---
- name: Set network based facts for this node and network
  set_fact:
    network: "{{ item.name }}"
    current_ip: "{{ item.current_ip }}"
    controllers: "{{ item.controllers }}"
    vips: "{{ item.vips }}"

- name: Add legacy {{ network }} tunnel configuration if not in skip list
  when: network not in ipsec_skip_networks
  block:
  - name: Write node-to-node ipsec secrets file for the {{ network }} network
    template:
      src: legacy-ipsec-node-to-node-tunnels.secrets.j2
      dest: /etc/ipsec.d/overcloud-{{ network }}-node-to-node-tunnels.secrets
      mode: '0600'
    when: controllers != []
    notify:
    - Restart ipsec

  - name: Write node-to-node ipsec tunnel configuration for the {{ network }} network
    template:
      src: legacy-ipsec-node-to-node-tunnels.conf.j2
      dest: /etc/ipsec.d/overcloud-{{ network }}-node-to-node-tunnels.conf
      mode: '0640'
    when: controllers != []
    notify:
    - Restart ipsec

  - name: Write VIP ipsec secrets file for the {{ network }} network
    template:
      src: ipsec-vip-tunnels.secrets.j2
      dest: /etc/ipsec.d/overcloud-{{ current_vip.name }}-vip-tunnels.secrets
      mode: '0600'
    with_items: "{{ vips }}"
    loop_control:
      loop_var: current_vip
    notify:
    - Restart ipsec

  - name: Write VIP ipsec tunnel configuration for the {{ network }} network
    template:
      src: ipsec-vip-tunnels.conf.j2
      dest: /etc/ipsec.d/overcloud-{{ current_vip.name }}-vip-tunnels.conf
      mode: '0640'
    with_items: "{{ vips }}"
    loop_control:
      loop_var: current_vip
    notify:
    - Restart ipsec