forked from evolix/ansible-roles
66 lines
1.3 KiB
YAML
66 lines
1.3 KiB
YAML
---
|
|
- name: Create /etc/ipsec dir
|
|
file:
|
|
path: /etc/ipsec
|
|
state: directory
|
|
mode: "0750"
|
|
owner: root
|
|
group: wheel
|
|
tags:
|
|
- ipsec
|
|
|
|
- name: Enable and start isakmpd service
|
|
service:
|
|
name: isakmpd
|
|
arguments: '-K'
|
|
state: started
|
|
enabled: yes
|
|
tags:
|
|
- ipsec
|
|
|
|
- name: Deploy nrpe scripts
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /usr/local/libexec/nagios/
|
|
mode: "0755"
|
|
with_items:
|
|
- 'check_ipsecctl.sh'
|
|
- 'check_ipsecctl_multi.sh'
|
|
tags:
|
|
- ipsec
|
|
|
|
- name: Add sudo right to _nrpe for check ipsecctl
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
line: "{{ item }}"
|
|
state: present
|
|
validate: "visudo -cf %s"
|
|
with_items:
|
|
- "_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/check_ipsecctl_multi.sh"
|
|
- "_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/check_ipsecctl.sh"
|
|
tags:
|
|
- ipsec
|
|
|
|
- name: "Copy /etc/ipsec/{{ ipsec_name }}.conf"
|
|
template:
|
|
src: ipsec.conf.j2
|
|
dest: "/etc/ipsec/{{ ipsec_name }}.conf"
|
|
mode: "0640"
|
|
owner: root
|
|
group: wheel
|
|
register: ipsec_conf
|
|
tags:
|
|
- ipsec
|
|
|
|
- name: "Check {{ ipsec_name }} config"
|
|
command: "ipsecctl -nf /etc/ipsec/{{ ipsec_name }}.conf"
|
|
changed_when: false
|
|
tags:
|
|
- ipsec
|
|
|
|
- name: "Reload ipsec {{ ipsec_name }}"
|
|
command: "ipsecctl -f /etc/ipsec/{{ ipsec_name }}.conf"
|
|
when: ipsec_conf.changed
|
|
tags:
|
|
- ipsec
|