diff --git a/bundles/dhcpd/files/dhcpd.conf b/bundles/dhcpd/files/dhcpd.conf index 8a9e7eb..97e734b 100644 --- a/bundles/dhcpd/files/dhcpd.conf +++ b/bundles/dhcpd/files/dhcpd.conf @@ -1,19 +1,21 @@ -#dhcpd.conf - <% -import re + import re + from ipaddress import ip_network %> ddns-update-style none; authoritative; -% for identifier, subnet in dhcp_config.get('subnets', {}).items(): -# subnet '${identifier}' -subnet ${subnet['subnet']} netmask ${subnet['netmask']} { +% for interface, subnet in sorted(dhcp_config.get('subnets', {}).items()): +<% + network = ip_network(subnet['subnet']) +%> +# interface ${interface} provides ${subnet['subnet']} +subnet ${network.network_address} netmask ${network.netmask} { % if subnet.get('range_lower', None) and subnet.get('range_higher', None): range ${subnet['range_lower']} ${subnet['range_higher']}; % endif - interface "${subnet['interface']}"; + interface "${interface}"; default-lease-time ${subnet.get('default-lease-time', 600)}; max-lease-time ${subnet.get('max-lease-time', 3600)}; % for option, value in sorted(subnet.get('options', {}).items()): diff --git a/bundles/dhcpd/files/isc-dhcp-server b/bundles/dhcpd/files/isc-dhcp-server index 8d0ee70..4b0120d 100644 --- a/bundles/dhcpd/files/isc-dhcp-server +++ b/bundles/dhcpd/files/isc-dhcp-server @@ -14,5 +14,5 @@ # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". -INTERFACESv4="${listen_interfaces}" +INTERFACESv4="${' '.join(sorted(node.metadata.get('dhcpd/subnets', {})))}" INTERFACESv6="" diff --git a/bundles/dhcpd/items.py b/bundles/dhcpd/items.py index 6af1378..bdf9944 100644 --- a/bundles/dhcpd/items.py +++ b/bundles/dhcpd/items.py @@ -13,10 +13,6 @@ files = { }, '/etc/default/isc-dhcp-server': { 'content_type': 'mako', - 'context': { - # Set by our own metadata reactor. Guaranteed to exist. - 'listen_interfaces': node.metadata['dhcpd']['listen_interfaces'], - }, 'needs': { 'pkg_apt:isc-dhcp-server' }, diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py index 5bf3924..6c13ea3 100644 --- a/bundles/dhcpd/metadata.py +++ b/bundles/dhcpd/metadata.py @@ -36,33 +36,18 @@ def get_static_allocations(metadata): } -@metadata_reactor.provides( - 'dhcpd/listen_interfaces', -) -def get_listen_interfaces(metadata): - listen_interfaces = [] - for _, subnet in node.metadata.get('dhcpd/subnets', {}).items(): - listen_interfaces.append(subnet['interface']) - - return { - 'dhcpd': { - 'listen_interfaces': ' '.join(sorted(listen_interfaces)), - } - } - - @metadata_reactor.provides( 'iptables/bundle_rules/dhcpd', ) def iptables(metadata): rules = set() - for subnet in node.metadata.get('dhcpd/subnets', {}).values(): - rules.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet['interface'])) + for subnet in node.metadata.get('dhcpd/subnets', {}): + rules.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet)) return { 'iptables': { 'bundle_rules': { - # can't use port_rules here. We're generating interface based rules here. + # can't use port_rules here, because we're generating interface based rules. 'dhcpd': sorted(list(rules)), }, } diff --git a/nodes/home/router.py b/nodes/home/router.py index 4390bef..37c6af7 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -43,12 +43,10 @@ nodes['home.router'] = { }, 'dhcpd': { 'subnets': { - 'dmz': { - 'interface': 'enp1s0.23', - 'netmask': '255.255.255.0', + 'enp1s0.23': { 'range_lower': '172.19.139.200', 'range_higher': '172.19.139.250', - 'subnet': '172.19.139.0', + 'subnet': '172.19.139.0/24', 'options': { 'broadcast-address': '172.19.139.255', 'domain-name-servers': '172.19.139.1', @@ -56,12 +54,10 @@ nodes['home.router'] = { 'subnet-mask': '255.255.255.0', }, }, - 'home': { - 'interface': 'enp1s0.42', - 'netmask': '255.255.255.0', + 'enp1s0.42': { 'range_lower': '172.19.138.100', 'range_higher': '172.19.138.250', - 'subnet': '172.19.138.0', + 'subnet': '172.19.138.0/24', 'options': { 'broadcast-address': '172.19.138.255', 'domain-name': 'franzi-home.kunbox.net',