bundles/dhcpd: rework metadata
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
3bd851aae5
commit
24362768fb
GPG key ID:
12E3D2136B818350
5 changed files with 17 additions and 38 deletions
|
|
@ -1,19 +1,21 @@
|
||||||
#dhcpd.conf
|
|
||||||
|
|
||||||
<%
|
<%
|
||||||
import re
|
import re
|
||||||
|
from ipaddress import ip_network
|
||||||
%>
|
%>
|
||||||
ddns-update-style none;
|
ddns-update-style none;
|
||||||
|
|
||||||
authoritative;
|
authoritative;
|
||||||
|
|
||||||
% for identifier, subnet in dhcp_config.get('subnets', {}).items():
|
% for interface, subnet in sorted(dhcp_config.get('subnets', {}).items()):
|
||||||
# subnet '${identifier}'
|
<%
|
||||||
subnet ${subnet['subnet']} netmask ${subnet['netmask']} {
|
network = ip_network(subnet['subnet'])
|
||||||
|
%>
|
||||||
|
# interface ${interface} provides ${subnet['subnet']}
|
||||||
|
subnet ${network.network_address} netmask ${network.netmask} {
|
||||||
% if subnet.get('range_lower', None) and subnet.get('range_higher', None):
|
% if subnet.get('range_lower', None) and subnet.get('range_higher', None):
|
||||||
range ${subnet['range_lower']} ${subnet['range_higher']};
|
range ${subnet['range_lower']} ${subnet['range_higher']};
|
||||||
% endif
|
% endif
|
||||||
interface "${subnet['interface']}";
|
interface "${interface}";
|
||||||
default-lease-time ${subnet.get('default-lease-time', 600)};
|
default-lease-time ${subnet.get('default-lease-time', 600)};
|
||||||
max-lease-time ${subnet.get('max-lease-time', 3600)};
|
max-lease-time ${subnet.get('max-lease-time', 3600)};
|
||||||
% for option, value in sorted(subnet.get('options', {}).items()):
|
% for option, value in sorted(subnet.get('options', {}).items()):
|
||||||
|
|
|
||||||
|
|
@ -14,5 +14,5 @@
|
||||||
|
|
||||||
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
|
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
|
||||||
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
|
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
|
||||||
INTERFACESv4="${listen_interfaces}"
|
INTERFACESv4="${' '.join(sorted(node.metadata.get('dhcpd/subnets', {})))}"
|
||||||
INTERFACESv6=""
|
INTERFACESv6=""
|
||||||
|
|
|
||||||
|
|
@ -13,10 +13,6 @@ files = {
|
||||||
},
|
},
|
||||||
'/etc/default/isc-dhcp-server': {
|
'/etc/default/isc-dhcp-server': {
|
||||||
'content_type': 'mako',
|
'content_type': 'mako',
|
||||||
'context': {
|
|
||||||
# Set by our own metadata reactor. Guaranteed to exist.
|
|
||||||
'listen_interfaces': node.metadata['dhcpd']['listen_interfaces'],
|
|
||||||
},
|
|
||||||
'needs': {
|
'needs': {
|
||||||
'pkg_apt:isc-dhcp-server'
|
'pkg_apt:isc-dhcp-server'
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -36,33 +36,18 @@ def get_static_allocations(metadata):
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@metadata_reactor.provides(
|
|
||||||
'dhcpd/listen_interfaces',
|
|
||||||
)
|
|
||||||
def get_listen_interfaces(metadata):
|
|
||||||
listen_interfaces = []
|
|
||||||
for _, subnet in node.metadata.get('dhcpd/subnets', {}).items():
|
|
||||||
listen_interfaces.append(subnet['interface'])
|
|
||||||
|
|
||||||
return {
|
|
||||||
'dhcpd': {
|
|
||||||
'listen_interfaces': ' '.join(sorted(listen_interfaces)),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@metadata_reactor.provides(
|
@metadata_reactor.provides(
|
||||||
'iptables/bundle_rules/dhcpd',
|
'iptables/bundle_rules/dhcpd',
|
||||||
)
|
)
|
||||||
def iptables(metadata):
|
def iptables(metadata):
|
||||||
rules = set()
|
rules = set()
|
||||||
for subnet in node.metadata.get('dhcpd/subnets', {}).values():
|
for subnet in node.metadata.get('dhcpd/subnets', {}):
|
||||||
rules.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet['interface']))
|
rules.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet))
|
||||||
|
|
||||||
return {
|
return {
|
||||||
'iptables': {
|
'iptables': {
|
||||||
'bundle_rules': {
|
'bundle_rules': {
|
||||||
# can't use port_rules here. We're generating interface based rules here.
|
# can't use port_rules here, because we're generating interface based rules.
|
||||||
'dhcpd': sorted(list(rules)),
|
'dhcpd': sorted(list(rules)),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -43,12 +43,10 @@ nodes['home.router'] = {
|
||||||
},
|
},
|
||||||
'dhcpd': {
|
'dhcpd': {
|
||||||
'subnets': {
|
'subnets': {
|
||||||
'dmz': {
|
'enp1s0.23': {
|
||||||
'interface': 'enp1s0.23',
|
|
||||||
'netmask': '255.255.255.0',
|
|
||||||
'range_lower': '172.19.139.200',
|
'range_lower': '172.19.139.200',
|
||||||
'range_higher': '172.19.139.250',
|
'range_higher': '172.19.139.250',
|
||||||
'subnet': '172.19.139.0',
|
'subnet': '172.19.139.0/24',
|
||||||
'options': {
|
'options': {
|
||||||
'broadcast-address': '172.19.139.255',
|
'broadcast-address': '172.19.139.255',
|
||||||
'domain-name-servers': '172.19.139.1',
|
'domain-name-servers': '172.19.139.1',
|
||||||
|
|
@ -56,12 +54,10 @@ nodes['home.router'] = {
|
||||||
'subnet-mask': '255.255.255.0',
|
'subnet-mask': '255.255.255.0',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'home': {
|
'enp1s0.42': {
|
||||||
'interface': 'enp1s0.42',
|
|
||||||
'netmask': '255.255.255.0',
|
|
||||||
'range_lower': '172.19.138.100',
|
'range_lower': '172.19.138.100',
|
||||||
'range_higher': '172.19.138.250',
|
'range_higher': '172.19.138.250',
|
||||||
'subnet': '172.19.138.0',
|
'subnet': '172.19.138.0/24',
|
||||||
'options': {
|
'options': {
|
||||||
'broadcast-address': '172.19.138.255',
|
'broadcast-address': '172.19.138.255',
|
||||||
'domain-name': 'franzi-home.kunbox.net',
|
'domain-name': 'franzi-home.kunbox.net',
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue