From de4859456f1de54540c96ad97f62858dd089a980 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 1 Jul 2014 23:02:45 +0200
Subject: Replace IPSec tunnels by app-level ephemeral TLS sessions.

For some reason giraff doesn't like IPSec.  App-level TLS sessions are
less efficient, but thanks to ansible it still scales well.
---
 roles/common/tasks/ipsec.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'roles/common/tasks/ipsec.yml')

diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 51d717f..36807d2 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -12,14 +12,18 @@
   failed_when: r1.rc > 1
   notify:
     - Restart IPSec
+  tags:
+    - genkey
 
 - name: Fetch the public part of IPSec's host key
-  sudo: False
   # Ensure we don't fetch private data
+  sudo: False
   fetch: src=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem
          dest=certs/ipsec/
          fail_on_missing=yes
          flat=yes
+  tags:
+    - genkey
 
 # Don't copy our pubkey due to a possible race condition.  Only the
 # remote machine has authority regarding its key.
-- 
cgit v1.2.3