
+ dest: /etc/dhcp/rndc.key
+ owner: root
+ group: root
+ mode: u=rw,g=r,o=
+ notify: restart-dhcp
+- name: Ensure that the directories exist
+ file:
+ path: "/etc/dhcp/subnets"
+ state: directory
+ owner: root
+ group: root
+ mode: "0755"
+- name: Map subnets
+ copy:
+ content: "{{ item.value }}"
+ dest: "/etc/dhcp/subnets/{{ item.key }}"
+ owner: root
+ group: root
+ mode: "0644"
+ loop: "{{ subnets_files | dict2items }}"
+- name: Get default IPv4 interface
+ command: ip -o -4 route show default
+ register: default_route
+- name: Extract interface default name
+ set_fact:
+ active_interface: "{{ default_route.stdout.split()[-1] }}"
+- name: Disable IPv6
+ replace:
+ path: /etc/default/isc-dhcp-server
+ regexp: '^INTERFACESv6="(.*)"'
+ replace: '#INTERFACESv6="\1"'
+- name: Set interface IPv4
+ lineinfile:
+ path: /etc/default/isc-dhcp-server
+ regexp: '^INTERFACESv4='
+ line: 'INTERFACESv4="{{ active_interface }}"'
+ state: present
\ No newline at end of file
diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml
index c86c5c8..f39cc77 100644
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@@ -2,3 +2,5 @@
tags: timeserver
- import_tasks: adsamba.yml
tags: adsamba
+- import_tasks: dhcp.yml
+ tags: dhcp
diff --git a/roles/services/templates/dhcpd.conf b/roles/services/templates/dhcpd.conf
new file mode 100644
index 0000000..47f5af2
--- /dev/null
+++ b/roles/services/templates/dhcpd.conf
@@ -0,0 +1,58 @@
+include "/etc/dhcp/rndc.key";
+
+omapi-port 7911;
+omapi-key rndc-key;
+
+#++++++++++++++++++++++++++++++++++++++++++++++ Global
+
+authoritative;
+log-facility local7;
+update-static-leases on;
+use-host-decl-names on;
+default-lease-time 86400;
+max-lease-time 86400;
+
+option domain-name "{{ domain_name.name }}";
+option domain-name-servers {{ domain_name.servers }};
+option ntp-servers {{ ntp_servers }};
+
+# DHCP daemon uses default time zone UTC
+db-time-format local;
+
+# Allow each client to have exactly one lease, and expire
+# old leases if a new DHCPDISCOVER occurs
+one-lease-per-client true;
+
+# This checking cause just 1s time delay in responding DHCPDISCOVER messages
+# but it may help to abandone old leases from db
+ping-check true;
+
+#++++++++++++++++++++++++++++++++++++++++++++++ DNS
+
+ddns-update-style interim;
+ddns-updates on;
+
+deny client-updates;
+deny duplicates;
+deny declines;
+
+zone 10.in-addr.arpa. {
+ primary {{ domain_name.server_primary }};
+ key rndc-key;
+}
+zone 16.172.in-addr.arpa. {
+ primary {{ domain_name.server_primary }};
+ key rndc-key;
+}
+zone 168.192.in-addr.arpa. {
+ primary {{ domain_name.server_primary }};
+ key rndc-key;
+}
+
+on commit {
+ log (concat("Host registered: ", config-option host-name));
+}
+
+#++++++++++++++++++++++++++++++++++++++++++++++ Subnets
+
+{{ subnets }}
diff --git a/roles/services/templates/partner.conf b/roles/services/templates/partner.conf
new file mode 100644
index 0000000..ab3b952
--- /dev/null
+++ b/roles/services/templates/partner.conf
@@ -0,0 +1 @@
+{{ partner }}
\ No newline at end of file
diff --git a/roles/services/templates/rndc.key b/roles/services/templates/rndc.key
new file mode 100644
index 0000000..5ed1d24
--- /dev/null
+++ b/roles/services/templates/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "{{ lookup(passbolt, 'rndc-key', folder_parent_id=passbolt_folder).password }}";
+};
\ No newline at end of file
From b5ff9670654b3544964b97cd3ed84b4d0893fa88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= <xavi@verdnatura.es>
Date: Tue, 4 Mar 2025 10:55:16 +0100
Subject: [PATCH 2/2] refs #8553 - move role to root path
---
playbooks/dhcp.yml | 6 ++++++
roles/dhcp/handlers/main.yml | 4 ++++
roles/{services => dhcp}/tasks/dhcp.yml | 0
roles/dhcp/tasks/main.yml | 3 +++
roles/{services => dhcp}/templates/dhcpd.conf | 0
roles/{services => dhcp}/templates/partner.conf | 0
roles/{services => dhcp}/templates/rndc.key | 0
roles/services/handlers/main.yml | 4 ----
roles/services/tasks/main.yml | 3 +--
9 files changed, 14 insertions(+), 6 deletions(-)
create mode 100644 playbooks/dhcp.yml
create mode 100644 roles/dhcp/handlers/main.yml
rename roles/{services => dhcp}/tasks/dhcp.yml (100%)
create mode 100644 roles/dhcp/tasks/main.yml
rename roles/{services => dhcp}/templates/dhcpd.conf (100%)
rename roles/{services => dhcp}/templates/partner.conf (100%)
rename roles/{services => dhcp}/templates/rndc.key (100%)
diff --git a/playbooks/dhcp.yml b/playbooks/dhcp.yml
new file mode 100644
index 0000000..9a89db8
--- /dev/null
+++ b/playbooks/dhcp.yml
@@ -0,0 +1,6 @@
+- name: Configure DHCP
+ hosts: all
+ tasks:
+ - name: Configure services to install in the server
+ import_role:
+ name: dhcp
\ No newline at end of file
diff --git a/roles/dhcp/handlers/main.yml b/roles/dhcp/handlers/main.yml
new file mode 100644
index 0000000..88fd9c8
--- /dev/null
+++ b/roles/dhcp/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart-dhcp
+ systemd:
+ name: isc-dhcp-server
+ state: restarted
diff --git a/roles/services/tasks/dhcp.yml b/roles/dhcp/tasks/dhcp.yml
similarity index 100%
rename from roles/services/tasks/dhcp.yml
rename to roles/dhcp/tasks/dhcp.yml
diff --git a/roles/dhcp/tasks/main.yml b/roles/dhcp/tasks/main.yml
new file mode 100644
index 0000000..34b7778
--- /dev/null
+++ b/roles/dhcp/tasks/main.yml
@@ -0,0 +1,3 @@
+- import_tasks: dhcp.yml
+ tags: dhcp
+
diff --git a/roles/services/templates/dhcpd.conf b/roles/dhcp/templates/dhcpd.conf
similarity index 100%
rename from roles/services/templates/dhcpd.conf
rename to roles/dhcp/templates/dhcpd.conf
diff --git a/roles/services/templates/partner.conf b/roles/dhcp/templates/partner.conf
similarity index 100%
rename from roles/services/templates/partner.conf
rename to roles/dhcp/templates/partner.conf
diff --git a/roles/services/templates/rndc.key b/roles/dhcp/templates/rndc.key
similarity index 100%
rename from roles/services/templates/rndc.key
rename to roles/dhcp/templates/rndc.key
diff --git a/roles/services/handlers/main.yml b/roles/services/handlers/main.yml
index fa05b49..2727cca 100644
--- a/roles/services/handlers/main.yml
+++ b/roles/services/handlers/main.yml
@@ -5,7 +5,3 @@
- name: reload-systemd
command:
cmd: systemctl daemon-reload
-- name: restart-dhcp
- systemd:
- name: isc-dhcp-server
- state: restarted
diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml
index f39cc77..4f5bbea 100644
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@@ -2,5 +2,4 @@
tags: timeserver
- import_tasks: adsamba.yml
tags: adsamba
-- import_tasks: dhcp.yml
- tags: dhcp
+