Default variables¶
Sections
APT packages¶
-
dhcpd__base_packages
¶
List of base packages to install for DHCP server support.
dhcpd__base_packages: [ 'isc-dhcp-server' ]
-
dhcpd__packages
¶
List of additional packages to install with this role.
dhcpd__packages: []
isc-dhcp-server defaults¶
-
dhcpd__options
¶
Additional options to start the dhcpd processes with. See https://manpages.debian.org/dhcpd.8
dhcpd__options: ''
-
dhcpd__interfacesv4
¶
List of network interfaces to serve DHCPv4 requests on.
dhcpd__interfacesv4: [ '{{ ansible_local.ifupdown.external_interface
if ansible_local.ifupdown.external_interface|d()
else ansible_default_ipv4.interface }}' ]
-
dhcpd__interfacesv6
¶
List of network interfaces to serve DHCPv6 requests on.
dhcpd__interfacesv6: '{{ dhcpd__interfacesv4
if ansible_default_ipv6.address|d()
else [] }}'
DHCP server configuration¶
Whether to serve authoritative responses.
dhcpd__authoritative: False
-
dhcpd__log_facility
¶
Syslog facility to use. See https://manpages.debian.org/syslog.3#Values_for_facility
dhcpd__log_facility: 'daemon'
-
dhcpd__default_lease_time
¶
The length in seconds that will be assigned to a lease if the client requesting the lease does not ask for a specific expiration time. This is used for both DHCPv4 and DHCPv6 leases (it is also known as the "valid lifetime" in DHCPv6).
dhcpd__default_lease_time: '{{ 60 * 60 * 12 }}'
-
dhcpd__max_lease_time
¶
The maximum length in seconds that will be assigned to a lease.
dhcpd__max_lease_time: '{{ 60 * 60 * 24 }}'
-
dhcpd__preferred_lifetime
¶
The preferred lifetime of assigned IPv6 addresses in seconds. An IPv6 address becomes deprecated when the preferred lifetime expires, causing the OS to no longer use it for new outbound connections.
dhcpd__preferred_lifetime: '{{ (dhcpd__default_lease_time|float * (5/8))|int }}'
-
dhcpd__dhcpv6_set_tee_times
¶
Set T1 (renew) and T2 (rebind) to the values recommended in RFC 3315. See https://tools.ietf.org/html/rfc3315#section-22.4
dhcpd__dhcpv6_set_tee_times: True
-
dhcpd__update_static_leases
¶
Whether to perform DNS updates for clients with static assignments.
dhcpd__update_static_leases: False
-
dhcpd__domain_name
¶
Domain name to advertise to DHCPv4 clients.
dhcpd__domain_name: '{{ ansible_domain }}'
-
dhcpd__domain_search
¶
List of search domains to advertise to DHCPv4 and DHCPv6 clients.
dhcpd__domain_search: '{{ ansible_dns.search|d([]) }}'
-
dhcpd__domain_servers
¶
List of IP addresses to advertise as recursive DNS servers. IPv4 addresses will only be advertised to DHCPv4 clients, while IPv6 addresses will only be advertised to DHCPv6 clients.
dhcpd__name_servers: '{{ ansible_local.resolvconf.upstream_nameservers
if (ansible_local.resolvconf.upstream_nameservers|d())
else (ansible_dns.nameservers
if ("127.0.0.1" not in ansible_dns.nameservers)
else []) }}'
-
dhcpd__global_options_map
¶
Additional options to add to the global configuration. This parameter accepts two dictionaries with keys 'DHCPv4' and 'DHCPv6', for each protocol respectively. The values can be strings or YAML text blocks.
dhcpd__global_options_map:
'DHCPv4': ''
'DHCPv6': ''
iPXE support¶
-
dhcpd__ipxe
¶
Add iPXE-specific options to ISC DHCP server configuration.
dhcpd__ipxe: False
-
dhcpd__ipxe_dhcp_space
¶
Add DHCP options iPXE namespace in dhcpd.conf
required to support
iPXE-specific DHCP options in the DHCP server configuration.
dhcpd__ipxe_dhcp_space: True
-
dhcpd__ipxe_tftp_server
¶
IPv4 address of the TFTP server that contains the boot files.
dhcpd__ipxe_tftp_server: '{{ ansible_default_ipv4.address }}'
-
dhcpd__ipxe_chain_filename
¶
Initial file sent to hosts which requested a PXE boot, used to chain-load the iPXE boot loader.
dhcpd__ipxe_chain_filename: 'undionly.kpxe'
-
dhcpd__ipxe_efi_chain_filename
¶
Initial file sent to hosts using EFI which requested a PXE boot, used to chain-load the iPXE boot loader.
dhcpd__ipxe_efi_chain_filename: 'ipxe.efi'
-
dhcpd__ipxe_filename
¶
File sent to hosts booted with iPXE, by default this loads the standard menu file.
dhcpd__ipxe_filename: 'menu.ipxe'
-
dhcpd__ipxe_options
¶
Additional DHCP options in YAML text block format, added to the iPXE section of the configuration file.
dhcpd__ipxe_options: ''
DHCP server configuration scopes¶
-
dhcpd__classes
¶
List of host classes with custom options for each class. See dhcpd__classes for details.
dhcpd__classes: []
-
dhcpd__failovers
¶
List of DHCPv4 failover configuration blocks. See dhcpd__failovers for details.
dhcpd__failovers: []
-
dhcpd__groups
¶
List of grouped configuration scopes. See dhcpd__groups for details.
dhcpd__groups: []
-
dhcpd__hosts
¶
Global list of static hosts. See dhcpd__hosts for details.
dhcpd__hosts: []
-
dhcpd__keys
¶
List of DNS update keys. See dhcpd__keys for details.
dhcpd__keys: []
List of shared networks to service with this DHCP server. See dhcpd__shared_networks for details.
dhcpd__shared_networks: []
-
dhcpd__subnets
¶
List of subnets that are not part of a shared network, but are instead defined on a global level. See dhcpd__subnets for details.
dhcpd__subnets: '{{ dhcpd__default_subnets }}'
-
dhcpd__default_subnets
¶
The default subnets as detected by this role. Dynamic lease assignment will not work until you configure subnets with valid address ranges.
dhcpd__default_subnets:
- comment: 'Autodetected IPv4 subnet'
subnet: '{{ ansible_default_ipv4.network
+ "/" + ansible_default_ipv4.netmask }}'
routers: '{{ [ ansible_default_ipv4.gateway ]
if ansible_default_ipv4.gateway|d()
else [] }}'
- comment: 'Autodetected IPv6 subnet'
subnet: '{{ ansible_default_ipv6.address|d()
+ "/" + ansible_default_ipv6.prefix|d() }}'
state: '{{ "present" if ansible_default_ipv6.address|d() else "absent" }}'
-
dhcpd__zones
¶
List of DNS zones to update. See dhcpd__zones for details.
dhcpd__zones: []
Configuration for other roles¶
-
dhcpd__etc_services__dependent_list
¶
Configuration for the debops.etc_services Ansible role.
dhcpd__etc_services__dependent_list:
- name: 'dhcp-failover'
port: '647'
protocols: [ 'tcp', 'udp' ]
comment: 'Added by debops.dhcpd Ansible role'
-
dhcpd__ferm__dependent_rules
¶
Configuration for the debops.ferm Ansible role.
dhcpd__ferm__dependent_rules:
# Firewall rules are not needed for DHCPv4 because it uses raw sockets (see
# https://kb.isc.org/docs/aa-00378). DHCPv6 doesn't use raw sockets so both
# server and client need open ports in their firewalls.
- name: 'accept_dhcpv6_server'
by_role: 'debops.dhcpd'
type: 'accept'
interface: '{{ dhcpd__interfacesv6 }}'
protocol: 'udp'
dport: [ 'dhcpv6-server' ]
rule_state: '{{ "present" if dhcpd__interfacesv6 else "absent" }}'
# The DHCPv4 failover port.
- name: 'accept_dhcp_failover'
by_role: 'debops.dhcpd'
type: 'accept'
saddr: '{{ (dhcpd__failovers|map(attribute="primary")|list
+ dhcpd__failovers|map(attribute="secondary")|list)
if dhcpd__failovers
else omit }}'
protocol: 'tcp'
dport: [ 'dhcp-failover' ]
rule_state: '{{ "present" if dhcpd__failovers else "absent" }}'