mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-06-27 23:57:02 +08:00
acbf9e21f7
We need to always run these even in check mode, because they register things used in the last one of them. So, this could change this in check mode if we modify it. Be careful! Signed-off-by: Kevin Fenzi <kevin@scrye.com>
28 lines
823 B
YAML
28 lines
823 B
YAML
- name: Check current crypto-policy
|
|
command: "update-crypto-policies --show"
|
|
register: currentcryptopolicy
|
|
failed_when: "1 != 1"
|
|
changed_when: "1 != 1"
|
|
check_mode: no
|
|
tags:
|
|
- crypto-policies
|
|
- base/crypto-policies
|
|
|
|
- name: Check if policy is applied
|
|
command: "update-crypto-policies --is-applied"
|
|
register: cryptopolicyapplied
|
|
failed_when: "1 != 1"
|
|
changed_when: "1 != 1"
|
|
check_mode: no
|
|
tags:
|
|
- crypto-policies
|
|
- base/crypto-policies
|
|
|
|
- name: Set crypto-policy on fedora 33 and higher hosts to allow 2fa to work
|
|
command: "update-crypto-policies --set DEFAULT:FEDORA32"
|
|
when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT:FEDORA32') == -1 or cryptopolicyapplied.rc != 0)"
|
|
check_mode: no
|
|
tags:
|
|
- crypto-policies
|
|
- base/crypto-policies
|