diff --git a/defaults/main.yml b/defaults/main.yml index f10777f..0b3c73c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -161,4 +161,104 @@ dhcpd_hosts: [] dhcpd_includes: [] #- '/etc/dhcp/example.conf' - +# ---- ISC DHCP failover configuration ---- +# +# Each failover declaration consists of primary and secondary host, no more +# than two nodes failover is allowed by isc-dhcpd currently. +# +# You must specify which failover each pool should use by specifying a +# 'failover peer' option in pool declaration. +# +# Each failover declaration has a set of an mandatory fields, which is: +# primary: "" Ansible inventory name of a primary DHCP host, if +# you need failover to work on different IP, +# see primary_fo_addr option below. +# +# secondary: "" Ansible inventory name of a secondary DHCP host, if +# you need failover to work on different IP, +# see secondary_fo_addr option below. +# +# Ansible inventory name is either IP ot hostname specified in inventory file. +# +# mclt: 3600 Max Client Lead Time. The maximum amount of time +# that one server can extend a lease for a DHCP +# client beyond the time known by the partner server. +# +# split: [0-255] Specifies the split between the primary and +# secondary for the purposes of load balancing. +# Whenever a client makes a DHCP request, the DHCP +# server runs a hash on the client identification, +# resulting in value from 0 to 255. This is used as +# an index into a 256 bit field. If the bit at that +# index is set, the primary is responsible. If +# the bit at that index is not set, the secondary +# is responsible. +# -- or -- +# hba: ([0-9a-f]{2}:){32} Specifies the split between the primary and +# secondary as a bitmap rather than a cutoff, which +# theoretically allows for finer-grained control. +# In practice, there is probably no need for such +# fine-grained control, however. +# max_response_delay: 5 Tells the DHCP server how many seconds may pass +# without receiving a message from its failover peer +# before it assumes that connection has failed. +# This is mandatory according to dhcpd.conf man page. +# max_unacked_updates: 10 Tells the remote DHCP server how many BNDUPD +# messages it can send before it receives a BNDACK +# from the local system. +# This is mandatory according to dhcpd.conf man page. +# +# You must use either 'split' or 'hba' statement. Split has a preference, so +# if it's defined, 'hba' will be omitted by configuration template. +# Optional field are mostly desribed in dhcpd.conf man page: +# port: 647 Specifies port on which primary and secondary +# nodes will listen for failover connection. +# Diffirent ports for primary and secondary is +# currently unsupported. +# +# primary_fo_addr: "" IP/Hostname of a primary DHCP host. This option +# is used if you need failover address be different +# from ansible inventory IP/hostname. +# If omitted, then 'primary' is used. +# +# secondary_fo_addr: "" IP/Hostname of a secondary DHCP host. This option +# is used if you need failover address be different +# from ansible inventory IP/hostname. +# If omitted, then 'secondary' is used. +# +# auto_partner_down: 0 Number of second to start serving partners IPs +# after the partner's failure. +# +# load_balance_max_seconds: 5 +# max_lease_misbalance: 15 +# max_lease_ownership: 10 +# min_balance: 60 +# max_balance: 3600 +# +dhcpd_failovers: [] + ## Following is full cluster configuration + #- failover: 'failover-localsubnet' + # primary: '10.0.10.1' + # primary_fo_addr: '10.5.10.1' + # secondary: '10.0.10.2' + # secondary_fo_addr: '10.5.10.2' + # port: 1337 + # split: 128 + # hba: aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa:aa + # max_response_delay: 5 + # max_unacked_updates: 10 + # load_balance_max_seconds: 5 + # auto_partner_down: 0 + # max_lease_misbalance: 15 + # max_lease_ownership: 10 + # min_balance: 60 + # max_balance: 3600 + # + ## Following is minimal cluster configuration + #- failover: 'failover-san' + # primary: '10.0.10.1' + # secondary: '10.0.10.2' + # mclt: 3600 + # split: 128 + # max_response_delay: 5 + # max_unacked_updates: 10 diff --git a/templates/etc/dhcp/dhcpd.conf.j2 b/templates/etc/dhcp/dhcpd.conf.j2 index b464503..3b28cf4 100644 --- a/templates/etc/dhcp/dhcpd.conf.j2 +++ b/templates/etc/dhcp/dhcpd.conf.j2 @@ -121,6 +121,71 @@ host {{ host.hostname }} { {% endif %} {% endmacro %} + + + +{% macro print_failover(failover) %} +{% if failover.comment is defined and failover.comment %} +# {{ failover.comment }} +{% endif %} +failover peer "{{ failover.failover }}" { +{% if failover.primary is defined and failover.primary == inventory_hostname %} + primary; + mclt {{ failover.mclt|default(3600) }}; +{% if failover.primary_fo_addr is defined and failover.primary_fo_addr %} + address {{ failover.primary_fo_addr }}; +{% else %} + address {{ failover.primary }}; +{% endif %} +{% if failover.secondary_fo_addr is defined and failover.secondary_fo_addr %} + peer address {{ failover.secondary_fo_addr }}; +{% else %} + peer address {{ failover.secondary }}; +{% endif %} +{% if failover.split is defined and failover.split %} + split {{ failover.split }}; +{% elif failover.hba is defined and failover.hba %} + hba {{ failover.hba }}; +{% endif %} +{% else %} + secondary; +{% if failover.secondary_fo_addr is defined and failover.secondary_fo_addr %} + address {{ failover.secondary_fo_addr }}; +{% else %} + address {{ failover.secondary }}; +{% endif %} +{% if failover.primary_fo_addr is defined and failover.primary_fo_addr %} + peer address {{ failover.primary_fo_addr }}; +{% else %} + peer address {{ failover.primary }}; +{% endif %} +{% endif %} + max-response-delay {{ failover.max_response_delay|default(30) }}; + max-unacked-updates {{ failover.max_unacked_updates|default(10) }}; +{% if failover.load_balance_max_seconds is defined and failover.load_balance_max_seconds %} + load balance max seconds {{ failover.load_balance_max_seconds }}; +{% endif %} +{% if failover.max_lease_misbalance is defined and failover.max_lease_misbalance %} + max-lease-misbalance {{ failover.max_lease_misbalance }}; +{% endif %} +{% if failover.max_lease_ownership is defined and failover.max_lease_ownership %} + max-lease-ownership {{ failover.max_lease_ownership }}; +{% endif %} +{% if failover.min_balance is defined and failover.min_balance %} + min-balance {{ failover.min_balance }}; +{% endif %} +{% if failover.max_balance is defined and failover.max_balance %} + max-balance {{ failover.max_balance }}; +{% endif %} +{% if failover.auto_partner_down is defined and failover.auto_partner_down %} + auto-partner-down {{ failover.auto_partner_down }}; +{% endif %} +} +{% endmacro %} + + + + {% if dhcpd_authoritative is defined and dhcpd_authoritative %} authoritative; @@ -143,6 +208,11 @@ not authoritative; {{ print_class(class) }} {% endfor %} {% endif %} +{% if dhcpd_failovers is defined and dhcpd_failovers %} +{% for failover in dhcpd_failovers %} +{{ print_failover(failover) }} +{% endfor %} +{% endif %} {% if dhcpd_shared_networks is defined and dhcpd_shared_networks %} {% for network in dhcpd_shared_networks %} {% if network.subnets is defined and network.subnets %}