From f6dafbc78e2bf69b5905410e53ff98ba9b8c9b96 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 15 Nov 2020 11:58:55 +0100 Subject: [PATCH 1/6] nodes/home.router: use default settings for dhcp lease times --- nodes/home/router.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/nodes/home/router.py b/nodes/home/router.py index 37cadb0..4809ad3 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -94,8 +94,6 @@ nodes['home.router'] = { 'broadcast-address': '172.19.138.255', 'subnet-mask': '255.255.255.0', }, - 'default-lease-time': 300, - 'max-lease-time': 1800, }, }, }, -- 2.39.2 From cdef8cdb13f28412ff9cc834f401bd2dd722f3f7 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 15 Nov 2020 12:00:58 +0100 Subject: [PATCH 2/6] bundles/dhcpd: adjust indentation in dhcpd.conf --- bundles/dhcpd/files/dhcpd.conf | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/bundles/dhcpd/files/dhcpd.conf b/bundles/dhcpd/files/dhcpd.conf index 98ff2b4..8a9e7eb 100644 --- a/bundles/dhcpd/files/dhcpd.conf +++ b/bundles/dhcpd/files/dhcpd.conf @@ -1,27 +1,28 @@ #dhcpd.conf -<% +<% import re %> ddns-update-style none; authoritative; -% for identfier, subnet in dhcp_config.get('subnets', {}).items(): +% for identifier, subnet in dhcp_config.get('subnets', {}).items(): +# subnet '${identifier}' subnet ${subnet['subnet']} netmask ${subnet['netmask']} { -% if subnet.get('range_lower', None) and subnet.get('range_higher', None): +% if subnet.get('range_lower', None) and subnet.get('range_higher', None): range ${subnet['range_lower']} ${subnet['range_higher']}; -% endif +% endif interface "${subnet['interface']}"; default-lease-time ${subnet.get('default-lease-time', 600)}; max-lease-time ${subnet.get('max-lease-time', 3600)}; -% for option, value in sorted(subnet.get('options', {}).items()): - % if re.match('([^0-9\.,\ ])', value): - option ${option} "${value}"; - % else: - option ${option} ${value}; - % endif -% endfor +% for option, value in sorted(subnet.get('options', {}).items()): +% if re.match('([^0-9\.,\ ])', value): + option ${option} "${value}"; +% else: + option ${option} ${value}; +% endif +% endfor } % endfor -- 2.39.2 From ad569f073ea88484a5e1d1dcec5b205fe2b12352 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 15 Nov 2020 12:01:14 +0100 Subject: [PATCH 3/6] bundles/dhcpd: add iptables rules --- bundles/dhcpd/metadata.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py index ce6fb6b..4c8e551 100644 --- a/bundles/dhcpd/metadata.py +++ b/bundles/dhcpd/metadata.py @@ -23,6 +23,7 @@ def get_static_allocations(metadata): } } + @metadata_reactor def get_listen_interfaces(metadata): listen_interfaces = [] @@ -34,3 +35,19 @@ def get_listen_interfaces(metadata): 'listen_interfaces': ' '.join(sorted(listen_interfaces)), } } + + +@metadata_reactor +def iptables(metadata): + iptables = set() + for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): + iptables.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet.get('interface'))) + + return { + 'iptables': { + 'bundle_rules': { + # iptables bundle relies on this being a list. + 'dhcpd': sorted(list(iptables)), + }, + } + } -- 2.39.2 From d5bca495e0fc74b7d6907965018f43b7879a8f7f Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 15 Nov 2020 12:01:32 +0100 Subject: [PATCH 4/6] bundles/dhcpd: remove some .get() --- bundles/dhcpd/items.py | 5 +++-- bundles/dhcpd/metadata.py | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/bundles/dhcpd/items.py b/bundles/dhcpd/items.py index f3d7125..f6c09f4 100644 --- a/bundles/dhcpd/items.py +++ b/bundles/dhcpd/items.py @@ -2,7 +2,7 @@ files = { '/etc/dhcp/dhcpd.conf': { 'content_type': 'mako', 'context': { - 'dhcp_config': node.metadata.get('dhcpd'), + 'dhcp_config': node.metadata['dhcpd'], }, 'needs': { 'pkg_apt:isc-dhcp-server' @@ -14,7 +14,8 @@ files = { '/etc/default/isc-dhcp-server': { 'content_type': 'mako', 'context': { - 'listen_interfaces': node.metadata.get('dhcpd', {}).get('listen_interfaces'), + # Set by our own metadata reactor. Guaranteed to exist. + 'listen_interfaces': node.metadata['dhcpd']['listen_interfaces'], }, 'needs': { 'pkg_apt:isc-dhcp-server' diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py index 4c8e551..5712ead 100644 --- a/bundles/dhcpd/metadata.py +++ b/bundles/dhcpd/metadata.py @@ -28,7 +28,7 @@ def get_static_allocations(metadata): def get_listen_interfaces(metadata): listen_interfaces = [] for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): - listen_interfaces.append(subnet.get('interface')) + listen_interfaces.append(subnet['interface']) return { 'dhcpd': { @@ -41,7 +41,7 @@ def get_listen_interfaces(metadata): def iptables(metadata): iptables = set() for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items(): - iptables.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet.get('interface'))) + iptables.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet['interface'])) return { 'iptables': { -- 2.39.2 From c597244a9d909b4b26f15fe0c6db356289098c01 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 15 Nov 2020 12:07:02 +0100 Subject: [PATCH 5/6] bundles/dhcpd: adjust spacing in metadata processor for static leases --- bundles/dhcpd/metadata.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py index 5712ead..2dafe29 100644 --- a/bundles/dhcpd/metadata.py +++ b/bundles/dhcpd/metadata.py @@ -14,9 +14,10 @@ def get_static_allocations(metadata): for identifier, interface in rnode.metadata.get('interfaces', {}).items(): if interface.get('dhcp', False): allocations[rnode.name] = { - 'ipv4': sorted(interface['ips'])[0], - 'mac': interface['mac'], + 'ipv4': sorted(interface['ips'])[0], + 'mac': interface['mac'], } + return { 'dhcpd': { 'fixed_allocations': allocations, -- 2.39.2 From 9df5cb1f16229add896e20b892e8534c39a43c9c Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 15 Nov 2020 13:23:24 +0100 Subject: [PATCH 6/6] bundles/dhcpd: remove hardcoded group in metadata reactor get_static_allocations() --- bundles/dhcpd/metadata.py | 5 ++++- groups/locations.py | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py index 2dafe29..a1a44d4 100644 --- a/bundles/dhcpd/metadata.py +++ b/bundles/dhcpd/metadata.py @@ -10,7 +10,10 @@ defaults = { @metadata_reactor def get_static_allocations(metadata): allocations = {} - for rnode in repo.nodes_in_group('home'): + for rnode in repo.nodes: + if rnode.metadata.get('location', '') != metadata.get('location', ''): + continue + for identifier, interface in rnode.metadata.get('interfaces', {}).items(): if interface.get('dhcp', False): allocations[rnode.name] = { diff --git a/groups/locations.py b/groups/locations.py index 953b027..4d46f32 100644 --- a/groups/locations.py +++ b/groups/locations.py @@ -13,6 +13,7 @@ groups['gce'] = { }, }, }, + 'location': 'gce', 'nameservers': { '8.8.8.8', '8.8.4.4', @@ -33,6 +34,9 @@ groups['htz'] = { 'subgroups': { 'htz-cloud', }, + 'metadata': { + 'location': 'htz', + }, } groups['htz-cloud'] = { @@ -70,6 +74,7 @@ groups['ovh'] = { r"ovh\..*", }, 'metadata': { + 'location': 'ovh', 'users': { 'debian': { 'delete': True, -- 2.39.2