Default variables
Sections
APT packages
- dhcpd__base_packages
List of base packages to install for DHCP server support.
dhcpd__base_packages: [ 'isc-dhcp-server' ]
- dhcpd__packages
List of additional packages to install with this role.
dhcpd__packages: []
isc-dhcp-server defaults
- dhcpd__options
Additional options to start the dhcpd processes with. See https://manpages.debian.org/dhcpd.8
dhcpd__options: ''
- dhcpd__interfacesv4
List of network interfaces to serve DHCPv4 requests on.
dhcpd__interfacesv4: [ '{{ ansible_local.ifupdown.external_interface
if ansible_local.ifupdown.external_interface | d()
else ansible_default_ipv4.interface }}' ]
- dhcpd__interfacesv6
List of network interfaces to serve DHCPv6 requests on.
dhcpd__interfacesv6: '{{ dhcpd__interfacesv4
if ansible_default_ipv6.address | d()
else [] }}'
DHCP server configuration
- dhcpd__authoritative
Whether to serve authoritative responses.
dhcpd__authoritative: False
- dhcpd__log_facility
Syslog facility to use. See https://manpages.debian.org/syslog.3#Values_for_facility
dhcpd__log_facility: 'daemon'
- dhcpd__default_lease_time
The length in seconds that will be assigned to a lease if the client requesting the lease does not ask for a specific expiration time. This is used for both DHCPv4 and DHCPv6 leases (it is also known as the "valid lifetime" in DHCPv6).
dhcpd__default_lease_time: '{{ 60 * 60 * 12 }}'
- dhcpd__max_lease_time
The maximum length in seconds that will be assigned to a lease.
dhcpd__max_lease_time: '{{ 60 * 60 * 24 }}'
- dhcpd__preferred_lifetime
The preferred lifetime of assigned IPv6 addresses in seconds. An IPv6 address becomes deprecated when the preferred lifetime expires, causing the OS to no longer use it for new outbound connections.
dhcpd__preferred_lifetime: '{{ (dhcpd__default_lease_time | float * (5 / 8)) | int }}'
- dhcpd__dhcpv6_set_tee_times
Set T1 (renew) and T2 (rebind) to the values recommended in RFC 3315. See https://tools.ietf.org/html/rfc3315#section-22.4
dhcpd__dhcpv6_set_tee_times: True
- dhcpd__update_static_leases
Whether to perform DNS updates for clients with static assignments.
dhcpd__update_static_leases: False
- dhcpd__domain_name
Domain name to advertise to DHCPv4 clients.
dhcpd__domain_name: '{{ ansible_domain }}'
- dhcpd__domain_search
List of search domains to advertise to DHCPv4 and DHCPv6 clients.
dhcpd__domain_search: '{{ ansible_dns.search | d([]) }}'
- dhcpd__domain_servers
List of IP addresses to advertise as recursive DNS servers. IPv4 addresses will only be advertised to DHCPv4 clients, while IPv6 addresses will only be advertised to DHCPv6 clients.
dhcpd__name_servers: '{{ ansible_local.resolvconf.upstream_nameservers
if (ansible_local.resolvconf.upstream_nameservers | d())
else (ansible_dns.nameservers
if ("127.0.0.1" not in ansible_dns.nameservers)
else []) }}'
- dhcpd__global_options_map
Additional options to add to the global configuration. This parameter accepts two dictionaries with keys 'DHCPv4' and 'DHCPv6', for each protocol respectively. The values can be strings or YAML text blocks.
dhcpd__global_options_map:
'DHCPv4': ''
'DHCPv6': ''
iPXE support
- dhcpd__ipxe
Add iPXE-specific options to ISC DHCP server configuration.
dhcpd__ipxe: False
- dhcpd__ipxe_dhcp_space
Add DHCP options iPXE namespace in dhcpd.conf
required to support
iPXE-specific DHCP options in the DHCP server configuration.
dhcpd__ipxe_dhcp_space: True
- dhcpd__ipxe_tftp_server
IPv4 address of the TFTP server that contains the boot files.
dhcpd__ipxe_tftp_server: '{{ ansible_default_ipv4.address }}'
- dhcpd__ipxe_chain_filename
Initial file sent to hosts which requested a PXE boot, used to chain-load the iPXE boot loader.
dhcpd__ipxe_chain_filename: 'undionly.kpxe'
- dhcpd__ipxe_efi_chain_filename
Initial file sent to hosts using EFI which requested a PXE boot, used to chain-load the iPXE boot loader.
dhcpd__ipxe_efi_chain_filename: 'ipxe.efi'
- dhcpd__ipxe_filename
File sent to hosts booted with iPXE, by default this loads the standard menu file.
dhcpd__ipxe_filename: 'menu.ipxe'
- dhcpd__ipxe_options
Additional DHCP options in YAML text block format, added to the iPXE section of the configuration file.
dhcpd__ipxe_options: ''
DHCP server configuration scopes
- dhcpd__classes
List of host classes with custom options for each class. See dhcpd__classes for details.
dhcpd__classes: []
- dhcpd__failovers
List of DHCPv4 failover configuration blocks. See dhcpd__failovers for details.
dhcpd__failovers: []
- dhcpd__groups
List of grouped configuration scopes. See dhcpd__groups for details.
dhcpd__groups: []
- dhcpd__hosts
Global list of static hosts. See dhcpd__hosts for details.
dhcpd__hosts: []
- dhcpd__keys
List of DNS update keys. See dhcpd__keys for details.
dhcpd__keys: []
List of shared networks to service with this DHCP server. See dhcpd__shared_networks for details.
dhcpd__shared_networks: []
- dhcpd__subnets
List of subnets that are not part of a shared network, but are instead defined on a global level. See dhcpd__subnets for details.
dhcpd__subnets: '{{ dhcpd__default_subnets }}'
- dhcpd__default_subnets
The default subnets as detected by this role. Dynamic lease assignment will not work until you configure subnets with valid address ranges.
dhcpd__default_subnets:
- comment: 'Autodetected IPv4 subnet'
subnet: '{{ ansible_default_ipv4.network
+ "/" + ansible_default_ipv4.netmask }}'
routers: '{{ [ansible_default_ipv4.gateway]
if ansible_default_ipv4.gateway | d()
else [] }}'
- comment: 'Autodetected IPv6 subnet'
subnet: '{{ ansible_default_ipv6.address | d()
+ "/" + ansible_default_ipv6.prefix | d() }}'
state: '{{ "present" if ansible_default_ipv6.address | d() else "absent" }}'
- dhcpd__zones
List of DNS zones to update. See dhcpd__zones for details.
dhcpd__zones: []
Configuration for other roles
- dhcpd__etc_services__dependent_list
Configuration for the debops.etc_services Ansible role.
dhcpd__etc_services__dependent_list:
- name: 'dhcp-failover'
port: '647'
protocols: [ 'tcp', 'udp' ]
comment: 'Added by debops.dhcpd Ansible role'
- dhcpd__ferm__dependent_rules
Configuration for the debops.ferm Ansible role.
dhcpd__ferm__dependent_rules:
# Firewall rules are not needed for DHCPv4 because it uses raw sockets (see
# https://kb.isc.org/docs/aa-00378). DHCPv6 doesn't use raw sockets so both
# server and client need open ports in their firewalls.
- name: 'accept_dhcpv6_server'
by_role: 'debops.dhcpd'
type: 'accept'
interface: '{{ dhcpd__interfacesv6 }}'
protocol: 'udp'
dport: [ 'dhcpv6-server' ]
rule_state: '{{ "present" if dhcpd__interfacesv6 else "absent" }}'
# The DHCPv4 failover port.
- name: 'accept_dhcp_failover'
by_role: 'debops.dhcpd'
type: 'accept'
saddr: '{{ (dhcpd__failovers | map(attribute="primary") | list
+ dhcpd__failovers | map(attribute="secondary") | list)
if dhcpd__failovers
else omit }}'
protocol: 'tcp'
dport: [ 'dhcp-failover' ]
rule_state: '{{ "present" if dhcpd__failovers else "absent" }}'