2 files changed, 6 insertions, 3 deletions

diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 56c8300..7870626 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -38,23 +38,23 @@
             mode=0644
   register: r2
   notify:
     - Restart IPSec
 
 - name: Start IPSec
   service: name=ipsec state=started
   when: not (r1.changed or r2.changed)
 
 - name: Auto-create a dedicated interface for IPSec
   copy: src=etc/network/if-up.d/ipsec
         dest=/etc/network/if-up.d/ipsec
         owner=root group=root
         mode=0755
   notify:
     - Reload networking
 
 - name: Auto-deactivate the dedicated interface for IPSec
   file: src=../if-up.d/ipsec
         dest=/etc/network/if-down.d/ipsec
-        owner=root group=root state=link
+        owner=root group=root state=link force=yes
 
 - meta: flush_handlers
diff --git a/roles/common/tasks/samhain.yml b/roles/common/tasks/samhain.yml
index 0d911a5..10b1f46 100644
--- a/roles/common/tasks/samhain.yml
+++ b/roles/common/tasks/samhain.yml
@@ -1,26 +1,29 @@
 - name: Install samhain
   apt: pkg={{ item }}
   with_items:
     - samhain
     - auditd
   # XXX: Doesn't work out of the box, see #660197.
   # Every once in a while, or after a major upgrade, you may want to
-  # update Samhain's database (to avoid being flooded at the next
-  # reboot):
+  # update Samhain's database:
+  #
+  #     sudo samhain -t update --foreground
+  #
+  # To update the database without sending mails:
   #
   #     sudo samhain -t update --foreground -m none
 
 - name: Configure samhain
   copy: src=etc/samhain/samhainrc
         dest=/etc/samhain/samhainrc
         owner=root group=root
         mode=0644
   notify:
     - Reload samhain
 
 - name: Start samhain
   # This task is inconditional because samhain is reloaded not
   # restarted.
   service: name=samhain state=started
 
 - meta: flush_handlers