66 lines
2.2 KiB
YAML
66 lines
2.2 KiB
YAML
---
|
|
# This contains the "legacy" code for setting up IPSEC tunnels before
|
|
# IPSEC 3.20
|
|
|
|
- name: Check for PSK variable
|
|
fail:
|
|
msg: Please provide the PSK key via the 'ipsec_psk' variable
|
|
when: ipsec_psk is not defined
|
|
|
|
# This gets the network information, which should come in a structure
|
|
# with the following format:
|
|
#
|
|
# networks:
|
|
# - name: <Network name>
|
|
# current_ip: <The IP of this node for this network>
|
|
# controllers: <The IPs for this network for the rest of the controllers>
|
|
# vips:
|
|
# - name: <Name of the VIP for this network>
|
|
# ip: <Actual VIP>
|
|
# - name: <Another name of the VIP for this network>
|
|
# ip: <Another actual VIP>
|
|
- import_tasks: hardcoded-network-discover.yml
|
|
|
|
# This returns the hostname (short) of the node hosting the VIP
|
|
- name: Determine which node is hosting the VIP
|
|
shell: pcs status | grep ip- | sed 's/ip-//' | awk '{print $1"\t"$4}' | grep "{{ networks[0]['vips'][0]['ip'] }}" | awk '{print $2}' # noqa 306
|
|
register: node_hosting_the_vip
|
|
when: pacemaker_running|bool
|
|
|
|
- name: Add uniqueids = no to ipsec setup configuration
|
|
lineinfile:
|
|
dest: /etc/ipsec.conf
|
|
regexp: '^\s+uniqueids'
|
|
insertafter: '^config setup'
|
|
line: "\tuniqueids=no"
|
|
notify:
|
|
- Restart ipsec
|
|
|
|
- include_tasks: legacy-ipsec-conf.yml
|
|
with_items: "{{ networks }}"
|
|
|
|
# We force the restart of IPSEC here since adding it as a handler was
|
|
# getting run between the loop above, which is not desirable.
|
|
- name: Force restart IPSEC
|
|
shell: ipsec restart # noqa 301 305
|
|
|
|
# Permissions gotten from http://www.linux-ha.org/doc/dev-guides/_installing_and_packaging_resource_agents.html
|
|
- name: Install TripleO IPSEC resource agent
|
|
copy:
|
|
src: ipsec-resource-agent.sh
|
|
dest: /usr/lib/ocf/resource.d/heartbeat/ipsec
|
|
mode: '0755'
|
|
force: yes
|
|
register: resource_agent
|
|
when: pacemaker_running|bool
|
|
|
|
# This queries the VIPs for all networks and flattens them into a list
|
|
# that contains a dict with the "name" and "ip" for each VIP entry.
|
|
- include_tasks: resource-agent.yml
|
|
loop_control:
|
|
loop_var: current_vip
|
|
with_items: "{{ networks|default([])|json_query('[*].vips[]')|list }}"
|
|
when:
|
|
- pacemaker_running|bool
|
|
- node_hosting_the_vip.stdout == ansible_hostname
|