--- # This contains the "legacy" code for setting up IPSEC tunnels before # IPSEC 3.20 - name: Check for PSK variable fail: msg: Please provide the PSK key via the 'ipsec_psk' variable when: ipsec_psk is not defined # This gets the network information, which should come in a structure # with the following format: # # networks: # - name: # current_ip: # controllers: # vips: # - name: # ip: # - name: # ip: - import_tasks: hardcoded-network-discover.yml # This returns the hostname (short) of the node hosting the VIP - name: Determine which node is hosting the VIP shell: pcs status | grep ip- | sed 's/ip-//' | awk '{print $1"\t"$4}' | grep "{{ networks[0]['vips'][0]['ip'] }}" | awk '{print $2}' # noqa 306 register: node_hosting_the_vip when: pacemaker_running|bool - name: Add uniqueids = no to ipsec setup configuration lineinfile: dest: /etc/ipsec.conf regexp: '^\s+uniqueids' insertafter: '^config setup' line: "\tuniqueids=no" notify: - Restart ipsec - include_tasks: legacy-ipsec-conf.yml with_items: "{{ networks }}" # We force the restart of IPSEC here since adding it as a handler was # getting run between the loop above, which is not desirable. - name: Force restart IPSEC shell: ipsec restart # noqa 301 305 # Permissions gotten from http://www.linux-ha.org/doc/dev-guides/_installing_and_packaging_resource_agents.html - name: Install TripleO IPSEC resource agent copy: src: ipsec-resource-agent.sh dest: /usr/lib/ocf/resource.d/heartbeat/ipsec mode: '0755' force: yes register: resource_agent when: pacemaker_running|bool # This queries the VIPs for all networks and flattens them into a list # that contains a dict with the "name" and "ip" for each VIP entry. - include_tasks: resource-agent.yml loop_control: loop_var: current_vip with_items: "{{ networks|default([])|json_query('[*].vips[]')|list }}" when: - pacemaker_running|bool - node_hosting_the_vip.stdout == ansible_hostname