Closed stefangweichinger closed 7 years ago
Yes, it can be done. But the way to define hosts is to use dhcpd_hosts
list, instead of inside the subnet. In ISC DHCPD, host definitions are on the first level of the config file, sometimes grouped.
So, for example, you can do this:
dhcpd_subnets:
- subnet: '10.1.3.0'
netmask: '255.255.255.0'
routers: '10.1.3.245'
options: |
default-lease-time 300;
max-lease-time 7200;
pools:
- comment: "am-vip pool"
range: '10.1.3.1 10.1.3.20'
options: |
default-lease-time 300;
max-lease-time 7200;
deny unknown-clients;
- comment: "am-not-vip pool"
range: '10.1.3.50 10.1.3.100'
options: |
default-lease-time 300;
max-lease-time 7200;
allow unknown-clients;
dhcpd_hosts:
- hostname: 'examplehost'
address: '10.1.3.11'
ethernet: '00:00:45:00:00:00'
- hostname: 'drei'
address: '10.1.3.13'
ethernet: '00:00:46:00:00:00'
As for how to populate the host list - using dhcpd_hosts
directly isn't very efficient. What you probably would want to do, is to export the host list from your IPAM solution in ISC DHCPD format, put it in /etc/dhcp/
somewhere and then either use dhcpd_hosts
directly:
dhcpd_hosts: '/etc/dhcp/dhcpd.hosts.conf'
Or include the file / several files using dhcpd_includes
:
dhcpd_includes:
- '/etc/dhcpd/hosts.1stfloor.conf'
- '/etc/dhcpd/hosts.basement.conf'
With phpIPAM which is managed by debops.phpipam
role, I've created a script that does just that: https://github.com/ginas/phpipam-scripts
However it's not yet integrated into the role itself. The way to use it would be to set up a cron job to periodically connect directly into the phpIPAM database and dump the hosts you want to a file and then restart dhcpd
.
Thanks! So "known-clients" inside a pool also refer to these dhcpd_hosts? I always thought I have to define them within the pool ... my mistake, it seems!
@stefangweichinger Yes, exactly. Since you define your pools in a range, and each host definition has a defined IP address, there's no point to define hosts inside pools themselves. And this way using different IPAM solutions is also possible via data dump to a simple text file.
I think I got it now ... so this isn't an issue with this role anymore! Thanks a lot, I will now start "converting" some configs!
one more: how do I define the failover inside the pool-definition? The example doesn't show and I had non-starting dhcpds today at a test site. pls advise, thanks!
dhcpd_subnets:
- subnet: '10.0.0.0'
netmask: '255.255.255.0'
routers: '10.0.0.254'
options: |
default-lease-time 3600;
max-lease-time 38600;
allow unknown-clients;
pools:
- comment: "pool 1"
range: '10.0.0.1 10.0.0.60'
failover peer: 'dhcp-failover'
does not work here ... and looking through various docs we have to define the failover peer within the pool definition, right?
I figured out the above issue ... but now I have the situation that both failover-peers get the same dhcpd.conf ... that doesn't work ... ;) .. may or should I contact you via pm to discuss my group_vars thanks!
DHCP failover support was added by @redrampage, so I shall summon him for explanation. :-)
got it working in the meantime! I had IPs instead of hostnames in the definition ... with the Ansible inventory name instead it works now ... happy for now, sorry for the noise!!
@stefangweichinger You might want to see newest commit for explanation on how failover is configured.
Sorry for a bit fuzzy description of failover declaration. I've prepared a pull request with more clear example on how to use it. https://github.com/debops/ansible-dhcpd/pull/4 If you need failover to work on IPs other than in your inventory file(e.g. on another interface/another network), you should use "primary_fo_addr/secondary_fo_addr" options in failover declaration to specify exact IPs that will go to dhcpd config and leave "primary/secondary" same as in inventory file, because they are used for host identification.
Am 02.02.2015 um 21:07 schrieb RedRampage:
Sorry for a bit fuzzy description of failover declaration. I've prepared a pull request with more clear example on how to use it. https://github.com/debops/ansible-dhcpd/pull/4 If you need failover to work on IPs other than in your inventory file(e.g. on another interface/another network), you should use "primary_fo_addr/secondary_fo_addr" options in failover declaration to specify exact IPs that will go to dhcpd config and leave "primary/secondary" same as in inventory file, because they are used for host identification.
your commit explains it well, thank you .. both this and your email would have helped me understand earlier ;-)
But no problem ...
I think the debops-roles won't accept patches for other distros?
-> I use gentoo and changed some things accordingly.
@stefangweichinger About the patches - depends on what you have changed, is it something that could be useful in Debian? I could accept some changes if they won't impact primary use case (Debian, Ubuntu) and could help you maintain the role if any changes occur. Show the differences, we'll see what you got. :)
Am 02.02.2015 um 22:08 schrieb Maciej Delmanowski:
@stefangweichinger About the patches - depends on what you have changed, is it something that could be useful in Debian? I could accept some changes if they won't impact primary use case (Debian, Ubuntu) and could help you maintain the role if any changes occur. Show the differences, we'll see what you got. :)
I think I only have gentoo-specific stuff so far. (portage instead of apt etc)
Maybe I should fork your role and add changes to that ... this would make it easier to track and review .... and keep the forks "in sync" somehow even for different distros, right?
@stefangweichinger I'm not really interested in including non-Debian related tasks in DebOps roles to reduce playbook run time as much as possible. But you can keep a fork of the role and in a separate branch, your changes. That way if anything new shows up, git
will help you easily merge new changes into your own branch.
I don't get it ... how can I define hosts inside a pool?
I tried:
and would like to have:
2 pools, one for unknown clients, one for defined/known clients, defined as above.
Is it possible with this role .. ?
Thanks in advance, Stefan