Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at


hpr3187 :: Ansible for Dynamic Host Configuration Protocol

How I use ansible to configure my OpenBSD router

<< First, < Previous, , Latest >>

Hosted by norrist on 2020-10-20 is flagged as Clean and is released under a CC-BY-SA license.
ansible, dhcp, dns, openbsd. 2.
The show is available on the Internet Archive at: https://archive.org/details/hpr3187

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:08:38

general.

Ansible DHCPD and DNS

Using Ansible to configure DHCPD and NDS on OpenBSD

  • Host data is stored in csv files
  • Ansible templates to create config files
  • Restart services

hostname-setup.yml

---
- hosts: localhost
  tasks:
  - name: read subnet 10
    read_csv:
      path: 10.csv
      fieldnames: mac,ip,hostname
    register: subnet_10
  - name: read subnet 11
    read_csv:
      path: 11.csv
      fieldnames: mac,ip,hostname
    register: subnet_11
  - name: read static
    read_csv:
      path: static.csv
      fieldnames: hostname,ip
    register: static_ip

  - name: write dhcp file
    template:
      src: dhcpd.conf.j2
      dest: /etc/dhcpd.conf
      validate: dhcpd -nc %s
  - name: write local.lan zone file
    template:
      src: local.lan.zone.j2
      dest: /var/nsd/zones/master/local.lan
      owner: root
      group: _nsd
      validate: nsd-checkzone local.lan %s
  - name: nsd_conf
    copy:
      src: nsd.conf
      dest: /var/nsd/etc/nsd.conf
      owner: root
      group: _nsd
      validate: nsd-checkconf %s
  - name: restart nsd
    service:
      name: nsd
      state: restarted
  - name: restart dhcpd
    service:
      name: dhcpd
      state: restarted
  - name: restart unbound
    service:
      name: unbound
      state: restarted

10.csv

b8:27:eb:8b:7a:6d,192.168.10.100,pi3a
b8:27:eb:ef:f2:d4,192.168.10.101,pi3b
28:10:7b:25:d5:60,192.168.10.79,ipcam3
28:10:7b:0c:fa:7b,192.168.10.80,ipcam1
f0:7d:68:0b:ca:56,192.168.10.81,ipcam2

static.csv

tplink,192.168.10.2
gate,192.168.10.10
www,192.168.10.10
fox,192.168.10.17

dhcpd.conf.j2

option  domain-name "local.lan";
option  domain-name-servers 192.168.10.10;

subnet 192.168.10.0 netmask 255.255.255.0 {
        option routers 192.168.10.10;
        range 192.168.10.161 192.168.10.179;
        {% for host in subnet_10.list %}
        host static-client { hardware ethernet {{ host.mac }};fixed-address {{ host.ip }};} #{{ host.hostname }}
        {% endfor %}
}

subnet 192.168.11.0 netmask 255.255.255.0 {
    option routers 192.168.11.10;
    range 192.168.11.72 192.168.11.127;
{% for host in subnet_11.list %}
host static-client { hardware ethernet {{ host.mac }};fixed-address {{ host.ip }};} #{{ host.hostname }}
{% endfor %}
}

Rendered DHCP entires

host static-client { hardware ethernet b8:27:eb:de:2f:38;fixed-address 192.168.10.45;} #pi3a
host static-client { hardware ethernet 28:10:7b:25:d5:60;fixed-address 192.168.10.79;} #ipcam3
host static-client { hardware ethernet 28:10:7b:0c:fa:7b;fixed-address 192.168.10.80;} #ipcam1

local.lan.zone.j2

$TTL 3600
local.lan. IN     SOA    a.root-servers.net. root. (
                2016092901  ; Serial
                3H          ; refresh after 3 hours
                1H          ; retry after 1 hour
                1W          ; expire after 1 week
                1D)         ; minimum TTL of 1 day

IN  NS  gate.

IN  MX  50 gate.local.lan.

local.lan.      IN A    192.168.10.10

{% for host in static_ip.list%}
{{ host.hostname }} IN A {{ host.ip }}
{% endfor %}

{% for host in subnet_10.list%}
{{ host.hostname }} IN A {{ host.ip }}
{% endfor %}

{% for host in subnet_11.list%}
{{ host.hostname }} IN A {{ host.ip }}
{% endfor %}

Rendered A records

pi3b IN A 192.168.10.101
pi3a IN A 192.168.10.45
ipcam3 IN A 192.168.10.79
ipcam1 IN A 192.168.10.80

Run the playbook

ansible-playbook hostname-setup.yml

Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2020-10-26 21:51:15 by Cedric De Vroey

Also getting into Ansible

Hi Norrist, I have just recently started using Ansible. I'm currently playing with my new toy, a Turing Pi board equiped with 7 Raspberry Pi Compute modules, basically it's like a single board cluster so to speak :-) Anyways, I found Ansible extremely helpfull in setting these up. First I made sure all Pi's had a fresh install of Ubuntu server with Ssh enabled and an account that authorized my public key. Then I just created a simple inventory file with the IPs of each node and I was good to go. Then I could just do: ansible -c cluster -a "sudo apt update && sudo apt install -y kubernetes"

Comment #2 posted on 2021-02-10 21:52:20 by Windigo

Interesting approach

I'm currently battling with split-horizon DNS and DHCP on my local LAN, using a PiHole and the underlying dnsmasq server.

I'm very happy to have this episode as a "Plan B"; it's a very clever way to roll your own network services without having to worry about manual configs and fragile setups.

Thanks for the great episode!

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
What is the HOST_ID for the host of this show?
What does HPR mean to you?