52 lines
1.6 KiB
YAML
52 lines
1.6 KiB
YAML
---
|
|
- name: Set network based facts for this node and network
|
|
set_fact:
|
|
network: "{{ item.name }}"
|
|
current_ip: "{{ item.current_ip }}"
|
|
controllers: "{{ item.controllers }}"
|
|
vips: "{{ item.vips }}"
|
|
|
|
- name: Add legacy {{network }} tunnel configuration if not in skip list
|
|
when: network not in ipsec_skip_networks
|
|
block:
|
|
- name: Write node-to-node ipsec secrets file for the {{ network }} network
|
|
template:
|
|
src: legacy-ipsec-node-to-node-tunnels.secrets.j2
|
|
dest: /etc/ipsec.d/overcloud-{{ network }}-node-to-node-tunnels.secrets
|
|
mode: '0600'
|
|
when: controllers != []
|
|
notify:
|
|
- Restart ipsec
|
|
|
|
- name: Write node-to-node ipsec tunnel configuration for the {{ network }} network
|
|
template:
|
|
src: legacy-ipsec-node-to-node-tunnels.conf.j2
|
|
dest: /etc/ipsec.d/overcloud-{{ network }}-node-to-node-tunnels.conf
|
|
mode: '0640'
|
|
when: controllers != []
|
|
notify:
|
|
- Restart ipsec
|
|
|
|
- name: Write VIP ipsec secrets file for the {{ network }} network
|
|
template:
|
|
src: ipsec-vip-tunnels.secrets.j2
|
|
dest: /etc/ipsec.d/overcloud-{{ current_vip.name }}-vip-tunnels.secrets
|
|
mode: '0600'
|
|
with_items: "{{ vips }}"
|
|
loop_control:
|
|
loop_var: current_vip
|
|
notify:
|
|
- Restart ipsec
|
|
|
|
- name: Write VIP ipsec tunnel configuration for the {{ network }} network
|
|
template:
|
|
src: ipsec-vip-tunnels.conf.j2
|
|
dest: /etc/ipsec.d/overcloud-{{ current_vip.name }}-vip-tunnels.conf
|
|
mode: '0640'
|
|
with_items: "{{ vips }}"
|
|
loop_control:
|
|
loop_var: current_vip
|
|
notify:
|
|
- Restart ipsec
|
|
|