Add flag to configure VIPs
This flag determines whether or not we configure the VIP tunnels. This is useful if we want to do the deployment in several passes. Change-Id: Ib9a134648c74e5dfcbd7a8ebd2d67bda87992497
This commit is contained in:
parent
0b10ce8e45
commit
9d4c4bcf6b
|
@ -31,6 +31,8 @@ Role Variables
|
|||
* `ipsec_algorithm`: Defines the encryption algorithm to use in the phase2alg
|
||||
configuration option for the tunnels. Defaults to: `aes_gcm128-null`.
|
||||
The possible values should be checked in libreswan's documentation.
|
||||
* `ipsec_configure_vips`: Determines whether or not the role should configure
|
||||
the tunnels for the VIPs. Defaults to: `true`.
|
||||
* `ipsec_skip_firewall_rules`: Determines whether the role should skip
|
||||
or not the firewall rules. Defaults to: `false`.
|
||||
* `ipsec_uninstall_tunnels`: Determines whether the role should remove the IPSEC
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
---
|
||||
overcloud_controller_identifier: controller
|
||||
ipsec_algorithm: 'aes_gcm128-null'
|
||||
ipsec_configure_vips: true
|
||||
ipsec_force_install_legacy: false
|
||||
ipsec_setup_resource_agents: true
|
||||
ipsec_skip_firewall_rules: false
|
||||
ipsec_uninstall_tunnels: false
|
||||
ipsec_setup_resource_agents: true
|
||||
ipsec_force_install_legacy: false
|
||||
ipsec_upgrade_tunnels: false
|
||||
use_opportunistic_ipsec: false
|
||||
|
|
|
@ -43,5 +43,5 @@
|
|||
|
||||
- name: Ping {{ current_vip.name }} VIP
|
||||
command: "ping -c 5 {{ current_vip.ip }}"
|
||||
when: current_vip.ip != ''
|
||||
when: current_vip.ip != '' and ipsec_configure_vips|bool
|
||||
ignore_errors: true
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
src: ipsec-vip-tunnels.secrets.j2
|
||||
dest: /etc/ipsec.d/overcloud-{{ current_vip.name }}-vip-tunnels.secrets
|
||||
mode: '0600'
|
||||
when: current_vip.ip != '' and type != 'opportunistic'
|
||||
when: current_vip.ip != '' and type != 'opportunistic' and ipsec_configure_vips|bool
|
||||
notify:
|
||||
- Listen for IPSEC connections
|
||||
|
||||
|
@ -99,7 +99,7 @@
|
|||
src: ipsec-vip-tunnels.conf.j2
|
||||
dest: /etc/ipsec.d/overcloud-{{ current_vip.name }}-vip-tunnels.conf
|
||||
mode: '0640'
|
||||
when: current_vip.ip != '' and type != 'opportunistic'
|
||||
when: current_vip.ip != '' and type != 'opportunistic' and ipsec_configure_vips|bool
|
||||
notify:
|
||||
- Listen for IPSEC connections
|
||||
|
||||
|
@ -110,3 +110,4 @@
|
|||
- current_vip.ip != ''
|
||||
- inventory_hostname == groups['pacemaker'][0]
|
||||
- ipsec_setup_resource_agents|bool
|
||||
- ipsec_configure_vips|bool
|
||||
|
|
Loading…
Reference in New Issue