diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2014-06-29 18:10:29 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:52:09 +0200 |
| commit | e1cc46486b686df85cf30073878c1ee69e320d1b (patch) | |
| tree | c1c4606aec0b9cfd528da739445fb0b6742260dd /roles/common/tasks | |
| parent | fd3adc5afe27e1208f8a173414a19884459ae54c (diff) | |
Fix syntax error.
Diffstat (limited to 'roles/common/tasks')
| -rw-r--r-- | roles/common/tasks/ipsec.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index 0dbf3e1..51d717f 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -1,28 +1,28 @@ - name: Install strongSwan apt: pkg=strongswan-ikev2 - name: Generate a private key and a X.509 certificate for IPSec command: genkeypair.sh x509 --pubkey=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem --privkey=/etc/ipsec.d/private/{{ inventory_hostname }}.key - --dns {{ inventory_hostname }} + --dns={{ inventory_hostname }} -t ecdsa -b secp521r1 -h sha512 register: r1 changed_when: r1.rc == 0 failed_when: r1.rc > 1 notify: - Restart IPSec - name: Fetch the public part of IPSec's host key sudo: False # Ensure we don't fetch private data fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem dest=certs/ipsec/ fail_on_missing=yes flat=yes # Don't copy our pubkey due to a possible race condition. Only the # remote machine has authority regarding its key. - name: Copy IPSec host pubkeys (except ours) copy: src=certs/ipsec/{{ item }}.pem dest=/etc/ipsec.d/certs/{{ item }}.pem |