From dd43e1e47e0271ed4d4c0a82a747e4f33e1519b5 Mon Sep 17 00:00:00 2001
From: "Paul.W Harvey" <csirac2@gmail.com>
Date: Tue, 29 Aug 2017 23:32:12 +1000
Subject: [PATCH] Use openssl to generate better quality p12_export_password
 (#655)

We're already doing it this way for CA_password, and ansible's to_uuid is problematic as it uses uuid v5 under the hood (#654)
---
 playbooks/facts/main.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/playbooks/facts/main.yml b/playbooks/facts/main.yml
index 7c8516d72..4887bb50d 100644
--- a/playbooks/facts/main.yml
+++ b/playbooks/facts/main.yml
@@ -27,9 +27,17 @@
   become: no
   register: CA_password
 
+- name: Generate p12 export password
+  local_action:
+    module: shell
+      openssl rand -hex 4
+  become: no
+  register: p12_export_password_generated
+  when: p12_export_password is not defined
+
 - name: Define password facts
   set_fact:
-    easyrsa_p12_export_password: "{{ p12_export_password|default((ansible_date_time.iso8601_basic|sha1|to_uuid).split('-')[0]) }}"
+    easyrsa_p12_export_password: "{{ p12_export_password|default(p12_export_password_generated.stdout) }}"
     easyrsa_CA_password: "{{ CA_password.stdout }}"
 
 - name: Define the commonName