38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
---
|
|
- name: Ensure CA cert/key exists
|
|
command:
|
|
chdir: /opt/nebula
|
|
cmd: ./nebula-cert ca -name "{{ nebula_network_name }}" -duration "{{ nebula_ca_cert_duration }}"
|
|
creates: /opt/nebula/ca.crt
|
|
|
|
- name: Ensure lighthouse cert/key exists
|
|
command:
|
|
chdir: /opt/nebula
|
|
cmd: ./nebula-cert sign -name "{{ nebula_lighthouse_hostname }}" -ip "{{ nebula_lighthouse_internal_ip_addr }}/{{ nebula_network_cidr }}" -duration "{{ nebula_client_cert_duration }}"
|
|
creates: "/opt/nebula/{{ nebula_lighthouse_hostname }}.crt"
|
|
|
|
- name: Ensure lighthouse is configured
|
|
template:
|
|
src: lighthouse_config.yml.j2
|
|
dest: /opt/nebula/config.yml
|
|
owner: root
|
|
group: root
|
|
mode: '0400'
|
|
notify: restart nebula
|
|
|
|
- name: Ensure lighthouse service exists
|
|
template:
|
|
src: lighthouse.service.j2
|
|
dest: /etc/systemd/system/lighthouse.service
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Ensure lighthouse service is enabled and running
|
|
systemd:
|
|
name: lighthouse
|
|
daemon_reload: yes
|
|
enabled: yes
|
|
masked: no
|
|
state: started
|