diff --git a/playbooks/generate_credentials.yml b/playbooks/generate_credentials.yml index c6133ff..9b1c1d8 100644 --- a/playbooks/generate_credentials.yml +++ b/playbooks/generate_credentials.yml @@ -1,7 +1,7 @@ --- # hashistack generate certificates playbook - name: "Generate credentials" - hosts: localhost + hosts: deployment strategy: linear gather_facts: true become: true @@ -9,8 +9,19 @@ - name: "Generate consul credentials" block: - name: "Generate consul gossip encryption key" - ansible.builtin.set_fact: - _consul_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}" + block: + - name: "Generate 24 random bytes and base64 encode" + ansible.builtin.shell: + cmd: | + set -o pipefail + dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64 + executable: /bin/bash + changed_when: false + register: _consul_random_base64_string + + - name: "Generate consul gossip encryption key" + ansible.builtin.set_fact: + _consul_gossip_encryption_key: "{{ _consul_random_base64_string.stdout }}" - name: "Generate consul root credentials" ansible.builtin.set_fact: @@ -39,8 +50,19 @@ - name: "Generate nomad credentials" block: - name: "Generate nomad gossip encryption key" - ansible.builtin.set_fact: - _nomad_gossip_encryption_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | b64encode }}" + block: + - name: "Generate 24 random bytes and base64 encode" + ansible.builtin.shell: + cmd: | + set -o pipefail + dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64 + executable: /bin/bash + changed_when: false + register: _nomad_random_base64_string + + - name: "Generate nomad gossip encryption key" + ansible.builtin.set_fact: + _nomad_gossip_encryption_key: "{{ _nomad_random_base64_string.stdout }}" - name: "Generate nomad root credentials" ansible.builtin.set_fact: