Make both sigul vaults know their counterparts public key

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
author: Patrick Uiterwijk <puiterwijk@redhat.com> 2017-02-20 23:17:56 +0000
committer: Patrick Uiterwijk <puiterwijk@redhat.com> 2017-02-20 23:17:56 +0000
commit: a8cb95ecaf94de7a9e2a46432e91ccaa57909574 (patch)
tree: d7b3c51754627225a488e495bff798ca3a15839e /roles/sigul
parent: 0fd0505b9279033114c42c334713ba26d0e3fe2e (diff)
download: ansible-a8cb95ecaf94de7a9e2a46432e91ccaa57909574.tar.gz
ansible-a8cb95ecaf94de7a9e2a46432e91ccaa57909574.tar.xz
ansible-a8cb95ecaf94de7a9e2a46432e91ccaa57909574.zip
1 files changed, 4 insertions, 5 deletions
diff --git a/roles/sigul/server/templates/server.conf.j2 b/roles/sigul/server/templates/server.conf.j2
index a978947a6..02ba9cfb7 100644
--- a/roles/sigul/server/templates/server.conf.j2
+++ b/roles/sigul/server/templates/server.conf.j2
@@ -57,12 +57,11 @@ nss-max-tls: tls1.2
 [binding]
 # List of binding modules enabled
 enabled: pkcs11
-{% if inventory_hostname.startswith('sign-vault03') %}
-pkcs11_tokens: yubikey_sv03
-{% else %}
-pkcs11_tokens: yubikey_sv04
-{% endif %}
+pkcs11_tokens: yubikey_sv03,yubikey_sv04
 pkcs11_yubikey_sv03_pubkey: /etc/sigul/yubikey_sv03.pem
 pkcs11_yubikey_sv04_pubkey: /etc/sigul/yubikey_sv04.pem
+{% if inventory_hostname.startswith('sign-vault03') %}
 pkcs11_yubikey_sv03_privkey: pkcs11:serial=8f2a341e00d7a665;id=%03;type=private
+{% else %}
 pkcs11_yubikey_sv04_privkey: pkcs11:serial=b38ee13e56b3b987;id=%03;type=private
+{% endif %}
author	Patrick Uiterwijk <puiterwijk@redhat.com>	2017-02-20 23:17:56 +0000
committer	Patrick Uiterwijk <puiterwijk@redhat.com>	2017-02-20 23:17:56 +0000
commit	a8cb95ecaf94de7a9e2a46432e91ccaa57909574 (patch)
tree	d7b3c51754627225a488e495bff798ca3a15839e /roles/sigul
parent	0fd0505b9279033114c42c334713ba26d0e3fe2e (diff)
download	ansible-a8cb95ecaf94de7a9e2a46432e91ccaa57909574.tar.gz ansible-a8cb95ecaf94de7a9e2a46432e91ccaa57909574.tar.xz ansible-a8cb95ecaf94de7a9e2a46432e91ccaa57909574.zip