Merge pull request 'refs #8553 - Final works' (!72) from 8553_DHCP into main

Reviewed-on: #72
Reviewed-by: Juan Ferrer <juan@verdnatura.es>

playbooks/dhcp.yml

@@ -0,0 +1,6 @@
+- name: Configure DHCP
+  hosts: all
+  tasks:
+  - name: Configure services to install in the server
+    import_role:
+      name: dhcp

roles/dhcp/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart-dhcp
+  systemd:
+    name: isc-dhcp-server
+    state: restarted

roles/dhcp/tasks/dhcp.yml

@@ -0,0 +1,56 @@
+- name: Install DHCP packages
+  apt:
+    name: isc-dhcp-server
+    state: present
+    install_recommends: no
+- name: Set DHCP configurations from templates
+  template:
+    src: "{{ item }}"
+    dest: "/etc/dhcp/{{ item }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  loop:
+    - dhcpd.conf
+    - partner.conf
+  notify: restart-dhcp
+- name: Set rndc.key from template
+  template:
+    src: rndc.key
+    dest: /etc/dhcp/rndc.key
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  notify: restart-dhcp
+- name: Ensure that the directories exist
+  file:
+    path: "/etc/dhcp/subnets"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+- name: Map subnets
+  copy:
+    content: "{{ item.value }}"
+    dest: "/etc/dhcp/subnets/{{ item.key }}"
+    owner: root
+    group: root
+    mode: "0644"
+  loop: "{{ subnets_files | dict2items }}"
+- name: Get default IPv4 interface
+  command: ip -o -4 route show default
+  register: default_route
+- name: Extract interface default name
+  set_fact:
+    active_interface: "{{ default_route.stdout.split()[-1] }}"
+- name: Disable IPv6
+  replace:
+    path: /etc/default/isc-dhcp-server
+    regexp: '^INTERFACESv6="(.*)"'
+    replace: '#INTERFACESv6="\1"'
+- name: Set interface IPv4 
+  lineinfile:
+    path: /etc/default/isc-dhcp-server
+    regexp: '^INTERFACESv4='
+    line: 'INTERFACESv4="{{ active_interface }}"'
+    state: present

roles/dhcp/tasks/main.yml

@@ -0,0 +1,3 @@
+- import_tasks: dhcp.yml
+  tags: dhcp
+

roles/dhcp/templates/dhcpd.conf

@@ -0,0 +1,58 @@
+include "/etc/dhcp/rndc.key";
+
+omapi-port 7911;
+omapi-key rndc-key;
+
+#++++++++++++++++++++++++++++++++++++++++++++++ Global
+
+authoritative;
+log-facility local7;
+update-static-leases on;
+use-host-decl-names on;
+default-lease-time 86400;
+max-lease-time 86400;
+
+option domain-name "{{ domain_name.name }}";
+option domain-name-servers {{ domain_name.servers }};
+option ntp-servers {{ ntp_servers }};
+
+# DHCP daemon uses default time zone UTC
+db-time-format local;
+
+# Allow each client to have exactly one lease, and expire
+# old leases if a new DHCPDISCOVER occurs
+one-lease-per-client true;
+
+# This checking cause just 1s time delay in responding DHCPDISCOVER messages
+# but it may help to abandone old leases from db
+ping-check true;
+
+#++++++++++++++++++++++++++++++++++++++++++++++ DNS
+
+ddns-update-style interim;
+ddns-updates on;
+
+deny client-updates;
+deny duplicates;
+deny declines;
+
+zone 10.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+zone 16.172.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+zone 168.192.in-addr.arpa. {
+	primary {{ domain_name.server_primary }};
+	key rndc-key;
+}
+
+on commit {
+	log (concat("Host registered: ", config-option host-name));
+}
+
+#++++++++++++++++++++++++++++++++++++++++++++++ Subnets
+
+{{ subnets }}

roles/dhcp/templates/partner.conf

@@ -0,0 +1 @@
+{{ partner }}

roles/dhcp/templates/rndc.key

@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "{{ lookup(passbolt, 'rndc-key', folder_parent_id=passbolt_folder).password }}";
+};

roles/services/tasks/main.yml

@@ -2,3 +2,4 @@
   tags: timeserver
 - import_tasks: adsamba.yml
   tags: adsamba
+