commit 6c6db95890dbc93f33e1afe814e110e74f228ba2
author Hyunsun Moon <hyunsun@opennetworking.org> Wed Mar 04 20:50:51 2020 -0800
committer Hyunsun Moon <hyunsun.moon@gmail.com> Fri Mar 27 00:48:13 2020 +0000
tree 56a9fe16b1c1acd43f94b9f95c65454c044568b1
parent de7fc2d790f26215772cbc6de300c95bf3dc189a

[EDGEPOD-226] Add installing strongswan to router role

Also fixed ansible-lint failures

Change-Id: I78fbab0a9e2f45ea4f5989c255f09b47ef01bdcc

aether-playbook/roles/router/linux/tasks/main.yml

diff --git a/aether-playbook/roles/router/linux/tasks/main.yml b/aether-playbook/roles/router/linux/tasks/main.yml
index c37bca1..6fb32aa 100644
--- a/aether-playbook/roles/router/linux/tasks/main.yml
+++ b/aether-playbook/roles/router/linux/tasks/main.yml
@@ -13,44 +13,10 @@
 # limitations under the License.
 
 ---
-- name: Create netplan config file for SGI network gateway
-  template:
-    src: etc/netplan/sgi-s1u-gateway.yaml.j2
-    dest: "{{ netplan_config_file }}"
-  notify:
-    - netplan generate
-    - netplan apply
+- include_tasks: interfaces.yml
+  when: router_enabled | bool
   tags: router
 
-- name: Install iptables-persistent
-  apt:
-    name: iptables-persistent
-    state: present
-    update_cache: yes
-  tags: router
-
-- name: Ensure ip_forward enabled
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: '1'
-    sysctl_set: yes
-    state: present
-  tags: router
-
-- name: Set default forwarding policy to ACCEPT
-  iptables:
-    chain: FORWARD
-    policy: ACCEPT
-  tags: router
-
-- name: Add SNAT
-  iptables:
-    table: nat
-    chain: POSTROUTING
-    out_interface: "{{ ansible_default_ipv4.interface }}"
-    jump: MASQUERADE
-  tags: router
-
-- name: Save iptables v4 rules
-  shell: iptables-save > /etc/iptables/rules.v4
-  tags: router
+- include_tasks: ipsec-vpn.yml
+  when: vpn_enabled | bool
+  tags: vpn