From e34584f447a0cac533b45737bdac18acb24ea830 Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Fri, 10 May 2024 16:27:17 -0500 Subject: [PATCH] feat: add multiple options and ranges to dnsmasq Added the ability to manage multiple ranges and options in dnsmasq by defining multiple environment variables. Set the dhcp-authoritative flag by default. --- components/ironic/dnsmasq-cm.yaml | 6 ++-- containers/dnsmasq/dnsmasq.conf.j2 | 52 ++++++++++++++++++++++++++---- docs/networking.md | 11 ++++++- 3 files changed, 60 insertions(+), 9 deletions(-) diff --git a/components/ironic/dnsmasq-cm.yaml b/components/ironic/dnsmasq-cm.yaml index e0875d13b..2831687ae 100644 --- a/components/ironic/dnsmasq-cm.yaml +++ b/components/ironic/dnsmasq-cm.yaml @@ -3,10 +3,12 @@ kind: ConfigMap metadata: name: ironic-dnsmasq data: + # common separated list of DHCP tagged configs + DHCP_TAGS: tag1 # When defining the IP address range, make sure to include subnet # information, especially for the pools serving relayed requests - DHCP_RANGE: 192.168.200.4,192.168.200.12,255.255.255.0,192.168.200.255,30m - DHCP_RANGE_ROUTER: 192.168.200.1 + DHCP_RANGE_TAG1: 192.168.200.4,192.168.200.12,255.255.255.0,192.168.200.255,30m + DHCP_OPTION_TAG1_ROUTER: 192.168.200.1 # external IP address of Ingress. Used to populate DNS A records for the # Understack components INGRESS_IP: 192.168.1.177 diff --git a/containers/dnsmasq/dnsmasq.conf.j2 b/containers/dnsmasq/dnsmasq.conf.j2 index c2aee287f..21394403f 100644 --- a/containers/dnsmasq/dnsmasq.conf.j2 +++ b/containers/dnsmasq/dnsmasq.conf.j2 @@ -27,12 +27,51 @@ log-queries=extra # don't advertise /etc/hosts entries no-hosts -# DHCP range to hand out -{% if env.DHCP_RANGE is defined %} -dhcp-range={{ env.DHCP_RANGE }} -shared-network=eth0,{{ env.DHCP_RANGE_ROUTER }} -dhcp-option=option:router,{{ env.DHCP_RANGE_ROUTER }} -{% endif %} +# common DHCP config +# the environment variables will be named like: +# DHCP_RELAY_MAC_$NAME +# DHCP_RANGE_$NAME +# DHCP_OPTION_$NAME_$OPTION +{% macro dhcp_config(name) -%} +{% set dhcp_circuitid = "DHCP_SETTAG_" ~ name|upper ~ "_CIRCUITID" -%} +{% set dhcp_range = "DHCP_RANGE_" ~ name|upper -%} +{% set dhcp_proxy = "DHCP_PROXY_" ~ name|upper -%} +{% set dhcp_option = "DHCP_OPTION_" ~ name|upper ~ "_" -%} +{% if env[dhcp_circuitid] is defined %} +# tag the traffic with the PXE relay MAC +{% set tag = name|lower ~ "," -%} +dhcp-circuitid=set:{{ tag }}{{ env[dhcp_circuitid] }} +{% else -%} +# no tag by the PXE relay MAC +{% set tag = "" -%} +{%- endif %} +dhcp-range={{ tag }}{{ env[dhcp_range] }} +shared-network=eth0,{{ env[dhcp_range].split(',')[0] }} +{% if env[dhcp_proxy] is defined -%} +shared-network=eth0,{{ env[dhcp_proxy }} +{{ dhcp_proxy_list.append(env[dhcp_proxy]) }} +{%- endif %} +{% for key, value in env.items() if key.startswith(dhcp_option) -%} +{% set option = key|replace(dhcp_option, '') -%} +{% if option|int(-1) != -1 -%} +{% set option_prefix = '' -%} +{% else -%} +{% set option_prefix = 'option:' -%} +{% endif -%} +dhcp-option={{ tag }}{{ option_prefix }}{{ option|replace('_', '-')|lower }},{{ value }} +{%- endfor %} +{%- endmacro %} + +dhcp-authoritative +# DHCP ranges to hand out +{% set dhcp_proxy_list = [] -%} +{{ dhcp_proxy_list.append(env.POD_IP) }} +{% set dhcp_tags_str = env.DHCP_TAGS|default('default') -%} +{% set dhcp_tags = dhcp_tags_str.split(',') -%} +{% for name in dhcp_tags %} +{{ dhcp_config(name) }} +{% endfor %} +dhcp-proxy={{ dhcp_proxy_list|join(',') }} # don't set to enable logging {% if env.LOG_DHCP_QUERIES | default(False, True) %} @@ -68,3 +107,4 @@ address=/{{ component }}.{{ env.DNS_ZONE }}/{{ env.INGRESS_IP }} {% endfor %} dhcp-option=option:dns-server,{{ env.get('DNS_IP', env['INGRESS_IP']) }} +# end of template diff --git a/docs/networking.md b/docs/networking.md index cb3b1eb1c..fc0658feb 100644 --- a/docs/networking.md +++ b/docs/networking.md @@ -45,4 +45,13 @@ spec: You will want to review and edit the dnsmasq DHCP configuration for your environment: -The important settings to review are `DHCP_RANGE`, `DHCP_RANGE_ROUTER`, and `INGRESS_IP`. +The dnsmasq setup can listen for multiple ranges by configuring a list in +the `DHCP_TAGS` value. So if you have `DHCP_TAGS: tag1,tag2` it would +expect the following variables: + +* `DHCP_RANGE_TAG1` and `DHCP_RANGE_TAG2` to define the DHCP range to serve up +* optionally `DHCP_OPTION_TAG1_ROUTER` to define a default router for the tag1 range +* optionally `DHCP_PROXY_TAG1` to define the DHCP relay agent's gateway IP + +To identify the ranges you must set `DHCP_SETTAG_TAG1_CIRCUITID` and `DHCP_SETTAG_TAG2_CIRCUITID` +to the values provided. If you only use 1 tag, you do not need to set these.