Only do force listen on pacemaker nodes

Only the nodes that run pacemaker (and the VIPs) should do whack --listen. This is not something the computes should do as it will restart the SAs. Change-Id: Id295d18fe8caec3446f57bf9a99ccd301f8d2728
2017-12-04 11:11:43 +02:00 · 2017-12-04 11:11:43 +02:00 · dd26777ae4
parent 34ea5a38c1
commit dd26777ae4
1 changed files with 2 additions and 0 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -16,3 +16,5 @@
 - name: Listen for IPSEC connections
  shell: ipsec whack --listen
  become: yes
+  when:
+  - inventory_hostname in groups['pacemaker']