Replace IPSec tunnels by app-level ephemeral TLS sessions.

For some reason giraff doesn't like IPSec. App-level TLS sessions are less efficient, but thanks to ansible it still scales well.
author: Guilhem Moulin <guilhem@fripost.org> 2014-07-01 23:02:45 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:52:13 +0200
commit: de4859456f1de54540c96ad97f62858dd089a980 (patch)
tree: 4b4904258ae3daf6a6b4f852cbc9821acdfa8cc4 /roles/common/tasks/ipsec.yml
parent: 170dc68f9275dffb48fbe3f8ebb2183cd7ddf111 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 51d717f..36807d2 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -12,14 +12,18 @@
   failed_when: r1.rc > 1
   notify:
     - Restart IPSec
+  tags:
+    - genkey
 
 - name: Fetch the public part of IPSec's host key
-  sudo: False
   # Ensure we don't fetch private data
+  sudo: False
   fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
          dest=certs/ipsec/
          fail_on_missing=yes
          flat=yes
+  tags:
+    - genkey
 
 # Don't copy our pubkey due to a possible race condition.  Only the
 # remote machine has authority regarding its key.
author	Guilhem Moulin <guilhem@fripost.org>	2014-07-01 23:02:45 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:52:13 +0200
commit	de4859456f1de54540c96ad97f62858dd089a980 (patch)
tree	4b4904258ae3daf6a6b4f852cbc9821acdfa8cc4 /roles/common/tasks/ipsec.yml
parent	170dc68f9275dffb48fbe3f8ebb2183cd7ddf111 (diff)