From 1f444bacafa4fc13af582a8a65b86269b21cca1f Mon Sep 17 00:00:00 2001 From: Ada Date: Wed, 17 Apr 2024 14:58:43 +0200 Subject: [PATCH] Add DHCP --- ansible/deploy.yml | 6 ++ ansible/group_vars/kea-dhcp/all.yml | 19 ++++ ansible/hosts.yml | 6 ++ ansible/roles/kea_dhcp/handlers/main.yml | 11 +++ ansible/roles/kea_dhcp/tasks/main.yml | 40 +++++++++ .../kea_dhcp/templates/kea-dhcp4.conf.j2 | 88 +++++++++++++++++++ 6 files changed, 170 insertions(+) create mode 100644 ansible/group_vars/kea-dhcp/all.yml create mode 100644 ansible/roles/kea_dhcp/handlers/main.yml create mode 100644 ansible/roles/kea_dhcp/tasks/main.yml create mode 100644 ansible/roles/kea_dhcp/templates/kea-dhcp4.conf.j2 diff --git a/ansible/deploy.yml b/ansible/deploy.yml index ec63e93..7bf1932 100644 --- a/ansible/deploy.yml +++ b/ansible/deploy.yml @@ -19,3 +19,9 @@ become: true roles: - knot_resolver + +- name: DHCP + hosts: kea-dhcp + become: true + roles: + - kea_dhcp diff --git a/ansible/group_vars/kea-dhcp/all.yml b/ansible/group_vars/kea-dhcp/all.yml new file mode 100644 index 0000000..9852e0c --- /dev/null +++ b/ansible/group_vars/kea-dhcp/all.yml @@ -0,0 +1,19 @@ +--- +domain: r4.pm +domain_search: + - lab.r4.pm + - r4.pm + +networks: + - subnet: 10.15.0.0/24 + start: 10.15.0.200 + end: 10.15.0.254 + routers: 10.15.0.1 + - subnet: 10.20.0.0/24 + start: 10.20.0.200 + end: 10.20.0.254 + routers: 10.20.0.1 + - subnet: 10.30.0.0/24 + start: 10.30.0.200 + end: 10.30.0.254 + routers: 10.30.0.1 diff --git a/ansible/hosts.yml b/ansible/hosts.yml index db621ac..dcc7539 100644 --- a/ansible/hosts.yml +++ b/ansible/hosts.yml @@ -1,8 +1,14 @@ +--- all: hosts: resolver-1: ansible_host: 10.20.0.42 + dhcp-1: + ansible_host: 10.20.0.43 children: resolver: hosts: resolver-1: + kea-dhcp: + hosts: + dhcp-1: diff --git a/ansible/roles/kea_dhcp/handlers/main.yml b/ansible/roles/kea_dhcp/handlers/main.yml new file mode 100644 index 0000000..102a5bc --- /dev/null +++ b/ansible/roles/kea_dhcp/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: Restart isc-kea-dhcp4-server + become: true + ansible.builtin.service: + state: restarted + name: isc-kea-dhcp4-server + +- name: Enable isc-kea-dhcp4-server + ansible.builtin.service: + enabled: true + name: isc-kea-dhcp4-server diff --git a/ansible/roles/kea_dhcp/tasks/main.yml b/ansible/roles/kea_dhcp/tasks/main.yml new file mode 100644 index 0000000..e2a1d2c --- /dev/null +++ b/ansible/roles/kea_dhcp/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Add kea dhcp pgp key + ansible.builtin.get_url: + url: https://dl.cloudsmith.io/public/isc/kea-2-4/gpg.0D9D9A1439E23DB9.key + dest: /usr/share/keyrings/kea-archive-keyring.asc + mode: "0644" + validate_certs: true + checksum: sha512:f58db6baa7f7147c3280275b6f7cc11e34836fb904604d587c1883e6b4a8e89377046809203e2f1a1a87a7f28556728a9ecdb740d62e753592d2dbab0d2e87c8 + changed_when: false + no_log: false + +- name: Add kea dhcp repository + ansible.builtin.apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/kea-archive-keyring.asc] + https://dl.cloudsmith.io/public/isc/kea-2-4/deb/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} main" + state: present + filename: isc-kea-dhcp + +- name: Install isc-kea-dhcp + ansible.builtin.apt: + name: isc-kea-dhcp4-server + notify: + - Enable isc-kea-dhcp4-server + +- name: Configure isc-kea-dhcp + ansible.builtin.template: + src: kea-dhcp4.conf.j2 + dest: /etc/kea/kea-dhcp4.conf + owner: _kea + mode: '0640' + notify: + - Restart isc-kea-dhcp4-server + +- name: Open required ports + community.general.ufw: + rule: allow + port: "{{ item }}" + proto: udp + with_items: + - '67' diff --git a/ansible/roles/kea_dhcp/templates/kea-dhcp4.conf.j2 b/ansible/roles/kea_dhcp/templates/kea-dhcp4.conf.j2 new file mode 100644 index 0000000..e66c536 --- /dev/null +++ b/ansible/roles/kea_dhcp/templates/kea-dhcp4.conf.j2 @@ -0,0 +1,88 @@ +{ +"Dhcp4": { + // Add names of your network interfaces to listen on. + "interfaces-config": { + "interfaces": [ "eth0" ], + }, + + "control-socket": { + "socket-type": "unix", + "socket-name": "/tmp/kea4-ctrl-socket" + }, + + "lease-database": { + // Memfile is the simplest and easiest backend to use. It's an in-memory + // C++ database that stores its state in CSV file. + "type": "memfile", + "lfc-interval": 3600 + }, + + "expired-leases-processing": { + "reclaim-timer-wait-time": 10, + "flush-reclaimed-timer-wait-time": 25, + "hold-reclaimed-time": 3600, + "max-reclaim-leases": 100, + "max-reclaim-time": 250, + "unwarned-reclaim-cycles": 5 + }, + + "renew-timer": 900, + "rebind-timer": 1800, + "valid-lifetime": 3600, + + "option-data": [ + { + "name": "domain-name-servers", + "data": "{{ resolver_ip }}" + }, + { + "code": 15, + "data": "{{ domain }}" + }, + + { + "name": "domain-search", + "data": "{{ domain_search|join(', ') }}" + }, + ], + + // Below an example of a simple IPv4 subnet declaration. Uncomment to enable + // it. This is a list, denoted with [ ], of structures, each denoted with + // { }. Each structure describes a single subnet and may have several + // parameters. One of those parameters is "pools" that is also a list of + // structures. + "subnet4": [ + {% for network in networks %} + { + "subnet": "{{ network.subnet }}", + + "pools": [ { "pool": "{{ network.start }} - {{ network.end }}" } ], + + "option-data": [ + { + "name": "routers", + "data": "{{ network.routers }}" + } + ], + }{% if not loop.last %},{% endif %} + {% endfor %} + ], + + "loggers": [ + { + // This section affects kea-dhcp4, which is the base logger for DHCPv4 + // component. It tells DHCPv4 server to write all log messages (on + // severity INFO or more) to a file. + "name": "kea-dhcp4", + "output_options": [ + { + "output": "stdout", + } + ], + "severity": "INFO", + + "debuglevel": 0 + } + ] +} +}