From acbf9e21f76795122657e546228e411e37b75d44 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 10 Feb 2021 15:13:19 -0800
Subject: [PATCH] base / crypto-policy: always run, even in check mode

We need to always run these even in check mode, because they register
things used in the last one of them. So, this could change this in check
mode if we modify it. Be careful!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/tasks/crypto-policies.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/base/tasks/crypto-policies.yml b/roles/base/tasks/crypto-policies.yml
index 5c2d9bc8fe..2a767193d6 100644
--- a/roles/base/tasks/crypto-policies.yml
+++ b/roles/base/tasks/crypto-policies.yml
@@ -3,6 +3,7 @@
   register: currentcryptopolicy
   failed_when: "1 != 1"
   changed_when: "1 != 1"
+  check_mode: no
   tags:
   - crypto-policies
   - base/crypto-policies
@@ -12,6 +13,7 @@
   register: cryptopolicyapplied
   failed_when: "1 != 1"
   changed_when: "1 != 1"
+  check_mode: no
   tags:
   - crypto-policies
   - base/crypto-policies
@@ -19,6 +21,7 @@
 - name: Set crypto-policy on fedora 33 and higher hosts to allow 2fa to work
   command: "update-crypto-policies --set DEFAULT:FEDORA32"
   when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT:FEDORA32') == -1 or cryptopolicyapplied.rc != 0)"
+  check_mode: no
   tags:
   - crypto-policies
   - base/crypto-policies