36 lines
1.0 KiB
YAML
36 lines
1.0 KiB
YAML
- name: Check current crypto-policy
|
|
command: "update-crypto-policies --show"
|
|
register: currentcryptopolicy
|
|
failed_when: "1 != 1"
|
|
changed_when: "1 != 1"
|
|
check_mode: no
|
|
tags:
|
|
- crypto-policies
|
|
- base/crypto-policies
|
|
|
|
- name: Check if policy is applied
|
|
command: "update-crypto-policies --is-applied"
|
|
register: cryptopolicyapplied
|
|
failed_when: "1 != 1"
|
|
changed_when: "1 != 1"
|
|
check_mode: no
|
|
tags:
|
|
- crypto-policies
|
|
- base/crypto-policies
|
|
|
|
- name: Set crypto-policy on fedora 33 and higher hosts back to default
|
|
command: "update-crypto-policies --set DEFAULT"
|
|
when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT') == -1 or cryptopolicyapplied.rc != 0)"
|
|
check_mode: no
|
|
tags:
|
|
- crypto-policies
|
|
- base/crypto-policies
|
|
|
|
- name: Set crypto-policy on RHEL9 dns servers to DEFAULT:SHA1
|
|
command: "update-crypto-policies --set DEFAULT:SHA1"
|
|
when: inventory_hostname.startswith(('ns01.iad2','ns02.iad2'))
|
|
check_mode: no
|
|
tags:
|
|
- crypto-policies
|
|
- base/crypto-policies
|