Add DHCP

ansible/deploy.yml

@@ -19,3 +19,9 @@
   become: true
   roles:
     - knot_resolver
+
+- name: DHCP
+  hosts: kea-dhcp
+  become: true
+  roles:
+    - kea_dhcp

ansible/group_vars/kea-dhcp/all.yml

@@ -0,0 +1,19 @@
+---
+domain: r4.pm
+domain_search:
+  - lab.r4.pm
+  - r4.pm
+
+networks:
+  - subnet: 10.15.0.0/24
+    start: 10.15.0.200
+    end: 10.15.0.254
+    routers: 10.15.0.1
+  - subnet: 10.20.0.0/24
+    start: 10.20.0.200
+    end: 10.20.0.254
+    routers: 10.20.0.1
+  - subnet: 10.30.0.0/24
+    start: 10.30.0.200
+    end: 10.30.0.254
+    routers: 10.30.0.1

ansible/hosts.yml

@@ -1,8 +1,14 @@
+---
 all:
   hosts:
     resolver-1:
       ansible_host: 10.20.0.42
+    dhcp-1:
+      ansible_host: 10.20.0.43
   children:
     resolver:
       hosts:
         resolver-1:
+    kea-dhcp:
+      hosts:
+        dhcp-1:

ansible/roles/kea_dhcp/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Restart isc-kea-dhcp4-server
+  become: true
+  ansible.builtin.service:
+    state: restarted
+    name: isc-kea-dhcp4-server
+
+- name: Enable isc-kea-dhcp4-server
+  ansible.builtin.service:
+    enabled: true
+    name: isc-kea-dhcp4-server

ansible/roles/kea_dhcp/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: Add kea dhcp pgp key
+  ansible.builtin.get_url:
+    url: https://dl.cloudsmith.io/public/isc/kea-2-4/gpg.0D9D9A1439E23DB9.key
+    dest: /usr/share/keyrings/kea-archive-keyring.asc
+    mode: "0644"
+    validate_certs: true
+    checksum: sha512:f58db6baa7f7147c3280275b6f7cc11e34836fb904604d587c1883e6b4a8e89377046809203e2f1a1a87a7f28556728a9ecdb740d62e753592d2dbab0d2e87c8
+  changed_when: false
+  no_log: false
+
+- name: Add kea dhcp repository
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/usr/share/keyrings/kea-archive-keyring.asc]
+     https://dl.cloudsmith.io/public/isc/kea-2-4/deb/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} main"
+    state: present
+    filename: isc-kea-dhcp
+
+- name: Install isc-kea-dhcp
+  ansible.builtin.apt:
+    name: isc-kea-dhcp4-server
+  notify:
+    - Enable isc-kea-dhcp4-server
+
+- name: Configure isc-kea-dhcp
+  ansible.builtin.template:
+    src: kea-dhcp4.conf.j2
+    dest: /etc/kea/kea-dhcp4.conf
+    owner: _kea
+    mode: '0640'
+  notify:
+    - Restart isc-kea-dhcp4-server
+
+- name: Open required ports
+  community.general.ufw:
+    rule: allow
+    port: "{{ item }}"
+    proto: udp
+  with_items:
+    - '67'

ansible/roles/kea_dhcp/templates/kea-dhcp4.conf.j2

@@ -0,0 +1,88 @@
+{
+"Dhcp4": {
+    // Add names of your network interfaces to listen on.
+    "interfaces-config": {
+        "interfaces": [ "eth0" ],
+    },
+
+    "control-socket": {
+        "socket-type": "unix",
+        "socket-name": "/tmp/kea4-ctrl-socket"
+    },
+
+    "lease-database": {
+        // Memfile is the simplest and easiest backend to use. It's an in-memory
+        // C++ database that stores its state in CSV file.
+        "type": "memfile",
+        "lfc-interval": 3600
+    },
+
+    "expired-leases-processing": {
+        "reclaim-timer-wait-time": 10,
+        "flush-reclaimed-timer-wait-time": 25,
+        "hold-reclaimed-time": 3600,
+        "max-reclaim-leases": 100,
+        "max-reclaim-time": 250,
+        "unwarned-reclaim-cycles": 5
+    },
+
+    "renew-timer": 900,
+    "rebind-timer": 1800,
+    "valid-lifetime": 3600,
+
+    "option-data": [
+        {
+            "name": "domain-name-servers",
+            "data": "{{ resolver_ip }}"
+        },
+        {
+            "code": 15,
+            "data": "{{ domain }}"
+        },
+
+        {
+            "name": "domain-search",
+            "data": "{{ domain_search|join(', ') }}"
+        },
+    ],
+
+    // Below an example of a simple IPv4 subnet declaration. Uncomment to enable
+    // it. This is a list, denoted with [ ], of structures, each denoted with
+    // { }. Each structure describes a single subnet and may have several
+    // parameters. One of those parameters is "pools" that is also a list of
+    // structures.
+    "subnet4": [
+        {% for network in networks %}
+        {
+            "subnet": "{{ network.subnet }}",
+
+            "pools": [ { "pool": "{{ network.start }} - {{ network.end }}" } ],
+
+            "option-data": [
+                {
+                    "name": "routers",
+                    "data": "{{ network.routers }}"
+                }
+            ],
+        }{% if not loop.last %},{% endif %}
+        {% endfor %}
+    ],
+
+    "loggers": [
+    {
+        // This section affects kea-dhcp4, which is the base logger for DHCPv4
+        // component. It tells DHCPv4 server to write all log messages (on
+        // severity INFO or more) to a file.
+        "name": "kea-dhcp4",
+        "output_options": [
+            {
+                "output": "stdout",
+            }
+        ],
+        "severity": "INFO",
+
+        "debuglevel": 0
+    }
+  ]
+}
+}