From b1e846a35fe8b31e001e28a128b525004f9ae2d1 Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Thu, 8 Aug 2024 13:38:37 -0400
Subject: [PATCH] Update SX to DX migration playbook to support IPsec

This change updated SX to DX migration playbook to support IPsec when
migrated to DX. The migration playbook is supposed to run on System
Controller to migrate subclouds.

Test Plan:
PASS: In a DC system, define an overrides file, then run the migration
      playbook in System Controller to migrate a SX subcloud, verify
      the migration is successful, and verify IPsec is configured and
      enabled in the migrated DX subcloud.

Story: 2010940
Task: 50791

Change-Id: I76666b8c29cbd3f84bfa8f6ab4f03e7c26bd0fe4
Signed-off-by: Andy Ning <andy.ning@windriver.com>
---
 .../migrate/migrate-subcloud1-overrides-EXAMPLE.yml  |  1 +
 playbookconfig/src/playbooks/migrate_sx_to_dx.yml    | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/examples/migrate/migrate-subcloud1-overrides-EXAMPLE.yml b/examples/migrate/migrate-subcloud1-overrides-EXAMPLE.yml
index b8f0e7e5c..70eb9b417 100644
--- a/examples/migrate/migrate-subcloud1-overrides-EXAMPLE.yml
+++ b/examples/migrate/migrate-subcloud1-overrides-EXAMPLE.yml
@@ -1,6 +1,7 @@
 ---
 {
   "ansible_ssh_pass": "St8rlingXCloud*",
+  "ansible_become_pass": "St8rlingXCloud*",
   "external_oam_node_0_address": "10.10.10.13",
   "external_oam_node_1_address": "10.10.10.14",
 }
diff --git a/playbookconfig/src/playbooks/migrate_sx_to_dx.yml b/playbookconfig/src/playbooks/migrate_sx_to_dx.yml
index b0fa91124..20be8fcff 100644
--- a/playbookconfig/src/playbooks/migrate_sx_to_dx.yml
+++ b/playbookconfig/src/playbooks/migrate_sx_to_dx.yml
@@ -69,6 +69,8 @@
             admin_if.stdout == 'lo'
 
     - set_fact:
+        ansible_port: "{{ ansible_port | default(22) }}"
+        ansible_host: "{{ inventory_hostname }}"
         duplex_mode: "{{ duplex_mode | default('duplex') }}"
         kubernetes_duplex_migration_flag: '/var/run/.kubernetes_duplex_migration_complete'
 
@@ -124,6 +126,16 @@
           name: common/host-unlock
         vars:
           target_host: 'controller-0'
+          wait_for_unlock: true
+          distributed_cloud_role: 'subcloud'
+
+      - name: Config and enable IPsec
+        command: /usr/bin/ipsec-client pxecontroller
+        register: result
+        until: result.rc == 0
+        retries: 3
+        delay: 5
+        become: yes
 
       when: current_system_mode.stdout == 'simplex' or
             current_oam_c0_ip.stdout != external_oam_node_0_address or