diff options
Diffstat (limited to 'roles/common/tasks')
-rw-r--r-- | roles/common/tasks/ipsec.yml | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index ca03c98..ce158fe 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -6,9 +6,9 @@ - libstrongswan-standard-plugins notify: - Update firewall - - Restart IPSec + - Restart IPsec -- name: Auto-create a dedicated virtual subnet for IPSec +- name: Auto-create a dedicated virtual subnet for IPsec template: src=etc/network/if-up.d/ipsec.j2 dest=/etc/network/if-up.d/ipsec owner=root group=root @@ -16,7 +16,7 @@ notify: - Reload networking -- name: Auto-deactivate the dedicated virtual subnet for IPSec +- name: Auto-deactivate the dedicated virtual subnet for IPsec file: src=../if-up.d/ipsec dest=/etc/network/if-down.d/ipsec owner=root group=root state=link force=yes @@ -24,23 +24,23 @@ - meta: flush_handlers -- name: Configure IPSec +- name: Configure IPsec template: src=etc/ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=0644 register: r1 notify: - - Restart IPSec + - Restart IPsec -- name: Configure IPSec's secrets +- name: Configure IPsec's secrets template: src=etc/ipsec.secrets.j2 dest=/etc/ipsec.secrets owner=root group=root mode=0600 register: r2 notify: - - Restart IPSec + - Restart IPsec - name: Configure Charon copy: src=etc/strongswan.d/{{ item }} @@ -52,9 +52,9 @@ - charon/socket-default.conf register: r3 notify: - - Restart IPSec + - Restart IPsec -- name: Generate a key pair for IPSec public key authentication +- name: Generate a key pair for IPsec public key authentication command: genkeypair.sh keypair --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname_short }}.pem --privkey=/etc/ipsec.d/private/{{ inventory_hostname_short }}.key @@ -63,11 +63,11 @@ changed_when: r4.rc == 0 failed_when: r4.rc > 1 notify: - - Restart IPSec + - Restart IPsec tags: - genkey -- name: Fetch the public part of IPSec host key +- name: Fetch the public part of IPsec host key # Ensure we don't fetch private data become: False fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname_short }}.pem @@ -78,7 +78,7 @@ # Don't copy our pubkey due to a possible race condition. Only the # remote machine has authority regarding its key. -- name: Copy the public part of IPSec peers' key +- name: Copy the public part of IPsec peers' key copy: src=certs/ipsec/{{ hostvars[item].inventory_hostname_short }}.pem dest=/etc/ipsec.d/certs/{{ hostvars[item].inventory_hostname_short }}.pem owner=root group=root @@ -88,8 +88,8 @@ tags: - genkey notify: - - Restart IPSec + - Restart IPsec -- name: Start IPSec +- name: Start IPsec service: name=ipsec state=started when: not (r1.changed or r2.changed or r3.changed or r4.changed or r5.changed) |