Timotej Lazar
8e3772e475
To avoid dnsmasq writing out the whole leasefile on each request before replying. This gets slow on high‐latency storage. Also tweak DNS updates a bit.
43 lines
918 B
YAML
43 lines
918 B
YAML
- name: Install packages
|
|
package:
|
|
name:
|
|
- dnsmasq
|
|
- bind-tools # for DNS updates
|
|
- krb5 # for DNS updates
|
|
- py3-pexpect # for creating kerberos keytab
|
|
- sqlite # for lease DB
|
|
|
|
- name: Configure kerberos
|
|
template:
|
|
dest: /etc/krb5.conf
|
|
src: krb5.conf.j2
|
|
|
|
- name: Init kerberos keytab
|
|
expect:
|
|
command: ktutil
|
|
responses:
|
|
'.*:':
|
|
- 'add_entry -password -p {{ password.ldap_user }} -k 1 -e aes256-cts-hmac-sha1-96'
|
|
- '{{ password.ldap_pass }}'
|
|
- 'write_kt /etc/krb5.keytab'
|
|
- 'exit'
|
|
args:
|
|
creates: /etc/krb5.keytab
|
|
|
|
- name: Copy DHCP lease script
|
|
template:
|
|
dest: "/usr/local/bin/dnsmasq-script"
|
|
src: "dnsmasq-script.j2"
|
|
mode: 0755
|
|
|
|
- name: Configure dnsmasq
|
|
template:
|
|
dest: '/etc/dnsmasq.d/{{ item }}'
|
|
src: '{{ item }}.j2'
|
|
loop:
|
|
- 00-options.conf
|
|
- 10-ranges.conf
|
|
notify: restart dnsmasq
|
|
|
|
# TODO netboot config
|