[dhcp] COnfiguration pour le dhcp failover

Omapi et dhcp-failover.conf sont générés en utilisant le module
python puis inclus dans la conf générale.
On distingue dans groups.xml un dhcp primaire et secondaire.
À priori, il n'est pas possible d'avoir plusieurs secondaire, d'où
l'avertissement dans dhcp-failover.conf si jamais cela arrive.

Bundler/isc-dhcp-server.xml

@@ -5,7 +5,8 @@
     <Path type="directory" name="/etc/dhcp3/generated"/>
     <Path type="symlink" name="/etc/dhcp"/>
     <Path name="/etc/dhcp3/dhcpd.conf"/>
-    <Path name="/etc/dhcp3/omapi.conf"/>
+    <Python name="/etc/dhcp3/omapi.conf"/>
+    <Python name="/etc/dhcp3/dhcp-failover.conf"/>
     <Path name="/etc/dhcp3/omapi_generate"/>
     <Action name="omapi_key"/>
 <!-- Conf générée par generate -->

Cfg/etc/dhcp3/dhcpd.conf/dhcpd.conf

@@ -34,10 +34,12 @@ option interface-mtu 1496;
 # have to hack syslog.conf to complete the redirection).
 log-facility local7;
 
+
+include "/etc/dhcp3/dhcp-failover.conf";
+
 # VLan gratuit
 subnet 10.42.0.0 netmask 255.255.0.0 {
 	interface eth3;
-	range 10.42.1.1 10.42.255.200;
 	option domain-name-servers 10.42.0.10;
 	option routers 10.42.0.10;
 	authoritative;
@@ -46,12 +48,15 @@ subnet 10.42.0.0 netmask 255.255.0.0 {
 	option root-path "/";
 	next-server 138.231.136.98;
 	filename "pxelinux.0";
+	pool {
+            range 10.42.1.1 10.42.255.200;
+            failover peer "dhcp-failover";
+	}
 }
 
 # VLan accueil
 subnet 10.51.0.0 netmask 255.255.0.0 {
 	interface eth4;
-	range 10.51.1.1 10.51.255.200;
 	default-lease-time 600;
 	max-lease-time 7200;
 	# On met sable en router pour pouvoir accéder à l'intranet et au wiki
@@ -64,12 +69,15 @@ subnet 10.51.0.0 netmask 255.255.0.0 {
 	filename "pxelinux.0";
 	option time-servers 10.51.0.10;
 	option ntp-servers 10.51.0.10;
+	pool {
+	    failover peer "dhcp-failover";
+	    range 10.51.1.1 10.51.255.200;
+	}
 }
 
 # VLan isolement
 subnet 10.52.0.0 netmask 255.255.0.0 {
 	interface eth5;
-	range 10.52.1.1 10.52.255.200;
 	default-lease-time 600;
 	max-lease-time 7200;
 	option domain-name-servers 10.52.0.10;
@@ -78,6 +86,10 @@ subnet 10.52.0.0 netmask 255.255.0.0 {
 	option root-path "/";
 	next-server 138.231.136.98;
 	filename "pxelinux.0";
+	pool {
+	    failover peer "dhcp-failover";
+	    range 10.52.1.1 10.52.255.200;
+	}
 }
 
 

Cfg/etc/dhcp3/omapi.conf/info.xml

@@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='root' perms='0600'/>
-</FileInfo>

Cfg/etc/dhcp3/omapi.conf/omapi.conf

@@ -1,7 +0,0 @@
-omapi-port 9991;
-key omapi_key {
-        algorithm HMAC-MD5;
-	secret "";
-};
-
-omapi-key omapi_key;

Cfg/etc/dhcp3/omapi_generate/omapi_generate

@@ -1,8 +1,10 @@
 #!/bin/bash
+# Fichier gere par BCfg2
+# A ne modifier que sur le serveur de configuration !
 PWD="/etc/dhcp3/"
 
 if [ ! -f /etc/dhcp3/omapi_key_generated ]; then
   dnssec-keygen -r /dev/urandom  -a HMAC-MD5 -b 512 -n HOST omapi_key
-  echo 'Clef omapi generee, pensez a executer la commande sudo cat /etc/dhcp3/Komapi_key*.private|grep "^Key"|cut -d ' ' -f2-`, et a en mettre le resultat dans omapi.conf.'
+  echo 'Clef omapi generee, pensez a executer la commande sudo cat /etc/dhcp3/Komapi_key*.private|grep "^Key"|cut -d ' ' -f2-`, et a en mettre le resultat dans secrets.py et refaire un run de bcfg2.'
   touch /etc/dhcp3/omapi_key_generated
 fi

Metadata/groups.xml

@@ -371,7 +371,7 @@
     <Group name="vlan-isolement"/>
     <Group name="vlan-ens"/>
     <Group name="vlan-wifi"/>
-    <Group name="dhcp-server" />
+    <Group name="dhcp-server-primary" />
   </Group>
 
   <Group name="isc"
@@ -382,7 +382,7 @@
     <Group name="vlan-isolement"/>
     <Group name="vlan-ens"/>
     <Group name="vlan-wifi"/>
-    <Group name="dhcp-server" />
+    <Group name="dhcp-server-secondary" />
   </Group>
 
   <Group name="routeur"
@@ -620,7 +620,11 @@
     <Group name="mail-backend"/>
   </Group>
 
-  <Group name="dhcp-server">
+  <Group name="dhcp-server-primary" category="dhcp-server" >
+    <Group name="isc-dhcp-server" />
+  </Group>
+
+  <Group name="dhcp-server-secondary" category="dhcp-server" >
     <Group name="isc-dhcp-server" />
   </Group>
 

Python/etc/dhcp3/dhcp-failover.conf

@@ -0,0 +1,37 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "root"
+info["perms"] = 0600
+
+comment_start = "#"
+
+header("Configuration pour le cluster dhcp pour %s" % admhostname)
+
+include("ip")
+import config
+
+if len(config.dhcp_servers) > 2:
+    print "####################################################################"
+    print "## ATTENTION LA CONFIGURATION NE PEUT PAS GÉRER PLUS DE DEUX DHCP ##"
+    print "####################################################################"
+
+myip = admip()
+herip = admipof([name for name in config.dhcp_servers if name != admhostname][0].split('.',1)[0])
+
+print 'failover peer "dhcp-failover" {'
+if has("dhcp-server-primary"):
+    print """        primary;
+        split 128;
+        mclt 3600;"""
+elif has("dhcp-server-secondary"):
+    print "        secondary;"
+print """        address %s;
+        port 647;
+        peer address %s;
+        peer port 647;
+        max-response-delay 30;
+        max-unacked-updates 10;
+        load balance max seconds 3;
+}
+""" % (myip, herip)

Python/etc/dhcp3/omapi.conf

@@ -0,0 +1,21 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "root"
+info["perms"] = 0600
+
+comment_start = "#"
+
+header("Configuration pour omapi pour %s" % admhostname)
+
+include("secrets")
+
+print """
+omapi-port 9991;
+key omapi_key {
+        algorithm HMAC-MD5;
+	secret "%s";
+};
+
+omapi-key omapi_key;
+""" % secrets.dhcp_omapi_keys.get(admhostname, '')