make it a role

2021-08-26 03:13:18 +00:00
commit 390d6042ab
14 changed files with 487 additions and 0 deletions
--- a/tasks/lighthouse.yml
+++ b/tasks/lighthouse.yml
@@ -0,0 +1,37 @@
+---
+- name: Ensure CA cert/key exists
+  command:
+    chdir: /opt/nebula
+    cmd: ./nebula-cert ca -name "{{ nebula_network_name }}" -duration "{{ nebula_ca_cert_duration }}"
+    creates: /opt/nebula/ca.crt
+
+- name: Ensure lighthouse cert/key exists
+  command:
+    chdir: /opt/nebula
+    cmd: ./nebula-cert sign -name "{{ nebula_lighthouse_hostname }}" -ip "{{ nebula_lighthouse_internal_ip_addr }}/{{ nebula_network_cidr }}" -duration "{{ nebula_client_cert_duration }}"
+    creates: "/opt/nebula/{{ nebula_lighthouse_hostname }}.crt"
+
+- name: Ensure lighthouse is configured
+  template:
+    src: lighthouse_config.yml.j2 
+    dest: /opt/nebula/config.yml
+    owner: root
+    group: root
+    mode: '0400'
+  notify: Restart Lighthouse
+
+- name: Ensure lighthouse service exists
+  template:
+    src: lighthouse.service.j2
+    dest: /etc/systemd/system/lighthouse.service
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Ensure lighthouse service is enabled and running
+  systemd: 
+    name: lighthouse
+    daemon_reload: yes
+    enabled: yes
+    masked: no
+    state: started