From f1ad0a2900b9249d222ca734ea4de02191efa363 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Mon, 2 Sep 2019 20:35:06 +0200
Subject: [PATCH]  CA and p12 password chanes

- Move the CA_password generation task to the native lookup plugin
- Get rid of unneeded tasks
---
 roles/common/tasks/facts.yml | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/roles/common/tasks/facts.yml b/roles/common/tasks/facts.yml
index 10f3402..02e88ed 100644
--- a/roles/common/tasks/facts.yml
+++ b/roles/common/tasks/facts.yml
@@ -1,25 +1,12 @@
 ---
-- block:
-  - name: Generate password for the CA key
-    command: openssl rand -hex 16
-    register: CA_password
-
-  - name: Generate p12 export password
-    set_fact:
-      p12_password_generated: "{{ lookup('password', '/dev/null length=9 chars=ascii_letters,digits,_,@') }}"
-    when: p12_password is not defined
-    tags: update-users
-  become: false
-  delegate_to: localhost
-
 - name: Define facts
   set_fact:
-    p12_export_password: "{{ p12_password|default(p12_password_generated) }}"
+    p12_export_password: "{{ p12_password|default(lookup('password', '/dev/null length=9 chars=ascii_letters,digits,_,@')) }}"
   tags: update-users
 
 - name: Set facts
   set_fact:
-    CA_password: "{{ CA_password.stdout }}"
+    CA_password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits,_,@') }}"
     IP_subject_alt_name: "{{ IP_subject_alt_name }}"
 
 - name: Set IPv6 support as a fact