diff --git a/roles/dns-dhcp-tftp/defaults/main.yml b/roles/dns-dhcp-tftp/defaults/main.yml new file mode 100644 index 0000000..d91fadf --- /dev/null +++ b/roles/dns-dhcp-tftp/defaults/main.yml @@ -0,0 +1 @@ +name_servers: ns1.{{ ansible_domain }} diff --git a/roles/dns-dhcp-tftp/handlers/main.yml b/roles/dns-dhcp-tftp/handlers/main.yml new file mode 100644 index 0000000..8dec007 --- /dev/null +++ b/roles/dns-dhcp-tftp/handlers/main.yml @@ -0,0 +1,11 @@ +- name: restart isc-dhcp-server + systemd: name=isc-dhcp-server state=restarted enabled=yes + listen: restart isc-dhcp-server + +- name: restart bind + systemd: name=bind9 state=restarted enabled=yes + listen: restart bind + +- name: restart tftpd-hpa + systemd: name=tftpd-hpa state=restarted enabled=yes + listen: restart tftpd-hpa diff --git a/roles/dns-dhcp-tftp/tasks/main.yml b/roles/dns-dhcp-tftp/tasks/main.yml new file mode 100644 index 0000000..c3feb3c --- /dev/null +++ b/roles/dns-dhcp-tftp/tasks/main.yml @@ -0,0 +1,84 @@ +--- +- name: preseed tftpd-hpa + debconf: + name: tftpd-hpa + question: tftpd-hpa/directory + value: /var/lib/tftpboot + vtype: string + +- name: install tftpd, dhcpd and named packages + apt: + name: + - isc-dhcp-server + - tftpd-hpa + - bind9 + state: latest + +## FIXME: preseeding seems to be ignored +- name: configure TFTP root directory + replace: + path: /etc/default/tftpd-hpa + regexp: '^TFTP_DIRECTORY=".*"$' + replace: 'TFTP_DIRECTORY="/var/lib/tftpboot"' + notify: restart tftpd-hpa + +- name: serve dhcp on LAN interface + replace: + path: /etc/default/isc-dhcp-server + regexp: '^INTERFACESv4=".*"$' + replace: 'INTERFACESv4="{{ if_lan }}"' + notify: restart isc-dhcp-server + +- name: deploy config files for isc-dhcp-server + template: + src: dhcpd.conf.j2 + dest: /etc/dhcp/dhcpd.conf + backup: yes + notify: restart isc-dhcp-server + +- name: deploy config files for bind9 + template: + src: "{{ item }}.j2" + dest: "/etc/bind/{{ item }}" + loop: + - db.intern + - db.192.168.0 + - localzones + notify: restart bind + +- name: enable local bind config + lineinfile: + path: /etc/bind/named.conf.local + line: 'include "/etc/bind/localzones";' + notify: restart bind + +- name: adapt resolv.conf + template: + src: resolv.conf.j2 + dest: /etc/resolv.conf + +## stop dhclient from overwriting /etc/resolv.conf: +- name: supersede dhcp client data + blockinfile: + dest: /etc/dhcp/dhclient.conf + block: | + supersede domain-name "{{ ansible_domain }}"; + supersede domain-search "{{ ansible_domain }}"; + supersede domain-name-servers 127.0.0.1; + insertbefore: "#send dhcp-client-identifier.*" + +- name: generate rndc key + command: + cmd: rndc-confgen -a + creates: /etc/bind/rndc.key + +- name: copy rndc key + copy: + src: /etc/bind/rndc.key + dest: /etc/dhcp/ + owner: root + group: root + mode: '0640' + remote_src: yes + notify: restart isc-dhcp-server + diff --git a/roles/dns-dhcp-tftp/templates/db.192.168.0.j2 b/roles/dns-dhcp-tftp/templates/db.192.168.0.j2 new file mode 100644 index 0000000..3f942c1 --- /dev/null +++ b/roles/dns-dhcp-tftp/templates/db.192.168.0.j2 @@ -0,0 +1,11 @@ +$TTL 500 +@ IN SOA {{ ansible_fqdn }}. root.{{ ansible_domain }}. ( + 1 ; Serial + 3600 ; Refresh + 1800 ; Retry + 720000 ; Expire + 6400 ) ; Negative Cache TTL +; +@ NS {{ ansible_fqdn }}. + MX 10 {{ ansible_fqdn }}. +{{ ipaddr_lan | ipaddr("address") | regex_replace("^.*\.(.+$)", "\\1") }} PTR {{ ansible_fqdn }}. diff --git a/roles/dns-dhcp-tftp/templates/db.intern.j2 b/roles/dns-dhcp-tftp/templates/db.intern.j2 new file mode 100644 index 0000000..3bc6776 --- /dev/null +++ b/roles/dns-dhcp-tftp/templates/db.intern.j2 @@ -0,0 +1,17 @@ +$TTL 500 +@ IN SOA {{ ansible_fqdn }}. root.{{ ansible_domain }}. ( + 1 ; Serial + 3600 ; Refresh + 1800 ; Retry + 720000 ; Expire + 6400 ) ; Negative Cache TTL +; +@ NS {{ ansible_fqdn }}. + MX 10 {{ ansible_fqdn }}. +{{ ansible_hostname }} A {{ ipaddr_lan | ipaddr("address") }} +_ldap._tcp SRV 100 0 389 {{ ansible_fqdn }}. +ns1 CNAME {{ ansible_fqdn }}. +ns2 CNAME {{ ansible_fqdn }}. +aptcache CNAME {{ ansible_fqdn }}. +homes CNAME {{ ansible_fqdn }}. +ldap CNAME {{ ansible_fqdn }}. diff --git a/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 b/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 new file mode 100644 index 0000000..95209ae --- /dev/null +++ b/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 @@ -0,0 +1,137 @@ +# dhcpd.conf +# +# Sample configuration file for ISC dhcpd +# + +# option definitions common to all supported networks... +option domain-name "{{ ansible_domain }}"; +option domain-name-servers {{ name_servers }}; + +default-lease-time 600; +max-lease-time 7200; + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +#ddns-update-style none; +use-host-decl-names on; + +include "/etc/dhcp/rndc.key"; + +zone intern. { + primary dns; + key rndc-key; +} + +zone 0.168.192.in-addr.arpa. { + primary dns; + key rndc-key; +} + + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +#log-facility local7; + +## The tftpd server IP address, for all clients. +next-server 192.168.0.10; + +option arch code 93 = unsigned integer 16; +if option arch = 00:07 { + filename "d-i/n-a/bootnetx64.efi"; +} else { + filename "d-i/n-a/pxelinux.0"; +} + +subnet 192.168.0.0 netmask 255.255.255.0 { + option routers {{ ipaddr_lan | ipaddr("address") }}; + range {{ dhcp_start }} {{ dhcp_stop }}; +} + + +# No service will be given on this subnet, but declaring it helps the +# DHCP server to understand the network topology. + +#subnet 10.152.187.0 netmask 255.255.255.0 { +#} + +# This is a very basic subnet declaration. + +#subnet 10.254.239.0 netmask 255.255.255.224 { +# range 10.254.239.10 10.254.239.20; +# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; +#} + +# This declaration allows BOOTP clients to get dynamic addresses, +# which we don't really recommend. + +#subnet 10.254.239.32 netmask 255.255.255.224 { +# range dynamic-bootp 10.254.239.40 10.254.239.60; +# option broadcast-address 10.254.239.31; +# option routers rtr-239-32-1.example.org; +#} + +# A slightly different configuration for an internal subnet. +#subnet 10.5.5.0 netmask 255.255.255.224 { +# range 10.5.5.26 10.5.5.30; +# option domain-name-servers ns1.internal.example.org; +# option domain-name "internal.example.org"; +# option routers 10.5.5.1; +# option broadcast-address 10.5.5.31; +# default-lease-time 600; +# max-lease-time 7200; +#} + +# Hosts which require special configuration options can be listed in +# host statements. If no address is specified, the address will be +# allocated dynamically (if possible), but the host-specific information +# will still come from the host declaration. + +#host passacaglia { +# hardware ethernet 0:0:c0:5d:bd:95; +# filename "vmunix.passacaglia"; +# server-name "toccata.example.com"; +#} + +# Fixed IP addresses can also be specified for hosts. These addresses +# should not also be listed as being available for dynamic assignment. +# Hosts for which fixed IP addresses have been specified can boot using +# BOOTP or DHCP. Hosts for which no fixed address is specified can only +# be booted with DHCP, unless there is an address range on the subnet +# to which a BOOTP client is connected which has the dynamic-bootp flag +# set. +#host fantasia { +# hardware ethernet 08:00:07:26:c0:a5; +# fixed-address fantasia.example.com; +#} + +# You can declare a class of clients and then do address allocation +# based on that. The example below shows a case where all clients +# in a certain class get addresses on the 10.17.224/24 subnet, and all +# other clients get addresses on the 10.0.29/24 subnet. + +#class "foo" { +# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; +#} + +#shared-network 224-29 { +# subnet 10.17.224.0 netmask 255.255.255.0 { +# option routers rtr-224.example.org; +# } +# subnet 10.0.29.0 netmask 255.255.255.0 { +# option routers rtr-29.example.org; +# } +# pool { +# allow members of "foo"; +# range 10.17.224.10 10.17.224.250; +# } +# pool { +# deny members of "foo"; +# range 10.0.29.10 10.0.29.230; +# } +#} diff --git a/roles/dns-dhcp-tftp/templates/localzones.j2 b/roles/dns-dhcp-tftp/templates/localzones.j2 new file mode 100644 index 0000000..cb2a9a0 --- /dev/null +++ b/roles/dns-dhcp-tftp/templates/localzones.j2 @@ -0,0 +1,13 @@ +zone "0.168.192.in-addr.arpa" { + type master; + notify no; + file "/etc/bind/db.192.168.0"; + journal "/var/lib/bind/db.192.168.0.jnl"; +}; + +zone "intern" { + type master; + notify no; + file "/etc/bind/db.intern"; + journal "/var/lib/bind/db.intern.jnl"; +}; diff --git a/roles/dns-dhcp-tftp/templates/resolv.conf.j2 b/roles/dns-dhcp-tftp/templates/resolv.conf.j2 new file mode 100644 index 0000000..56bda43 --- /dev/null +++ b/roles/dns-dhcp-tftp/templates/resolv.conf.j2 @@ -0,0 +1,3 @@ +domain {{ ansible_domain }} +search {{ ansible_domain }}. +nameserver 127.0.0.1 diff --git a/roles/prepare4clients/tasks/main.yml b/roles/prepare4clients/tasks/main.yml index f83ad9b..7124106 100644 --- a/roles/prepare4clients/tasks/main.yml +++ b/roles/prepare4clients/tasks/main.yml @@ -160,7 +160,8 @@ insertbefore: EOF block: | menuentry 'Debian {{ di_version }} (amd64) + preseed + sambox-client.yml' { - linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical domain={{ ansible_domain }} url=tftp://{{ ansible_hostname }} playbook=sambox-client.yml --- + regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac + linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical hostname=${oct4}${oct5}${oct6} domain={{ ansible_domain }} url=tftp://{{ ansible_hostname }} playbook=sambox-client.yml --- initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz } marker: "# {mark} ANSIBLE MANAGED BLOCK sambox-client"