+ cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_basic_ipa.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 statically imported: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmp_mbogyq9/tests/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_basic_ipa.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__is_beaker_env": false}, "changed": false} TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml:6 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml:12 changed: [/cache/fedora-33.qcow2 -> 127.0.0.1] => {"after": "6c7f433135795d3ebec2ce26d6ca398301792588", "before": null, "changed": true} TASK [Create role symlinks] **************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml:21 changed: [/cache/fedora-33.qcow2 -> 127.0.0.1] => (item=ipaserver) => {"ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmp_mbogyq9/tests/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0} changed: [/cache/fedora-33.qcow2 -> 127.0.0.1] => (item=ipaclient) => {"ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmp_mbogyq9/tests/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0} TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml:33 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Set hostname] ************************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml:38 changed: [/cache/fedora-33.qcow2] => {"ansible_facts": {"ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local"}, "changed": true, "name": "ipaserver.test.local"} TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml:42 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [Include ipaserver role] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/setup_ipa.yml:50 TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 ok: [/cache/fedora-33.qcow2] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml) => {"ansible_facts": {"ipaserver_packages": ["freeipa-server", "python3-libselinux"], "ipaserver_packages_adtrust": ["freeipa-server-trust-ad"], "ipaserver_packages_dns": ["freeipa-server-dns"], "ipaserver_packages_firewalld": ["firewalld"]}, "ansible_included_var_files": ["/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml"], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml"} TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:12 included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/fedora-33.qcow2 TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: jboss-annotations-1.2-api-1.0.2-4.fc33.noarch", "Installed: libev-4.33-2.fc33.x86_64", "Installed: perl-File-Find-1.37-471.fc33.noarch", "Installed: slf4j-1.7.30-6.fc33.noarch", "Installed: perl-File-Path-2.18-1.fc33.noarch", "Installed: perl-File-Temp-1:0.231.100-1.fc33.noarch", "Installed: python3-ipaclient-4.9.6-1.fc33.noarch", "Installed: slf4j-jdk14-1.7.30-6.fc33.noarch", "Installed: jboss-jaxrs-2.0-api-1.0.0-13.fc33.noarch", "Installed: perl-Exporter-5.74-458.fc33.noarch", "Installed: xml-commons-apis-1.4.01-32.fc33.noarch", "Installed: mod_http2-1.15.19-1.fc33.x86_64", "Installed: xml-commons-resolver-1.2-32.fc33.noarch", "Installed: mod_lua-2.4.51-1.fc33.x86_64", "Installed: openssl-1:1.1.1l-2.fc33.x86_64", "Installed: mod_session-2.4.51-1.fc33.x86_64", "Installed: mod_ssl-1:2.4.51-1.fc33.x86_64", "Installed: perl-Storable-1:3.21-457.fc33.x86_64", "Installed: perl-URI-1.76-9.fc33.noarch", "Installed: openssl-perl-1:1.1.1l-2.fc33.x86_64", "Installed: jboss-logging-3.4.1-4.fc33.noarch", "Installed: perl-Getopt-Std-1.12-471.fc33.noarch", "Installed: jboss-logging-tools-2.2.1-3.fc33.noarch", "Installed: python3-ipaserver-4.9.6-1.fc33.noarch", "Installed: perl-Compress-Raw-Bzip2-2.096-1.fc33.x86_64", "Installed: perl-Compress-Raw-Lzma-2.096-1.fc33.x86_64", "Installed: perl-Compress-Raw-Zlib-2.096-1.fc33.x86_64", "Installed: python3-nss-1.0.1-20.fc33.x86_64", "Installed: nss-tools-3.71.0-1.fc33.x86_64", "Installed: bind-libs-32:9.11.35-1.fc33.x86_64", "Installed: bind-libs-lite-32:9.11.35-1.fc33.x86_64", "Installed: bind-license-32:9.11.35-1.fc33.noarch", "Installed: perl-HTTP-Tiny-0.078-1.fc33.noarch", "Installed: perl-IO-1.43-471.fc33.x86_64", "Installed: cyrus-sasl-gssapi-2.1.27-6.fc33.x86_64", "Installed: perl-IO-Zlib-1:1.10-471.fc33.noarch", "Installed: bind-utils-32:9.11.35-1.fc33.x86_64", "Installed: perl-IPC-Open3-1.21-471.fc33.noarch", "Installed: cyrus-sasl-md5-2.1.27-6.fc33.x86_64", "Installed: bash-completion-1:2.8-9.fc33.noarch", "Installed: jdeparser-2.0.3-5.fc33.noarch", "Installed: rpcbind-1.2.6-0.fc33.x86_64", "Installed: cyrus-sasl-plain-2.1.27-6.fc33.x86_64", "Installed: perl-Net-SSLeay-1.88-9.fc33.x86_64", "Installed: tzdata-java-2021c-1.fc33.noarch", "Installed: python3-argcomplete-1.12.0-2.fc33.noarch", "Installed: words-3.0-36.fc33.noarch", "Installed: perl-Algorithm-Diff-1.1903-17.fc33.noarch", "Installed: python3-asn1crypto-1.3.0-4.fc33.noarch", "Installed: lua-posix-35.0-2.fc33.x86_64", "Installed: openldap-clients-2.4.50-5.fc33.x86_64", "Installed: perl-NDBM_File-1.15-471.fc33.x86_64", "Installed: python3-dns-2.0.0-1.fc33.noarch", "Installed: python3-augeas-0.5.0-22.fc33.noarch", "Installed: krb5-pkinit-1.18.2-31.fc33.x86_64", "Installed: krb5-server-1.18.2-31.fc33.x86_64", "Installed: slapi-nis-0.56.7-1.fc33.x86_64", "Installed: krb5-workstation-1.18.2-31.fc33.x86_64", "Installed: libpkgconf-1.7.3-5.fc33.x86_64", "Installed: perl-POSIX-1.94-471.fc33.x86_64", "Installed: pki-symkey-10.10.6-1.fc33.x86_64", "Installed: libpng-2:1.6.37-6.fc33.x86_64", "Installed: perl-PathTools-3.78-458.fc33.x86_64", "Installed: harfbuzz-2.7.2-1.fc33.x86_64", "Installed: python3-pyusb-1.0.2-10.fc33.noarch", "Installed: libverto-libev-0.3.0-10.fc33.x86_64", "Installed: python3-ipalib-4.9.6-1.fc33.noarch", "Installed: perl-Term-ANSIColor-5.01-458.fc33.noarch", "Installed: perl-Term-Cap-1.17-457.fc33.noarch", "Installed: apr-1.7.0-7.fc33.x86_64", "Installed: perl-Pod-Simple-1:3.42-1.fc33.noarch", "Installed: perl-Pod-Usage-4:2.01-1.fc33.noarch", "Installed: python3-kdcproxy-0.4.2-6.fc33.noarch", "Installed: perl-SelectSaver-1.02-471.fc33.noarch", "Installed: perl-Socket-4:2.031-1.fc33.x86_64", "Installed: libicu-67.1-4.fc33.x86_64", "Installed: perl-Symbol-1.08-471.fc33.noarch", "Installed: jackson-annotations-2.11.4-1.fc33.noarch", "Installed: perl-File-stat-1.09-471.fc33.noarch", "Installed: jackson-core-2.11.4-1.fc33.noarch", "Installed: python3-qrcode-core-6.1-7.fc33.noarch", "Installed: perl-MIME-Base64-3.16-1.fc33.x86_64", "Installed: jackson-databind-2.11.4-1.fc33.noarch", "Installed: jackson-jaxrs-json-provider-2.11.4-1.fc33.noarch", "Installed: jackson-jaxrs-providers-2.11.4-1.fc33.noarch", "Installed: perl-FileHandle-2.03-471.fc33.noarch", "Installed: pkgconf-1.7.3-5.fc33.x86_64", "Installed: pkgconf-m4-1.7.3-5.fc33.noarch", "Installed: pkgconf-pkg-config-1.7.3-5.fc33.x86_64", "Installed: freeipa-client-4.9.6-1.fc33.x86_64", "Installed: gssproxy-0.8.3-3.fc33.x86_64", "Installed: freeipa-client-common-4.9.6-1.fc33.noarch", "Installed: jackson-module-jaxb-annotations-2.11.4-1.fc33.noarch", "Installed: apache-commons-cli-1.4-11.fc33.noarch", "Installed: freeipa-common-4.9.6-1.fc33.noarch", "Installed: apache-commons-codec-1.13-4.fc33.noarch", "Installed: freeipa-healthcheck-core-0.9-2.fc33.noarch", "Installed: pki-acme-10.10.6-1.fc33.noarch", "Installed: freeipa-selinux-4.9.6-1.fc33.noarch", "Installed: freeipa-server-4.9.6-1.fc33.x86_64", "Installed: freeipa-server-common-4.9.6-1.fc33.noarch", "Installed: pki-kra-10.10.6-1.fc33.noarch", "Installed: pki-server-10.10.6-1.fc33.noarch", "Installed: perl-Archive-Tar-2.38-3.fc33.noarch", "Installed: softhsm-2.6.1-3.fc33.4.x86_64", "Installed: apache-commons-daemon-1.2.2-5.fc33.x86_64", "Installed: perl-Tie-4.6-471.fc33.noarch", "Installed: pki-tools-10.10.6-1.fc33.x86_64", "Installed: apache-commons-io-1:2.6-10.fc33.noarch", "Installed: python3-sss-2.5.1-2.fc33.x86_64", "Installed: python3-sss-murmur-2.5.1-2.fc33.x86_64", "Installed: xalan-j2-2.7.2-6.fc33.noarch", "Installed: python3-sssdconfig-2.5.1-2.fc33.noarch", "Installed: apache-commons-lang3-3.11-1.fc33.noarch", "Installed: perl-Getopt-Long-1:2.52-1.fc33.noarch", "Installed: apache-commons-logging-1.2-23.fc33.noarch", "Installed: python3-jwcrypto-0.8-1.fc33.noarch", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: apache-commons-net-3.6-10.fc33.noarch", "Installed: freetype-2.10.4-1.fc33.x86_64", "Installed: perl-base-2.27-471.fc33.noarch", "Installed: perl-constant-1.33-458.fc33.noarch", "Installed: lcms2-2.12-1.fc33.x86_64", "Installed: perl-Data-Dumper-2.174-459.fc33.x86_64", "Installed: python3-systemd-234-19.fc33.x86_64", "Installed: fstrm-0.6.1-2.fc33.x86_64", "Installed: java-11-openjdk-headless-1:11.0.13.0.8-1.fc33.x86_64", "Installed: libwbclient-2:4.13.12-0.fc33.x86_64", "Installed: python3-ldap-3.3.1-2.fc33.x86_64", "Installed: python-systemd-doc-234-19.fc33.x86_64", "Installed: perl-if-0.60.800-471.fc33.noarch", "Installed: perl-interpreter-4:5.32.1-471.fc33.x86_64", "Installed: python3-lib389-1.4.4.17-1.fc33.noarch", "Installed: perl-libnet-3.13-1.fc33.noarch", "Installed: perl-libs-4:5.32.1-471.fc33.x86_64", "Installed: quota-1:4.05-17.fc33.x86_64", "Installed: ldapjdk-4.22.0-3.fc33.noarch", "Installed: perl-macros-4:5.32.1-471.fc33.noarch", "Installed: python3-libipa_hbac-2.5.1-2.fc33.x86_64", "Installed: perl-mro-1.23-471.fc33.x86_64", "Installed: quota-nls-1:4.05-17.fc33.noarch", "Installed: perl-overload-1.31-471.fc33.noarch", "Installed: js-jquery-3.5.0-4.fc33.noarch", "Installed: perl-overloading-0.02-471.fc33.noarch", "Installed: oddjob-0.34.7-1.fc33.x86_64", "Installed: oddjob-mkhomedir-0.34.7-1.fc33.x86_64", "Installed: perl-subs-1.03-471.fc33.noarch", "Installed: perl-vars-1.05-471.fc33.noarch", "Installed: fedora-logos-httpd-30.0.2-5.fc33.noarch", "Installed: python3-lxml-4.5.1-4.fc33.x86_64", "Installed: mod_auth_gssapi-1.6.3-1.fc33.x86_64", "Installed: fontawesome-fonts-1:4.7.0-10.fc33.noarch", "Installed: apr-util-1.6.1-14.fc33.x86_64", "Installed: apr-util-bdb-1.6.1-14.fc33.x86_64", "Installed: lksctp-tools-1.0.18-6.fc33.x86_64", "Installed: apr-util-openssl-1.6.1-14.fc33.x86_64", "Installed: perl-parent-1:0.238-457.fc33.noarch", "Installed: copy-jdk-configs-4.0-1.fc33.noarch", "Installed: sssd-common-pac-2.5.1-2.fc33.x86_64", "Installed: perl-podlators-1:4.14-457.fc33.noarch", "Installed: publicsuffix-list-20190417-4.fc33.noarch", "Installed: mod_lookup_identity-1.0.0-12.fc33.x86_64", "Installed: sssd-dbus-2.5.1-2.fc33.x86_64", "Installed: sssd-ipa-2.5.1-2.fc33.x86_64", "Installed: sssd-krb5-common-2.5.1-2.fc33.x86_64", "Installed: augeas-libs-1.12.0-6.fc33.x86_64", "Installed: sssd-tools-2.5.1-2.fc33.x86_64", "Installed: authselect-1.2.3-1.fc33.x86_64", "Installed: authselect-libs-1.2.3-1.fc33.x86_64", "Installed: ecj-1:4.19-1.fc33.noarch", "Installed: perl-Pod-Escapes-1:1.07-457.fc33.noarch", "Installed: jakarta-activation-1.2.2-1.fc33.noarch", "Installed: web-assets-filesystem-5-12.fc33.noarch", "Installed: python3-argparse-manpage-1.5-1.fc33.noarch", "Installed: libipa_hbac-2.5.1-2.fc33.x86_64", "Installed: perl-Pod-Perldoc-3.28.01-458.fc33.noarch", "Installed: python3-psutil-5.7.2-2.fc33.x86_64", "Installed: autofs-1:5.1.6-11.fc33.x86_64", "Installed: jss-4.8.1-1.fc33.x86_64", "Installed: libjpeg-turbo-2.0.5-5.fc33.x86_64", "Installed: libkadm5-1.18.2-31.fc33.x86_64", "Installed: python3-pyasn1-0.4.8-3.fc33.noarch", "Installed: policycoreutils-python-utils-3.1-4.fc33.noarch", "Installed: python3-pyasn1-modules-0.4.8-3.fc33.noarch", "Installed: python3-yubico-1.3.3-3.fc33.noarch", "Installed: avahi-libs-0.8-14.fc33.x86_64", "Installed: perl-Carp-1.50-457.fc33.noarch", "Installed: perl-Text-Diff-1.45-10.fc33.noarch", "Installed: resteasy-atom-provider-3.0.26-6.fc33.noarch", "Installed: resteasy-client-3.0.26-6.fc33.noarch", "Installed: resteasy-core-3.0.26-6.fc33.noarch", "Installed: resteasy-jackson2-provider-3.0.26-6.fc33.noarch", "Installed: resteasy-jaxb-provider-3.0.26-6.fc33.noarch", "Installed: xerces-j2-2.12.0-9.fc33.noarch", "Installed: open-sans-fonts-1.10-13.fc33.noarch", "Installed: perl-Text-ParseWords-3.30-457.fc33.noarch", "Installed: lua-5.4.3-1.fc33.x86_64", "Installed: mailcap-2.1.49-2.fc33.noarch", "Installed: python3-mod_wsgi-4.7.1-3.fc33.x86_64", "Installed: httpcomponents-core-4.4.12-4.fc33.noarch", "Installed: perl-IO-Compress-2.096-1.fc33.noarch", "Installed: perl-IO-Compress-Lzma-2.096-1.fc33.noarch", "Installed: perl-Text-Tabs+Wrap-2013.0523-457.fc33.noarch", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nfs-utils-1:2.5.4-2.rc3.fc33.x86_64", "Installed: perl-AutoLoader-5.74-471.fc33.noarch", "Installed: httpcomponents-client-4.5.10-5.fc33.noarch", "Installed: tomcat-native-1.2.23-3.fc33.x86_64", "Installed: perl-B-1.80-471.fc33.x86_64", "Installed: httpd-2.4.51-1.fc33.x86_64", "Installed: httpd-filesystem-2.4.51-1.fc33.noarch", "Installed: httpd-tools-2.4.51-1.fc33.x86_64", "Installed: logrotate-3.17.0-3.fc33.x86_64", "Installed: python3-gssapi-1.6.9-2.fc33.x86_64", "Installed: cups-libs-1:2.3.3op2-7.fc33.x86_64", "Installed: perl-Class-Struct-0.66-471.fc33.noarch", "Installed: perl-IO-Socket-IP-0.41-2.fc33.noarch", "Installed: perl-IO-Socket-SSL-2.068-3.fc33.noarch", "Installed: samba-client-libs-2:4.13.12-0.fc33.x86_64", "Installed: samba-common-2:4.13.12-0.fc33.noarch", "Installed: samba-common-libs-2:4.13.12-0.fc33.x86_64", "Installed: python3-custodia-0.6.0-13.fc33.noarch", "Installed: graphite2-1.3.14-6.fc33.x86_64", "Installed: perl-Scalar-List-Utils-4:1.55-457.fc33.x86_64", "Installed: samba-libs-2:4.13.12-0.fc33.x86_64", "Installed: javapackages-filesystem-5.3.0-13.fc33.noarch", "Installed: perl-DB_File-1.855-1.fc33.x86_64", "Installed: javapackages-tools-5.3.0-13.fc33.noarch", "Installed: 389-ds-base-1.4.4.17-1.fc33.x86_64", "Installed: 389-ds-base-libs-1.4.4.17-1.fc33.x86_64", "Installed: python3-pki-10.10.6-1.fc33.noarch", "Installed: libdb-utils-5.3.28-45.fc33.x86_64", "Installed: perl-Time-Local-2:1.300-4.fc33.noarch", "Installed: jaxb-api-2.3.3-2.fc33.noarch", "Installed: tomcat-1:9.0.54-1.fc33.noarch", "Installed: tomcat-el-3.0-api-1:9.0.54-1.fc33.noarch", "Installed: tomcat-jsp-2.3-api-1:9.0.54-1.fc33.noarch", "Installed: tomcat-lib-1:9.0.54-1.fc33.noarch", "Installed: tomcat-servlet-4.0-api-1:9.0.54-1.fc33.noarch", "Installed: perl-Mozilla-CA-20200520-3.fc33.noarch", "Installed: jaxb-impl-2.3.3-4.fc33.noarch", "Installed: perl-Digest-1.20-1.fc33.noarch", "Installed: perl-Digest-MD5-2.58-1.fc33.x86_64", "Installed: pki-base-10.10.6-1.fc33.noarch", "Installed: tomcatjss-7.6.1-1.fc33.noarch", "Installed: libxslt-1.1.34-4.fc33.x86_64", "Installed: keyutils-1.6.1-1.fc33.x86_64", "Installed: sscg-2.6.2-2.fc33.x86_64", "Installed: python3-netaddr-0.8.0-2.fc33.noarch", "Installed: pki-base-java-10.10.6-1.fc33.noarch", "Installed: perl-DynaLoader-1.47-471.fc33.x86_64", "Installed: pki-ca-10.10.6-1.fc33.noarch", "Installed: perl-Encode-4:3.08-461.fc33.x86_64", "Installed: python3-netifaces-0.10.6-12.fc33.x86_64", "Installed: perl-Errno-1.30-471.fc33.x86_64", "Installed: python3-decorator-4.4.2-3.fc33.noarch", "Installed: custodia-0.6.0-13.fc33.noarch", "Installed: alsa-lib-1.2.4-5.fc33.x86_64", "Installed: perl-Fcntl-1.13-471.fc33.x86_64", "Installed: perl-File-Basename-2.85-471.fc33.noarch"]} TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: bind-32:9.11.35-1.fc33.x86_64", "Installed: opencryptoki-3.14.0-6.fc33.x86_64", "Installed: ldns-1.7.1-4.fc33.x86_64", "Installed: opencryptoki-icsftok-3.14.0-6.fc33.x86_64", "Installed: mariadb-connector-c-3.1.13-1.fc33.x86_64", "Installed: opencryptoki-libs-3.14.0-6.fc33.x86_64", "Installed: mariadb-connector-c-config-3.1.13-1.fc33.noarch", "Installed: opendnssec-2.1.7-3.fc33.x86_64", "Installed: bind-dnssec-doc-32:9.11.35-1.fc33.noarch", "Installed: bind-dnssec-utils-32:9.11.35-1.fc33.x86_64", "Installed: python3-bind-32:9.11.35-1.fc33.noarch", "Installed: bind-dyndb-ldap-11.3-8.fc33.x86_64", "Installed: sqlite-3.34.1-1.fc33.x86_64", "Installed: bind-pkcs11-32:9.11.35-1.fc33.x86_64", "Installed: bind-pkcs11-libs-32:9.11.35-1.fc33.x86_64", "Installed: bind-pkcs11-utils-32:9.11.35-1.fc33.x86_64", "Installed: freeipa-server-dns-4.9.6-1.fc33.noarch"]} TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-gobject-base-3.38.0-2.fc33.x86_64", "Installed: ipset-7.6-2.fc33.x86_64", "Installed: ipset-libs-7.6-2.fc33.x86_64", "Installed: iptables-nft-1.8.5-6.fc33.x86_64", "Installed: gobject-introspection-1.66.1-1.fc33.x86_64", "Installed: python3-slip-0.6.4-21.fc33.noarch", "Installed: python3-slip-dbus-0.6.4-21.fc33.noarch", "Installed: python3-nftables-1:0.9.3-8.fc33.x86_64", "Installed: libnftnl-1.1.7-3.fc33.x86_64", "Installed: python3-firewall-0.8.6-1.fc33.noarch", "Installed: firewalld-0.8.6-1.fc33.noarch", "Installed: firewalld-filesystem-0.8.6-1.fc33.noarch", "Installed: nftables-1:0.9.3-8.fc33.x86_64"]} TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 changed: [/cache/fedora-33.qcow2] => {"changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target system.slice polkit.service dbus.socket basic.target dbus-broker.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target iptables.service ipset.service ebtables.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 ok: [/cache/fedora-33.qcow2] => {"_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 1662999999, "idstart": 1662800000, "ipa_python_version": 40906, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false} TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:137 changed: [/cache/fedora-33.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true} TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:144 ok: [/cache/fedora-33.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:152 changed: [/cache/fedora-33.qcow2] => {"_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": ["10.0.2.15", "fec0::5054:ff:fe12:3456"], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": ["10.0.2.3"], "ip_addresses": ["10.0.2.15", "fec0::5054:ff:fe12:3456"], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL"} TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 changed: [/cache/fedora-33.qcow2] => {"changed": true, "csr_generated": false} TASK [ipaserver : Copy /root/ipa.csr to "/cache/fedora-33.qcow2-ipa.csr"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:306 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:353 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:381 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:396 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:413 TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 ok: [/cache/fedora-33.qcow2] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => {"ansible_facts": {"ipaclient_packages": ["ipa-client", "python3-libselinux"]}, "ansible_included_var_files": ["/tmp/freeipa-repo/roles/ipaclient/vars/default.yml"], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml"} TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:12 included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/fedora-33.qcow2 TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install - Set ipaclient_servers] ***************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Install - Set ipaclient_servers from cluster inventory] ****************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false} TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 ok: [/cache/fedora-33.qcow2] => {"basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40906, "kdc": "ipaserver.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": ["ipaserver.test.local"], "sssd": true} TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 ok: [/cache/fedora-33.qcow2] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 ok: [/cache/fedora-33.qcow2] => {"changed": false} TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 ok: [/cache/fedora-33.qcow2] => {"ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true} TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 skipping: [/cache/fedora-33.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 skipping: [/cache/fedora-33.qcow2] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 skipping: [/cache/fedora-33.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 skipping: [/cache/fedora-33.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:188 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:193 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:215 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:220 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:223 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:235 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:244 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:266 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 changed: [/cache/fedora-33.qcow2] => {"ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL"} TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:288 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 changed: [/cache/fedora-33.qcow2] => {"ca_enabled_ra": true, "changed": true} TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:329 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:343 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:349 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:367 skipping: [/cache/fedora-33.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:373 ok: [/cache/fedora-33.qcow2] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:16 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 changed: [/cache/fedora-33.qcow2] => {"changed": true} TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:435 ok: [/cache/fedora-33.qcow2] => {"changed": false, "path": "/root/.ipa_cache", "state": "absent"} TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:441 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.272104", "end": "2021-11-03 05:33:20.755815", "rc": 0, "start": "2021-11-03 05:33:20.483711", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:455 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.256287", "end": "2021-11-03 05:33:21.358071", "rc": 0, "start": "2021-11-03 05:33:21.101784", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 ok: [/cache/fedora-33.qcow2] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent"} ok: [/cache/fedora-33.qcow2] => (item=/etc/ipa/.tmp_pkcs12_http) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent"} ok: [/cache/fedora-33.qcow2] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent"} TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:16 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY [Issue IPA signed certificates] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_basic_ipa.yml:8 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 ok: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 ok: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestamp": "Wed 2021-11-03 05:30:42 UTC", "ActiveEnterTimestampMonotonic": "240487423", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus-broker.service network.target syslog.target systemd-journald.socket sysinit.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Wed 2021-11-03 05:30:42 UTC", "AssertTimestampMonotonic": "240477162", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "30144419000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2021-11-03 05:30:42 UTC", "ConditionTimestampMonotonic": "240477161", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "16596", "ExecMainStartTimestamp": "Wed 2021-11-03 05:30:42 UTC", "ExecMainStartTimestampMonotonic": "240478176", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2021-11-03 05:30:42 UTC", "InactiveExitTimestampMonotonic": "240478472", "InvocationID": "efa08189b477406ab1cb3ab1fde88f60", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "16596", "MemoryAccounting": "yes", "MemoryCurrent": "2670592", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2021-11-03 05:33:17 UTC", "StateChangeTimestampMonotonic": "395794355", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-33.qcow2] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL"}, "msg": "Certificate requested (new). File attributes updated."} META: ran handlers META: ran handlers PLAY [Verify certificates] ***************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_basic_ipa.yml:27 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_basic_ipa.yml:84 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917610.4515166, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "df9f82f3f21f3d42d9f7dc0d18eda888e52b1f9d", "ctime": 1635917610.4475167, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 161009, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635917610.4475167, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "2214628469", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917608.6865165, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "65675f59a3f6f6ec16b4ba43e1033619340c7239", "ctime": 1635917610.4475167, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 161008, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635917610.4475167, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "1515859100", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.203042", "end": "2021-11-03 05:33:42.928403", "rc": 0, "start": "2021-11-03 05:33:42.725361", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"TEST.LOCAL\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"ipaserver.test.local\"\n }\n ],\n \"extensions\": {\n \"authorityKeyIdentifier\": {\n \"value\": \"24:95:C2:E0:E2:8F:65:70:8A:25:B7:19:8B:42:72:0A:F3:85:91:60\",\n \"critical\": false\n },\n \"authorityInfoAccess\": {\n \"value\": [\n {\n \"method\": \"OCSP\",\n \"location\": \"http://ipa-ca.test.local/ca/ocsp\"\n }\n ],\n \"critical\": false\n },\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\",\n \"data_encipherment\"\n ],\n \"critical\": true\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"cRLDistributionPoints\": {\n \"value\": [\n {\n \"full_name\": [\n \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"\n ],\n \"crl_issuer\": [\n {\n \"organizationName\": \"ipaca\",\n \"commonName\": \"Certificate Authority\"\n }\n ]\n }\n ],\n \"critical\": false\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"06:A2:28:6E:8A:CC:F6:78:97:AF:C3:32:3A:60:65:1A:51:DA:40:00\",\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"ipaserver.test.local\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"50:8C:C2:63:5F:ED:AB:45:4D:CC:C2:CD:CF:B4:82:00:F5:29:37:7F:29:D7:F4:6F:0D:C2:99:7A:93:80:2F:21:7E:07:83:21:1B:6D:F4:A7:8A:6E:C8:5C:EC:8A:55:2D:03:0B:41:3C:83:CA:FF:EF:4E:7B:C4:D9:2C:97:2C:C9:24:6C:79:D3:E0:0F:0A:D1:32:71:1D:54:4C:1A:14:8F:53:B2:41:6B:ED:39:44:B9:04:51:5A:93:3A:7E:D7:7B:97:A8:C7:BE:F3:BE:A1:5F:3D:0B:26:54:80:17:8E:68:CC:97:11:43:2F:3C:3D:7E:C1:42:FE:28:FB:B9:58:B7:D2:C1:BF:63:C0:64:89:BD:02:FB:4D:E1:A5:43:A7:40:5A:4B:C8:C9:36:98:D6:D5:26:BD:F0:3A:3B:26:3E:EF:B7:9A:31:F3:0D:06:89:E4:2F:02:8D:83:82:B9:5A:C9:E2:34:9E:2A:DE:33:65:AE:AF:42:0F:6E:9B:FF:28:0E:4D:DB:91:63:57:8C:A6:B5:76:61:CF:45:2A:43:19:80:E0:59:26:61:D9:38:33:D3:D1:A9:AA:15:00:53:99:37:3D:ED:58:DA:AE:F5:6D:6D:48:61:1F:41:CD:4E:F7:98:61:06:9F:D0:47:32:D6:D0:B2:36:79:8E:8F:1C:79:F9:C6:D4:7D:28:51:69:99:59:D8:2D:95:D8:12:3A:25:81:20:6E:A6:80:4F:D3:F9:97:21:0E:5B:97:E6:C5:06:A6:82:CA:C1:8B:92:B1:68:C0:48:03:7D:37:2D:F2:2B:62:39:54:3B:DC:34:70:46:13:AC:A0:A1:C8:CB:D7:5E:5C:79:DB:C9:3D:1E:C4:AF:4F:F0:D8:98:DD:34:DC:42:C8:96:53:C4:89:8B:08:67:E3:0E:58:21:49:07:B8:3F:0B:7C:FD:03:32:5F:E4:19:55:A0:BD:53:85:7D:C2:AF:D7:F1:FA:C0:D5:99:C6:7F:50:17:AF:D3:74:FF:6F:6D:AB\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2023-11-04 05:33:30\",\n \"not_valid_before\": \"2021-11-03 05:33:30\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"TEST.LOCAL\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"ipaserver.test.local\"", " }", " ],", " \"extensions\": {", " \"authorityKeyIdentifier\": {", " \"value\": \"24:95:C2:E0:E2:8F:65:70:8A:25:B7:19:8B:42:72:0A:F3:85:91:60\",", " \"critical\": false", " },", " \"authorityInfoAccess\": {", " \"value\": [", " {", " \"method\": \"OCSP\",", " \"location\": \"http://ipa-ca.test.local/ca/ocsp\"", " }", " ],", " \"critical\": false", " },", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\",", " \"data_encipherment\"", " ],", " \"critical\": true", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"cRLDistributionPoints\": {", " \"value\": [", " {", " \"full_name\": [", " \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"", " ],", " \"crl_issuer\": [", " {", " \"organizationName\": \"ipaca\",", " \"commonName\": \"Certificate Authority\"", " }", " ]", " }", " ],", " \"critical\": false", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"06:A2:28:6E:8A:CC:F6:78:97:AF:C3:32:3A:60:65:1A:51:DA:40:00\",", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"ipaserver.test.local\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"50:8C:C2:63:5F:ED:AB:45:4D:CC:C2:CD:CF:B4:82:00:F5:29:37:7F:29:D7:F4:6F:0D:C2:99:7A:93:80:2F:21:7E:07:83:21:1B:6D:F4:A7:8A:6E:C8:5C:EC:8A:55:2D:03:0B:41:3C:83:CA:FF:EF:4E:7B:C4:D9:2C:97:2C:C9:24:6C:79:D3:E0:0F:0A:D1:32:71:1D:54:4C:1A:14:8F:53:B2:41:6B:ED:39:44:B9:04:51:5A:93:3A:7E:D7:7B:97:A8:C7:BE:F3:BE:A1:5F:3D:0B:26:54:80:17:8E:68:CC:97:11:43:2F:3C:3D:7E:C1:42:FE:28:FB:B9:58:B7:D2:C1:BF:63:C0:64:89:BD:02:FB:4D:E1:A5:43:A7:40:5A:4B:C8:C9:36:98:D6:D5:26:BD:F0:3A:3B:26:3E:EF:B7:9A:31:F3:0D:06:89:E4:2F:02:8D:83:82:B9:5A:C9:E2:34:9E:2A:DE:33:65:AE:AF:42:0F:6E:9B:FF:28:0E:4D:DB:91:63:57:8C:A6:B5:76:61:CF:45:2A:43:19:80:E0:59:26:61:D9:38:33:D3:D1:A9:AA:15:00:53:99:37:3D:ED:58:DA:AE:F5:6D:6D:48:61:1F:41:CD:4E:F7:98:61:06:9F:D0:47:32:D6:D0:B2:36:79:8E:8F:1C:79:F9:C6:D4:7D:28:51:69:99:59:D8:2D:95:D8:12:3A:25:81:20:6E:A6:80:4F:D3:F9:97:21:0E:5B:97:E6:C5:06:A6:82:CA:C1:8B:92:B1:68:C0:48:03:7D:37:2D:F2:2B:62:39:54:3B:DC:34:70:46:13:AC:A0:A1:C8:CB:D7:5E:5C:79:DB:C9:3D:1E:C4:AF:4F:F0:D8:98:DD:34:DC:42:C8:96:53:C4:89:8B:08:67:E3:0E:58:21:49:07:B8:3F:0B:7C:FD:03:32:5F:E4:19:55:A0:BD:53:85:7D:C2:AF:D7:F1:FA:C0:D5:99:C6:7F:50:17:AF:D3:74:FF:6F:6D:AB\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2023-11-04 05:33:30\",", " \"not_valid_before\": \"2021-11-03 05:33:30\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityInfoAccess": {"critical": false, "value": [{"location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP"}]}, "authorityKeyIdentifier": {"critical": false, "value": "24:95:C2:E0:E2:8F:65:70:8A:25:B7:19:8B:42:72:0A:F3:85:91:60"}, "cRLDistributionPoints": {"critical": false, "value": [{"crl_issuer": [{"commonName": "Certificate Authority", "organizationName": "ipaca"}], "full_name": ["http://ipa-ca.test.local/ipa/crl/MasterCRL.bin"]}]}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": true, "value": ["digital_signature", "content_commitment", "key_encipherment", "data_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "ipaserver.test.local"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}]}, "subjectKeyIdentifier": {"critical": false, "value": "06:A2:28:6E:8A:CC:F6:78:97:AF:C3:32:3A:60:65:1A:51:DA:40:00"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "50:8C:C2:63:5F:ED:AB:45:4D:CC:C2:CD:CF:B4:82:00:F5:29:37:7F:29:D7:F4:6F:0D:C2:99:7A:93:80:2F:21:7E:07:83:21:1B:6D:F4:A7:8A:6E:C8:5C:EC:8A:55:2D:03:0B:41:3C:83:CA:FF:EF:4E:7B:C4:D9:2C:97:2C:C9:24:6C:79:D3:E0:0F:0A:D1:32:71:1D:54:4C:1A:14:8F:53:B2:41:6B:ED:39:44:B9:04:51:5A:93:3A:7E:D7:7B:97:A8:C7:BE:F3:BE:A1:5F:3D:0B:26:54:80:17:8E:68:CC:97:11:43:2F:3C:3D:7E:C1:42:FE:28:FB:B9:58:B7:D2:C1:BF:63:C0:64:89:BD:02:FB:4D:E1:A5:43:A7:40:5A:4B:C8:C9:36:98:D6:D5:26:BD:F0:3A:3B:26:3E:EF:B7:9A:31:F3:0D:06:89:E4:2F:02:8D:83:82:B9:5A:C9:E2:34:9E:2A:DE:33:65:AE:AF:42:0F:6E:9B:FF:28:0E:4D:DB:91:63:57:8C:A6:B5:76:61:CF:45:2A:43:19:80:E0:59:26:61:D9:38:33:D3:D1:A9:AA:15:00:53:99:37:3D:ED:58:DA:AE:F5:6D:6D:48:61:1F:41:CD:4E:F7:98:61:06:9F:D0:47:32:D6:D0:B2:36:79:8E:8F:1C:79:F9:C6:D4:7D:28:51:69:99:59:D8:2D:95:D8:12:3A:25:81:20:6E:A6:80:4F:D3:F9:97:21:0E:5B:97:E6:C5:06:A6:82:CA:C1:8B:92:B1:68:C0:48:03:7D:37:2D:F2:2B:62:39:54:3B:DC:34:70:46:13:AC:A0:A1:C8:CB:D7:5E:5C:79:DB:C9:3D:1E:C4:AF:4F:F0:D8:98:DD:34:DC:42:C8:96:53:C4:89:8B:08:67:E3:0E:58:21:49:07:B8:3F:0B:7C:FD:03:32:5F:E4:19:55:A0:BD:53:85:7D:C2:AF:D7:F1:FA:C0:D5:99:C6:7F:50:17:AF:D3:74:FF:6F:6D:AB"}, "subject": [{"name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL"}, {"name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local"}], "validity": {"not_valid_after": "2023-11-04 05:33:30", "not_valid_before": "2021-11-03 05:33:30"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.053986", "end": "2021-11-03 05:33:43.462205", "rc": 0, "start": "2021-11-03 05:33:43.408219", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)\nRequirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)\n", "stdout_lines": ["Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)", "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917612.0385165, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d5b7f520a07034dfd6f7311e4195e47412dedf25", "ctime": 1635917612.1565166, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 161011, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1635917612.0355165, "nlink": 1, "path": "/etc/pki/tls/certs/groupcert.crt", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "4258095578", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917611.2345166, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7acb0a296efe1d6003e6fc11ad40455c70b199be", "ctime": 1635917612.1565166, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 161010, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1635917612.0355165, "nlink": 1, "path": "/etc/pki/tls/private/groupcert.key", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "922389858", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/groupcert.crt"], "delta": "0:00:00.203778", "end": "2021-11-03 05:33:48.216974", "rc": 0, "start": "2021-11-03 05:33:48.013196", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"TEST.LOCAL\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"ipaserver.test.local\"\n }\n ],\n \"extensions\": {\n \"authorityKeyIdentifier\": {\n \"value\": \"24:95:C2:E0:E2:8F:65:70:8A:25:B7:19:8B:42:72:0A:F3:85:91:60\",\n \"critical\": false\n },\n \"authorityInfoAccess\": {\n \"value\": [\n {\n \"method\": \"OCSP\",\n \"location\": \"http://ipa-ca.test.local/ca/ocsp\"\n }\n ],\n \"critical\": false\n },\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\",\n \"data_encipherment\"\n ],\n \"critical\": true\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"cRLDistributionPoints\": {\n \"value\": [\n {\n \"full_name\": [\n \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"\n ],\n \"crl_issuer\": [\n {\n \"organizationName\": \"ipaca\",\n \"commonName\": \"Certificate Authority\"\n }\n ]\n }\n ],\n \"critical\": false\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"8E:D9:9B:FD:9A:BB:76:8F:8F:14:CA:7D:C9:B4:34:50:4A:29:1E:08\",\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"ipaserver.test.local\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"3D:33:0E:9C:AA:A2:37:9E:D2:DA:DF:D9:5F:FF:98:7A:39:F5:20:71:3F:19:FD:E8:F5:17:E1:A8:46:75:F0:99:DE:24:C5:74:17:D5:1C:7B:02:1F:09:25:E5:21:4F:EE:B2:25:26:AF:4D:DB:6A:FA:A8:0A:22:AF:90:44:3D:A1:80:69:B4:CC:CB:BF:E0:62:42:77:AA:AB:FF:F3:7D:D9:9C:D6:7B:41:DC:C1:90:12:4E:36:54:22:F9:0B:A2:84:53:8B:B5:C7:E6:C8:17:4A:45:DC:A9:B2:2F:DD:31:D3:93:53:4D:0C:58:6E:38:F2:01:BE:EF:E6:70:0C:3A:21:6A:C1:E7:BD:1E:43:33:50:C4:A8:F5:84:CD:3B:80:CC:32:27:54:57:FD:D6:AF:D3:E6:72:45:C5:20:4D:30:E5:64:3C:D6:E5:FE:89:22:B9:F8:42:5C:4E:AA:99:52:D6:13:71:F0:E5:6B:12:EF:57:01:CA:0D:9C:3B:C2:CF:AC:98:F5:19:EC:90:80:FD:2B:97:67:09:F2:6E:05:8E:A5:D7:37:FE:DD:43:DE:13:55:D3:C7:A4:A3:22:D8:D4:88:19:C7:D8:BA:A1:AD:25:FF:64:66:75:99:B9:3E:22:DC:EE:DD:42:B7:1D:CE:4D:B9:CB:20:A6:C8:83:52:0B:D8:43:E4:AD:23:51:8E:C2:E4:33:DC:6C:36:01:B1:ED:5C:79:0F:7B:9B:85:89:B7:BA:AC:81:1A:04:16:74:9A:76:AF:8D:EC:89:50:AA:B4:E0:65:0E:F2:5A:7D:5D:BF:47:4F:BA:40:80:6C:1D:8E:3F:C4:69:6D:D5:12:E1:66:E4:53:AB:DF:B1:49:82:FE:C0:94:96:2B:4B:C5:46:70:94:84:06:5D:7E:D0:20:B5:46:E4:2E:BB:F2:DE:C8:B9:80:78:DB:E3:3F:55:F8:BB:67:FE:FB:50:6A:20:57:74:D4:6F:CD:D1:40:65:C6:55:65:25:A5:76:20:57:27:EC:BC\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2023-11-04 05:33:31\",\n \"not_valid_before\": \"2021-11-03 05:33:31\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"TEST.LOCAL\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"ipaserver.test.local\"", " }", " ],", " \"extensions\": {", " \"authorityKeyIdentifier\": {", " \"value\": \"24:95:C2:E0:E2:8F:65:70:8A:25:B7:19:8B:42:72:0A:F3:85:91:60\",", " \"critical\": false", " },", " \"authorityInfoAccess\": {", " \"value\": [", " {", " \"method\": \"OCSP\",", " \"location\": \"http://ipa-ca.test.local/ca/ocsp\"", " }", " ],", " \"critical\": false", " },", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\",", " \"data_encipherment\"", " ],", " \"critical\": true", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"cRLDistributionPoints\": {", " \"value\": [", " {", " \"full_name\": [", " \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"", " ],", " \"crl_issuer\": [", " {", " \"organizationName\": \"ipaca\",", " \"commonName\": \"Certificate Authority\"", " }", " ]", " }", " ],", " \"critical\": false", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"8E:D9:9B:FD:9A:BB:76:8F:8F:14:CA:7D:C9:B4:34:50:4A:29:1E:08\",", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"ipaserver.test.local\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"3D:33:0E:9C:AA:A2:37:9E:D2:DA:DF:D9:5F:FF:98:7A:39:F5:20:71:3F:19:FD:E8:F5:17:E1:A8:46:75:F0:99:DE:24:C5:74:17:D5:1C:7B:02:1F:09:25:E5:21:4F:EE:B2:25:26:AF:4D:DB:6A:FA:A8:0A:22:AF:90:44:3D:A1:80:69:B4:CC:CB:BF:E0:62:42:77:AA:AB:FF:F3:7D:D9:9C:D6:7B:41:DC:C1:90:12:4E:36:54:22:F9:0B:A2:84:53:8B:B5:C7:E6:C8:17:4A:45:DC:A9:B2:2F:DD:31:D3:93:53:4D:0C:58:6E:38:F2:01:BE:EF:E6:70:0C:3A:21:6A:C1:E7:BD:1E:43:33:50:C4:A8:F5:84:CD:3B:80:CC:32:27:54:57:FD:D6:AF:D3:E6:72:45:C5:20:4D:30:E5:64:3C:D6:E5:FE:89:22:B9:F8:42:5C:4E:AA:99:52:D6:13:71:F0:E5:6B:12:EF:57:01:CA:0D:9C:3B:C2:CF:AC:98:F5:19:EC:90:80:FD:2B:97:67:09:F2:6E:05:8E:A5:D7:37:FE:DD:43:DE:13:55:D3:C7:A4:A3:22:D8:D4:88:19:C7:D8:BA:A1:AD:25:FF:64:66:75:99:B9:3E:22:DC:EE:DD:42:B7:1D:CE:4D:B9:CB:20:A6:C8:83:52:0B:D8:43:E4:AD:23:51:8E:C2:E4:33:DC:6C:36:01:B1:ED:5C:79:0F:7B:9B:85:89:B7:BA:AC:81:1A:04:16:74:9A:76:AF:8D:EC:89:50:AA:B4:E0:65:0E:F2:5A:7D:5D:BF:47:4F:BA:40:80:6C:1D:8E:3F:C4:69:6D:D5:12:E1:66:E4:53:AB:DF:B1:49:82:FE:C0:94:96:2B:4B:C5:46:70:94:84:06:5D:7E:D0:20:B5:46:E4:2E:BB:F2:DE:C8:B9:80:78:DB:E3:3F:55:F8:BB:67:FE:FB:50:6A:20:57:74:D4:6F:CD:D1:40:65:C6:55:65:25:A5:76:20:57:27:EC:BC\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2023-11-04 05:33:31\",", " \"not_valid_before\": \"2021-11-03 05:33:31\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityInfoAccess": {"critical": false, "value": [{"location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP"}]}, "authorityKeyIdentifier": {"critical": false, "value": "24:95:C2:E0:E2:8F:65:70:8A:25:B7:19:8B:42:72:0A:F3:85:91:60"}, "cRLDistributionPoints": {"critical": false, "value": [{"crl_issuer": [{"commonName": "Certificate Authority", "organizationName": "ipaca"}], "full_name": ["http://ipa-ca.test.local/ipa/crl/MasterCRL.bin"]}]}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": true, "value": ["digital_signature", "content_commitment", "key_encipherment", "data_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "ipaserver.test.local"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}]}, "subjectKeyIdentifier": {"critical": false, "value": "8E:D9:9B:FD:9A:BB:76:8F:8F:14:CA:7D:C9:B4:34:50:4A:29:1E:08"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "3D:33:0E:9C:AA:A2:37:9E:D2:DA:DF:D9:5F:FF:98:7A:39:F5:20:71:3F:19:FD:E8:F5:17:E1:A8:46:75:F0:99:DE:24:C5:74:17:D5:1C:7B:02:1F:09:25:E5:21:4F:EE:B2:25:26:AF:4D:DB:6A:FA:A8:0A:22:AF:90:44:3D:A1:80:69:B4:CC:CB:BF:E0:62:42:77:AA:AB:FF:F3:7D:D9:9C:D6:7B:41:DC:C1:90:12:4E:36:54:22:F9:0B:A2:84:53:8B:B5:C7:E6:C8:17:4A:45:DC:A9:B2:2F:DD:31:D3:93:53:4D:0C:58:6E:38:F2:01:BE:EF:E6:70:0C:3A:21:6A:C1:E7:BD:1E:43:33:50:C4:A8:F5:84:CD:3B:80:CC:32:27:54:57:FD:D6:AF:D3:E6:72:45:C5:20:4D:30:E5:64:3C:D6:E5:FE:89:22:B9:F8:42:5C:4E:AA:99:52:D6:13:71:F0:E5:6B:12:EF:57:01:CA:0D:9C:3B:C2:CF:AC:98:F5:19:EC:90:80:FD:2B:97:67:09:F2:6E:05:8E:A5:D7:37:FE:DD:43:DE:13:55:D3:C7:A4:A3:22:D8:D4:88:19:C7:D8:BA:A1:AD:25:FF:64:66:75:99:B9:3E:22:DC:EE:DD:42:B7:1D:CE:4D:B9:CB:20:A6:C8:83:52:0B:D8:43:E4:AD:23:51:8E:C2:E4:33:DC:6C:36:01:B1:ED:5C:79:0F:7B:9B:85:89:B7:BA:AC:81:1A:04:16:74:9A:76:AF:8D:EC:89:50:AA:B4:E0:65:0E:F2:5A:7D:5D:BF:47:4F:BA:40:80:6C:1D:8E:3F:C4:69:6D:D5:12:E1:66:E4:53:AB:DF:B1:49:82:FE:C0:94:96:2B:4B:C5:46:70:94:84:06:5D:7E:D0:20:B5:46:E4:2E:BB:F2:DE:C8:B9:80:78:DB:E3:3F:55:F8:BB:67:FE:FB:50:6A:20:57:74:D4:6F:CD:D1:40:65:C6:55:65:25:A5:76:20:57:27:EC:BC"}, "subject": [{"name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL"}, {"name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local"}], "validity": {"not_valid_after": "2023-11-04 05:33:31", "not_valid_before": "2021-11-03 05:33:31"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/groupcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.052382", "end": "2021-11-03 05:33:48.716718", "rc": 0, "start": "2021-11-03 05:33:48.664336", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=98 changed=33 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_basic_self_signed.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_basic_self_signed.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service network.target systemd-journald.socket basic.target system.slice syslog.target sysinit.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_basic_self_signed.yml:13 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_basic_self_signed.yml:27 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917690.7406695, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "378b3ff063c1c3e6b212be3762de0d12fd1cebbb", "ctime": 1635917690.7386694, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635917690.7386694, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "820287941", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917690.6966693, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "de3c1ed7681a35b8b5d6ce8ea9cd8b2469bb1054", "ctime": 1635917690.7386694, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635917690.7386694, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1096825688", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.199360", "end": "2021-11-03 05:35:02.114264", "rc": 0, "start": "2021-11-03 05:35:01.914904", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"D9:2F:B7:82:BD:68:FA:3C:49:D3:E6:1C:4C:E0:C3:61:7E:39:D6:55\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"31:C5:44:DE:42:9D:A2:79:8F:31:5D:00:DE:FB:E2:8D:6F:4E:B3:7E\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"9B:EF:93:7C:FB:CC:A7:C3:2F:6A:9B:4C:48:F7:B6:5B:45:7D:C6:D0:B7:F1:F2:E9:A1:DC:2C:3B:1B:F7:B1:9D:53:7E:48:75:01:99:8A:C6:57:6F:F8:37:37:5A:3D:C7:D3:D8:B8:00:26:65:67:98:16:89:E6:08:95:F0:B5:5B:D5:83:68:F0:69:7E:C7:A8:8B:FC:BB:55:D7:00:DF:A0:35:4B:60:FF:63:4B:73:52:D0:DB:0E:EB:55:28:A2:34:FE:65:E6:25:CD:F7:85:2D:A9:C4:60:B3:D8:FA:FB:FD:17:32:68:09:A8:80:45:60:6A:1B:C6:4C:0F:90:B3:2B:DA:B0:FC:1E:51:45:BC:B1:29:C1:78:AD:2D:76:40:45:88:91:9B:53:9C:36:62:0C:49:66:D8:C0:EC:A3:F6:B3:90:E3:0B:08:18:92:0A:73:F8:0B:7B:01:B6:C9:D6:CC:F3:88:45:AC:28:4B:EF:B3:09:0D:97:E2:26:DC:34:61:4B:8E:3E:4E:07:99:B8:5B:C5:A8:BD:70:A0:B4:53:5B:DA:34:06:22:EB:FE:D5:D1:E7:14:68:71:DF:22:36:85:18:3B:9D:78:97:E2:63:84:DB:49:D2:2A:54:48:23:AB:63:20:F8:77:66:40:39:7C:F2:B8:7A:DB:71:2F:DF:38\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:34:50\",\n \"not_valid_before\": \"2021-11-03 05:34:50\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"D9:2F:B7:82:BD:68:FA:3C:49:D3:E6:1C:4C:E0:C3:61:7E:39:D6:55\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"31:C5:44:DE:42:9D:A2:79:8F:31:5D:00:DE:FB:E2:8D:6F:4E:B3:7E\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"9B:EF:93:7C:FB:CC:A7:C3:2F:6A:9B:4C:48:F7:B6:5B:45:7D:C6:D0:B7:F1:F2:E9:A1:DC:2C:3B:1B:F7:B1:9D:53:7E:48:75:01:99:8A:C6:57:6F:F8:37:37:5A:3D:C7:D3:D8:B8:00:26:65:67:98:16:89:E6:08:95:F0:B5:5B:D5:83:68:F0:69:7E:C7:A8:8B:FC:BB:55:D7:00:DF:A0:35:4B:60:FF:63:4B:73:52:D0:DB:0E:EB:55:28:A2:34:FE:65:E6:25:CD:F7:85:2D:A9:C4:60:B3:D8:FA:FB:FD:17:32:68:09:A8:80:45:60:6A:1B:C6:4C:0F:90:B3:2B:DA:B0:FC:1E:51:45:BC:B1:29:C1:78:AD:2D:76:40:45:88:91:9B:53:9C:36:62:0C:49:66:D8:C0:EC:A3:F6:B3:90:E3:0B:08:18:92:0A:73:F8:0B:7B:01:B6:C9:D6:CC:F3:88:45:AC:28:4B:EF:B3:09:0D:97:E2:26:DC:34:61:4B:8E:3E:4E:07:99:B8:5B:C5:A8:BD:70:A0:B4:53:5B:DA:34:06:22:EB:FE:D5:D1:E7:14:68:71:DF:22:36:85:18:3B:9D:78:97:E2:63:84:DB:49:D2:2A:54:48:23:AB:63:20:F8:77:66:40:39:7C:F2:B8:7A:DB:71:2F:DF:38\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:34:50\",", " \"not_valid_before\": \"2021-11-03 05:34:50\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "31:C5:44:DE:42:9D:A2:79:8F:31:5D:00:DE:FB:E2:8D:6F:4E:B3:7E"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "D9:2F:B7:82:BD:68:FA:3C:49:D3:E6:1C:4C:E0:C3:61:7E:39:D6:55"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "9B:EF:93:7C:FB:CC:A7:C3:2F:6A:9B:4C:48:F7:B6:5B:45:7D:C6:D0:B7:F1:F2:E9:A1:DC:2C:3B:1B:F7:B1:9D:53:7E:48:75:01:99:8A:C6:57:6F:F8:37:37:5A:3D:C7:D3:D8:B8:00:26:65:67:98:16:89:E6:08:95:F0:B5:5B:D5:83:68:F0:69:7E:C7:A8:8B:FC:BB:55:D7:00:DF:A0:35:4B:60:FF:63:4B:73:52:D0:DB:0E:EB:55:28:A2:34:FE:65:E6:25:CD:F7:85:2D:A9:C4:60:B3:D8:FA:FB:FD:17:32:68:09:A8:80:45:60:6A:1B:C6:4C:0F:90:B3:2B:DA:B0:FC:1E:51:45:BC:B1:29:C1:78:AD:2D:76:40:45:88:91:9B:53:9C:36:62:0C:49:66:D8:C0:EC:A3:F6:B3:90:E3:0B:08:18:92:0A:73:F8:0B:7B:01:B6:C9:D6:CC:F3:88:45:AC:28:4B:EF:B3:09:0D:97:E2:26:DC:34:61:4B:8E:3E:4E:07:99:B8:5B:C5:A8:BD:70:A0:B4:53:5B:DA:34:06:22:EB:FE:D5:D1:E7:14:68:71:DF:22:36:85:18:3B:9D:78:97:E2:63:84:DB:49:D2:2A:54:48:23:AB:63:20:F8:77:66:40:39:7C:F2:B8:7A:DB:71:2F:DF:38"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:34:50", "not_valid_before": "2021-11-03 05:34:50"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038128", "end": "2021-11-03 05:35:02.833335", "rc": 0, "start": "2021-11-03 05:35:02.795207", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_default.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmp_mbogyq9/tests/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_default.yml:3 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=4 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_dns_ip_email.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_dns_ip_email.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice network.target dbus-broker.service syslog.target dbus.socket basic.target systemd-journald.socket sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "My Certificate with SAN", "dns": ["sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com"], "email": ["sysadmin@example.com", "support@example.com"], "ip": ["192.0.2.12", "198.51.100.65", "2001:db8::2:1"], "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_dns_ip_email.yml:24 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_dns_ip_email.yml:54 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917814.2446678, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bad75fd42d68a8a6684796efd30073751931410d", "ctime": 1635917814.241668, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635917814.241668, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1484, "uid": 0, "version": "1640110710", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917814.199668, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d95ed1dcae98c0e25cb0be25a92c2ca4669f5c3e", "ctime": 1635917814.241668, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635917814.241668, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "104300729", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.218068", "end": "2021-11-03 05:37:05.646941", "rc": 0, "start": "2021-11-03 05:37:05.428873", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"My Certificate with SAN\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"sub1.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"sub2.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"sub3.example.com\"\n },\n {\n \"name\": \"email\",\n \"value\": \"sysadmin@example.com\"\n },\n {\n \"name\": \"email\",\n \"value\": \"support@example.com\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"192.0.2.12\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"198.51.100.65\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"2001:db8::2:1\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"FE:31:DE:F6:67:C6:54:1A:E6:4A:20:92:B5:47:B5:46:AF:4E:9B:18\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"A3:28:99:DE:2F:B9:D0:B5:C4:8D:DA:2A:60:E2:15:CB:7D:68:69:72\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"28:C7:29:8C:39:86:AB:26:65:1E:AC:A4:9E:F6:6B:E3:82:38:19:4D:98:4F:D4:27:98:F1:AB:3C:5D:6F:D9:73:3C:7F:E7:58:BD:C6:CB:A4:DA:88:AA:B5:97:A0:46:66:0A:D1:5D:CA:59:61:3C:5A:2D:A3:BA:CE:19:AA:DA:E0:1F:72:29:60:0E:11:4B:D6:35:4E:A7:6C:E9:A9:41:4A:08:3C:83:D0:F9:65:15:74:31:E2:89:3B:15:FC:85:3E:7D:36:C7:41:BD:21:58:44:AA:AF:FD:61:D6:59:24:F3:C2:EA:63:F4:B9:91:7A:6E:30:41:34:05:02:94:A4:63:31:CD:31:3B:DF:6F:06:35:E6:3E:53:B4:2C:54:18:C2:F1:01:80:0D:9D:64:2F:02:86:4A:BA:95:1B:AD:FE:06:92:21:7E:BB:E4:CF:14:C0:7B:77:C8:32:96:A7:78:D4:3C:BD:16:C3:C6:39:20:E1:2B:EF:A5:72:BD:60:C2:CD:A2:A1:26:E0:30:F3:6D:40:10:AD:A1:DE:9F:EB:D6:F9:1F:4E:FF:BA:D5:02:AC:E0:02:8F:DC:BB:55:DD:D6:CF:E1:A8:39:EB:8F:6D:A4:B5:C1:89:B6:B0:27:BC:BE:03:D1:0D:1C:1F:69:78:93:DA:53:3A:93:F1:99:FB:47:93\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:36:53\",\n \"not_valid_before\": \"2021-11-03 05:36:54\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"My Certificate with SAN\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"sub1.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"sub2.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"sub3.example.com\"", " },", " {", " \"name\": \"email\",", " \"value\": \"sysadmin@example.com\"", " },", " {", " \"name\": \"email\",", " \"value\": \"support@example.com\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"192.0.2.12\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"198.51.100.65\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"2001:db8::2:1\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"FE:31:DE:F6:67:C6:54:1A:E6:4A:20:92:B5:47:B5:46:AF:4E:9B:18\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"A3:28:99:DE:2F:B9:D0:B5:C4:8D:DA:2A:60:E2:15:CB:7D:68:69:72\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"28:C7:29:8C:39:86:AB:26:65:1E:AC:A4:9E:F6:6B:E3:82:38:19:4D:98:4F:D4:27:98:F1:AB:3C:5D:6F:D9:73:3C:7F:E7:58:BD:C6:CB:A4:DA:88:AA:B5:97:A0:46:66:0A:D1:5D:CA:59:61:3C:5A:2D:A3:BA:CE:19:AA:DA:E0:1F:72:29:60:0E:11:4B:D6:35:4E:A7:6C:E9:A9:41:4A:08:3C:83:D0:F9:65:15:74:31:E2:89:3B:15:FC:85:3E:7D:36:C7:41:BD:21:58:44:AA:AF:FD:61:D6:59:24:F3:C2:EA:63:F4:B9:91:7A:6E:30:41:34:05:02:94:A4:63:31:CD:31:3B:DF:6F:06:35:E6:3E:53:B4:2C:54:18:C2:F1:01:80:0D:9D:64:2F:02:86:4A:BA:95:1B:AD:FE:06:92:21:7E:BB:E4:CF:14:C0:7B:77:C8:32:96:A7:78:D4:3C:BD:16:C3:C6:39:20:E1:2B:EF:A5:72:BD:60:C2:CD:A2:A1:26:E0:30:F3:6D:40:10:AD:A1:DE:9F:EB:D6:F9:1F:4E:FF:BA:D5:02:AC:E0:02:8F:DC:BB:55:DD:D6:CF:E1:A8:39:EB:8F:6D:A4:B5:C1:89:B6:B0:27:BC:BE:03:D1:0D:1C:1F:69:78:93:DA:53:3A:93:F1:99:FB:47:93\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:36:53\",", " \"not_valid_before\": \"2021-11-03 05:36:54\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "A3:28:99:DE:2F:B9:D0:B5:C4:8D:DA:2A:60:E2:15:CB:7D:68:69:72"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "sub1.example.com"}, {"name": "DNS", "value": "www.example.com"}, {"name": "DNS", "value": "sub2.example.com"}, {"name": "DNS", "value": "sub3.example.com"}, {"name": "email", "value": "sysadmin@example.com"}, {"name": "email", "value": "support@example.com"}, {"name": "IP Address", "value": "192.0.2.12"}, {"name": "IP Address", "value": "198.51.100.65"}, {"name": "IP Address", "value": "2001:db8::2:1"}]}, "subjectKeyIdentifier": {"critical": false, "value": "FE:31:DE:F6:67:C6:54:1A:E6:4A:20:92:B5:47:B5:46:AF:4E:9B:18"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "28:C7:29:8C:39:86:AB:26:65:1E:AC:A4:9E:F6:6B:E3:82:38:19:4D:98:4F:D4:27:98:F1:AB:3C:5D:6F:D9:73:3C:7F:E7:58:BD:C6:CB:A4:DA:88:AA:B5:97:A0:46:66:0A:D1:5D:CA:59:61:3C:5A:2D:A3:BA:CE:19:AA:DA:E0:1F:72:29:60:0E:11:4B:D6:35:4E:A7:6C:E9:A9:41:4A:08:3C:83:D0:F9:65:15:74:31:E2:89:3B:15:FC:85:3E:7D:36:C7:41:BD:21:58:44:AA:AF:FD:61:D6:59:24:F3:C2:EA:63:F4:B9:91:7A:6E:30:41:34:05:02:94:A4:63:31:CD:31:3B:DF:6F:06:35:E6:3E:53:B4:2C:54:18:C2:F1:01:80:0D:9D:64:2F:02:86:4A:BA:95:1B:AD:FE:06:92:21:7E:BB:E4:CF:14:C0:7B:77:C8:32:96:A7:78:D4:3C:BD:16:C3:C6:39:20:E1:2B:EF:A5:72:BD:60:C2:CD:A2:A1:26:E0:30:F3:6D:40:10:AD:A1:DE:9F:EB:D6:F9:1F:4E:FF:BA:D5:02:AC:E0:02:8F:DC:BB:55:DD:D6:CF:E1:A8:39:EB:8F:6D:A4:B5:C1:89:B6:B0:27:BC:BE:03:D1:0D:1C:1F:69:78:93:DA:53:3A:93:F1:99:FB:47:93"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN"}], "validity": {"not_valid_after": "2022-11-03 05:36:53", "not_valid_before": "2021-11-03 05:36:54"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039564", "end": "2021-11-03 05:37:06.337926", "rc": 0, "start": "2021-11-03 05:37:06.298362", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_fs_attrs.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmp_mbogyq9/tests/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_fs_attrs.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tests_fs_attrs.yml:5 changed: [/cache/fedora-33.qcow2] => {"changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040} TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tests_fs_attrs.yml:9 changed: [/cache/fedora-33.qcow2] => {"changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false} META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_fs_attrs.yml:13 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket system.slice dbus-broker.service sysinit.target dbus.socket syslog.target basic.target network.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert", "owner": "ftp"}, "msg": "Certificate requested (new). File attributes updated."} changed: [/cache/fedora-33.qcow2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040}, "msg": "Certificate requested (new). File attributes updated."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_fs_attrs.yml:31 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_fs_attrs.yml:60 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917886.061516, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "54d98d9a8e65c2a34a50886ee94efb1513ad6ecd", "ctime": 1635917886.128516, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1635917886.058516, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "1773331533", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917886.017516, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "132f0810381db95da6850ac2c7a702e52c384155", "ctime": 1635917886.128516, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1635917886.058516, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "1134638310", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.190614", "end": "2021-11-03 05:38:18.104317", "rc": 0, "start": "2021-11-03 05:38:17.913703", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"A9:03:37:F7:46:75:E2:15:AA:28:EE:AE:02:AD:74:C2:07:66:7D:23\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"17:C4:41:51:BB:F0:E1:17:4A:CC:3F:A4:E2:BA:88:B0:15:6C:7C:E8\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"68:B4:06:3A:F7:7C:A4:61:35:7C:74:91:A2:D5:73:4C:CF:C5:79:92:8E:E2:B0:59:CE:A5:D4:52:A5:08:AA:EA:42:0F:4A:4A:C3:BF:99:BB:82:A2:FA:B7:9E:CC:12:44:AC:0E:50:C5:6F:25:58:4D:67:FC:78:E2:63:BF:27:36:13:AC:83:9A:3B:4E:8D:AE:6F:FC:6A:6C:80:43:45:93:6F:50:31:B0:00:C6:A1:D0:62:D5:31:98:C3:60:4D:31:EC:3C:F2:ED:3B:78:F9:E4:65:19:1E:D2:49:EE:03:4D:AA:12:62:E7:A2:AD:C2:5F:FF:F6:CE:F1:10:A4:6C:94:73:5D:D3:93:04:87:82:45:E2:BA:0D:77:14:1A:3C:EB:A2:D1:2D:C4:42:B5:8A:7B:30:8D:6F:98:6D:6B:77:A4:FE:D6:EA:EB:6F:3C:64:09:6D:88:57:74:16:2F:2B:61:71:57:98:8F:DF:80:5A:F6:02:5E:1F:57:ED:4F:86:A1:47:57:AC:83:67:7A:40:D2:5D:D0:FA:39:1D:CF:F3:0D:79:8C:61:05:DF:C0:36:CC:52:A7:21:6C:2D:80:0C:CE:AE:BA:00:C0:E6:54:C3:62:DC:45:38:FD:C2:B6:B4:C8:03:78:B3:71:B9:5C:FB:31:66:29:87:E8:54:11:C7:B0\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:38:05\",\n \"not_valid_before\": \"2021-11-03 05:38:06\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"A9:03:37:F7:46:75:E2:15:AA:28:EE:AE:02:AD:74:C2:07:66:7D:23\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"17:C4:41:51:BB:F0:E1:17:4A:CC:3F:A4:E2:BA:88:B0:15:6C:7C:E8\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"68:B4:06:3A:F7:7C:A4:61:35:7C:74:91:A2:D5:73:4C:CF:C5:79:92:8E:E2:B0:59:CE:A5:D4:52:A5:08:AA:EA:42:0F:4A:4A:C3:BF:99:BB:82:A2:FA:B7:9E:CC:12:44:AC:0E:50:C5:6F:25:58:4D:67:FC:78:E2:63:BF:27:36:13:AC:83:9A:3B:4E:8D:AE:6F:FC:6A:6C:80:43:45:93:6F:50:31:B0:00:C6:A1:D0:62:D5:31:98:C3:60:4D:31:EC:3C:F2:ED:3B:78:F9:E4:65:19:1E:D2:49:EE:03:4D:AA:12:62:E7:A2:AD:C2:5F:FF:F6:CE:F1:10:A4:6C:94:73:5D:D3:93:04:87:82:45:E2:BA:0D:77:14:1A:3C:EB:A2:D1:2D:C4:42:B5:8A:7B:30:8D:6F:98:6D:6B:77:A4:FE:D6:EA:EB:6F:3C:64:09:6D:88:57:74:16:2F:2B:61:71:57:98:8F:DF:80:5A:F6:02:5E:1F:57:ED:4F:86:A1:47:57:AC:83:67:7A:40:D2:5D:D0:FA:39:1D:CF:F3:0D:79:8C:61:05:DF:C0:36:CC:52:A7:21:6C:2D:80:0C:CE:AE:BA:00:C0:E6:54:C3:62:DC:45:38:FD:C2:B6:B4:C8:03:78:B3:71:B9:5C:FB:31:66:29:87:E8:54:11:C7:B0\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:38:05\",", " \"not_valid_before\": \"2021-11-03 05:38:06\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "17:C4:41:51:BB:F0:E1:17:4A:CC:3F:A4:E2:BA:88:B0:15:6C:7C:E8"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "A9:03:37:F7:46:75:E2:15:AA:28:EE:AE:02:AD:74:C2:07:66:7D:23"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "68:B4:06:3A:F7:7C:A4:61:35:7C:74:91:A2:D5:73:4C:CF:C5:79:92:8E:E2:B0:59:CE:A5:D4:52:A5:08:AA:EA:42:0F:4A:4A:C3:BF:99:BB:82:A2:FA:B7:9E:CC:12:44:AC:0E:50:C5:6F:25:58:4D:67:FC:78:E2:63:BF:27:36:13:AC:83:9A:3B:4E:8D:AE:6F:FC:6A:6C:80:43:45:93:6F:50:31:B0:00:C6:A1:D0:62:D5:31:98:C3:60:4D:31:EC:3C:F2:ED:3B:78:F9:E4:65:19:1E:D2:49:EE:03:4D:AA:12:62:E7:A2:AD:C2:5F:FF:F6:CE:F1:10:A4:6C:94:73:5D:D3:93:04:87:82:45:E2:BA:0D:77:14:1A:3C:EB:A2:D1:2D:C4:42:B5:8A:7B:30:8D:6F:98:6D:6B:77:A4:FE:D6:EA:EB:6F:3C:64:09:6D:88:57:74:16:2F:2B:61:71:57:98:8F:DF:80:5A:F6:02:5E:1F:57:ED:4F:86:A1:47:57:AC:83:67:7A:40:D2:5D:D0:FA:39:1D:CF:F3:0D:79:8C:61:05:DF:C0:36:CC:52:A7:21:6C:2D:80:0C:CE:AE:BA:00:C0:E6:54:C3:62:DC:45:38:FD:C2:B6:B4:C8:03:78:B3:71:B9:5C:FB:31:66:29:87:E8:54:11:C7:B0"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:38:05", "not_valid_before": "2021-11-03 05:38:06"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037943", "end": "2021-11-03 05:38:18.780651", "rc": 0, "start": "2021-11-03 05:38:18.742708", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)\nRequirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)\n", "stdout_lines": ["Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)", "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917886.709516, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "afe91d6a761c018149b2cddcb3951ebbe220cbe7", "ctime": 1635917886.826516, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 132721, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1635917886.706516, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "2358746782", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635917886.662516, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2056e440512fab67ae98aeff206e837c538852dd", "ctime": 1635917886.826516, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 132720, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1635917886.706516, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "2384073463", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt"], "delta": "0:00:00.197746", "end": "2021-11-03 05:38:23.817119", "rc": 0, "start": "2021-11-03 05:38:23.619373", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"59:19:1B:C8:A9:60:05:9B:3F:07:4E:44:05:9B:09:3F:E6:89:04:18\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"17:C4:41:51:BB:F0:E1:17:4A:CC:3F:A4:E2:BA:88:B0:15:6C:7C:E8\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"49:55:B9:85:32:1F:7D:75:A6:7A:40:00:A1:05:7A:DA:3E:0D:55:69:A1:69:BD:F4:7B:AA:3D:21:37:9D:DB:59:CE:A5:E1:EE:A2:4C:E5:23:EE:20:AE:39:F6:D3:27:20:AF:6F:0E:D1:F5:CE:FD:7E:40:5F:A1:1F:9E:D4:C5:2B:BA:33:63:CB:53:35:C7:53:21:30:1E:A6:B3:FE:95:AF:CA:09:C2:60:A1:03:4B:18:AA:E8:71:2F:C5:51:2D:4A:74:85:EB:8F:A8:63:0A:45:F2:40:05:1C:6B:0A:D2:26:A0:C4:CE:35:8A:B0:57:9C:8A:A2:A6:12:4A:DE:D1:0B:69:F7:CD:B9:37:FD:C9:D1:E9:19:D9:EC:B6:50:E0:E6:83:1E:D3:0F:F5:1A:07:51:04:0F:97:EE:D2:C4:E6:EB:7A:AE:D6:1B:35:D5:A1:56:C4:5D:DE:81:6F:9B:68:64:75:BE:76:90:1D:DB:1B:8C:83:52:5D:20:65:6A:FD:0D:AE:0A:A6:CA:B8:39:54:CC:27:31:A0:5D:D6:9D:FE:6E:22:26:DC:D1:30:C1:BB:7E:B1:1D:FC:7A:B0:E5:33:73:94:CB:00:28:83:05:2D:14:F0:90:4E:A9:A5:92:DE:95:B9:15:E9:6E:5E:7A:E7:28:9F:6A:58:85:E9:29:1A:96\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:38:05\",\n \"not_valid_before\": \"2021-11-03 05:38:06\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"59:19:1B:C8:A9:60:05:9B:3F:07:4E:44:05:9B:09:3F:E6:89:04:18\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"17:C4:41:51:BB:F0:E1:17:4A:CC:3F:A4:E2:BA:88:B0:15:6C:7C:E8\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"49:55:B9:85:32:1F:7D:75:A6:7A:40:00:A1:05:7A:DA:3E:0D:55:69:A1:69:BD:F4:7B:AA:3D:21:37:9D:DB:59:CE:A5:E1:EE:A2:4C:E5:23:EE:20:AE:39:F6:D3:27:20:AF:6F:0E:D1:F5:CE:FD:7E:40:5F:A1:1F:9E:D4:C5:2B:BA:33:63:CB:53:35:C7:53:21:30:1E:A6:B3:FE:95:AF:CA:09:C2:60:A1:03:4B:18:AA:E8:71:2F:C5:51:2D:4A:74:85:EB:8F:A8:63:0A:45:F2:40:05:1C:6B:0A:D2:26:A0:C4:CE:35:8A:B0:57:9C:8A:A2:A6:12:4A:DE:D1:0B:69:F7:CD:B9:37:FD:C9:D1:E9:19:D9:EC:B6:50:E0:E6:83:1E:D3:0F:F5:1A:07:51:04:0F:97:EE:D2:C4:E6:EB:7A:AE:D6:1B:35:D5:A1:56:C4:5D:DE:81:6F:9B:68:64:75:BE:76:90:1D:DB:1B:8C:83:52:5D:20:65:6A:FD:0D:AE:0A:A6:CA:B8:39:54:CC:27:31:A0:5D:D6:9D:FE:6E:22:26:DC:D1:30:C1:BB:7E:B1:1D:FC:7A:B0:E5:33:73:94:CB:00:28:83:05:2D:14:F0:90:4E:A9:A5:92:DE:95:B9:15:E9:6E:5E:7A:E7:28:9F:6A:58:85:E9:29:1A:96\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:38:05\",", " \"not_valid_before\": \"2021-11-03 05:38:06\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "17:C4:41:51:BB:F0:E1:17:4A:CC:3F:A4:E2:BA:88:B0:15:6C:7C:E8"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "59:19:1B:C8:A9:60:05:9B:3F:07:4E:44:05:9B:09:3F:E6:89:04:18"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "49:55:B9:85:32:1F:7D:75:A6:7A:40:00:A1:05:7A:DA:3E:0D:55:69:A1:69:BD:F4:7B:AA:3D:21:37:9D:DB:59:CE:A5:E1:EE:A2:4C:E5:23:EE:20:AE:39:F6:D3:27:20:AF:6F:0E:D1:F5:CE:FD:7E:40:5F:A1:1F:9E:D4:C5:2B:BA:33:63:CB:53:35:C7:53:21:30:1E:A6:B3:FE:95:AF:CA:09:C2:60:A1:03:4B:18:AA:E8:71:2F:C5:51:2D:4A:74:85:EB:8F:A8:63:0A:45:F2:40:05:1C:6B:0A:D2:26:A0:C4:CE:35:8A:B0:57:9C:8A:A2:A6:12:4A:DE:D1:0B:69:F7:CD:B9:37:FD:C9:D1:E9:19:D9:EC:B6:50:E0:E6:83:1E:D3:0F:F5:1A:07:51:04:0F:97:EE:D2:C4:E6:EB:7A:AE:D6:1B:35:D5:A1:56:C4:5D:DE:81:6F:9B:68:64:75:BE:76:90:1D:DB:1B:8C:83:52:5D:20:65:6A:FD:0D:AE:0A:A6:CA:B8:39:54:CC:27:31:A0:5D:D6:9D:FE:6E:22:26:DC:D1:30:C1:BB:7E:B1:1D:FC:7A:B0:E5:33:73:94:CB:00:28:83:05:2D:14:F0:90:4E:A9:A5:92:DE:95:B9:15:E9:6E:5E:7A:E7:28:9F:6A:58:85:E9:29:1A:96"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:38:05", "not_valid_before": "2021-11-03 05:38:06"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.036890", "end": "2021-11-03 05:38:24.460577", "rc": 0, "start": "2021-11-03 05:38:24.423687", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=55 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_include_vars_from_parent.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmp_mbogyq9/tests/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_include_vars_from_parent.yml:1 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmp_mbogyq9/tests/tests_include_vars_from_parent.yml:3 changed: [/cache/fedora-33.qcow2 -> localhost] => (item=Fedora-33) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp_mbogyq9/tests/roles/caller/vars/Fedora-33.yml", "gid": 0, "group": "root", "item": "Fedora-33", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1635917918.8016417-2953-159732295353461/source", "state": "file", "uid": 0} changed: [/cache/fedora-33.qcow2 -> localhost] => (item=Fedora_33) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp_mbogyq9/tests/roles/caller/vars/Fedora_33.yml", "gid": 0, "group": "root", "item": "Fedora_33", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1635917919.3329723-2953-142911170556386/source", "state": "file", "uid": 0} changed: [/cache/fedora-33.qcow2 -> localhost] => (item=Fedora) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp_mbogyq9/tests/roles/caller/vars/Fedora.yml", "gid": 0, "group": "root", "item": "Fedora", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1635917919.64303-2953-232103355366765/source", "state": "file", "uid": 0} changed: [/cache/fedora-33.qcow2 -> localhost] => (item=RedHat) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp_mbogyq9/tests/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1635917919.9644141-2953-91549527763737/source", "state": "file", "uid": 0} TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmp_mbogyq9/tests/roles/caller/tasks/main.yml:4 TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 TASK [caller : assert] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/roles/caller/tasks/main.yml:7 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=6 changed=2 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_key_size.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_key_size.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket system.slice dbus-broker.service syslog.target sysinit.target network.target basic.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_key_size.yml:14 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_key_size.yml:29 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918016.6522257, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0e8a36bcb7e9557a5e98a4055cd228fa74ace158", "ctime": 1635918016.6492257, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918016.6492257, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1643, "uid": 0, "version": "94125795", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918016.5962257, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4986513e663fe912d68cc3a80d23800a84efbe26", "ctime": 1635918016.6492257, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918016.6492257, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "3653657124", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.191696", "end": "2021-11-03 05:40:28.039328", "rc": 0, "start": "2021-11-03 05:40:27.847632", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"75:C0:AA:FC:13:C0:C2:57:03:C3:A4:8B:3B:B4:BC:CA:FB:80:7D:7A\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"D1:51:55:A9:5D:46:6D:78:36:A0:45:16:A8:88:E2:6B:25:45:C1:22\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"06:FB:5B:8F:C8:52:DF:7E:32:08:E9:CF:56:E3:5D:75:78:12:97:A3:3D:03:74:EB:2D:41:C9:77:8C:1B:52:27:BA:B4:A6:A3:AF:A4:93:AD:D1:23:13:7C:BA:E7:04:C8:CC:5F:24:2A:90:B8:8E:49:C1:7E:EF:CA:C8:AB:E5:A7:2A:1F:3E:55:77:74:CC:C3:71:D0:A5:AE:3A:32:F6:54:A1:97:9A:D2:51:E9:44:D7:BD:73:8E:8F:31:C8:7F:0B:6A:A4:98:49:89:62:11:A5:05:5E:89:6C:74:04:50:76:60:E8:A1:BE:13:0F:FF:56:7A:B5:A1:D8:4D:CF:F4:B6:49:A2:69:A1:2C:91:D5:2C:A1:65:BF:9A:F0:8C:09:B5:D4:F6:BC:68:CE:82:77:72:6C:8D:DE:38:B8:7C:70:EE:9C:08:87:3A:16:71:ED:12:58:52:08:9A:E1:51:56:07:2C:CE:72:5C:A5:3D:3F:67:94:0F:0C:8B:66:FD:37:DB:67:97:AA:A5:03:69:D9:39:C5:B6:5A:48:FC:FC:96:69:0D:E6:D0:20:89:90:6C:75:DD:34:53:62:CC:BF:FE:31:D6:44:73:BD:1E:B9:F6:42:95:CF:B0:D1:B5:55:A2:9C:17:02:2F:E9:41:0A:BE:E3:0C:E9:A1:10:B8:D4:C7:EB\"\n },\n \"key_size\": 4096,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:40:15\",\n \"not_valid_before\": \"2021-11-03 05:40:16\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"75:C0:AA:FC:13:C0:C2:57:03:C3:A4:8B:3B:B4:BC:CA:FB:80:7D:7A\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"D1:51:55:A9:5D:46:6D:78:36:A0:45:16:A8:88:E2:6B:25:45:C1:22\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"06:FB:5B:8F:C8:52:DF:7E:32:08:E9:CF:56:E3:5D:75:78:12:97:A3:3D:03:74:EB:2D:41:C9:77:8C:1B:52:27:BA:B4:A6:A3:AF:A4:93:AD:D1:23:13:7C:BA:E7:04:C8:CC:5F:24:2A:90:B8:8E:49:C1:7E:EF:CA:C8:AB:E5:A7:2A:1F:3E:55:77:74:CC:C3:71:D0:A5:AE:3A:32:F6:54:A1:97:9A:D2:51:E9:44:D7:BD:73:8E:8F:31:C8:7F:0B:6A:A4:98:49:89:62:11:A5:05:5E:89:6C:74:04:50:76:60:E8:A1:BE:13:0F:FF:56:7A:B5:A1:D8:4D:CF:F4:B6:49:A2:69:A1:2C:91:D5:2C:A1:65:BF:9A:F0:8C:09:B5:D4:F6:BC:68:CE:82:77:72:6C:8D:DE:38:B8:7C:70:EE:9C:08:87:3A:16:71:ED:12:58:52:08:9A:E1:51:56:07:2C:CE:72:5C:A5:3D:3F:67:94:0F:0C:8B:66:FD:37:DB:67:97:AA:A5:03:69:D9:39:C5:B6:5A:48:FC:FC:96:69:0D:E6:D0:20:89:90:6C:75:DD:34:53:62:CC:BF:FE:31:D6:44:73:BD:1E:B9:F6:42:95:CF:B0:D1:B5:55:A2:9C:17:02:2F:E9:41:0A:BE:E3:0C:E9:A1:10:B8:D4:C7:EB\"", " },", " \"key_size\": 4096,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:40:15\",", " \"not_valid_before\": \"2021-11-03 05:40:16\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "D1:51:55:A9:5D:46:6D:78:36:A0:45:16:A8:88:E2:6B:25:45:C1:22"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "75:C0:AA:FC:13:C0:C2:57:03:C3:A4:8B:3B:B4:BC:CA:FB:80:7D:7A"}}, "key_size": 4096, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "06:FB:5B:8F:C8:52:DF:7E:32:08:E9:CF:56:E3:5D:75:78:12:97:A3:3D:03:74:EB:2D:41:C9:77:8C:1B:52:27:BA:B4:A6:A3:AF:A4:93:AD:D1:23:13:7C:BA:E7:04:C8:CC:5F:24:2A:90:B8:8E:49:C1:7E:EF:CA:C8:AB:E5:A7:2A:1F:3E:55:77:74:CC:C3:71:D0:A5:AE:3A:32:F6:54:A1:97:9A:D2:51:E9:44:D7:BD:73:8E:8F:31:C8:7F:0B:6A:A4:98:49:89:62:11:A5:05:5E:89:6C:74:04:50:76:60:E8:A1:BE:13:0F:FF:56:7A:B5:A1:D8:4D:CF:F4:B6:49:A2:69:A1:2C:91:D5:2C:A1:65:BF:9A:F0:8C:09:B5:D4:F6:BC:68:CE:82:77:72:6C:8D:DE:38:B8:7C:70:EE:9C:08:87:3A:16:71:ED:12:58:52:08:9A:E1:51:56:07:2C:CE:72:5C:A5:3D:3F:67:94:0F:0C:8B:66:FD:37:DB:67:97:AA:A5:03:69:D9:39:C5:B6:5A:48:FC:FC:96:69:0D:E6:D0:20:89:90:6C:75:DD:34:53:62:CC:BF:FE:31:D6:44:73:BD:1E:B9:F6:42:95:CF:B0:D1:B5:55:A2:9C:17:02:2F:E9:41:0A:BE:E3:0C:E9:A1:10:B8:D4:C7:EB"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:40:15", "not_valid_before": "2021-11-03 05:40:16"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040833", "end": "2021-11-03 05:40:28.734927", "rc": 0, "start": "2021-11-03 05:40:28.694094", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_key_usage_and_extended_key_usage.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_key_usage_and_extended_key_usage.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice sysinit.target network.target dbus-broker.service systemd-journald.socket basic.target syslog.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "extended_key_usage": ["id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5"], "key_usage": ["digitalSignature", "nonRepudiation", "keyEncipherment"], "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_key_usage_and_extended_key_usage.yml:22 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_key_usage_and_extended_key_usage.yml:49 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918088.4645815, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "559da2e273923ab28d9ab67fe289b31a6415bdd8", "ctime": 1635918088.4625814, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918088.4625814, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1322, "uid": 0, "version": "292299330", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918088.4185815, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c45d2e8dc86b8db22239ec4c4233fbb5ba415eda", "ctime": 1635918088.4625814, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918088.4625814, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3723800139", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.188696", "end": "2021-11-03 05:41:39.616134", "rc": 0, "start": "2021-11-03 05:41:39.427438", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n },\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-ipsecTunnel\",\n \"oid\": \"1.3.6.1.5.5.7.3.6\"\n },\n {\n \"name\": null,\n \"oid\": \"1.3.6.1.5.2.3.5\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"2F:56:55:4C:C6:B7:EE:96:59:A9:12:67:40:22:8F:31:96:3C:FF:57\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"6E:47:9E:C2:58:8C:D5:8A:2E:F7:1C:5D:0B:EC:CD:15:7B:B7:36:3E\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"B0:93:CA:E1:D1:D7:C0:2B:CC:77:52:86:3D:C2:B0:68:01:15:AE:5C:E8:BC:C2:D3:87:A1:B8:EB:A6:F8:ED:FC:01:5A:A1:60:88:B5:62:4A:8E:4E:03:05:72:60:8C:B1:42:74:03:65:65:A5:2A:EC:87:A5:09:EF:60:B2:54:06:E8:3A:E7:5F:CB:3B:58:D0:A7:3D:2F:E1:3D:7B:A4:68:3F:75:04:53:76:FF:43:49:83:81:C5:ED:04:1E:AE:45:99:19:C6:B9:4A:4C:0A:1C:87:FF:7C:80:E6:C7:A7:95:88:C0:6E:82:52:AC:88:2B:82:39:E2:B1:72:9A:0E:0D:E8:F4:C8:0D:94:D7:E9:1B:76:82:2F:90:C3:16:5B:55:75:2E:BB:11:5B:D2:57:27:E3:96:91:DB:28:43:93:FB:18:A6:6E:30:51:6E:7D:8C:86:3B:C5:5E:3B:E1:59:91:26:71:DE:C2:3F:FB:CD:FF:77:97:3D:60:0B:13:89:38:4C:BB:5B:FC:73:8C:6B:D8:49:9D:FB:BD:60:34:28:4B:2D:28:E9:5D:38:68:66:5D:0E:0C:6F:C5:85:62:7B:73:42:8B:3C:4E:68:0C:8D:FC:D5:1C:7E:02:7D:2F:80:BB:CA:1F:63:56:3A:DB:8A:48:1C:89:FB:31:11:D4:D9:A0\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:41:27\",\n \"not_valid_before\": \"2021-11-03 05:41:28\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " },", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-ipsecTunnel\",", " \"oid\": \"1.3.6.1.5.5.7.3.6\"", " },", " {", " \"name\": null,", " \"oid\": \"1.3.6.1.5.2.3.5\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"2F:56:55:4C:C6:B7:EE:96:59:A9:12:67:40:22:8F:31:96:3C:FF:57\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"6E:47:9E:C2:58:8C:D5:8A:2E:F7:1C:5D:0B:EC:CD:15:7B:B7:36:3E\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"B0:93:CA:E1:D1:D7:C0:2B:CC:77:52:86:3D:C2:B0:68:01:15:AE:5C:E8:BC:C2:D3:87:A1:B8:EB:A6:F8:ED:FC:01:5A:A1:60:88:B5:62:4A:8E:4E:03:05:72:60:8C:B1:42:74:03:65:65:A5:2A:EC:87:A5:09:EF:60:B2:54:06:E8:3A:E7:5F:CB:3B:58:D0:A7:3D:2F:E1:3D:7B:A4:68:3F:75:04:53:76:FF:43:49:83:81:C5:ED:04:1E:AE:45:99:19:C6:B9:4A:4C:0A:1C:87:FF:7C:80:E6:C7:A7:95:88:C0:6E:82:52:AC:88:2B:82:39:E2:B1:72:9A:0E:0D:E8:F4:C8:0D:94:D7:E9:1B:76:82:2F:90:C3:16:5B:55:75:2E:BB:11:5B:D2:57:27:E3:96:91:DB:28:43:93:FB:18:A6:6E:30:51:6E:7D:8C:86:3B:C5:5E:3B:E1:59:91:26:71:DE:C2:3F:FB:CD:FF:77:97:3D:60:0B:13:89:38:4C:BB:5B:FC:73:8C:6B:D8:49:9D:FB:BD:60:34:28:4B:2D:28:E9:5D:38:68:66:5D:0E:0C:6F:C5:85:62:7B:73:42:8B:3C:4E:68:0C:8D:FC:D5:1C:7E:02:7D:2F:80:BB:CA:1F:63:56:3A:DB:8A:48:1C:89:FB:31:11:D4:D9:A0\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:41:27\",", " \"not_valid_before\": \"2021-11-03 05:41:28\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "6E:47:9E:C2:58:8C:D5:8A:2E:F7:1C:5D:0B:EC:CD:15:7B:B7:36:3E"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}, {"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6"}, {"name": null, "oid": "1.3.6.1.5.2.3.5"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "content_commitment", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "2F:56:55:4C:C6:B7:EE:96:59:A9:12:67:40:22:8F:31:96:3C:FF:57"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "B0:93:CA:E1:D1:D7:C0:2B:CC:77:52:86:3D:C2:B0:68:01:15:AE:5C:E8:BC:C2:D3:87:A1:B8:EB:A6:F8:ED:FC:01:5A:A1:60:88:B5:62:4A:8E:4E:03:05:72:60:8C:B1:42:74:03:65:65:A5:2A:EC:87:A5:09:EF:60:B2:54:06:E8:3A:E7:5F:CB:3B:58:D0:A7:3D:2F:E1:3D:7B:A4:68:3F:75:04:53:76:FF:43:49:83:81:C5:ED:04:1E:AE:45:99:19:C6:B9:4A:4C:0A:1C:87:FF:7C:80:E6:C7:A7:95:88:C0:6E:82:52:AC:88:2B:82:39:E2:B1:72:9A:0E:0D:E8:F4:C8:0D:94:D7:E9:1B:76:82:2F:90:C3:16:5B:55:75:2E:BB:11:5B:D2:57:27:E3:96:91:DB:28:43:93:FB:18:A6:6E:30:51:6E:7D:8C:86:3B:C5:5E:3B:E1:59:91:26:71:DE:C2:3F:FB:CD:FF:77:97:3D:60:0B:13:89:38:4C:BB:5B:FC:73:8C:6B:D8:49:9D:FB:BD:60:34:28:4B:2D:28:E9:5D:38:68:66:5D:0E:0C:6F:C5:85:62:7B:73:42:8B:3C:4E:68:0C:8D:FC:D5:1C:7E:02:7D:2F:80:BB:CA:1F:63:56:3A:DB:8A:48:1C:89:FB:31:11:D4:D9:A0"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:41:27", "not_valid_before": "2021-11-03 05:41:28"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039900", "end": "2021-11-03 05:41:40.286040", "rc": 0, "start": "2021-11-03 05:41:40.246140", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_many_self_signed.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmp_mbogyq9/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_many_self_signed.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket basic.target dbus-broker.service network.target system.slice sysinit.target syslog.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-33.qcow2] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.org", "name": "other-cert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-33.qcow2] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.net", "name": "another-cert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_many_self_signed.yml:18 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_many_self_signed.yml:50 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918162.4308426, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "342b19f382328f19b9541f745ff20811815658cb", "ctime": 1635918162.4278426, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918162.4278426, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2582719030", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918162.3868425, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "baf045d9f19336a7b75fc5e4f18248b03d84d9fc", "ctime": 1635918162.4278426, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918162.4278426, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3227517756", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.194553", "end": "2021-11-03 05:42:55.698175", "rc": 0, "start": "2021-11-03 05:42:55.503622", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"C3:59:78:55:DA:E0:68:AB:A4:59:FB:0D:32:AA:16:2F:96:9F:1C:8C\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"4D:8D:57:F5:C5:2A:F5:88:F7:66:20:0E:39:C0:CD:20:FE:D4:09:BD:BC:CE:74:92:C3:6D:4F:48:97:6B:6A:F4:65:77:81:6D:34:CB:8F:3E:F1:B6:DF:EF:2B:02:05:81:B8:E7:51:BD:8F:42:62:9A:A9:D0:F7:28:4E:EF:C3:86:46:C9:28:A3:5A:44:00:3E:CB:F5:13:4B:BD:E6:02:7A:DB:2D:DE:5E:4B:B8:99:49:93:9D:10:66:79:9A:CD:8D:8B:49:D6:8D:67:D6:A1:AB:0A:D7:E3:32:BE:37:E9:C0:ED:1F:E9:BF:25:01:E4:72:3E:77:18:52:38:7B:95:49:D4:0A:98:3E:1D:24:46:73:66:47:6C:74:25:AD:43:2D:F7:38:41:93:11:D1:5F:41:53:8A:37:98:43:0F:B3:AA:F2:3A:C5:11:97:CB:C1:17:06:08:B2:BF:A3:9C:A7:6B:32:6D:31:90:33:DB:73:0D:95:70:8D:3E:97:AF:E3:D2:18:37:CD:24:2C:EF:0D:79:8D:0E:78:1D:BF:B4:CD:FD:C8:CA:62:DD:83:FB:C1:D1:5D:D8:AA:6A:1C:7E:2F:AE:DF:94:6E:4C:C8:6F:5C:D6:AD:33:79:01:58:03:38:BF:3C:05:71:50:08:DD:D7:FF:50:16:65:AE:21:83:03:CB\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:42:41\",\n \"not_valid_before\": \"2021-11-03 05:42:42\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"C3:59:78:55:DA:E0:68:AB:A4:59:FB:0D:32:AA:16:2F:96:9F:1C:8C\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"4D:8D:57:F5:C5:2A:F5:88:F7:66:20:0E:39:C0:CD:20:FE:D4:09:BD:BC:CE:74:92:C3:6D:4F:48:97:6B:6A:F4:65:77:81:6D:34:CB:8F:3E:F1:B6:DF:EF:2B:02:05:81:B8:E7:51:BD:8F:42:62:9A:A9:D0:F7:28:4E:EF:C3:86:46:C9:28:A3:5A:44:00:3E:CB:F5:13:4B:BD:E6:02:7A:DB:2D:DE:5E:4B:B8:99:49:93:9D:10:66:79:9A:CD:8D:8B:49:D6:8D:67:D6:A1:AB:0A:D7:E3:32:BE:37:E9:C0:ED:1F:E9:BF:25:01:E4:72:3E:77:18:52:38:7B:95:49:D4:0A:98:3E:1D:24:46:73:66:47:6C:74:25:AD:43:2D:F7:38:41:93:11:D1:5F:41:53:8A:37:98:43:0F:B3:AA:F2:3A:C5:11:97:CB:C1:17:06:08:B2:BF:A3:9C:A7:6B:32:6D:31:90:33:DB:73:0D:95:70:8D:3E:97:AF:E3:D2:18:37:CD:24:2C:EF:0D:79:8D:0E:78:1D:BF:B4:CD:FD:C8:CA:62:DD:83:FB:C1:D1:5D:D8:AA:6A:1C:7E:2F:AE:DF:94:6E:4C:C8:6F:5C:D6:AD:33:79:01:58:03:38:BF:3C:05:71:50:08:DD:D7:FF:50:16:65:AE:21:83:03:CB\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:42:41\",", " \"not_valid_before\": \"2021-11-03 05:42:42\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "C3:59:78:55:DA:E0:68:AB:A4:59:FB:0D:32:AA:16:2F:96:9F:1C:8C"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "4D:8D:57:F5:C5:2A:F5:88:F7:66:20:0E:39:C0:CD:20:FE:D4:09:BD:BC:CE:74:92:C3:6D:4F:48:97:6B:6A:F4:65:77:81:6D:34:CB:8F:3E:F1:B6:DF:EF:2B:02:05:81:B8:E7:51:BD:8F:42:62:9A:A9:D0:F7:28:4E:EF:C3:86:46:C9:28:A3:5A:44:00:3E:CB:F5:13:4B:BD:E6:02:7A:DB:2D:DE:5E:4B:B8:99:49:93:9D:10:66:79:9A:CD:8D:8B:49:D6:8D:67:D6:A1:AB:0A:D7:E3:32:BE:37:E9:C0:ED:1F:E9:BF:25:01:E4:72:3E:77:18:52:38:7B:95:49:D4:0A:98:3E:1D:24:46:73:66:47:6C:74:25:AD:43:2D:F7:38:41:93:11:D1:5F:41:53:8A:37:98:43:0F:B3:AA:F2:3A:C5:11:97:CB:C1:17:06:08:B2:BF:A3:9C:A7:6B:32:6D:31:90:33:DB:73:0D:95:70:8D:3E:97:AF:E3:D2:18:37:CD:24:2C:EF:0D:79:8D:0E:78:1D:BF:B4:CD:FD:C8:CA:62:DD:83:FB:C1:D1:5D:D8:AA:6A:1C:7E:2F:AE:DF:94:6E:4C:C8:6F:5C:D6:AD:33:79:01:58:03:38:BF:3C:05:71:50:08:DD:D7:FF:50:16:65:AE:21:83:03:CB"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:42:41", "not_valid_before": "2021-11-03 05:42:42"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.045913", "end": "2021-11-03 05:42:56.418472", "rc": 0, "start": "2021-11-03 05:42:56.372559", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)\nRequirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)\n", "stdout_lines": ["Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)", "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918163.1148424, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a9f5d2e158df251783552e34570ba48bf19bdb03", "ctime": 1635918163.1118426, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132721, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918163.1118426, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1126845719", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918163.0708425, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "68d20db2f061fb6e5ccc09a10b5bbacb20ff064d", "ctime": 1635918163.1118426, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132720, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918163.1118426, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2639700274", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt"], "delta": "0:00:00.209249", "end": "2021-11-03 05:43:01.524715", "rc": 0, "start": "2021-11-03 05:43:01.315466", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.org\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.org\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"49:00:AB:59:61:17:4A:8D:81:58:7C:E7:BE:CE:4F:32:2C:57:43:DC\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"19:1C:14:ED:57:7F:16:95:C7:8C:0C:D1:3C:8F:62:50:41:94:02:09:E1:DA:5C:2E:DE:28:75:95:33:4C:B6:B2:87:C8:A1:AB:A6:D1:76:ED:52:60:8D:63:EB:97:6E:90:A9:36:71:7B:95:45:B6:03:3E:34:D0:96:FB:46:47:88:07:D6:6F:82:62:E4:67:47:24:E6:49:8A:4B:AD:DA:97:76:A4:07:3D:79:53:96:66:44:14:1C:57:DE:C8:E3:C8:3B:6E:84:EA:E0:A2:DE:9F:C6:1A:80:CA:E8:16:67:D7:B7:66:6F:80:CC:D3:A7:E0:DD:1F:B8:8B:A9:8A:DA:3C:CF:1C:9F:03:31:D3:9A:93:7B:6B:82:48:AA:4B:18:12:C6:35:3F:76:15:F3:7D:F7:46:00:96:1B:0C:68:74:86:F0:A6:74:42:28:12:FC:4D:F2:DF:DF:17:F9:BA:E9:78:EB:EB:5A:6E:7F:54:BD:4C:B9:E0:1C:C7:CC:84:03:F0:89:E4:4B:08:AD:DC:BE:E6:3F:A4:FB:0E:6B:A3:B2:0C:7F:81:06:78:C5:96:DB:D6:DE:CF:EC:0F:69:A8:B2:84:E1:23:1A:4E:E1:3F:19:A2:AF:13:85:A7:7B:24:7C:9C:32:01:9C:7A:C7:1A:95:5D:D9:34:59:A7:13:7D:9B:44\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:42:41\",\n \"not_valid_before\": \"2021-11-03 05:42:43\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.org\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.org\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"49:00:AB:59:61:17:4A:8D:81:58:7C:E7:BE:CE:4F:32:2C:57:43:DC\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"19:1C:14:ED:57:7F:16:95:C7:8C:0C:D1:3C:8F:62:50:41:94:02:09:E1:DA:5C:2E:DE:28:75:95:33:4C:B6:B2:87:C8:A1:AB:A6:D1:76:ED:52:60:8D:63:EB:97:6E:90:A9:36:71:7B:95:45:B6:03:3E:34:D0:96:FB:46:47:88:07:D6:6F:82:62:E4:67:47:24:E6:49:8A:4B:AD:DA:97:76:A4:07:3D:79:53:96:66:44:14:1C:57:DE:C8:E3:C8:3B:6E:84:EA:E0:A2:DE:9F:C6:1A:80:CA:E8:16:67:D7:B7:66:6F:80:CC:D3:A7:E0:DD:1F:B8:8B:A9:8A:DA:3C:CF:1C:9F:03:31:D3:9A:93:7B:6B:82:48:AA:4B:18:12:C6:35:3F:76:15:F3:7D:F7:46:00:96:1B:0C:68:74:86:F0:A6:74:42:28:12:FC:4D:F2:DF:DF:17:F9:BA:E9:78:EB:EB:5A:6E:7F:54:BD:4C:B9:E0:1C:C7:CC:84:03:F0:89:E4:4B:08:AD:DC:BE:E6:3F:A4:FB:0E:6B:A3:B2:0C:7F:81:06:78:C5:96:DB:D6:DE:CF:EC:0F:69:A8:B2:84:E1:23:1A:4E:E1:3F:19:A2:AF:13:85:A7:7B:24:7C:9C:32:01:9C:7A:C7:1A:95:5D:D9:34:59:A7:13:7D:9B:44\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:42:41\",", " \"not_valid_before\": \"2021-11-03 05:42:43\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.org"}]}, "subjectKeyIdentifier": {"critical": false, "value": "49:00:AB:59:61:17:4A:8D:81:58:7C:E7:BE:CE:4F:32:2C:57:43:DC"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "19:1C:14:ED:57:7F:16:95:C7:8C:0C:D1:3C:8F:62:50:41:94:02:09:E1:DA:5C:2E:DE:28:75:95:33:4C:B6:B2:87:C8:A1:AB:A6:D1:76:ED:52:60:8D:63:EB:97:6E:90:A9:36:71:7B:95:45:B6:03:3E:34:D0:96:FB:46:47:88:07:D6:6F:82:62:E4:67:47:24:E6:49:8A:4B:AD:DA:97:76:A4:07:3D:79:53:96:66:44:14:1C:57:DE:C8:E3:C8:3B:6E:84:EA:E0:A2:DE:9F:C6:1A:80:CA:E8:16:67:D7:B7:66:6F:80:CC:D3:A7:E0:DD:1F:B8:8B:A9:8A:DA:3C:CF:1C:9F:03:31:D3:9A:93:7B:6B:82:48:AA:4B:18:12:C6:35:3F:76:15:F3:7D:F7:46:00:96:1B:0C:68:74:86:F0:A6:74:42:28:12:FC:4D:F2:DF:DF:17:F9:BA:E9:78:EB:EB:5A:6E:7F:54:BD:4C:B9:E0:1C:C7:CC:84:03:F0:89:E4:4B:08:AD:DC:BE:E6:3F:A4:FB:0E:6B:A3:B2:0C:7F:81:06:78:C5:96:DB:D6:DE:CF:EC:0F:69:A8:B2:84:E1:23:1A:4E:E1:3F:19:A2:AF:13:85:A7:7B:24:7C:9C:32:01:9C:7A:C7:1A:95:5D:D9:34:59:A7:13:7D:9B:44"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.org"}], "validity": {"not_valid_after": "2022-11-03 05:42:41", "not_valid_before": "2021-11-03 05:42:43"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041244", "end": "2021-11-03 05:43:02.196471", "rc": 0, "start": "2021-11-03 05:43:02.155227", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)\nRequirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)\n", "stdout_lines": ["Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)", "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918164.4338424, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2666932a8b4efc890a0598fc104feb91880fe031", "ctime": 1635918164.4318426, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132723, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918164.4318426, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1851815291", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918164.3898425, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "526a5d3daafa214492a8db72f40bbfcc1db8ad3d", "ctime": 1635918164.4318426, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132722, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918164.4318426, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3114035212", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt"], "delta": "0:00:00.203497", "end": "2021-11-03 05:43:07.209946", "rc": 0, "start": "2021-11-03 05:43:07.006449", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.net\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.net\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"8C:13:60:1B:CC:AC:69:43:64:50:43:96:33:C9:D0:0F:2B:91:E6:3E\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"20:08:CF:C4:06:C5:78:92:4D:D2:99:C0:AE:E5:4A:AA:88:94:D3:58:D6:79:28:02:40:40:3F:61:C4:E1:91:14:F8:F4:3E:C2:F8:A3:E6:71:DF:3E:B3:E0:2D:F3:9C:2B:61:0F:3E:4C:C3:D1:95:26:37:6E:42:0E:68:28:8D:5D:8B:CD:63:75:CF:82:5A:F3:1E:F4:E4:A2:29:80:79:2B:56:EA:19:31:9A:9F:C7:32:1F:C3:3F:93:D2:5D:76:E2:76:00:59:0B:86:3F:39:F1:95:E2:73:69:31:47:73:D2:E3:0D:2B:D7:98:40:47:4B:DB:66:8F:32:6C:9A:54:F8:51:8F:44:A0:86:B9:1C:16:66:1B:AC:4C:AB:6C:1C:2C:15:2A:5E:37:EA:B2:21:29:9C:5D:47:EE:37:20:62:3A:74:F0:C4:BB:D8:DE:2C:9C:EA:7F:C2:A0:77:68:07:53:65:37:52:40:A9:FF:B0:D7:6F:AC:8C:A4:04:91:AB:E1:63:9C:B5:C9:A0:E4:49:12:0F:81:8E:00:38:73:4E:5B:0A:C8:34:93:BD:24:3D:9A:C0:25:C5:39:E5:54:EB:1B:61:0F:FC:14:3E:D1:79:94:10:A3:21:DC:B4:2F:45:56:80:4D:C5:A3:77:DD:5E:86:EC:4F:97:FB:5D:E1:F2:EE\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:42:41\",\n \"not_valid_before\": \"2021-11-03 05:42:44\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.net\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.net\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"8C:13:60:1B:CC:AC:69:43:64:50:43:96:33:C9:D0:0F:2B:91:E6:3E\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"20:08:CF:C4:06:C5:78:92:4D:D2:99:C0:AE:E5:4A:AA:88:94:D3:58:D6:79:28:02:40:40:3F:61:C4:E1:91:14:F8:F4:3E:C2:F8:A3:E6:71:DF:3E:B3:E0:2D:F3:9C:2B:61:0F:3E:4C:C3:D1:95:26:37:6E:42:0E:68:28:8D:5D:8B:CD:63:75:CF:82:5A:F3:1E:F4:E4:A2:29:80:79:2B:56:EA:19:31:9A:9F:C7:32:1F:C3:3F:93:D2:5D:76:E2:76:00:59:0B:86:3F:39:F1:95:E2:73:69:31:47:73:D2:E3:0D:2B:D7:98:40:47:4B:DB:66:8F:32:6C:9A:54:F8:51:8F:44:A0:86:B9:1C:16:66:1B:AC:4C:AB:6C:1C:2C:15:2A:5E:37:EA:B2:21:29:9C:5D:47:EE:37:20:62:3A:74:F0:C4:BB:D8:DE:2C:9C:EA:7F:C2:A0:77:68:07:53:65:37:52:40:A9:FF:B0:D7:6F:AC:8C:A4:04:91:AB:E1:63:9C:B5:C9:A0:E4:49:12:0F:81:8E:00:38:73:4E:5B:0A:C8:34:93:BD:24:3D:9A:C0:25:C5:39:E5:54:EB:1B:61:0F:FC:14:3E:D1:79:94:10:A3:21:DC:B4:2F:45:56:80:4D:C5:A3:77:DD:5E:86:EC:4F:97:FB:5D:E1:F2:EE\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:42:41\",", " \"not_valid_before\": \"2021-11-03 05:42:44\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "DB:79:5A:12:56:8C:70:14:F0:61:D4:0A:FA:A8:64:95:37:40:B3:38"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.net"}]}, "subjectKeyIdentifier": {"critical": false, "value": "8C:13:60:1B:CC:AC:69:43:64:50:43:96:33:C9:D0:0F:2B:91:E6:3E"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "20:08:CF:C4:06:C5:78:92:4D:D2:99:C0:AE:E5:4A:AA:88:94:D3:58:D6:79:28:02:40:40:3F:61:C4:E1:91:14:F8:F4:3E:C2:F8:A3:E6:71:DF:3E:B3:E0:2D:F3:9C:2B:61:0F:3E:4C:C3:D1:95:26:37:6E:42:0E:68:28:8D:5D:8B:CD:63:75:CF:82:5A:F3:1E:F4:E4:A2:29:80:79:2B:56:EA:19:31:9A:9F:C7:32:1F:C3:3F:93:D2:5D:76:E2:76:00:59:0B:86:3F:39:F1:95:E2:73:69:31:47:73:D2:E3:0D:2B:D7:98:40:47:4B:DB:66:8F:32:6C:9A:54:F8:51:8F:44:A0:86:B9:1C:16:66:1B:AC:4C:AB:6C:1C:2C:15:2A:5E:37:EA:B2:21:29:9C:5D:47:EE:37:20:62:3A:74:F0:C4:BB:D8:DE:2C:9C:EA:7F:C2:A0:77:68:07:53:65:37:52:40:A9:FF:B0:D7:6F:AC:8C:A4:04:91:AB:E1:63:9C:B5:C9:A0:E4:49:12:0F:81:8E:00:38:73:4E:5B:0A:C8:34:93:BD:24:3D:9A:C0:25:C5:39:E5:54:EB:1B:61:0F:FC:14:3E:D1:79:94:10:A3:21:DC:B4:2F:45:56:80:4D:C5:A3:77:DD:5E:86:EC:4F:97:FB:5D:E1:F2:EE"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.net"}], "validity": {"not_valid_after": "2022-11-03 05:42:41", "not_valid_before": "2021-11-03 05:42:44"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042799", "end": "2021-11-03 05:43:07.867631", "rc": 0, "start": "2021-11-03 05:43:07.824832", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=73 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_no_auto_renew.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_no_auto_renew.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service systemd-journald.socket dbus.socket syslog.target basic.target network.target sysinit.target system.slice", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => {"ansible_loop_var": "item", "changed": true, "item": {"auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-33.qcow2] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "defaultcert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_no_auto_renew.yml:17 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_no_auto_renew.yml:42 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918246.8750005, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5c4437eee29b81fc56dc45540d4a87e4228365f9", "ctime": 1635918246.8730004, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918246.8730004, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "411618637", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918246.8320005, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "94790d66857d33fd6c7260cfd94063fe8c1951d7", "ctime": 1635918246.8730004, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918246.8730004, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2194735056", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.199663", "end": "2021-11-03 05:44:18.740242", "rc": 0, "start": "2021-11-03 05:44:18.540579", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"61:D3:77:E0:DA:BE:C3:AE:76:5C:7C:B4:5D:CD:B7:6C:64:F2:B4:BE\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"CF:20:34:D3:39:F3:FE:B8:C6:02:F1:76:B1:09:A8:A8:D8:F5:EB:6C\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"00:8B:EF:6E:E0:6F:63:78:D0:B9:42:57:5F:A2:EA:A1:30:CD:9F:81:D2:61:52:75:7D:14:49:B6:38:98:5B:4A:64:05:51:69:84:9E:59:32:7D:F2:66:3F:6D:B6:12:F0:29:68:C0:26:F1:B1:D6:A4:AF:92:E5:C9:F4:6D:43:4F:93:43:E7:A8:C6:B7:F9:26:9D:C1:46:B0:B9:E4:CD:A5:E1:A1:2B:B8:2C:BC:16:63:B8:33:4C:F2:F0:C4:EA:0A:33:C8:92:AB:D6:16:D4:5D:96:85:CC:BD:61:21:52:E8:7A:71:81:D1:9A:95:FE:9E:B5:8C:1F:98:83:80:30:F0:66:10:59:CF:37:0C:2E:1C:C0:06:2F:A1:E3:8B:FF:B3:57:8F:C2:91:98:8D:91:08:22:48:CD:38:D5:17:03:9E:4C:39:F4:6C:62:F0:1D:AF:74:FE:C7:9E:9E:9B:D0:76:47:23:02:F0:07:90:23:9D:66:74:21:CD:06:84:27:05:A8:FC:49:59:09:76:01:C4:40:EA:15:C1:4B:C2:3A:09:02:7A:B4:F1:6D:43:C5:D3:6A:CE:65:D7:84:9F:96:BD:4B:EE:50:14:82:CB:59:7E:AE:0E:C3:CB:E3:E8:86:D2:2C:FF:EC:EA:C5:8D:ED:B5:C9:86:81:26:C9:12:20:AF\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:44:06\",\n \"not_valid_before\": \"2021-11-03 05:44:06\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"61:D3:77:E0:DA:BE:C3:AE:76:5C:7C:B4:5D:CD:B7:6C:64:F2:B4:BE\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"CF:20:34:D3:39:F3:FE:B8:C6:02:F1:76:B1:09:A8:A8:D8:F5:EB:6C\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"00:8B:EF:6E:E0:6F:63:78:D0:B9:42:57:5F:A2:EA:A1:30:CD:9F:81:D2:61:52:75:7D:14:49:B6:38:98:5B:4A:64:05:51:69:84:9E:59:32:7D:F2:66:3F:6D:B6:12:F0:29:68:C0:26:F1:B1:D6:A4:AF:92:E5:C9:F4:6D:43:4F:93:43:E7:A8:C6:B7:F9:26:9D:C1:46:B0:B9:E4:CD:A5:E1:A1:2B:B8:2C:BC:16:63:B8:33:4C:F2:F0:C4:EA:0A:33:C8:92:AB:D6:16:D4:5D:96:85:CC:BD:61:21:52:E8:7A:71:81:D1:9A:95:FE:9E:B5:8C:1F:98:83:80:30:F0:66:10:59:CF:37:0C:2E:1C:C0:06:2F:A1:E3:8B:FF:B3:57:8F:C2:91:98:8D:91:08:22:48:CD:38:D5:17:03:9E:4C:39:F4:6C:62:F0:1D:AF:74:FE:C7:9E:9E:9B:D0:76:47:23:02:F0:07:90:23:9D:66:74:21:CD:06:84:27:05:A8:FC:49:59:09:76:01:C4:40:EA:15:C1:4B:C2:3A:09:02:7A:B4:F1:6D:43:C5:D3:6A:CE:65:D7:84:9F:96:BD:4B:EE:50:14:82:CB:59:7E:AE:0E:C3:CB:E3:E8:86:D2:2C:FF:EC:EA:C5:8D:ED:B5:C9:86:81:26:C9:12:20:AF\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:44:06\",", " \"not_valid_before\": \"2021-11-03 05:44:06\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "CF:20:34:D3:39:F3:FE:B8:C6:02:F1:76:B1:09:A8:A8:D8:F5:EB:6C"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "61:D3:77:E0:DA:BE:C3:AE:76:5C:7C:B4:5D:CD:B7:6C:64:F2:B4:BE"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "00:8B:EF:6E:E0:6F:63:78:D0:B9:42:57:5F:A2:EA:A1:30:CD:9F:81:D2:61:52:75:7D:14:49:B6:38:98:5B:4A:64:05:51:69:84:9E:59:32:7D:F2:66:3F:6D:B6:12:F0:29:68:C0:26:F1:B1:D6:A4:AF:92:E5:C9:F4:6D:43:4F:93:43:E7:A8:C6:B7:F9:26:9D:C1:46:B0:B9:E4:CD:A5:E1:A1:2B:B8:2C:BC:16:63:B8:33:4C:F2:F0:C4:EA:0A:33:C8:92:AB:D6:16:D4:5D:96:85:CC:BD:61:21:52:E8:7A:71:81:D1:9A:95:FE:9E:B5:8C:1F:98:83:80:30:F0:66:10:59:CF:37:0C:2E:1C:C0:06:2F:A1:E3:8B:FF:B3:57:8F:C2:91:98:8D:91:08:22:48:CD:38:D5:17:03:9E:4C:39:F4:6C:62:F0:1D:AF:74:FE:C7:9E:9E:9B:D0:76:47:23:02:F0:07:90:23:9D:66:74:21:CD:06:84:27:05:A8:FC:49:59:09:76:01:C4:40:EA:15:C1:4B:C2:3A:09:02:7A:B4:F1:6D:43:C5:D3:6A:CE:65:D7:84:9F:96:BD:4B:EE:50:14:82:CB:59:7E:AE:0E:C3:CB:E3:E8:86:D2:2C:FF:EC:EA:C5:8D:ED:B5:C9:86:81:26:C9:12:20:AF"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:44:06", "not_valid_before": "2021-11-03 05:44:06"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038584", "end": "2021-11-03 05:44:19.473639", "rc": 0, "start": "2021-11-03 05:44:19.435055", "stderr": "", "stderr_lines": [], "stdout": "no", "stdout_lines": ["no"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.3.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)\nRequirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)\n", "stdout_lines": ["Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8)", "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918247.5400004, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "211ab651967dff059adaacaaf539099859a834bb", "ctime": 1635918247.5370004, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132721, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918247.5370004, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2116770312", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918247.4930005, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fd0a8857a49dd207ec02d68d760f4d085ccf0cd5", "ctime": 1635918247.5370004, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132720, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918247.5370004, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3616630928", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt"], "delta": "0:00:00.207129", "end": "2021-11-03 05:44:24.525256", "rc": 0, "start": "2021-11-03 05:44:24.318127", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"7D:73:D2:B5:C8:40:9F:A3:D3:4F:5E:9E:FE:32:A2:5E:F1:F4:AC:83\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"CF:20:34:D3:39:F3:FE:B8:C6:02:F1:76:B1:09:A8:A8:D8:F5:EB:6C\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"C1:3C:BC:DC:59:F7:B6:72:E4:75:FC:EB:1A:7A:B2:10:3E:A5:BC:C9:91:DD:4F:32:19:C3:23:DF:C8:51:C1:A1:38:79:86:10:11:BF:8A:54:5A:C5:A0:57:51:5B:09:B1:39:5E:8D:F6:19:A0:2D:3F:11:1A:A2:AE:1B:93:4F:DC:93:C8:20:FE:C2:C2:4D:8F:3A:C1:CA:EB:A6:E2:6F:AD:10:A2:1D:31:60:B8:7C:0D:1A:8C:F1:A5:1C:6D:6D:69:4B:04:4F:0C:47:66:1F:74:5C:FE:72:46:67:0C:73:56:10:91:BD:4C:77:84:3F:4B:CA:9B:75:A7:BB:1C:6B:C4:89:1E:CB:2A:56:42:3C:77:5E:F3:95:20:BC:5A:C2:30:D0:94:C2:2F:7E:1B:58:0E:55:6B:BB:5A:BB:D4:5E:3D:DA:26:93:95:00:DB:11:C3:95:EC:F2:42:31:6F:8B:89:B4:F8:BE:E2:BE:9D:A2:1F:69:B0:22:44:86:65:C0:41:3C:65:A7:E5:30:AE:5C:0C:9E:C7:FF:CB:64:8C:AB:18:B7:D4:12:9A:AF:5B:46:88:16:3A:52:55:09:6A:63:37:DC:F0:9D:5B:E9:57:09:07:0F:F0:7D:0F:63:30:8F:A8:E2:6F:C9:24:9B:27:1F:1F:62:F4:4E:AD:15:9A:3E:99\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:44:06\",\n \"not_valid_before\": \"2021-11-03 05:44:07\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"7D:73:D2:B5:C8:40:9F:A3:D3:4F:5E:9E:FE:32:A2:5E:F1:F4:AC:83\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"CF:20:34:D3:39:F3:FE:B8:C6:02:F1:76:B1:09:A8:A8:D8:F5:EB:6C\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"C1:3C:BC:DC:59:F7:B6:72:E4:75:FC:EB:1A:7A:B2:10:3E:A5:BC:C9:91:DD:4F:32:19:C3:23:DF:C8:51:C1:A1:38:79:86:10:11:BF:8A:54:5A:C5:A0:57:51:5B:09:B1:39:5E:8D:F6:19:A0:2D:3F:11:1A:A2:AE:1B:93:4F:DC:93:C8:20:FE:C2:C2:4D:8F:3A:C1:CA:EB:A6:E2:6F:AD:10:A2:1D:31:60:B8:7C:0D:1A:8C:F1:A5:1C:6D:6D:69:4B:04:4F:0C:47:66:1F:74:5C:FE:72:46:67:0C:73:56:10:91:BD:4C:77:84:3F:4B:CA:9B:75:A7:BB:1C:6B:C4:89:1E:CB:2A:56:42:3C:77:5E:F3:95:20:BC:5A:C2:30:D0:94:C2:2F:7E:1B:58:0E:55:6B:BB:5A:BB:D4:5E:3D:DA:26:93:95:00:DB:11:C3:95:EC:F2:42:31:6F:8B:89:B4:F8:BE:E2:BE:9D:A2:1F:69:B0:22:44:86:65:C0:41:3C:65:A7:E5:30:AE:5C:0C:9E:C7:FF:CB:64:8C:AB:18:B7:D4:12:9A:AF:5B:46:88:16:3A:52:55:09:6A:63:37:DC:F0:9D:5B:E9:57:09:07:0F:F0:7D:0F:63:30:8F:A8:E2:6F:C9:24:9B:27:1F:1F:62:F4:4E:AD:15:9A:3E:99\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:44:06\",", " \"not_valid_before\": \"2021-11-03 05:44:07\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "CF:20:34:D3:39:F3:FE:B8:C6:02:F1:76:B1:09:A8:A8:D8:F5:EB:6C"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "7D:73:D2:B5:C8:40:9F:A3:D3:4F:5E:9E:FE:32:A2:5E:F1:F4:AC:83"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "C1:3C:BC:DC:59:F7:B6:72:E4:75:FC:EB:1A:7A:B2:10:3E:A5:BC:C9:91:DD:4F:32:19:C3:23:DF:C8:51:C1:A1:38:79:86:10:11:BF:8A:54:5A:C5:A0:57:51:5B:09:B1:39:5E:8D:F6:19:A0:2D:3F:11:1A:A2:AE:1B:93:4F:DC:93:C8:20:FE:C2:C2:4D:8F:3A:C1:CA:EB:A6:E2:6F:AD:10:A2:1D:31:60:B8:7C:0D:1A:8C:F1:A5:1C:6D:6D:69:4B:04:4F:0C:47:66:1F:74:5C:FE:72:46:67:0C:73:56:10:91:BD:4C:77:84:3F:4B:CA:9B:75:A7:BB:1C:6B:C4:89:1E:CB:2A:56:42:3C:77:5E:F3:95:20:BC:5A:C2:30:D0:94:C2:2F:7E:1B:58:0E:55:6B:BB:5A:BB:D4:5E:3D:DA:26:93:95:00:DB:11:C3:95:EC:F2:42:31:6F:8B:89:B4:F8:BE:E2:BE:9D:A2:1F:69:B0:22:44:86:65:C0:41:3C:65:A7:E5:30:AE:5C:0C:9E:C7:FF:CB:64:8C:AB:18:B7:D4:12:9A:AF:5B:46:88:16:3A:52:55:09:6A:63:37:DC:F0:9D:5B:E9:57:09:07:0F:F0:7D:0F:63:30:8F:A8:E2:6F:C9:24:9B:27:1F:1F:62:F4:4E:AD:15:9A:3E:99"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:44:06", "not_valid_before": "2021-11-03 05:44:07"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037885", "end": "2021-11-03 05:44:25.232970", "rc": 0, "start": "2021-11-03 05:44:25.195085", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=52 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_not_wait_for_cert.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_not_wait_for_cert.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target syslog.target systemd-journald.socket system.slice basic.target sysinit.target dbus-broker.service dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_not_wait_for_cert.yml:14 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmp_mbogyq9/tests/tests_not_wait_for_cert.yml:28 ok: [/cache/fedora-33.qcow2] => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => {"ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": {"key_path": "/etc/pki/tls/private/mycert.key", "path": "/etc/pki/tls/certs/mycert.crt", "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "subject_alt_name": [{"name": "DNS", "value": "www.example.com"}]}, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1294, "state": "file", "uid": 0} TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_not_wait_for_cert.yml:34 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918325.152972, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9a9520078cc6d878a94094b43e50ceb8ca1f9878", "ctime": 1635918325.149972, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918325.149972, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2423675509", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918325.106972, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "73585c0a99388bfe86e7d0f9373f61bcd72ea211", "ctime": 1635918325.149972, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918325.149972, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3511545008", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.197926", "end": "2021-11-03 05:45:36.880788", "rc": 0, "start": "2021-11-03 05:45:36.682862", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"A5:25:7B:36:47:E6:91:11:4F:52:0B:9D:7A:B1:75:70:83:10:56:F6\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"93:57:64:6F:B3:1B:01:EC:36:D1:27:BA:D9:55:C7:36:BE:DC:A9:50\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"6E:84:A2:48:C7:2F:76:B5:E8:E6:92:73:01:CF:58:5C:94:42:B2:CD:99:24:6F:A3:68:E8:21:46:F6:CA:DE:88:2F:97:92:9C:BD:A5:1E:40:FA:EE:E2:35:A2:4A:02:11:1A:8C:76:16:76:E7:42:30:07:73:E1:D6:D2:C1:27:94:77:24:F4:4F:F5:D4:AE:B8:B3:50:8F:21:2B:9D:35:DE:C1:EB:29:8D:26:42:8F:18:7B:CA:0D:27:F5:FD:8A:AC:75:E8:39:96:2F:DD:CA:40:4A:AA:6E:39:B6:89:D0:25:BD:D5:19:7C:C4:A1:4E:3A:25:DB:5D:9D:3F:12:6A:17:FC:6E:77:5E:4F:BF:4F:C9:68:77:08:53:15:69:6D:C2:0E:E9:43:62:E9:B3:63:41:D1:4E:27:1B:F5:99:B8:C6:B8:F3:2C:2F:70:DE:86:06:3D:B7:EA:2C:C6:29:FF:27:89:69:24:F5:17:95:68:5E:CD:8B:46:31:85:A2:67:53:89:E2:4C:20:60:B1:CB:3A:D5:8D:F2:16:C6:F8:20:F1:5B:71:76:D1:03:70:97:57:86:3C:11:A5:9A:A3:86:CC:D3:88:12:BC:3C:A5:74:FF:AE:E1:98:DA:39:A7:0E:F2:92:E4:B2:F9:8A:E6:97:ED:3D:56:63:67:09:5C:95:1F\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:45:24\",\n \"not_valid_before\": \"2021-11-03 05:45:25\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"A5:25:7B:36:47:E6:91:11:4F:52:0B:9D:7A:B1:75:70:83:10:56:F6\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"93:57:64:6F:B3:1B:01:EC:36:D1:27:BA:D9:55:C7:36:BE:DC:A9:50\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"6E:84:A2:48:C7:2F:76:B5:E8:E6:92:73:01:CF:58:5C:94:42:B2:CD:99:24:6F:A3:68:E8:21:46:F6:CA:DE:88:2F:97:92:9C:BD:A5:1E:40:FA:EE:E2:35:A2:4A:02:11:1A:8C:76:16:76:E7:42:30:07:73:E1:D6:D2:C1:27:94:77:24:F4:4F:F5:D4:AE:B8:B3:50:8F:21:2B:9D:35:DE:C1:EB:29:8D:26:42:8F:18:7B:CA:0D:27:F5:FD:8A:AC:75:E8:39:96:2F:DD:CA:40:4A:AA:6E:39:B6:89:D0:25:BD:D5:19:7C:C4:A1:4E:3A:25:DB:5D:9D:3F:12:6A:17:FC:6E:77:5E:4F:BF:4F:C9:68:77:08:53:15:69:6D:C2:0E:E9:43:62:E9:B3:63:41:D1:4E:27:1B:F5:99:B8:C6:B8:F3:2C:2F:70:DE:86:06:3D:B7:EA:2C:C6:29:FF:27:89:69:24:F5:17:95:68:5E:CD:8B:46:31:85:A2:67:53:89:E2:4C:20:60:B1:CB:3A:D5:8D:F2:16:C6:F8:20:F1:5B:71:76:D1:03:70:97:57:86:3C:11:A5:9A:A3:86:CC:D3:88:12:BC:3C:A5:74:FF:AE:E1:98:DA:39:A7:0E:F2:92:E4:B2:F9:8A:E6:97:ED:3D:56:63:67:09:5C:95:1F\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:45:24\",", " \"not_valid_before\": \"2021-11-03 05:45:25\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "93:57:64:6F:B3:1B:01:EC:36:D1:27:BA:D9:55:C7:36:BE:DC:A9:50"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "A5:25:7B:36:47:E6:91:11:4F:52:0B:9D:7A:B1:75:70:83:10:56:F6"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "6E:84:A2:48:C7:2F:76:B5:E8:E6:92:73:01:CF:58:5C:94:42:B2:CD:99:24:6F:A3:68:E8:21:46:F6:CA:DE:88:2F:97:92:9C:BD:A5:1E:40:FA:EE:E2:35:A2:4A:02:11:1A:8C:76:16:76:E7:42:30:07:73:E1:D6:D2:C1:27:94:77:24:F4:4F:F5:D4:AE:B8:B3:50:8F:21:2B:9D:35:DE:C1:EB:29:8D:26:42:8F:18:7B:CA:0D:27:F5:FD:8A:AC:75:E8:39:96:2F:DD:CA:40:4A:AA:6E:39:B6:89:D0:25:BD:D5:19:7C:C4:A1:4E:3A:25:DB:5D:9D:3F:12:6A:17:FC:6E:77:5E:4F:BF:4F:C9:68:77:08:53:15:69:6D:C2:0E:E9:43:62:E9:B3:63:41:D1:4E:27:1B:F5:99:B8:C6:B8:F3:2C:2F:70:DE:86:06:3D:B7:EA:2C:C6:29:FF:27:89:69:24:F5:17:95:68:5E:CD:8B:46:31:85:A2:67:53:89:E2:4C:20:60:B1:CB:3A:D5:8D:F2:16:C6:F8:20:F1:5B:71:76:D1:03:70:97:57:86:3C:11:A5:9A:A3:86:CC:D3:88:12:BC:3C:A5:74:FF:AE:E1:98:DA:39:A7:0E:F2:92:E4:B2:F9:8A:E6:97:ED:3D:56:63:67:09:5C:95:1F"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:45:24", "not_valid_before": "2021-11-03 05:45:25"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037730", "end": "2021-11-03 05:45:37.572482", "rc": 0, "start": "2021-11-03 05:45:37.534752", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=32 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_principal.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmp_mbogyq9/tests/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_principal.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target system.slice network.target sysinit.target dbus-broker.service syslog.target systemd-journald.socket dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "principal": "HTTP/www.example.com@EXAMPLE.COM"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_principal.yml:13 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_principal.yml:33 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918397.6987116, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "041e483fea22c88dee2a08af36a507baf0f5a891", "ctime": 1635918397.6947114, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918397.6947114, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1456, "uid": 0, "version": "531560028", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918397.6527116, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f8bf8dadb00724d3497b031bbb74ba5836cd99e4", "ctime": 1635918397.6947114, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918397.6947114, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2291491745", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.191660", "end": "2021-11-03 05:46:49.147128", "rc": 0, "start": "2021-11-03 05:46:48.955468", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"1B:E8:4B:EE:44:9C:25:71:6A:C8:2A:02:2B:59:69:6D:D7:E8:59:D5\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"89:A8:76:B2:5B:20:9D:62:96:EA:C6:02:4E:DF:47:50:5B:31:E5:A5\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"52:A4:2E:79:81:71:AA:CE:C7:98:67:2E:2C:08:E3:81:77:8C:BE:2A:6B:40:CD:F7:E9:3D:E8:5A:8B:D4:A9:DE:3F:05:8C:B5:3A:7B:B7:43:F9:1F:D8:A0:47:89:D5:6A:7E:48:27:EB:FC:0C:AD:93:9C:0D:00:9D:F2:4A:7C:36:DE:9D:69:DE:30:0F:B7:56:CE:47:03:DC:65:7A:7E:69:21:93:5A:DB:67:CB:F4:FC:5B:1E:3B:7E:7D:EA:1B:87:07:DE:18:06:36:40:7B:78:30:E3:AF:12:D1:73:FC:1F:C6:F6:95:44:08:62:BF:09:78:A4:B2:BB:34:D4:5A:8E:53:2C:D2:DC:08:6F:0D:1A:FB:9D:D2:8E:55:D2:72:82:A6:16:DA:79:25:FD:E0:8F:A6:25:F6:64:95:E4:E8:EA:4C:11:4C:7D:2E:EE:68:85:34:3B:BD:08:85:3C:B8:9D:41:89:6E:BE:EA:CE:EA:B3:6F:3A:C7:3C:13:62:D9:C6:B8:AC:5D:18:54:B8:F6:29:F1:2B:17:EB:CB:01:23:D6:19:13:BC:53:B5:CD:E3:29:C2:11:B3:98:4D:97:46:76:40:1D:B1:20:D8:40:EE:FB:2B:F2:AA:D5:1E:8A:1B:A8:A6:B4:1D:1B:7C:42:02:59:00:E8:E7:7E:4A:6F:DA:B6\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:46:37\",\n \"not_valid_before\": \"2021-11-03 05:46:37\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"1B:E8:4B:EE:44:9C:25:71:6A:C8:2A:02:2B:59:69:6D:D7:E8:59:D5\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"89:A8:76:B2:5B:20:9D:62:96:EA:C6:02:4E:DF:47:50:5B:31:E5:A5\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"52:A4:2E:79:81:71:AA:CE:C7:98:67:2E:2C:08:E3:81:77:8C:BE:2A:6B:40:CD:F7:E9:3D:E8:5A:8B:D4:A9:DE:3F:05:8C:B5:3A:7B:B7:43:F9:1F:D8:A0:47:89:D5:6A:7E:48:27:EB:FC:0C:AD:93:9C:0D:00:9D:F2:4A:7C:36:DE:9D:69:DE:30:0F:B7:56:CE:47:03:DC:65:7A:7E:69:21:93:5A:DB:67:CB:F4:FC:5B:1E:3B:7E:7D:EA:1B:87:07:DE:18:06:36:40:7B:78:30:E3:AF:12:D1:73:FC:1F:C6:F6:95:44:08:62:BF:09:78:A4:B2:BB:34:D4:5A:8E:53:2C:D2:DC:08:6F:0D:1A:FB:9D:D2:8E:55:D2:72:82:A6:16:DA:79:25:FD:E0:8F:A6:25:F6:64:95:E4:E8:EA:4C:11:4C:7D:2E:EE:68:85:34:3B:BD:08:85:3C:B8:9D:41:89:6E:BE:EA:CE:EA:B3:6F:3A:C7:3C:13:62:D9:C6:B8:AC:5D:18:54:B8:F6:29:F1:2B:17:EB:CB:01:23:D6:19:13:BC:53:B5:CD:E3:29:C2:11:B3:98:4D:97:46:76:40:1D:B1:20:D8:40:EE:FB:2B:F2:AA:D5:1E:8A:1B:A8:A6:B4:1D:1B:7C:42:02:59:00:E8:E7:7E:4A:6F:DA:B6\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:46:37\",", " \"not_valid_before\": \"2021-11-03 05:46:37\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "89:A8:76:B2:5B:20:9D:62:96:EA:C6:02:4E:DF:47:50:5B:31:E5:A5"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM"}]}, "subjectKeyIdentifier": {"critical": false, "value": "1B:E8:4B:EE:44:9C:25:71:6A:C8:2A:02:2B:59:69:6D:D7:E8:59:D5"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "52:A4:2E:79:81:71:AA:CE:C7:98:67:2E:2C:08:E3:81:77:8C:BE:2A:6B:40:CD:F7:E9:3D:E8:5A:8B:D4:A9:DE:3F:05:8C:B5:3A:7B:B7:43:F9:1F:D8:A0:47:89:D5:6A:7E:48:27:EB:FC:0C:AD:93:9C:0D:00:9D:F2:4A:7C:36:DE:9D:69:DE:30:0F:B7:56:CE:47:03:DC:65:7A:7E:69:21:93:5A:DB:67:CB:F4:FC:5B:1E:3B:7E:7D:EA:1B:87:07:DE:18:06:36:40:7B:78:30:E3:AF:12:D1:73:FC:1F:C6:F6:95:44:08:62:BF:09:78:A4:B2:BB:34:D4:5A:8E:53:2C:D2:DC:08:6F:0D:1A:FB:9D:D2:8E:55:D2:72:82:A6:16:DA:79:25:FD:E0:8F:A6:25:F6:64:95:E4:E8:EA:4C:11:4C:7D:2E:EE:68:85:34:3B:BD:08:85:3C:B8:9D:41:89:6E:BE:EA:CE:EA:B3:6F:3A:C7:3C:13:62:D9:C6:B8:AC:5D:18:54:B8:F6:29:F1:2B:17:EB:CB:01:23:D6:19:13:BC:53:B5:CD:E3:29:C2:11:B3:98:4D:97:46:76:40:1D:B1:20:D8:40:EE:FB:2B:F2:AA:D5:1E:8A:1B:A8:A6:B4:1D:1B:7C:42:02:59:00:E8:E7:7E:4A:6F:DA:B6"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:46:37", "not_valid_before": "2021-11-03 05:46:37"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040452", "end": "2021-11-03 05:46:49.884958", "rc": 0, "start": "2021-11-03 05:46:49.844506", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_principal.yml:40 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 ok: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 ok: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 ok: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 ok: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestamp": "Wed 2021-11-03 05:46:36 UTC", "ActiveEnterTimestampMonotonic": "55114660", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "sysinit.target network.target systemd-journald.socket syslog.target system.slice dbus-broker.service basic.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Wed 2021-11-03 05:46:36 UTC", "AssertTimestampMonotonic": "55102363", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "357704000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2021-11-03 05:46:36 UTC", "ConditionTimestampMonotonic": "55102361", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6559", "ExecMainStartTimestamp": "Wed 2021-11-03 05:46:36 UTC", "ExecMainStartTimestampMonotonic": "55103431", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Wed 2021-11-03 05:46:36 UTC] ; stop_time=[n/a] ; pid=6559 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Wed 2021-11-03 05:46:36 UTC] ; stop_time=[n/a] ; pid=6559 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2021-11-03 05:46:36 UTC", "InactiveExitTimestampMonotonic": "55103791", "InvocationID": "d5f48dba23af4d0eab179d7b79efbb2b", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6559", "MemoryAccounting": "yes", "MemoryCurrent": "1531904", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2021-11-03 05:46:36 UTC", "StateChangeTimestampMonotonic": "55114660", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 failed: [/cache/fedora-33.qcow2] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc"}, "msg": "Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM'"} TASK [assert...] *************************************************************** task path: /tmp/tmp_mbogyq9/tests/tests_principal.yml:59 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=39 changed=8 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_provider.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_provider.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target dbus-broker.service network.target system.slice systemd-journald.socket basic.target syslog.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "certmonger"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_provider.yml:13 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_provider.yml:27 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918476.9364176, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c6132ba62301c4c4d93e4ed7d936e6562ff7f6ae", "ctime": 1635918476.9334176, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918476.9334176, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1545374164", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918476.8924177, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "eecd9dc67fc256ad4a0679799891e6aeb0cf7873", "ctime": 1635918476.9334176, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918476.9334176, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2039438019", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.200125", "end": "2021-11-03 05:48:08.720998", "rc": 0, "start": "2021-11-03 05:48:08.520873", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"78:95:AE:E6:36:34:15:BC:EB:7F:AD:56:5C:92:17:DC:19:E2:D8:74\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"78:E0:A1:16:56:44:13:05:BA:A4:A1:79:96:B1:F2:F6:75:9E:68:CB\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"92:2F:86:2C:23:01:31:81:66:2E:C1:54:48:30:E5:10:61:D0:30:24:8A:3E:AD:64:22:F9:4F:E3:AA:94:0A:3B:8A:72:A6:72:0B:93:3A:17:6B:9D:2B:B5:F3:63:36:1C:96:94:B8:CE:E0:8A:A8:0F:2B:09:58:ED:C5:69:EA:7F:C0:ED:B8:36:35:37:AD:C2:70:37:6C:EB:C5:44:8E:BC:32:7C:70:FC:B9:36:1E:A1:7A:5A:45:6C:28:3B:56:C3:84:6E:BA:6B:ED:F8:62:B0:8A:1C:F2:5E:B3:4F:CA:F9:BF:18:54:7D:E2:67:DE:C8:61:C2:C7:84:22:62:AD:08:E5:E7:E2:67:4B:A9:FF:4E:D8:83:3E:D5:0A:84:8C:00:1E:C9:43:D6:CB:F3:5C:1B:FD:9E:B3:24:39:F1:F6:43:1C:88:00:FD:F2:34:66:70:68:69:E0:C9:61:69:69:0D:16:B3:E1:54:4C:EB:45:9B:69:05:4B:29:A4:36:53:90:F3:6A:E4:31:F3:82:39:5E:44:53:0A:10:00:EB:04:D6:43:70:22:C5:F0:32:A9:57:40:84:DE:75:51:6F:43:C1:42:C7:9B:90:F7:3E:13:D9:BF:62:CB:BE:A8:8C:A9:9B:BE:04:17:15:E4:7F:6C:3A:80:A9:AF:91:F4:A3:36:E1\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:47:56\",\n \"not_valid_before\": \"2021-11-03 05:47:56\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"78:95:AE:E6:36:34:15:BC:EB:7F:AD:56:5C:92:17:DC:19:E2:D8:74\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"78:E0:A1:16:56:44:13:05:BA:A4:A1:79:96:B1:F2:F6:75:9E:68:CB\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"92:2F:86:2C:23:01:31:81:66:2E:C1:54:48:30:E5:10:61:D0:30:24:8A:3E:AD:64:22:F9:4F:E3:AA:94:0A:3B:8A:72:A6:72:0B:93:3A:17:6B:9D:2B:B5:F3:63:36:1C:96:94:B8:CE:E0:8A:A8:0F:2B:09:58:ED:C5:69:EA:7F:C0:ED:B8:36:35:37:AD:C2:70:37:6C:EB:C5:44:8E:BC:32:7C:70:FC:B9:36:1E:A1:7A:5A:45:6C:28:3B:56:C3:84:6E:BA:6B:ED:F8:62:B0:8A:1C:F2:5E:B3:4F:CA:F9:BF:18:54:7D:E2:67:DE:C8:61:C2:C7:84:22:62:AD:08:E5:E7:E2:67:4B:A9:FF:4E:D8:83:3E:D5:0A:84:8C:00:1E:C9:43:D6:CB:F3:5C:1B:FD:9E:B3:24:39:F1:F6:43:1C:88:00:FD:F2:34:66:70:68:69:E0:C9:61:69:69:0D:16:B3:E1:54:4C:EB:45:9B:69:05:4B:29:A4:36:53:90:F3:6A:E4:31:F3:82:39:5E:44:53:0A:10:00:EB:04:D6:43:70:22:C5:F0:32:A9:57:40:84:DE:75:51:6F:43:C1:42:C7:9B:90:F7:3E:13:D9:BF:62:CB:BE:A8:8C:A9:9B:BE:04:17:15:E4:7F:6C:3A:80:A9:AF:91:F4:A3:36:E1\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:47:56\",", " \"not_valid_before\": \"2021-11-03 05:47:56\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "78:E0:A1:16:56:44:13:05:BA:A4:A1:79:96:B1:F2:F6:75:9E:68:CB"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "78:95:AE:E6:36:34:15:BC:EB:7F:AD:56:5C:92:17:DC:19:E2:D8:74"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "92:2F:86:2C:23:01:31:81:66:2E:C1:54:48:30:E5:10:61:D0:30:24:8A:3E:AD:64:22:F9:4F:E3:AA:94:0A:3B:8A:72:A6:72:0B:93:3A:17:6B:9D:2B:B5:F3:63:36:1C:96:94:B8:CE:E0:8A:A8:0F:2B:09:58:ED:C5:69:EA:7F:C0:ED:B8:36:35:37:AD:C2:70:37:6C:EB:C5:44:8E:BC:32:7C:70:FC:B9:36:1E:A1:7A:5A:45:6C:28:3B:56:C3:84:6E:BA:6B:ED:F8:62:B0:8A:1C:F2:5E:B3:4F:CA:F9:BF:18:54:7D:E2:67:DE:C8:61:C2:C7:84:22:62:AD:08:E5:E7:E2:67:4B:A9:FF:4E:D8:83:3E:D5:0A:84:8C:00:1E:C9:43:D6:CB:F3:5C:1B:FD:9E:B3:24:39:F1:F6:43:1C:88:00:FD:F2:34:66:70:68:69:E0:C9:61:69:69:0D:16:B3:E1:54:4C:EB:45:9B:69:05:4B:29:A4:36:53:90:F3:6A:E4:31:F3:82:39:5E:44:53:0A:10:00:EB:04:D6:43:70:22:C5:F0:32:A9:57:40:84:DE:75:51:6F:43:C1:42:C7:9B:90:F7:3E:13:D9:BF:62:CB:BE:A8:8C:A9:9B:BE:04:17:15:E4:7F:6C:3A:80:A9:AF:91:F4:A3:36:E1"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:47:56", "not_valid_before": "2021-11-03 05:47:56"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040235", "end": "2021-11-03 05:48:09.445283", "rc": 0, "start": "2021-11-03 05:48:09.405048", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target system.slice systemd-journald.socket sysinit.target dbus.socket syslog.target basic.target dbus-broker.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n"}, "msg": "Certificate requested (new). Pre/Post run hooks updated."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml:17 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml:31 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918547.3555512, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "caeeb0c14081a91ceffb1dafd680e4e0c81821f8", "ctime": 1635918547.3525512, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132722, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918547.3525512, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2960550797", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918547.3065512, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b95886e1491f7718a707de3229d6152a48284cac", "ctime": 1635918547.3525512, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132720, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918547.3525512, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "780913622", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.262161", "end": "2021-11-03 05:49:19.106694", "rc": 0, "start": "2021-11-03 05:49:18.844533", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"94:98:0D:8B:99:4A:69:62:10:D2:69:80:01:8B:A7:E0:8A:C1:76:C4\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"70:96:F7:56:F6:DD:78:0E:E8:DC:25:0A:86:21:8D:D6:78:76:34:03\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"91:D7:34:DF:CA:80:C3:B2:7E:32:64:6A:EB:9C:E2:CC:50:2A:9F:75:80:CB:A2:AA:98:80:21:CE:D0:21:BF:91:B4:28:BE:2E:41:32:3C:11:CB:A0:FA:13:EE:C6:58:84:59:B4:7A:9A:97:CC:A1:33:CF:8B:CC:80:00:01:8D:F5:C5:1F:A3:27:A4:2A:80:96:C9:FF:A2:0A:6C:48:11:3C:2B:23:CF:33:83:4C:80:48:8A:7D:79:DE:5E:62:CD:BF:6D:00:59:16:88:60:2A:6D:64:08:2A:8A:7C:33:13:12:5F:26:E6:4D:82:02:7F:A9:27:A9:2A:39:E7:76:95:E1:14:BF:C2:F2:7E:17:9D:76:06:24:E3:89:D4:52:84:01:24:51:4D:7E:9E:7F:20:B0:0A:2C:B5:E8:58:D3:5C:BC:5D:AD:C9:34:FB:F7:82:2F:29:7D:F9:C1:6D:8A:6A:5C:71:C5:4D:94:A3:63:74:67:6E:44:BE:9B:36:41:0F:FF:86:54:54:86:FA:87:AA:C2:D8:5E:51:CF:C8:C9:E5:EC:CE:4E:61:D0:CE:89:A3:FF:58:1A:BA:3D:40:BA:CD:22:4D:AA:85:5C:1B:8E:B0:B1:49:3F:B1:DE:68:38:58:88:06:E6:0D:F7:71:85:68:BD:EA:4E:56:C8:CE:3E:68:7F\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:49:06\",\n \"not_valid_before\": \"2021-11-03 05:49:07\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"94:98:0D:8B:99:4A:69:62:10:D2:69:80:01:8B:A7:E0:8A:C1:76:C4\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"70:96:F7:56:F6:DD:78:0E:E8:DC:25:0A:86:21:8D:D6:78:76:34:03\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"91:D7:34:DF:CA:80:C3:B2:7E:32:64:6A:EB:9C:E2:CC:50:2A:9F:75:80:CB:A2:AA:98:80:21:CE:D0:21:BF:91:B4:28:BE:2E:41:32:3C:11:CB:A0:FA:13:EE:C6:58:84:59:B4:7A:9A:97:CC:A1:33:CF:8B:CC:80:00:01:8D:F5:C5:1F:A3:27:A4:2A:80:96:C9:FF:A2:0A:6C:48:11:3C:2B:23:CF:33:83:4C:80:48:8A:7D:79:DE:5E:62:CD:BF:6D:00:59:16:88:60:2A:6D:64:08:2A:8A:7C:33:13:12:5F:26:E6:4D:82:02:7F:A9:27:A9:2A:39:E7:76:95:E1:14:BF:C2:F2:7E:17:9D:76:06:24:E3:89:D4:52:84:01:24:51:4D:7E:9E:7F:20:B0:0A:2C:B5:E8:58:D3:5C:BC:5D:AD:C9:34:FB:F7:82:2F:29:7D:F9:C1:6D:8A:6A:5C:71:C5:4D:94:A3:63:74:67:6E:44:BE:9B:36:41:0F:FF:86:54:54:86:FA:87:AA:C2:D8:5E:51:CF:C8:C9:E5:EC:CE:4E:61:D0:CE:89:A3:FF:58:1A:BA:3D:40:BA:CD:22:4D:AA:85:5C:1B:8E:B0:B1:49:3F:B1:DE:68:38:58:88:06:E6:0D:F7:71:85:68:BD:EA:4E:56:C8:CE:3E:68:7F\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:49:06\",", " \"not_valid_before\": \"2021-11-03 05:49:07\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "70:96:F7:56:F6:DD:78:0E:E8:DC:25:0A:86:21:8D:D6:78:76:34:03"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "94:98:0D:8B:99:4A:69:62:10:D2:69:80:01:8B:A7:E0:8A:C1:76:C4"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "91:D7:34:DF:CA:80:C3:B2:7E:32:64:6A:EB:9C:E2:CC:50:2A:9F:75:80:CB:A2:AA:98:80:21:CE:D0:21:BF:91:B4:28:BE:2E:41:32:3C:11:CB:A0:FA:13:EE:C6:58:84:59:B4:7A:9A:97:CC:A1:33:CF:8B:CC:80:00:01:8D:F5:C5:1F:A3:27:A4:2A:80:96:C9:FF:A2:0A:6C:48:11:3C:2B:23:CF:33:83:4C:80:48:8A:7D:79:DE:5E:62:CD:BF:6D:00:59:16:88:60:2A:6D:64:08:2A:8A:7C:33:13:12:5F:26:E6:4D:82:02:7F:A9:27:A9:2A:39:E7:76:95:E1:14:BF:C2:F2:7E:17:9D:76:06:24:E3:89:D4:52:84:01:24:51:4D:7E:9E:7F:20:B0:0A:2C:B5:E8:58:D3:5C:BC:5D:AD:C9:34:FB:F7:82:2F:29:7D:F9:C1:6D:8A:6A:5C:71:C5:4D:94:A3:63:74:67:6E:44:BE:9B:36:41:0F:FF:86:54:54:86:FA:87:AA:C2:D8:5E:51:CF:C8:C9:E5:EC:CE:4E:61:D0:CE:89:A3:FF:58:1A:BA:3D:40:BA:CD:22:4D:AA:85:5C:1B:8E:B0:B1:49:3F:B1:DE:68:38:58:88:06:E6:0D:F7:71:85:68:BD:EA:4E:56:C8:CE:3E:68:7F"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-11-03 05:49:06", "not_valid_before": "2021-11-03 05:49:07"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041814", "end": "2021-11-03 05:49:19.833034", "rc": 0, "start": "2021-11-03 05:49:19.791220", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml:39 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918547.3555512, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "caeeb0c14081a91ceffb1dafd680e4e0c81821f8", "ctime": 1635918547.3525512, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132722, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918547.3525512, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2960550797", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml:43 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918547.3505511, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1635918547.3505511, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132721, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1635918547.3505511, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "2955928016", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml:47 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918547.3865511, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1635918547.3865511, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132723, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1635918547.3865511, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "1625592185", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Assert file created before cert] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml:51 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Assert file created after cert] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tests_run_hooks.yml:58 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=36 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_subject.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_subject.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target dbus-broker.service dbus.socket basic.target network.target syslog.target system.slice systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_subject.yml:19 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_subject.yml:48 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918624.5638788, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b81a3d9b7ea5f119fb05c1acf8fb5e0d3e838adf", "ctime": 1635918624.5608788, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918624.5608788, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1407, "uid": 0, "version": "3543261407", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918624.5188787, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5e1711c7a493cb14e6bb474e504d58b186fc36d7", "ctime": 1635918624.5608788, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918624.5608788, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2761938605", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.193671", "end": "2021-11-03 05:50:36.282119", "rc": 0, "start": "2021-11-03 05:50:36.088448", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"countryName\",\n \"oid\": \"2.5.4.6\",\n \"value\": \"US\"\n },\n {\n \"name\": \"stateOrProvinceName\",\n \"oid\": \"2.5.4.8\",\n \"value\": \"NC\"\n },\n {\n \"name\": \"localityName\",\n \"oid\": \"2.5.4.7\",\n \"value\": \"Raleigh\"\n },\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"Red Hat\"\n },\n {\n \"name\": \"organizationalUnitName\",\n \"oid\": \"2.5.4.11\",\n \"value\": \"Linux\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"Some other common name\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"B1:D6:A8:94:CC:97:41:81:38:F4:8E:82:6D:7D:37:44:64:C9:3F:69\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"8A:A6:40:13:03:E2:2D:D9:63:37:6F:EE:E2:D5:A6:07:8E:08:8A:07\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"7C:A9:91:C8:FF:A6:10:65:AA:2D:F8:16:5B:12:B0:41:3C:81:58:10:7E:E2:0A:39:07:19:34:FD:05:C7:71:67:C4:1C:E1:32:DD:52:B2:B3:DD:5F:A4:9C:5C:52:D5:C0:86:9E:8E:79:AE:44:DD:F0:86:EA:E3:35:22:47:25:15:3D:B2:39:23:89:C6:18:40:5A:24:3F:9C:BA:95:66:49:A4:F7:28:E6:1D:1A:27:2D:BF:9C:EB:B6:E8:68:98:37:C3:9D:56:9D:63:22:10:B6:A7:96:CD:FC:09:88:89:22:0C:ED:90:94:CD:50:06:F1:BC:51:00:5F:46:EE:FA:5E:F1:18:78:8A:46:5E:1C:8E:CD:9C:B5:5D:C9:0B:FD:68:EA:ED:3B:D1:AE:E9:FF:87:4D:A2:99:58:DE:82:7C:0C:B4:21:69:3F:E8:48:12:6B:18:D5:92:3E:58:26:92:09:91:57:7F:F8:81:26:0E:C5:A1:A3:31:4D:5F:A7:52:6E:0D:70:6B:AC:2A:86:C0:3C:AE:6D:1E:3A:6B:EA:3A:FD:63:E0:A3:B6:01:69:2A:A8:1D:EE:31:5F:8D:D8:D1:E4:6A:A2:A5:47:4C:4F:66:19:32:60:1E:4E:28:57:85:72:92:B6:64:7B:69:19:DC:0F:5B:65:76:65:6E:30:EC:15\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:50:23\",\n \"not_valid_before\": \"2021-11-03 05:50:24\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"countryName\",", " \"oid\": \"2.5.4.6\",", " \"value\": \"US\"", " },", " {", " \"name\": \"stateOrProvinceName\",", " \"oid\": \"2.5.4.8\",", " \"value\": \"NC\"", " },", " {", " \"name\": \"localityName\",", " \"oid\": \"2.5.4.7\",", " \"value\": \"Raleigh\"", " },", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"Red Hat\"", " },", " {", " \"name\": \"organizationalUnitName\",", " \"oid\": \"2.5.4.11\",", " \"value\": \"Linux\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"Some other common name\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"B1:D6:A8:94:CC:97:41:81:38:F4:8E:82:6D:7D:37:44:64:C9:3F:69\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"8A:A6:40:13:03:E2:2D:D9:63:37:6F:EE:E2:D5:A6:07:8E:08:8A:07\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"7C:A9:91:C8:FF:A6:10:65:AA:2D:F8:16:5B:12:B0:41:3C:81:58:10:7E:E2:0A:39:07:19:34:FD:05:C7:71:67:C4:1C:E1:32:DD:52:B2:B3:DD:5F:A4:9C:5C:52:D5:C0:86:9E:8E:79:AE:44:DD:F0:86:EA:E3:35:22:47:25:15:3D:B2:39:23:89:C6:18:40:5A:24:3F:9C:BA:95:66:49:A4:F7:28:E6:1D:1A:27:2D:BF:9C:EB:B6:E8:68:98:37:C3:9D:56:9D:63:22:10:B6:A7:96:CD:FC:09:88:89:22:0C:ED:90:94:CD:50:06:F1:BC:51:00:5F:46:EE:FA:5E:F1:18:78:8A:46:5E:1C:8E:CD:9C:B5:5D:C9:0B:FD:68:EA:ED:3B:D1:AE:E9:FF:87:4D:A2:99:58:DE:82:7C:0C:B4:21:69:3F:E8:48:12:6B:18:D5:92:3E:58:26:92:09:91:57:7F:F8:81:26:0E:C5:A1:A3:31:4D:5F:A7:52:6E:0D:70:6B:AC:2A:86:C0:3C:AE:6D:1E:3A:6B:EA:3A:FD:63:E0:A3:B6:01:69:2A:A8:1D:EE:31:5F:8D:D8:D1:E4:6A:A2:A5:47:4C:4F:66:19:32:60:1E:4E:28:57:85:72:92:B6:64:7B:69:19:DC:0F:5B:65:76:65:6E:30:EC:15\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:50:23\",", " \"not_valid_before\": \"2021-11-03 05:50:24\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "8A:A6:40:13:03:E2:2D:D9:63:37:6F:EE:E2:D5:A6:07:8E:08:8A:07"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "B1:D6:A8:94:CC:97:41:81:38:F4:8E:82:6D:7D:37:44:64:C9:3F:69"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "7C:A9:91:C8:FF:A6:10:65:AA:2D:F8:16:5B:12:B0:41:3C:81:58:10:7E:E2:0A:39:07:19:34:FD:05:C7:71:67:C4:1C:E1:32:DD:52:B2:B3:DD:5F:A4:9C:5C:52:D5:C0:86:9E:8E:79:AE:44:DD:F0:86:EA:E3:35:22:47:25:15:3D:B2:39:23:89:C6:18:40:5A:24:3F:9C:BA:95:66:49:A4:F7:28:E6:1D:1A:27:2D:BF:9C:EB:B6:E8:68:98:37:C3:9D:56:9D:63:22:10:B6:A7:96:CD:FC:09:88:89:22:0C:ED:90:94:CD:50:06:F1:BC:51:00:5F:46:EE:FA:5E:F1:18:78:8A:46:5E:1C:8E:CD:9C:B5:5D:C9:0B:FD:68:EA:ED:3B:D1:AE:E9:FF:87:4D:A2:99:58:DE:82:7C:0C:B4:21:69:3F:E8:48:12:6B:18:D5:92:3E:58:26:92:09:91:57:7F:F8:81:26:0E:C5:A1:A3:31:4D:5F:A7:52:6E:0D:70:6B:AC:2A:86:C0:3C:AE:6D:1E:3A:6B:EA:3A:FD:63:E0:A3:B6:01:69:2A:A8:1D:EE:31:5F:8D:D8:D1:E4:6A:A2:A5:47:4C:4F:66:19:32:60:1E:4E:28:57:85:72:92:B6:64:7B:69:19:DC:0F:5B:65:76:65:6E:30:EC:15"}, "subject": [{"name": "countryName", "oid": "2.5.4.6", "value": "US"}, {"name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC"}, {"name": "localityName", "oid": "2.5.4.7", "value": "Raleigh"}, {"name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat"}, {"name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux"}, {"name": "commonName", "oid": "2.5.4.3", "value": "Some other common name"}], "validity": {"not_valid_after": "2022-11-03 05:50:23", "not_valid_before": "2021-11-03 05:50:24"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039454", "end": "2021-11-03 05:50:37.018111", "rc": 0, "start": "2021-11-03 05:50:36.978657", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_subject_complex.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmp_mbogyq9/tests/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_subject_complex.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.71.0-1.fc33.x86_64", "Installed: certmonger-0.79.14-2.fc33.x86_64", "Installed: nss-sysinit-3.71.0-1.fc33.x86_64", "Installed: nss-util-3.71.0-1.fc33.x86_64", "Installed: dbus-tools-1:1.12.20-2.fc33.x86_64", "Installed: nspr-4.32.0-1.fc33.x86_64", "Installed: nss-3.71.0-1.fc33.x86_64", "Installed: nss-softokn-3.71.0-1.fc33.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 changed: [/cache/fedora-33.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice syslog.target sysinit.target dbus-broker.service dbus.socket systemd-journald.socket basic.target network.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15525", "LimitNPROCSoft": "15525", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15525", "LimitSIGPENDINGSoft": "15525", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootHashSignature": "", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 changed: [/cache/fedora-33.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_subject_complex.yml:16 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_subject_complex.yml:36 included: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-33.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-33.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)\nInstalling collected packages: pip\n Attempting uninstall: pip\n Found existing installation: pip 20.2.2\n Uninstalling pip-20.2.2:\n Successfully uninstalled pip-20.2.2\nSuccessfully installed pip-21.3.1\n", "stdout_lines": ["Collecting pip", " Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)", "Installing collected packages: pip", " Attempting uninstall: pip", " Found existing installation: pip 20.2.2", " Uninstalling pip-20.2.2:", " Successfully uninstalled pip-20.2.2", "Successfully installed pip-21.3.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-33.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1"], "name": ["cryptography<35", "certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting cryptography<35\n Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)\nCollecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\n Preparing metadata (setup.py): started\n Preparing metadata (setup.py): finished with status 'done'\nCollecting cffi>=1.12\n Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0\n", "stdout_lines": ["Collecting cryptography<35", " Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB)", "Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", " Preparing metadata (setup.py): started", " Preparing metadata (setup.py): finished with status 'done'", "Collecting cffi>=1.12", " Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.20 pyyaml-6.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:26 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918695.070387, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fbd4c12bef1e6cfdf11676de244fcccb1d63dacd", "ctime": 1635918695.068387, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918695.068387, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1375, "uid": 0, "version": "2044436254", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:31 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:37 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:49 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:55 ok: [/cache/fedora-33.qcow2] => {"changed": false, "stat": {"atime": 1635918695.025387, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5c95fe8ca2d7151fd72389ec71478aa993d9e15f", "ctime": 1635918695.068387, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1635918695.068387, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2960422671", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:60 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:78 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.195604", "end": "2021-11-03 05:51:46.763592", "rc": 0, "start": "2021-11-03 05:51:46.567988", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"emailAddress\",\n \"oid\": \"1.2.840.113549.1.9.1\",\n \"value\": \"admin@example.com\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"# \\\\\\\\Every\\\"thing+that,ne;edsing\\\\0 \"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"48:69:9A:F9:4C:24:FA:12:DC:78:61:ED:5B:FE:A8:D0:4A:8A:80:B7\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"46:74:EA:D3:A5:36:31:16:E0:3C:AC:AF:13:1E:43:33:98:20:32:27\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"27:7F:37:E7:99:7E:38:61:60:72:8C:6C:ED:C3:DE:0D:A8:D7:72:9E:6A:4C:8B:CF:0F:77:6D:1C:C7:33:A9:5A:03:08:AD:AD:C9:0C:32:FC:20:65:B1:92:29:A7:A9:97:C1:EE:74:6E:35:4F:E8:06:64:B2:C8:81:C0:A3:2D:B0:EE:A6:EE:09:54:1F:46:3D:A9:C0:8F:92:EF:70:C4:04:FA:67:4E:CE:0A:A1:09:1D:81:95:2C:37:5B:94:53:1D:5B:D9:50:3F:A2:1C:0D:42:9C:8C:9B:DF:BC:51:8F:E8:53:C0:D7:27:39:F0:7C:1F:61:7B:94:0E:4B:4C:2D:F1:A0:D2:F5:82:97:D9:29:9E:04:26:86:4F:8B:56:B0:BD:2E:24:E5:2A:76:87:BC:D1:F3:32:3C:65:DA:A8:C8:DB:35:42:50:FF:9D:FC:50:2B:22:84:0C:9D:2D:A8:D4:25:B5:75:D3:A8:2D:D1:0E:24:D0:D1:20:CD:D8:71:20:3A:3C:16:B7:07:DE:4A:D5:E0:70:75:9D:12:D2:C9:37:58:87:6A:DE:9B:AB:18:B2:40:AA:A0:5C:98:BD:35:7A:C8:C5:28:1D:AC:56:6B:47:BF:DE:EB:9F:E4:1B:4F:C0:A7:7C:90:26:88:5D:BD:BE:B7:FB:D9:7F:8A:A9:69:B6:C8\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-03 05:51:34\",\n \"not_valid_before\": \"2021-11-03 05:51:35\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"emailAddress\",", " \"oid\": \"1.2.840.113549.1.9.1\",", " \"value\": \"admin@example.com\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"# \\\\\\\\Every\\\"thing+that,ne;edsing\\\\0 \"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"48:69:9A:F9:4C:24:FA:12:DC:78:61:ED:5B:FE:A8:D0:4A:8A:80:B7\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"46:74:EA:D3:A5:36:31:16:E0:3C:AC:AF:13:1E:43:33:98:20:32:27\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"27:7F:37:E7:99:7E:38:61:60:72:8C:6C:ED:C3:DE:0D:A8:D7:72:9E:6A:4C:8B:CF:0F:77:6D:1C:C7:33:A9:5A:03:08:AD:AD:C9:0C:32:FC:20:65:B1:92:29:A7:A9:97:C1:EE:74:6E:35:4F:E8:06:64:B2:C8:81:C0:A3:2D:B0:EE:A6:EE:09:54:1F:46:3D:A9:C0:8F:92:EF:70:C4:04:FA:67:4E:CE:0A:A1:09:1D:81:95:2C:37:5B:94:53:1D:5B:D9:50:3F:A2:1C:0D:42:9C:8C:9B:DF:BC:51:8F:E8:53:C0:D7:27:39:F0:7C:1F:61:7B:94:0E:4B:4C:2D:F1:A0:D2:F5:82:97:D9:29:9E:04:26:86:4F:8B:56:B0:BD:2E:24:E5:2A:76:87:BC:D1:F3:32:3C:65:DA:A8:C8:DB:35:42:50:FF:9D:FC:50:2B:22:84:0C:9D:2D:A8:D4:25:B5:75:D3:A8:2D:D1:0E:24:D0:D1:20:CD:D8:71:20:3A:3C:16:B7:07:DE:4A:D5:E0:70:75:9D:12:D2:C9:37:58:87:6A:DE:9B:AB:18:B2:40:AA:A0:5C:98:BD:35:7A:C8:C5:28:1D:AC:56:6B:47:BF:DE:EB:9F:E4:1B:4F:C0:A7:7C:90:26:88:5D:BD:BE:B7:FB:D9:7F:8A:A9:69:B6:C8\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-03 05:51:34\",", " \"not_valid_before\": \"2021-11-03 05:51:35\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "46:74:EA:D3:A5:36:31:16:E0:3C:AC:AF:13:1E:43:33:98:20:32:27"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "48:69:9A:F9:4C:24:FA:12:DC:78:61:ED:5B:FE:A8:D0:4A:8A:80:B7"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "27:7F:37:E7:99:7E:38:61:60:72:8C:6C:ED:C3:DE:0D:A8:D7:72:9E:6A:4C:8B:CF:0F:77:6D:1C:C7:33:A9:5A:03:08:AD:AD:C9:0C:32:FC:20:65:B1:92:29:A7:A9:97:C1:EE:74:6E:35:4F:E8:06:64:B2:C8:81:C0:A3:2D:B0:EE:A6:EE:09:54:1F:46:3D:A9:C0:8F:92:EF:70:C4:04:FA:67:4E:CE:0A:A1:09:1D:81:95:2C:37:5B:94:53:1D:5B:D9:50:3F:A2:1C:0D:42:9C:8C:9B:DF:BC:51:8F:E8:53:C0:D7:27:39:F0:7C:1F:61:7B:94:0E:4B:4C:2D:F1:A0:D2:F5:82:97:D9:29:9E:04:26:86:4F:8B:56:B0:BD:2E:24:E5:2A:76:87:BC:D1:F3:32:3C:65:DA:A8:C8:DB:35:42:50:FF:9D:FC:50:2B:22:84:0C:9D:2D:A8:D4:25:B5:75:D3:A8:2D:D1:0E:24:D0:D1:20:CD:D8:71:20:3A:3C:16:B7:07:DE:4A:D5:E0:70:75:9D:12:D2:C9:37:58:87:6A:DE:9B:AB:18:B2:40:AA:A0:5C:98:BD:35:7A:C8:C5:28:1D:AC:56:6B:47:BF:DE:EB:9F:E4:1B:4F:C0:A7:7C:90:26:88:5D:BD:BE:B7:FB:D9:7F:8A:A9:69:B6:C8"}, "subject": [{"name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com"}, {"name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 "}], "validity": {"not_valid_after": "2022-11-03 05:51:34", "not_valid_before": "2021-11-03 05:51:35"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:87 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:96 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:105 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:112 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:125 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:141 ok: [/cache/fedora-33.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037742", "end": "2021-11-03 05:51:47.462059", "rc": 0, "start": "2021-11-03 05:51:47.424317", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_mbogyq9/tests/tasks/assert_certificate_parameters.yml:150 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_mbogyq9/tests; TEST_SUBJECTS=/cache/fedora-33.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-100-3dbef8b-fedora-33-u9auawzn/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_mbogyq9/_setup.yml /tmp/tmp_mbogyq9/tests/tests_wrong_provider.yml ansible-playbook 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.9.7 (default, Aug 30 2021, 00:00:00) [GCC 11.2.1 20210728 (Red Hat 11.2.1-1)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_mbogyq9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_mbogyq9/_setup.yml:5 ok: [/cache/fedora-33.qcow2] => { "groups": { "all": [ "/cache/fedora-33.qcow2" ], "localhost": [ "/cache/fedora-33.qcow2" ], "subjects": [ "/cache/fedora-33.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_mbogyq9/_setup.yml:7 skipping: [/cache/fedora-33.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmp_mbogyq9/tests/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_mbogyq9/tests/tests_wrong_provider.yml:2 ok: [/cache/fedora-33.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_mbogyq9/tasks/main.yml:2 ok: [/cache/fedora-33.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_mbogyq9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:17 changed: [/cache/fedora-33.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-3.fc33.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:34 skipping: [/cache/fedora-33.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:45 skipping: [/cache/fedora-33.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_mbogyq9/tasks/main.yml:71 skipping: [/cache/fedora-33.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_mbogyq9/tasks/main.yml:100 skipping: [/cache/fedora-33.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_mbogyq9/tasks/main.yml:112 failed: [/cache/fedora-33.qcow2] (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "fake-provider"}, "msg": "Chosen provider 'fake-provider' is not available."} TASK [assert...] *************************************************************** task path: /tmp/tmp_mbogyq9/tests/tests_wrong_provider.yml:22 ok: [/cache/fedora-33.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-33.qcow2 : ok=5 changed=1 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0