Merge "Split IPSEC deployment in two"

2018-01-18 19:11:46 +00:00 · 2018-01-18 19:11:46 +00:00 · 313d42c4c7
parent 51ca28783d 1363eda063
commit 313d42c4c7
1 changed files with 11 additions and 1 deletions
--- a/extraconfig/services/ipsec.yaml
+++ b/extraconfig/services/ipsec.yaml
@ -85,13 +85,20 @@ outputs:
          - name: generate ipsec global vars
            set_fact:
              ipsec_psk: "{{ generated_psk.stdout }}"
-              ipsec_skip_firewall_rules: true
            delegate_to: "{{item}}"
            delegate_facts: true
            no_log: true
            with_items:
            - "{{ groups.ipsec }}"
      deploy_steps_tasks:
+        - name: IPSEC configuration on step 1
+          when: step == '1'
+          block:
+          - include_role:
+              name: tripleo-ipsec
+            vars:
+              ipsec_configure_vips: false
+              ipsec_skip_firewall_rules: false
        # In step 2 the pacemaker resources are created and the VIPs
        # are assigned to the nodes. We need those VIPs to be assigned
        # already before setting up the IPSEC tunnels. Hence we do this
@ -101,3 +108,6 @@ outputs:
          block:
          - include_role:
              name: tripleo-ipsec
+            vars:
+              ipsec_configure_vips: true
+              ipsec_skip_firewall_rules: true