Default variables

APT packages

dhcpd__base_packages

List of base packages to install for DHCP server support.

dhcpd__base_packages: [ 'isc-dhcp-server' ]
dhcpd__packages

List of additional packages to install with this role.

dhcpd__packages: []

isc-dhcp-server defaults

dhcpd__options

Additional options to start the dhcpd processes with. See https://manpages.debian.org/dhcpd.8

dhcpd__options: ''
dhcpd__interfacesv4

List of network interfaces to serve DHCPv4 requests on.

dhcpd__interfacesv4: [ '{{ ansible_local.ifupdown.external_interface
                           if ansible_local.ifupdown.external_interface | d()
                           else ansible_default_ipv4.interface }}' ]
dhcpd__interfacesv6

List of network interfaces to serve DHCPv6 requests on.

dhcpd__interfacesv6: '{{ dhcpd__interfacesv4
                         if ansible_default_ipv6.address | d()
                         else [] }}'

DHCP server configuration

dhcpd__authoritative

Whether to serve authoritative responses.

dhcpd__authoritative: False
dhcpd__log_facility

Syslog facility to use. See https://manpages.debian.org/syslog.3#Values_for_facility

dhcpd__log_facility: 'daemon'
dhcpd__default_lease_time

The length in seconds that will be assigned to a lease if the client requesting the lease does not ask for a specific expiration time. This is used for both DHCPv4 and DHCPv6 leases (it is also known as the "valid lifetime" in DHCPv6).

dhcpd__default_lease_time: '{{ 60 * 60 * 12 }}'
dhcpd__max_lease_time

The maximum length in seconds that will be assigned to a lease.

dhcpd__max_lease_time: '{{ 60 * 60 * 24 }}'
dhcpd__preferred_lifetime

The preferred lifetime of assigned IPv6 addresses in seconds. An IPv6 address becomes deprecated when the preferred lifetime expires, causing the OS to no longer use it for new outbound connections.

dhcpd__preferred_lifetime: '{{ (dhcpd__default_lease_time | float * (5 / 8)) | int }}'
dhcpd__dhcpv6_set_tee_times

Set T1 (renew) and T2 (rebind) to the values recommended in RFC 3315. See https://tools.ietf.org/html/rfc3315#section-22.4

dhcpd__dhcpv6_set_tee_times: True
dhcpd__update_static_leases

Whether to perform DNS updates for clients with static assignments.

dhcpd__update_static_leases: False
dhcpd__domain_name

Domain name to advertise to DHCPv4 clients.

dhcpd__domain_name: '{{ ansible_domain }}'

List of search domains to advertise to DHCPv4 and DHCPv6 clients.

dhcpd__domain_search: '{{ ansible_dns.search | d([]) }}'
dhcpd__domain_servers

List of IP addresses to advertise as recursive DNS servers. IPv4 addresses will only be advertised to DHCPv4 clients, while IPv6 addresses will only be advertised to DHCPv6 clients.

dhcpd__name_servers: '{{ ansible_local.resolvconf.upstream_nameservers
                         if (ansible_local.resolvconf.upstream_nameservers | d())
                         else (ansible_dns.nameservers
                               if ("127.0.0.1" not in ansible_dns.nameservers)
                               else []) }}'
dhcpd__global_options_map

Additional options to add to the global configuration. This parameter accepts two dictionaries with keys 'DHCPv4' and 'DHCPv6', for each protocol respectively. The values can be strings or YAML text blocks.

dhcpd__global_options_map:
  'DHCPv4': ''
  'DHCPv6': ''

iPXE support

dhcpd__ipxe

Add iPXE-specific options to ISC DHCP server configuration.

dhcpd__ipxe: False
dhcpd__ipxe_dhcp_space

Add DHCP options iPXE namespace in dhcpd.conf required to support iPXE-specific DHCP options in the DHCP server configuration.

dhcpd__ipxe_dhcp_space: True
dhcpd__ipxe_tftp_server

IPv4 address of the TFTP server that contains the boot files.

dhcpd__ipxe_tftp_server: '{{ ansible_default_ipv4.address }}'
dhcpd__ipxe_chain_filename

Initial file sent to hosts which requested a PXE boot, used to chain-load the iPXE boot loader.

dhcpd__ipxe_chain_filename: 'undionly.kpxe'
dhcpd__ipxe_efi_chain_filename

Initial file sent to hosts using EFI which requested a PXE boot, used to chain-load the iPXE boot loader.

dhcpd__ipxe_efi_chain_filename: 'ipxe.efi'
dhcpd__ipxe_filename

File sent to hosts booted with iPXE, by default this loads the standard menu file.

dhcpd__ipxe_filename: 'menu.ipxe'
dhcpd__ipxe_options

Additional DHCP options in YAML text block format, added to the iPXE section of the configuration file.

dhcpd__ipxe_options: ''

DHCP server configuration scopes

dhcpd__classes

List of host classes with custom options for each class. See dhcpd__classes for details.

dhcpd__classes: []
dhcpd__failovers

List of DHCPv4 failover configuration blocks. See dhcpd__failovers for details.

dhcpd__failovers: []
dhcpd__groups

List of grouped configuration scopes. See dhcpd__groups for details.

dhcpd__groups: []
dhcpd__hosts

Global list of static hosts. See dhcpd__hosts for details.

dhcpd__hosts: []
dhcpd__keys

List of DNS update keys. See dhcpd__keys for details.

dhcpd__keys: []
dhcpd__shared_networks

List of shared networks to service with this DHCP server. See dhcpd__shared_networks for details.

dhcpd__shared_networks: []
dhcpd__subnets

List of subnets that are not part of a shared network, but are instead defined on a global level. See dhcpd__subnets for details.

dhcpd__subnets: '{{ dhcpd__default_subnets }}'
dhcpd__default_subnets

The default subnets as detected by this role. Dynamic lease assignment will not work until you configure subnets with valid address ranges.

dhcpd__default_subnets:

  - comment: 'Autodetected IPv4 subnet'
    subnet: '{{ ansible_default_ipv4.network
                + "/" + ansible_default_ipv4.netmask }}'
    routers: '{{ [ansible_default_ipv4.gateway]
                 if ansible_default_ipv4.gateway | d()
                 else [] }}'

  - comment: 'Autodetected IPv6 subnet'
    subnet: '{{ ansible_default_ipv6.address | d()
                + "/" + ansible_default_ipv6.prefix | d() }}'
    state: '{{ "present" if ansible_default_ipv6.address | d() else "absent" }}'
dhcpd__zones

List of DNS zones to update. See dhcpd__zones for details.

dhcpd__zones: []

Configuration for other roles

dhcpd__etc_services__dependent_list

Configuration for the debops.etc_services Ansible role.

dhcpd__etc_services__dependent_list:

  - name: 'dhcp-failover'
    port: '647'
    protocols: [ 'tcp', 'udp' ]
    comment: 'Added by debops.dhcpd Ansible role'
dhcpd__ferm__dependent_rules

Configuration for the debops.ferm Ansible role.

dhcpd__ferm__dependent_rules:

  # Firewall rules are not needed for DHCPv4 because it uses raw sockets (see
  # https://kb.isc.org/docs/aa-00378). DHCPv6 doesn't use raw sockets so both
  # server and client need open ports in their firewalls.
  - name: 'accept_dhcpv6_server'
    by_role: 'debops.dhcpd'
    type: 'accept'
    interface: '{{ dhcpd__interfacesv6 }}'
    protocol: 'udp'
    dport: [ 'dhcpv6-server' ]
    rule_state: '{{ "present" if dhcpd__interfacesv6 else "absent" }}'

  # The DHCPv4 failover port.
  - name: 'accept_dhcp_failover'
    by_role: 'debops.dhcpd'
    type: 'accept'
    saddr: '{{ (dhcpd__failovers | map(attribute="primary") | list
                + dhcpd__failovers | map(attribute="secondary") | list)
               if dhcpd__failovers
               else omit }}'
    protocol: 'tcp'
    dport: [ 'dhcp-failover' ]
    rule_state: '{{ "present" if dhcpd__failovers else "absent" }}'