Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.

hpr3187 :: Ansible for Dynamic Host Configuration Protocol

How I use ansible to configure my OpenBSD router

<< First, < Previous, Latest >>

Hosted by norrist on Tuesday 2020-10-20 is flagged as Clean and is released under a CC-BY-SA license.
Tags: ansible, dhcp, dns, openbsd.

Listen in ogg, spx, or mp3 format. | Comments (2)

Ansible DHCPD and DNS

Using Ansible to configure DHCPD and NDS on OpenBSD

  • Host data is stored in csv files
  • Ansible templates to create config files
  • Restart services

hostname-setup.yml

---
- hosts: localhost
  tasks:
  - name: read subnet 10
    read_csv:
      path: 10.csv
      fieldnames: mac,ip,hostname
    register: subnet_10
  - name: read subnet 11
    read_csv:
      path: 11.csv
      fieldnames: mac,ip,hostname
    register: subnet_11
  - name: read static
    read_csv:
      path: static.csv
      fieldnames: hostname,ip
    register: static_ip

  - name: write dhcp file
    template:
      src: dhcpd.conf.j2
      dest: /etc/dhcpd.conf
      validate: dhcpd -nc %s
  - name: write local.lan zone file
    template:
      src: local.lan.zone.j2
      dest: /var/nsd/zones/master/local.lan
      owner: root
      group: _nsd
      validate: nsd-checkzone local.lan %s
  - name: nsd_conf
    copy:
      src: nsd.conf
      dest: /var/nsd/etc/nsd.conf
      owner: root
      group: _nsd
      validate: nsd-checkconf %s
  - name: restart nsd
    service:
      name: nsd
      state: restarted
  - name: restart dhcpd
    service:
      name: dhcpd
      state: restarted
  - name: restart unbound
    service:
      name: unbound
      state: restarted

10.csv

b8:27:eb:8b:7a:6d,192.168.10.100,pi3a
b8:27:eb:ef:f2:d4,192.168.10.101,pi3b
28:10:7b:25:d5:60,192.168.10.79,ipcam3
28:10:7b:0c:fa:7b,192.168.10.80,ipcam1
f0:7d:68:0b:ca:56,192.168.10.81,ipcam2

static.csv

tplink,192.168.10.2
gate,192.168.10.10
www,192.168.10.10
fox,192.168.10.17

dhcpd.conf.j2

option  domain-name "local.lan";
option  domain-name-servers 192.168.10.10;

subnet 192.168.10.0 netmask 255.255.255.0 {
        option routers 192.168.10.10;
        range 192.168.10.161 192.168.10.179;
        {% for host in subnet_10.list %}
        host static-client { hardware ethernet {{ host.mac }};fixed-address {{ host.ip }};} #{{ host.hostname }}
        {% endfor %}
}

subnet 192.168.11.0 netmask 255.255.255.0 {
    option routers 192.168.11.10;
    range 192.168.11.72 192.168.11.127;
{% for host in subnet_11.list %}
host static-client { hardware ethernet {{ host.mac }};fixed-address {{ host.ip }};} #{{ host.hostname }}
{% endfor %}
}

Rendered DHCP entires

host static-client { hardware ethernet b8:27:eb:de:2f:38;fixed-address 192.168.10.45;} #pi3a
host static-client { hardware ethernet 28:10:7b:25:d5:60;fixed-address 192.168.10.79;} #ipcam3
host static-client { hardware ethernet 28:10:7b:0c:fa:7b;fixed-address 192.168.10.80;} #ipcam1

local.lan.zone.j2

$TTL 3600
local.lan. IN     SOA    a.root-servers.net. root. (
                2016092901  ; Serial
                3H          ; refresh after 3 hours
                1H          ; retry after 1 hour
                1W          ; expire after 1 week
                1D)         ; minimum TTL of 1 day

IN  NS  gate.

IN  MX  50 gate.local.lan.

local.lan.      IN A    192.168.10.10

{% for host in static_ip.list%}
{{ host.hostname }} IN A {{ host.ip }}
{% endfor %}

{% for host in subnet_10.list%}
{{ host.hostname }} IN A {{ host.ip }}
{% endfor %}

{% for host in subnet_11.list%}
{{ host.hostname }} IN A {{ host.ip }}
{% endfor %}

Rendered A records

pi3b IN A 192.168.10.101
pi3a IN A 192.168.10.45
ipcam3 IN A 192.168.10.79
ipcam1 IN A 192.168.10.80

Run the playbook

ansible-playbook hostname-setup.yml

Show Transcript

Automatically generated using whisper

whisper --model tiny --language en hpr3187.wav

<< First, < Previous, Latest >>

Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2020-10-26T21:51:15Z by Cedric De Vroey

Also getting into Ansible

Hi Norrist,
I have just recently started using Ansible. I'm currently playing with my new toy, a Turing Pi board equiped with 7 Raspberry Pi Compute modules, basically it's like a single board cluster so to speak :-) Anyways, I found Ansible extremely helpfull in setting these up.
First I made sure all Pi's had a fresh install of Ubuntu server with Ssh enabled and an account that authorized my public key. Then I just created a simple inventory file with the IPs of each node and I was good to go. Then I could just do:
ansible -c cluster -a "sudo apt update && sudo apt install -y kubernetes"

Comment #2 posted on 2021-02-10T21:52:20Z by Windigo

Interesting approach

I'm currently battling with split-horizon DNS and DHCP on my local LAN, using a PiHole and the underlying dnsmasq server.

I'm very happy to have this episode as a "Plan B"; it's a very clever way to roll your own network services without having to worry about manual configs and fragile setups.

Thanks for the great episode!

<< First, < Previous, Latest >>

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the P in HPR stand for ?
Are you a spammer →
Who hosted this show →
What does HPR mean to you ?