From 1ca8ee5554330f7bbd869b2936a7d7a3087b9b9e Mon Sep 17 00:00:00 2001
From: Squirrel <kanade123321@gmail.com>
Date: Fri, 6 Sep 2019 16:55:57 +0800
Subject: [PATCH] Generates a password by native module (#1576)

* use password module to generate password

* fix variable reference

* reduce character set to meet origin design

*  CA and p12 password chanes

- Move the CA_password generation task to the native lookup plugin
- Get rid of unneeded tasks
---
 roles/common/tasks/facts.yml | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/roles/common/tasks/facts.yml b/roles/common/tasks/facts.yml
index c064d7b..02e88ed 100644
--- a/roles/common/tasks/facts.yml
+++ b/roles/common/tasks/facts.yml
@@ -1,27 +1,12 @@
 ---
-- block:
-  - name: Generate password for the CA key
-    command: openssl rand -hex 16
-    register: CA_password
-
-  - name: Generate p12 export password
-    shell: >
-      openssl rand 8 |
-      python -c 'import sys,string; chars=string.ascii_letters + string.digits + "_@"; print("".join([chars[ord(c) % 64] for c in list(sys.stdin.read())]))'
-    register: p12_password_generated
-    when: p12_password is not defined
-    tags: update-users
-  become: false
-  delegate_to: localhost
-
 - name: Define facts
   set_fact:
-    p12_export_password: "{{ p12_password|default(p12_password_generated.stdout) }}"
+    p12_export_password: "{{ p12_password|default(lookup('password', '/dev/null length=9 chars=ascii_letters,digits,_,@')) }}"
   tags: update-users
 
 - name: Set facts
   set_fact:
-    CA_password: "{{ CA_password.stdout }}"
+    CA_password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits,_,@') }}"
     IP_subject_alt_name: "{{ IP_subject_alt_name }}"
 
 - name: Set IPv6 support as a fact