61 lines
1.7 KiB
YAML
61 lines
1.7 KiB
YAML
---
|
|
- hosts: all
|
|
become: true
|
|
tasks:
|
|
- name: Flush firewall rules
|
|
iptables:
|
|
flush: true
|
|
# NOTE(mnaser): Wireguard on CentOS requires EPEL, this role does not
|
|
# manage it for you.
|
|
- name: Enable EPEL
|
|
yum_repository:
|
|
name: epel
|
|
description: Extra Packages for Enterprise Linux 7 - $basearch
|
|
baseurl: "http://{{ zuul_site_mirror_fqdn }}/epel/7/$basearch"
|
|
enabled: true
|
|
when: ansible_os_family == 'RedHat'
|
|
# NOTE(mnaser): Glean interferes with the interfaces, disable for now
|
|
# Drop when https://review.openstack.org/651680 lands.
|
|
- name: Disable Glean
|
|
file:
|
|
path: /etc/udev/rules.d/99-glean.rules
|
|
state: absent
|
|
|
|
- hosts: primary
|
|
roles:
|
|
- wireguard
|
|
vars:
|
|
wireguard_links:
|
|
- name: wg0
|
|
address: 10.0.0.1
|
|
port: 51820
|
|
private_key: eCpvWOe8zI0HCj/KjK3TZP71kd+glDxvDo5JaQhw3mw=
|
|
peers:
|
|
- public_key: UB9Lhk0JgwAPFD8F3k3Dq9iS7r/jLD+oYMX98T+fmGw=
|
|
endpoint: "{{ hostvars['secondary']['ansible_host'] }}:51820"
|
|
allowed_ips: 10.0.0.2
|
|
|
|
- hosts: secondary
|
|
roles:
|
|
- wireguard
|
|
vars:
|
|
wireguard_links:
|
|
- name: wg0
|
|
address: 10.0.0.2
|
|
port: 51820
|
|
private_key: aIPcdRd6ncwRa+DJLaiq0Jmbvx1FjtLnWE2EApgcr2E=
|
|
peers:
|
|
- public_key: E/MU5hNb1mQ55ww0H0luxigNTXNNo/x49MRm5AcHLSI=
|
|
endpoint: "{{ hostvars['primary']['ansible_host'] }}:51820"
|
|
allowed_ips: 10.0.0.1
|
|
|
|
- hosts: primary
|
|
tasks:
|
|
- name: Check if primary can reach secondary
|
|
shell: ping -c4 -W 1 10.0.0.2
|
|
|
|
- hosts: secondary
|
|
tasks:
|
|
- name: Check if secondary can reach primary
|
|
shell: ping -c4 -W 1 10.0.0.1
|