crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[dhcp] COnfiguration pour le dhcp failover

Browse source 
Omapi et dhcp-failover.conf sont générés en utilisant le module
python puis inclus dans la conf générale.
On distingue dans groups.xml un dhcp primaire et secondaire.
À priori, il n'est pas possible d'avoir plusieurs secondaire, d'où
l'avertissement dans dhcp-failover.conf si jamais cela arrive.
This commit is contained in:
Valentin Samir 2013-05-28 18:51:04 +02:00
parent 7f450a4e87
commit 80e87b27a1
8 changed files with 97 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Bundler/isc-dhcp-server.xml
View file

@ -5,7 +5,8 @@
<Path type="directory" name="/etc/dhcp3/generated"/>
<Path type="symlink" name="/etc/dhcp"/>
<Path name="/etc/dhcp3/dhcpd.conf"/>
<Path name="/etc/dhcp3/omapi.conf"/>
<Python name="/etc/dhcp3/omapi.conf"/>
<Python name="/etc/dhcp3/dhcp-failover.conf"/>
<Path name="/etc/dhcp3/omapi_generate"/>
<Action name="omapi_key"/>
<!-- Conf générée par generate -->

42
Cfg/etc/dhcp3/dhcpd.conf/dhcpd.conf
View file

@ -34,24 +34,29 @@ option interface-mtu 1496;
# have to hack syslog.conf to complete the redirection).
log-facility local7;
include "/etc/dhcp3/dhcp-failover.conf";
# VLan gratuit
subnet 10.42.0.0 netmask 255.255.0.0 {
interface eth3;
range 10.42.1.1 10.42.255.200;
option domain-name-servers 10.42.0.10;
option routers 10.42.0.10;
authoritative;
default-lease-time 86400;
deny unknown-clients;
option root-path "/";
next-server 138.231.136.98;
filename "pxelinux.0";
deny unknown-clients;
option root-path "/";
next-server 138.231.136.98;
filename "pxelinux.0";
pool {
range 10.42.1.1 10.42.255.200;
failover peer "dhcp-failover";
}
}
# VLan accueil
subnet 10.51.0.0 netmask 255.255.0.0 {
interface eth4;
range 10.51.1.1 10.51.255.200;
default-lease-time 600;
max-lease-time 7200;
# On met sable en router pour pouvoir accéder à l'intranet et au wiki
@ -59,25 +64,32 @@ subnet 10.51.0.0 netmask 255.255.0.0 {
# On n'a besoin que du dns ici (pour le portail captif)
option domain-name-servers 10.51.0.10;
authoritative;
option root-path "/";
next-server 138.231.136.98;
filename "pxelinux.0";
option time-servers 10.51.0.10;
option ntp-servers 10.51.0.10;
option root-path "/";
next-server 138.231.136.98;
filename "pxelinux.0";
option time-servers 10.51.0.10;
option ntp-servers 10.51.0.10;
pool {
failover peer "dhcp-failover";
range 10.51.1.1 10.51.255.200;
}
}
# VLan isolement
subnet 10.52.0.0 netmask 255.255.0.0 {
interface eth5;
range 10.52.1.1 10.52.255.200;
default-lease-time 600;
max-lease-time 7200;
option domain-name-servers 10.52.0.10;
option routers 10.52.0.10;
authoritative;
option root-path "/";
next-server 138.231.136.98;
filename "pxelinux.0";
option root-path "/";
next-server 138.231.136.98;
filename "pxelinux.0";
pool {
failover peer "dhcp-failover";
range 10.52.1.1 10.52.255.200;
}
}

3
Cfg/etc/dhcp3/omapi.conf/info.xml
View file

@ -1,3 +0,0 @@
<FileInfo>
<Info owner='root' group='root' perms='0600'/>
</FileInfo>

7
Cfg/etc/dhcp3/omapi.conf/omapi.conf
View file

@ -1,7 +0,0 @@
omapi-port 9991;
key omapi_key {
algorithm HMAC-MD5;
secret "";
};
omapi-key omapi_key;

4
Cfg/etc/dhcp3/omapi_generate/omapi_generate
View file

@ -1,8 +1,10 @@
#!/bin/bash
# Fichier gere par BCfg2
# A ne modifier que sur le serveur de configuration !
PWD="/etc/dhcp3/"
if [ ! -f /etc/dhcp3/omapi_key_generated ]; then
dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 512 -n HOST omapi_key
echo 'Clef omapi generee, pensez a executer la commande sudo cat /etc/dhcp3/Komapi_key*.private|grep "^Key"|cut -d ' ' -f2-`, et a en mettre le resultat dans omapi.conf.'
echo 'Clef omapi generee, pensez a executer la commande sudo cat /etc/dhcp3/Komapi_key*.private|grep "^Key"|cut -d ' ' -f2-`, et a en mettre le resultat dans secrets.py et refaire un run de bcfg2.'
touch /etc/dhcp3/omapi_key_generated
fi

10
Metadata/groups.xml
View file

@ -371,7 +371,7 @@
<Group name="vlan-isolement"/>
<Group name="vlan-ens"/>
<Group name="vlan-wifi"/>
<Group name="dhcp-server" />
<Group name="dhcp-server-primary" />
</Group>
<Group name="isc"
@ -382,7 +382,7 @@
<Group name="vlan-isolement"/>
<Group name="vlan-ens"/>
<Group name="vlan-wifi"/>
<Group name="dhcp-server" />
<Group name="dhcp-server-secondary" />
</Group>
<Group name="routeur"
@ -620,7 +620,11 @@
<Group name="mail-backend"/>
</Group>
<Group name="dhcp-server">
<Group name="dhcp-server-primary" category="dhcp-server" >
<Group name="isc-dhcp-server" />
</Group>
<Group name="dhcp-server-secondary" category="dhcp-server" >
<Group name="isc-dhcp-server" />
</Group>

37
Python/etc/dhcp3/dhcp-failover.conf Normal file
View file

@ -0,0 +1,37 @@
# -*- mode: python; encoding: utf-8 -*-
info["owner"] = "root"
info["group"] = "root"
info["perms"] = 0600
comment_start = "#"
header("Configuration pour le cluster dhcp pour %s" % admhostname)
include("ip")
import config
if len(config.dhcp_servers) > 2:
print "####################################################################"
print "## ATTENTION LA CONFIGURATION NE PEUT PAS GÉRER PLUS DE DEUX DHCP ##"
print "####################################################################"
myip = admip()
herip = admipof([name for name in config.dhcp_servers if name != admhostname][0].split('.',1)[0])
print 'failover peer "dhcp-failover" {'
if has("dhcp-server-primary"):
print """ primary;
split 128;
mclt 3600;"""
elif has("dhcp-server-secondary"):
print " secondary;"
print """ address %s;
port 647;
peer address %s;
peer port 647;
max-response-delay 30;
max-unacked-updates 10;
load balance max seconds 3;
}
""" % (myip, herip)

21
Python/etc/dhcp3/omapi.conf Normal file
View file

@ -0,0 +1,21 @@
# -*- mode: python; encoding: utf-8 -*-
info["owner"] = "root"
info["group"] = "root"
info["perms"] = 0600
comment_start = "#"
header("Configuration pour omapi pour %s" % admhostname)
include("secrets")
print """
omapi-port 9991;
key omapi_key {
algorithm HMAC-MD5;
secret "%s";
};
omapi-key omapi_key;
""" % secrets.dhcp_omapi_keys.get(admhostname, '')