genkeypair: use install(1) for atomic file creation with permission mode.

1 files changed, 1 insertions, 1 deletions

diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index aff0e58..5b7143f 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -25,41 +25,41 @@
   file: path=/etc/ldap/ssl
         state=directory
         owner=root group=root
         mode=0755
   tags:
     - genkey
 
 # XXX: It's ugly to list all roles here, and to prunes them with a
 # conditional...
 - name: Generate a private key and a X.509 certificate for slapd
   # XXX: GnuTLS (libgnutls26 2.12.20-8+deb7u2, found in Wheezy) doesn't
   # support ECDSA; and slapd doesn't seem to support DHE (!?) so
   # we're stuck with "plain RSA" Key-Exchange. Also, there is a bug with
   # SHA-512.
   command: genkeypair.sh x509
                          --pubkey=/etc/ldap/ssl/{{ item.name }}.pem
                          --privkey=/etc/ldap/ssl/{{ item.name }}.key
                          --ou=LDAP {{ item.ou }} --cn={{ item.name }}
                          --usage=digitalSignature,keyEncipherment,keyCertSign
                          -t rsa -b 4096 -h sha256
-                         --chown="root:openldap" --chmod=0640
+                         --owner=root --group=openldap --mode=0640
   register: r2
   changed_when: r2.rc == 0
   failed_when: r2.rc > 1
   with_items:
     - { group: 'LDAP-provider', name: ldap.fripost.org, ou:               }
     - { group: 'MX',            name: mx,               ou: --ou=SyncRepl }
     - { group: 'lists',         name: lists,            ou: --ou=SyncRepl }
   when: "item.group in group_names"
   tags:
     - genkey
 
 - name: Fetch slapd's X.509 certificate
   # Ensure we don't fetch private data
   sudo: False
   fetch: src=/etc/ldap/ssl/{{ item.name }}.pem
          dest=certs/ldap/
          fail_on_missing=yes
          flat=yes
   with_items:
     - { group: 'LDAP-provider', name: ldap.fripost.org }