Force restart IPSEC after config tasks
The restart handler was getting run in between the configuration loop per network. This is not desirable, as we needed it to run after all that was done. This resulted in some tunnels not being loaded which caused errors. Thus the need to manually trigger a restart. Change-Id: Id464d2b57ddb74471bf4693acaa4eed5fc003c9d
This commit is contained in:
Juan Antonio Osorio Robles
parent
743f4ce023
commit
8e68651557
|
|
@ -54,7 +54,6 @@
|
|||
replace: '\1\2'
|
||||
backup: yes
|
||||
notify:
|
||||
- Restart ipsec
|
||||
- Listen for IPSEC connections
|
||||
|
||||
- name: Write ipsec tunnel policy for the {{ network }} network
|
||||
|
|
@ -66,7 +65,6 @@
|
|||
- other_ips != []
|
||||
- type == 'opportunistic'
|
||||
notify:
|
||||
- Restart ipsec
|
||||
- Listen for IPSEC connections
|
||||
|
||||
- name: Write ipsec tunnel secrets for the {{ network }} network
|
||||
|
|
@ -78,7 +76,6 @@
|
|||
- other_ips != []
|
||||
- type != 'opportunistic'
|
||||
notify:
|
||||
- Restart ipsec
|
||||
- Listen for IPSEC connections
|
||||
|
||||
- name: Write ipsec tunnel configuration for the {{ network }} network
|
||||
|
|
@ -87,8 +84,6 @@
|
|||
dest: /etc/ipsec.d/overcloud-{{ network }}-{{ type }}-{{ policy }}-tunnels.conf
|
||||
mode: '0640'
|
||||
when: other_ips != []
|
||||
notify:
|
||||
- Restart ipsec
|
||||
|
||||
- name: Write VIP ipsec secrets file for the {{ network }} network
|
||||
template:
|
||||
|
|
@ -97,7 +92,6 @@
|
|||
mode: '0600'
|
||||
when: current_vip.ip != '' and type != 'opportunistic'
|
||||
notify:
|
||||
- Restart ipsec
|
||||
- Listen for IPSEC connections
|
||||
|
||||
- name: Write VIP ipsec tunnel configuration for the {{ network }} network
|
||||
|
|
@ -107,7 +101,6 @@
|
|||
mode: '0640'
|
||||
when: current_vip.ip != '' and type != 'opportunistic'
|
||||
notify:
|
||||
- Restart ipsec
|
||||
- Listen for IPSEC connections
|
||||
|
||||
- include_tasks: resource-agent.yml
|
||||
|
|
|
|||
|
|
@ -25,8 +25,6 @@
|
|||
insertafter: '^config setup'
|
||||
line: "\tuniqueids=no"
|
||||
when: not use_opportunistic_ipsec|bool
|
||||
notify:
|
||||
- Restart ipsec
|
||||
|
||||
- name: Get pacemaker status
|
||||
systemd:
|
||||
|
|
@ -63,6 +61,11 @@
|
|||
type: "{{ ipsec_type }}"
|
||||
when: use_opportunistic_ipsec|bool
|
||||
|
||||
# We force the restart of IPSEC here since adding it as a handler was
|
||||
# getting run between the loop above, which is not desirable.
|
||||
- name: Force restart IPSEC
|
||||
shell: ipsec restart
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- include_tasks: init-connections.yml
|
||||
|
|
|
|||
Loading…
Reference in New Issue