AETHER-918 Initial commit of strongSwan role
Change-Id: I090832bd211f9f053fecc7abda851bf9edc696b1
diff --git a/tasks/Debian.yml b/tasks/Debian.yml
new file mode 100644
index 0000000..f9e890b
--- /dev/null
+++ b/tasks/Debian.yml
@@ -0,0 +1,19 @@
+---
+# strongswan tasks/Debian.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Install strongSwan package (Debian)
+ apt:
+ name: "{{ strongswan_package }}"
+ state: "present"
+ update_cache: true
+ cache_valid_time: 3600
+ notify:
+ - start-strongswan
+
+- name: Enable strongSwan Service
+ service:
+ name: "{{ strongswan_service }}"
+ enabled: true
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..dff3f3a
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+# strongswan tasks/main.yml
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Include OS-specific vars
+ include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Include OS-specific tasks
+ include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Copy VTI configuration and script
+ copy:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: root
+ group: root
+ mode: "{{ item.mode }}"
+ with_items:
+ - {src: "vti.conf", dest: "/etc/strongswan.d/vti.conf", mode: 0644}
+ - {src: "ipsec-vti.sh", dest: "/etc/ipsec.d/ipsec-vti.sh", mode: a+x}
+ when: not strongswan_conf_install_routes
+
+- name: Create ipsec configurations from template
+ template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: root
+ group: root
+ mode: 0640
+ with_items:
+ - {src: "ipsec.secrets.j2", dest: "/etc/ipsec.secrets"}
+ - {src: "ipsec.conf.j2", dest: "/etc/ipsec.conf"}
+ notify:
+ - restart-ipsec