libreswan-setup.yml

---

# Since LXC loads kernel modules from the host, we need to ensure LibreSwan is compiled and installed
- name: Install the Libreswan dependencies that are required for compilation
  apt:
    name: "{{ item }}"
  with_items: "{{ libreswan_compilation_dependencies_trusty }}"
  when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'trusty'

- name: Include Libreswan vars
  include_vars: "../playbooks/roles/l2tp-ipsec/vars/main.yml"

- name: Install the Libreswan dependencies that are required for compilation
  apt:
    name: "{{ item }}"
  with_items: "{{ libreswan_compilation_dependencies }}"
  when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial'

- name: Install xmlto (without the extraordinarily large number of packages it normally recommends)
  apt:
    name: xmlto
    install_recommends: no

- name: Retrieve the Libreswan source code
  include_role:
    name: download-and-verify
  vars:
    project_name: "The Libreswan Project"
    project_signer: "The Libreswan team"
    project_signing_key: "{{ libreswan_developers_key_id }}"
    project_expected_fingerprint: "{{ libreswan_developers_expected_fingerprint }}"
    project_download_location: "{{ libreswan_src_directory }}"
    project_download_urls: "{{ libreswan_download_urls }}"

- name: Extract the Libreswan source code
  unarchive:
    copy: no
    src: "{{ libreswan_source_location }}"
    dest: /usr/local/src
    owner: root
    group: root
    creates: "{{ libreswan_compilation_directory }}/README"

- name: Compile and install Libreswan (this will take a while)
  shell: make -j {{ ansible_processor_cores }} programs && make install
  args:
    chdir: "{{ libreswan_compilation_directory }}"

- name: Start ipsec
  service:
    name: ipsec
    state: started
    enabled: yes
  register: ipsec_start

- name: Pause for a few seconds to let ipsec start
  pause:
    seconds: 5