Implement DNS (bind9) and DHCP (isc-dhcp-server) and TFTP (tftpd-hpa).

2021-04-09 11:20:21 +02:00 · 2021-04-09 11:20:21 +02:00 · d8366d2ca2
commit d8366d2ca2
parent ebcfd88ef4
9 changed files with 279 additions and 1 deletions
--- a/roles/dns-dhcp-tftp/tasks/main.yml
+++ b/roles/dns-dhcp-tftp/tasks/main.yml
@ -0,0 +1,84 @@
+---
+- name: preseed tftpd-hpa
+  debconf:
+    name: tftpd-hpa
+    question: tftpd-hpa/directory
+    value: /var/lib/tftpboot
+    vtype: string
+
+- name: install tftpd, dhcpd and named packages
+  apt:
+    name:
+      - isc-dhcp-server
+      - tftpd-hpa
+      - bind9
+    state: latest
+
+## FIXME: preseeding seems to be ignored
+- name: configure TFTP root directory
+  replace:
+    path: /etc/default/tftpd-hpa
+    regexp: '^TFTP_DIRECTORY=".*"$'
+    replace: 'TFTP_DIRECTORY="/var/lib/tftpboot"'
+  notify: restart tftpd-hpa
+
+- name: serve dhcp on LAN interface       
+  replace:
+    path: /etc/default/isc-dhcp-server
+    regexp: '^INTERFACESv4=".*"$'
+    replace: 'INTERFACESv4="{{ if_lan }}"'
+  notify: restart isc-dhcp-server
+
+- name: deploy config files for isc-dhcp-server
+  template:
+    src: dhcpd.conf.j2
+    dest: /etc/dhcp/dhcpd.conf
+    backup: yes
+  notify: restart isc-dhcp-server
+
+- name: deploy config files for bind9 
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/bind/{{ item }}"
+  loop:
+    - db.intern
+    - db.192.168.0
+    - localzones
+  notify: restart bind
+
+- name: enable local bind config
+  lineinfile:
+    path: /etc/bind/named.conf.local
+    line: 'include "/etc/bind/localzones";'
+  notify: restart bind
+
+- name: adapt resolv.conf
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+
+## stop dhclient from overwriting /etc/resolv.conf:
+- name: supersede dhcp client data
+  blockinfile:
+    dest: /etc/dhcp/dhclient.conf
+    block: |
+      supersede domain-name "{{ ansible_domain }}";
+      supersede domain-search "{{ ansible_domain }}";
+      supersede domain-name-servers 127.0.0.1;
+    insertbefore: "#send dhcp-client-identifier.*" 
+
+- name: generate rndc key
+  command:
+    cmd: rndc-confgen -a
+    creates: /etc/bind/rndc.key
+
+- name: copy rndc key
+  copy:
+    src: /etc/bind/rndc.key 
+    dest: /etc/dhcp/
+    owner: root 
+    group: root
+    mode: '0640'
+    remote_src: yes  
+  notify: restart isc-dhcp-server
+