Generates a password by native module (#1576)

* use password module to generate password

* fix variable reference

* reduce character set to meet origin design

*  CA and p12 password chanes

- Move the CA_password generation task to the native lookup plugin
- Get rid of unneeded tasks

roles/common/tasks/facts.yml

@@ -1,27 +1,12 @@
 ---
-- block:
-  - name: Generate password for the CA key
-    command: openssl rand -hex 16
-    register: CA_password
-
-  - name: Generate p12 export password
-    shell: >
-      openssl rand 8 |
-      python -c 'import sys,string; chars=string.ascii_letters + string.digits + "_@"; print("".join([chars[ord(c) % 64] for c in list(sys.stdin.read())]))'
-    register: p12_password_generated
-    when: p12_password is not defined
-    tags: update-users
-  become: false
-  delegate_to: localhost
-
 - name: Define facts
   set_fact:
-    p12_export_password: "{{ p12_password|default(p12_password_generated.stdout) }}"
+    p12_export_password: "{{ p12_password|default(lookup('password', '/dev/null length=9 chars=ascii_letters,digits,_,@')) }}"
   tags: update-users
 
 - name: Set facts
   set_fact:
-    CA_password: "{{ CA_password.stdout }}"
+    CA_password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits,_,@') }}"
     IP_subject_alt_name: "{{ IP_subject_alt_name }}"
 
 - name: Set IPv6 support as a fact