CA and p12 password chanes

- Move the CA_password generation task to the native lookup plugin
- Get rid of unneeded tasks

roles/common/tasks/facts.yml

@@ -1,25 +1,12 @@
 ---
-- block:
-  - name: Generate password for the CA key
-    command: openssl rand -hex 16
-    register: CA_password
-
-  - name: Generate p12 export password
-    set_fact:
-      p12_password_generated: "{{ lookup('password', '/dev/null length=9 chars=ascii_letters,digits,_,@') }}"
-    when: p12_password is not defined
-    tags: update-users
-  become: false
-  delegate_to: localhost
-
 - name: Define facts
   set_fact:
-    p12_export_password: "{{ p12_password|default(p12_password_generated) }}"
+    p12_export_password: "{{ p12_password|default(lookup('password', '/dev/null length=9 chars=ascii_letters,digits,_,@')) }}"
   tags: update-users
 
 - name: Set facts
   set_fact:
-    CA_password: "{{ CA_password.stdout }}"
+    CA_password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits,_,@') }}"
     IP_subject_alt_name: "{{ IP_subject_alt_name }}"
 
 - name: Set IPv6 support as a fact