Current version of ansible-list pre-commit hook required changes in the
ansible-freeipa yamllint configuration and these changes triggered
issues in the current playbooks on roles and tests.
This patch adds the required changes to yaml lint configuration and
fixes the affected playbooks.
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.
All the replaced ansible.builtins:
assert, command, copy, debug, fail, fetch, file, import_playbook,
import_tasks, include_role, include_tasks, include_vars, package,
set_fact, shell, slurp, stat, systemd
The password that is used in the script to generate the CA and also sign
the CSR is not strong enough in FIPS mode. In normal mode the password was
ok, though.
In FIPS mode the password needs to have at least one upper, lower, digit
and a special char.
The serial numbers have not been set for the creation of the CA and also
to sign the request. Because of this the local time has been used, which
resulted sometimes in the use of the same time stamp for the CA and the
signing reuqest. The import failed then with same issuer and serial number
error.
The cat to generate the chain.crt has been replaces with openssl x509 calls.
Some comments have also been added.
The script in external-signed-ca-with-manual-copy has been replaced with a
link to the external-signed-ca-with-automatic-copy directory.
