Ansible Role: ipsec
The IBM Power Systems AIX collection provides an
Ansible role,
referred to as ipsec, which assists in automating ipsec tunnel management.
For guides and reference, see the Docs Site.
Requirements
AIX 7.1 or later
Root or sudo access
IPsec subsystem installed on AIX
Valid IPsec configuration XML file
Role Variables
Available variables are listed below, along with default values:
| Role Variables | |||||
|---|---|---|---|---|---|
| Variable | Suboptions | Required | Default | Choices | Comments |
| ipsec_action | true | status | on, off, status | Action to perform: bringup the tunnel, bring down the tunnel, get tunnel status on a system | |
| ipsec_config_file | true | Location of th IPsec configuration file path, where all the details are present. | |||
| ipsec_ike_service_group | false | ike | IKE service group name. | ||
| ipsec_ike_start_wait | false | 5 | Wait time after starting IKE service (seconds) | ||
| ipsec_ike_activate_wait | false | 5 | Wait time after activating tunnel (seconds). | ||
NOTES:
ipsec_action needs to be set to “up”, when you want to create an ipsec tunnel on a system.
ipsec_action needs to be set to “down”, when you want to tear down an ipsec tunnel on a system.
ipsec_action needs to be set to “status”, when you want to check the status of ipsec tunnel(s) in a system.
You need to set the ipsec_ike_start_wait and ipsec_ike_activate_wait values based on your environment, the default is set to 5 seconds.
Dependencies
None
Example Playbook
- name: Setup IPsec tunnel between machine a and b
hosts: machine_a, machine_b
gather_facts: false
vars:
ipsec_action: "up"
ipsec_config_file: "/tmp/ipsec/ipsec.xml"
ike_service_group: "ike"
ike_start_wait: 5
ike_activate_wait: 5
- name: Tear down IPsec tunnel between machine a and b
hosts: machine_a, machine_b
gather_facts: false
vars:
ipsec_action: "down"
ipsec_config_file: "/tmp/ipsec/ipsec.xml"
ike_service_group: "ike"
ike_start_wait: 5
ike_activate_wait: 5
- name: Verify IPsec tunnel status on both machines
hosts: machine_a,machine_b
gather_facts: false
vars:
ipsec_action: "status"
tasks:
- name: Check IPsec tunnel status
ansible.builtin.include_role:
name: ibm.power_aix.ipsec
Copyright
© Copyright IBM Corporation 2022