search

debops / ansible-dhcpd

Install and configure ISC DHCP Server
GNU General Public License v3.0
22 stars 15 forks source link

how to define hosts inside pools? #3

Closed stefangweichinger closed 7 years ago

stefangweichinger commented 9 years ago

I don't get it ... how can I define hosts inside a pool?

I tried:

  - subnet: '10.1.3.0'
    netmask: '255.255.255.0'
    routers: '10.1.3.245'
    options: |
      default-lease-time 300;
      max-lease-time 7200;
    pools:
      - comment: "am-vip pool"
        range: '10.1.3.1 10.1.3.20'
        options: |
          default-lease-time 300;
          max-lease-time 7200;
        hosts:
         - hostname: 'examplehost'
           address: '10.1.3.11'
           ethernet: '00:00:45:00:00:00'
         - hostname: 'drei'
           address: '10.1.3.13'
           ethernet: '00:00:46:00:00:00'

and would like to have:

2 pools, one for unknown clients, one for defined/known clients, defined as above.

Is it possible with this role .. ?

Thanks in advance, Stefan

drybjed commented 9 years ago

Yes, it can be done. But the way to define hosts is to use dhcpd_hosts list, instead of inside the subnet. In ISC DHCPD, host definitions are on the first level of the config file, sometimes grouped.

So, for example, you can do this:

dhcpd_subnets:
  - subnet: '10.1.3.0'
    netmask: '255.255.255.0'
    routers: '10.1.3.245'
    options: |
      default-lease-time 300;
      max-lease-time 7200;
    pools:
      - comment: "am-vip pool"
        range: '10.1.3.1 10.1.3.20'
        options: |
          default-lease-time 300;
          max-lease-time 7200;
          deny unknown-clients;

      - comment: "am-not-vip pool"
        range: '10.1.3.50 10.1.3.100'
        options: |
          default-lease-time 300;
          max-lease-time 7200;
          allow unknown-clients;

dhcpd_hosts:
  - hostname: 'examplehost'
    address: '10.1.3.11'
    ethernet: '00:00:45:00:00:00'
  - hostname: 'drei'
    address: '10.1.3.13'
    ethernet: '00:00:46:00:00:00'

As for how to populate the host list - using dhcpd_hosts directly isn't very efficient. What you probably would want to do, is to export the host list from your IPAM solution in ISC DHCPD format, put it in /etc/dhcp/ somewhere and then either use dhcpd_hosts directly:

dhcpd_hosts: '/etc/dhcp/dhcpd.hosts.conf'

Or include the file / several files using dhcpd_includes:

dhcpd_includes:
  - '/etc/dhcpd/hosts.1stfloor.conf'
  - '/etc/dhcpd/hosts.basement.conf'

With phpIPAM which is managed by debops.phpipam role, I've created a script that does just that: https://github.com/ginas/phpipam-scripts However it's not yet integrated into the role itself. The way to use it would be to set up a cron job to periodically connect directly into the phpIPAM database and dump the hosts you want to a file and then restart dhcpd.

stefangweichinger commented 9 years ago

Thanks! So "known-clients" inside a pool also refer to these dhcpd_hosts? I always thought I have to define them within the pool ... my mistake, it seems!

drybjed commented 9 years ago

@stefangweichinger Yes, exactly. Since you define your pools in a range, and each host definition has a defined IP address, there's no point to define hosts inside pools themselves. And this way using different IPAM solutions is also possible via data dump to a simple text file.

stefangweichinger commented 9 years ago

I think I got it now ... so this isn't an issue with this role anymore! Thanks a lot, I will now start "converting" some configs!

stefangweichinger commented 9 years ago

one more: how do I define the failover inside the pool-definition? The example doesn't show and I had non-starting dhcpds today at a test site. pls advise, thanks!

stefangweichinger commented 9 years ago 
dhcpd_subnets:

  - subnet: '10.0.0.0'
    netmask: '255.255.255.0'
    routers: '10.0.0.254'
    options: |
      default-lease-time 3600;
      max-lease-time 38600;
      allow unknown-clients;
    pools:
      - comment: "pool 1"
        range: '10.0.0.1 10.0.0.60'
        failover peer: 'dhcp-failover'

does not work here ... and looking through various docs we have to define the failover peer within the pool definition, right?

stefangweichinger commented 9 years ago

I figured out the above issue ... but now I have the situation that both failover-peers get the same dhcpd.conf ... that doesn't work ... ;) .. may or should I contact you via pm to discuss my group_vars thanks!

drybjed commented 9 years ago

DHCP failover support was added by @redrampage, so I shall summon him for explanation. :-)

stefangweichinger commented 9 years ago

got it working in the meantime! I had IPs instead of hostnames in the definition ... with the Ansible inventory name instead it works now ... happy for now, sorry for the noise!!

drybjed commented 9 years ago

@stefangweichinger You might want to see newest commit for explanation on how failover is configured.

redrampage commented 9 years ago

Sorry for a bit fuzzy description of failover declaration. I've prepared a pull request with more clear example on how to use it. https://github.com/debops/ansible-dhcpd/pull/4 If you need failover to work on IPs other than in your inventory file(e.g. on another interface/another network), you should use "primary_fo_addr/secondary_fo_addr" options in failover declaration to specify exact IPs that will go to dhcpd config and leave "primary/secondary" same as in inventory file, because they are used for host identification.

stefangweichinger commented 9 years ago

Am 02.02.2015 um 21:07 schrieb RedRampage:

Sorry for a bit fuzzy description of failover declaration. I've prepared a pull request with more clear example on how to use it. https://github.com/debops/ansible-dhcpd/pull/4 If you need failover to work on IPs other than in your inventory file(e.g. on another interface/another network), you should use "primary_fo_addr/secondary_fo_addr" options in failover declaration to specify exact IPs that will go to dhcpd config and leave "primary/secondary" same as in inventory file, because they are used for host identification.

your commit explains it well, thank you .. both this and your email would have helped me understand earlier ;-)

But no problem ...

I think the debops-roles won't accept patches for other distros?

-> I use gentoo and changed some things accordingly.

drybjed commented 9 years ago

@stefangweichinger About the patches - depends on what you have changed, is it something that could be useful in Debian? I could accept some changes if they won't impact primary use case (Debian, Ubuntu) and could help you maintain the role if any changes occur. Show the differences, we'll see what you got. :)

stefangweichinger commented 9 years ago

Am 02.02.2015 um 22:08 schrieb Maciej Delmanowski:

@stefangweichinger About the patches - depends on what you have changed, is it something that could be useful in Debian? I could accept some changes if they won't impact primary use case (Debian, Ubuntu) and could help you maintain the role if any changes occur. Show the differences, we'll see what you got. :)

I think I only have gentoo-specific stuff so far. (portage instead of apt etc)

Maybe I should fork your role and add changes to that ... this would make it easier to track and review .... and keep the forks "in sync" somehow even for different distros, right?

drybjed commented 9 years ago

@stefangweichinger I'm not really interested in including non-Debian related tasks in DebOps roles to reduce playbook run time as much as possible. But you can keep a fork of the role and in a separate branch, your changes. That way if anything new shows up, git will help you easily merge new changes into your own branch.