Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2

3 Commits e63e66a2ec ... 89247b5720

Author SHA1 Message Date
  Maximilian Wilhelm 89247b5720 dhcp-server: Use input from dhcp_server NACL module 3 weeks ago
  Maximilian Wilhelm 79c2e08b00 icinga2: Only write secrets on icinga server 2 months ago
  Maximilian Wilhelm defff3a255 icinga2: Remove old ldap_replication check 2 months ago
5 changed files with 21 additions and 60 deletions
Split View Show Diff Stats
  1. 11 23
      dhcp-server/dhcpd.conf
  2. 8 10
      dhcp-server/dhcpd.default
  3. 0 14
      icinga2/commands.d/ldap.conf
  4. 2 0
      icinga2/init.sls
  5. 0 13
      icinga2/services/ldap.conf

+ 11 - 23
dhcp-server/dhcpd.conf
View File 

@@ -1,11 +1,7 @@
 
 #
 
 # Gateway DHCP server configuration (Salt managed)
 
 #
 
-{%- set sites = salt['pillar.get']('sites', {}) %}
 
-{%- set te = salt['pillar.get']('te', {}) %}
 
-{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id']) %}
 
-{%- set te_prefixes = salt['ffho_net.get_te_prefixes'](te, grains['id'], 'v4') %}
 
-
 
+{%- set dhcp_prefixes = salt['pillar.get']("nodes:" ~ grains["id"] ~ ":dhcp:server:prefixes", []) %}
 
 # The ddns-updates-style parameter controls whether or not the server will
 
 # attempt to do a DNS update when a lease is confirmed. We default to the
 
 # behavior of the version 2 packages ('none', since DHCP v2 didn't
 
@@ -19,27 +15,19 @@ max-lease-time 3600;
 
 # Use Anycast DNS server(s)
 
 option domain-name-servers 10.132.251.53;
 
 
-{% for site in node_config.get ('sites', [])|sort %}
 
-  {%- set site_config = sites.get (site) %}
 
-  {%- set site_prefix = site_config.get ('prefix_v4') %}
 
-  {%- set brige_ips = salt['ffho_net.get_node_iface_ips'] (node_config, 'br-' ~ site) %}
 
-# {{ site }} / {{ site_config.get ('name') }}
 
-subnet {{ site_prefix.split ('/')[0] }} netmask {{ salt['ffho_net.cidr_to_dotted_mask'](site_prefix) }} {
 
+{% for prefix in dhcp_prefixes %}
 
+# {{ prefix["description"] }}
 
+subnet {{ prefix["network"] }} netmask {{ prefix["netmask"] }} {
 
 	pool {
 
-		# monitor: 75% 90% Y {{ grains['nodename'] }}/{{ site }} DHCP pool
 
+		# monitor: 75% 90% Y {{ grains['nodename'] }}/{{ prefix["description"] }} DHCP pool
 
 
-		# Use our own IP as gateway for our clients
 
-		option routers {{ brige_ips['v4'][0] }};
 
+		option routers {{ prefix["routers"] }};
 
 
-		# Range(s) of IPs to lease to clients
 
-  {%- for prefix in te_prefixes|sort %}
 
-    {%- if salt['ffho_net.is_subprefix'] (site_prefix, prefix) %}
 
-      {%- set prefix_config = te_prefixes.get (prefix) %}
 
-      {%- if 'dhcp_range' in prefix_config %}
 
-		range {{ prefix_config.get ('dhcp_range') }};
 
-      {%- endif %}
 
-    {%- endif %}
 
-  {%- endfor %}
 
+  {%- if "ranges" in prefix %}
 
+    {%- for range in prefix["ranges"] %}
 
+		range {{ range }};
 
+    {%- endfor %}
 
+  {%- endif %}
 
 	}
 
 }

+ 8 - 10
dhcp-server/dhcpd.default
View File 

@@ -1,16 +1,13 @@
 
-# Defaults for isc-dhcp-server initscript
 
-# sourced by /etc/init.d/isc-dhcp-server
 
-# installed at /etc/default/isc-dhcp-server by the maintainer scripts
 
-
 
-#
 
-# This is a POSIX shell fragment
 
-#
 
+{%- set dhcp_interfaces = salt['pillar.get']("nodes:" ~ grains["id"] ~ ":dhcp:server:ifaces", []) %}
 
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) (Salt managed)
 
 
 # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
 
-#DHCPD_CONF=/etc/dhcp/dhcpd.conf
 
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
 
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
 
 
 # Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
 
-#DHCPD_PID=/var/run/dhcpd.pid
 
+#DHCPDv4_PID=/var/run/dhcpd.pid
 
+#DHCPDv6_PID=/var/run/dhcpd6.pid
 
 
 # Additional options to start dhcpd with.
 
 #	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
 
@@ -18,4 +15,5 @@
 
 
 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 
-INTERFACES=""
 
+INTERFACESv4="{{ dhcp_interfaces|join(" ") }}"
 
+INTERFACESv6=""

+ 0 - 14
icinga2/commands.d/ldap.conf
View File 

@@ -1,14 +0,0 @@
 
-#
 
-# Check LDAP replication
 
-object CheckCommand "ldap_replication" {
 
-	import "plugin-check-command"
 
-
 
-	command = [  "/usr/local/share/monitoring-plugins/check_ldap_replication" ]
 
-
 
-	arguments = {
 
-		"--master" = "$ldap_master$"
 
-		"--mirror" = "$ldap_mirror$"
 
-		"--bind-dn" = "$ldap_bind_dn$"
 
-		"--sync-base" = "$ldap_sync_base$"
 
-	}
 
-}

+ 2 - 0
icinga2/init.sls
View File 

@@ -83,6 +83,7 @@ ffho-plugins:
 
     - watch_in:
 
       - service: icinga2
 
 
+{% if grains['id'] in ["icinga2.in.ffho.net"] %}
 
 /etc/icinga2/secrets.conf:
 
   file.managed:
 
     - source: salt://icinga2/secrets.conf.tmpl
 
@@ -92,6 +93,7 @@ ffho-plugins:
 
       - pkg: icinga2
 
     - watch_in:
 
       - service: icinga2
 
+{% endif %}
 
 
 # Connect "master" and client zones
 
 /etc/icinga2/zones.conf:

+ 0 - 13
icinga2/services/ldap.conf
View File 

@@ -16,19 +16,6 @@ apply Service "ldaps" {
 
 	assign where host.vars.ldap_fqdn && "ldap-replica" in host.vars.roles
 
 }
 
 
-apply Service "ldap_replication" {
 
-        import "generic-service"
 
-
 
-	check_command = "ldap_replication"
 
-
 
-	vars.ldap_master = "ldaps://ldap-master.srv.in.ffho.net"
 
-	vars.ldap_mirror = "ldaps://" + host.vars.ldap_fqdn
 
-	vars.ldap_sync_base = "ou=sync-check,dc=ffho,dc=net"
 
-	vars.ldap_bind_dn = "uid=sync-check,ou=accounts,dc=ffho,dc=net"
 
-
 
-	assign where host.vars.ldap_fqdn && "ldap-replica" in host.vars.roles
 
-}
 
-
 
 apply Service "ldap_syncrepl_extended" {
 
         import "generic-service"