evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity
ansible-roles/ipsec/tasks/main.yml
Jérémy Lecour 3669e473c2 [WIP] ipsec role
2017-07-14 11:36:18 +02:00

66 lines
1.3 KiB
YAML
Raw Blame History

---
- name: Create /etc/ipsec dir
file:
path: /etc/ipsec
state: directory
mode: "0700"
owner: root
group: wheel
tags:
- ipsec
- name: Enable and start isakmpd service
service:
name: isakmpd
arguments: '-K'
state: started
enabled: yes
tags:
- ipsec
- name: Deploy nrpe scripts
copy:
src: "{{ item }}"
dest: /usr/local/libexec/nagios/
mode: "0755"
with_items:
- 'check_ipsecctl.sh'
- 'check_ipsecctl_multi.sh'
tags:
- ipsec
- name: Add sudo right to _nrpe for check ipsecctl
lineinfile:
dest: /etc/sudoers
line: "{{ item }}"
state: present
validate: "visudo -cf %s"
with_items:
- "_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/check_ipsecctl_multi.sh"
- "_nrpe ALL=(root) NOPASSWD: /usr/local/libexec/nagios/check_ipsecctl.sh"
tags:
- ipsec
- name: "Copy /etc/ipsec/{{ ipsec_name }}.conf"
template:
src: ipsec.conf.j2
dest: "/etc/ipsec/{{ ipsec_name }}.conf"
mode: "0600"
owner: root
group: wheel
register: ipsec_conf
tags:
- ipsec
- name: "Check {{ ipsec_name }} config"
command: "ipsecctl -nf /etc/ipsec/{{ ipsec_name }}.conf"
changed_when: false
tags:
- ipsec
- name: "Reload ipsec {{ ipsec_name }}"
command: "ipsecctl -f /etc/ipsec/{{ ipsec_name }}.conf"
when: ipsec_conf.changed
tags:
- ipsec
Reference in a new issue View git blame Copy permalink