Formatting '/cache/fedora-34.qcow2.snap', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=4294967296 backing_file=/cache/fedora-34.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: fedora-34_setup.yml ************************************************** 1 plays in /cache/fedora-34_setup.yml PLAY [Set up host for test playbooks] ****************************************** TASK [Gathering Facts] ********************************************************* task path: /cache/fedora-34_setup.yml:1 Monday 09 May 2022 16:04:50 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Create EPEL 34 repo] ***************************************************** task path: /cache/fedora-34_setup.yml:5 Monday 09 May 2022 16:04:51 +0000 (0:00:01.169) 0:00:01.178 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [Create yum cache] ******************************************************** task path: /cache/fedora-34_setup.yml:15 Monday 09 May 2022 16:04:51 +0000 (0:00:00.017) 0:00:01.196 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [Create dnf cache] ******************************************************** task path: /cache/fedora-34_setup.yml:21 Monday 09 May 2022 16:04:51 +0000 (0:00:00.015) 0:00:01.211 ************ changed: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [Disable EPEL 7] ********************************************************** task path: /cache/fedora-34_setup.yml:27 Monday 09 May 2022 16:05:33 +0000 (0:00:41.730) 0:00:42.942 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [Disable EPEL 8] ********************************************************** task path: /cache/fedora-34_setup.yml:35 Monday 09 May 2022 16:05:33 +0000 (0:00:00.018) 0:00:42.961 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=2 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 Monday 09 May 2022 16:05:33 +0000 (0:00:00.022) 0:00:42.983 ************ =============================================================================== Create dnf cache ------------------------------------------------------- 41.73s /cache/fedora-34_setup.yml:21 ------------------------------------------------- Gathering Facts --------------------------------------------------------- 1.17s /cache/fedora-34_setup.yml:1 -------------------------------------------------- Disable EPEL 8 ---------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:35 ------------------------------------------------- Disable EPEL 7 ---------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:27 ------------------------------------------------- Create EPEL 34 repo ----------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:5 -------------------------------------------------- Create yum cache -------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:15 ------------------------------------------------- PLAYBOOK: setup-snapshot.yml *************************************************** 1 plays in /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:1 Monday 09 May 2022 16:05:33 +0000 (0:00:00.009) 0:00:42.992 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Set platform/version specific variables] ********************************* task path: /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:3 Monday 09 May 2022 16:05:34 +0000 (0:00:00.765) 0:00:43.758 ************ TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:05:34 +0000 (0:00:00.027) 0:00:43.785 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:05:34 +0000 (0:00:00.498) 0:00:44.284 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2.snap TASK [Install test packages] *************************************************** task path: /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:9 Monday 09 May 2022 16:05:34 +0000 (0:00:00.046) 0:00:44.330 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=5 changed=2 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 Monday 09 May 2022 16:05:38 +0000 (0:00:03.359) 0:00:47.690 ************ =============================================================================== Create dnf cache ------------------------------------------------------- 41.73s /cache/fedora-34_setup.yml:21 ------------------------------------------------- Install test packages --------------------------------------------------- 3.36s /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:9 ----------------------------------- Gathering Facts --------------------------------------------------------- 1.17s /cache/fedora-34_setup.yml:1 -------------------------------------------------- Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:1 ----------------------------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.50s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Set platform/version specific variables --- 0.05s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Set platform/version specific variables --------------------------------- 0.03s /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:3 ----------------------------------- Disable EPEL 8 ---------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:35 ------------------------------------------------- Disable EPEL 7 ---------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:27 ------------------------------------------------- Create EPEL 34 repo ----------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:5 -------------------------------------------------- Create yum cache -------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:15 ------------------------------------------------- PLAYBOOK: fedora-34_post_setup.yml ********************************************* 1 plays in /cache/fedora-34_post_setup.yml PLAY [Post setup - these happen last] ****************************************** META: ran handlers TASK [force sync of filesystems - ensure setup changes are made to snapshot] *** task path: /cache/fedora-34_post_setup.yml:5 Monday 09 May 2022 16:05:38 +0000 (0:00:00.013) 0:00:47.703 ************ changed: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [shutdown guest] ********************************************************** task path: /cache/fedora-34_post_setup.yml:8 Monday 09 May 2022 16:05:38 +0000 (0:00:00.511) 0:00:48.215 ************ changed: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=7 changed=4 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 Monday 09 May 2022 16:05:39 +0000 (0:00:00.505) 0:00:48.721 ************ =============================================================================== Create dnf cache ------------------------------------------------------- 41.73s /cache/fedora-34_setup.yml:21 ------------------------------------------------- Install test packages --------------------------------------------------- 3.36s /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:9 ----------------------------------- Gathering Facts --------------------------------------------------------- 1.17s /cache/fedora-34_setup.yml:1 -------------------------------------------------- Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:1 ----------------------------------- force sync of filesystems - ensure setup changes are made to snapshot --- 0.51s /cache/fedora-34_post_setup.yml:5 --------------------------------------------- shutdown guest ---------------------------------------------------------- 0.51s /cache/fedora-34_post_setup.yml:8 --------------------------------------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.50s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Set platform/version specific variables --- 0.05s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Set platform/version specific variables --------------------------------- 0.03s /tmp/tmpd_ggxgwx/tests/setup-snapshot.yml:3 ----------------------------------- Disable EPEL 8 ---------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:35 ------------------------------------------------- Disable EPEL 7 ---------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:27 ------------------------------------------------- Create EPEL 34 repo ----------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:5 -------------------------------------------------- Create yum cache -------------------------------------------------------- 0.02s /cache/fedora-34_setup.yml:15 ------------------------------------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file statically imported: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmpd_ggxgwx/tests/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_basic_ipa.yml:2 Monday 09 May 2022 16:06:23 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:2 Monday 09 May 2022 16:06:24 +0000 (0:00:01.128) 0:00:01.138 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:6 Monday 09 May 2022 16:06:24 +0000 (0:00:00.039) 0:00:01.178 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:12 Monday 09 May 2022 16:06:24 +0000 (0:00:00.038) 0:00:01.217 ************ changed: [/cache/fedora-34.qcow2.snap -> 127.0.0.1] => { "after": "ba3fe74b60bcfcc8140e32ed33d06bb3dd14b112", "before": null, "changed": true } TASK [Create role symlinks] **************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:21 Monday 09 May 2022 16:06:26 +0000 (0:00:01.275) 0:00:02.492 ************ changed: [/cache/fedora-34.qcow2.snap -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpd_ggxgwx/tests/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [/cache/fedora-34.qcow2.snap -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpd_ggxgwx/tests/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:33 Monday 09 May 2022 16:06:26 +0000 (0:00:00.534) 0:00:03.027 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Set hostname] ************************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:38 Monday 09 May 2022 16:06:29 +0000 (0:00:02.411) 0:00:05.439 ************ changed: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:42 Monday 09 May 2022 16:06:30 +0000 (0:00:00.874) 0:00:06.313 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [Include ipaserver role] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:50 Monday 09 May 2022 16:06:33 +0000 (0:00:03.051) 0:00:09.365 ************ TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Monday 09 May 2022 16:06:33 +0000 (0:00:00.032) 0:00:09.397 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml) => { "ansible_facts": { "ipaserver_packages": [ "freeipa-server", "python3-libselinux" ], "ipaserver_packages_adtrust": [ "freeipa-server-trust-ad" ], "ipaserver_packages_dns": [ "freeipa-server-dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:19 Monday 09 May 2022 16:06:33 +0000 (0:00:00.045) 0:00:09.443 ************ included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/fedora-34.qcow2.snap TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 Monday 09 May 2022 16:06:33 +0000 (0:00:00.062) 0:00:09.506 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: libdb-utils-5.3.28-49.fc34.x86_64", "Installed: perl-DynaLoader-1.47-477.fc34.x86_64", "Installed: oddjob-0.34.7-2.fc34.x86_64", "Installed: oddjob-mkhomedir-0.34.7-2.fc34.x86_64", "Installed: perl-Encode-4:3.15-462.fc34.x86_64", "Installed: samba-common-libs-2:4.14.12-0.fc34.x86_64", "Installed: perl-Errno-1.30-477.fc34.x86_64", "Installed: libev-4.33-3.fc34.x86_64", "Installed: tzdata-java-2022a-1.fc34.noarch", "Installed: web-assets-filesystem-5-14.fc34.noarch", "Installed: jboss-annotations-1.2-api-1.0.2-5.fc34.noarch", "Installed: python3-augeas-0.5.0-23.fc34.noarch", "Installed: xerces-j2-2.12.1-3.fc34.noarch", "Installed: perl-Fcntl-1.13-477.fc34.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-14.fc34.noarch", "Installed: perl-File-Basename-2.85-477.fc34.noarch", "Installed: perl-File-Find-1.37-477.fc34.noarch", "Installed: krb5-pkinit-1.19.2-5.fc34.x86_64", "Installed: krb5-server-1.19.2-5.fc34.x86_64", "Installed: krb5-workstation-1.19.2-5.fc34.x86_64", "Installed: jboss-logging-3.4.1-6.fc34.noarch", "Installed: perl-constant-1.33-459.fc34.noarch", "Installed: jboss-logging-tools-2.2.1-4.fc34.noarch", "Installed: python3-nss-1.0.1-23.fc34.x86_64", "Installed: fedora-logos-httpd-34.0.4-1.fc34.noarch", "Installed: logrotate-3.18.0-3.fc34.x86_64", "Installed: tomcat-native-1.2.23-4.fc34.x86_64", "Installed: perl-File-stat-1.09-477.fc34.noarch", "Installed: python3-dns-2.1.0-3.fc34.noarch", "Installed: perl-FileHandle-2.03-477.fc34.noarch", "Installed: apache-commons-cli-1.5.0-1.fc34.noarch", "Installed: perl-Getopt-Std-1.12-477.fc34.noarch", "Installed: perl-PathTools-3.78-459.fc34.x86_64", "Installed: tomcatjss-7.6.1-2.fc34.noarch", "Installed: rpcbind-1.2.6-0.fc34.x86_64", "Installed: openssl-1:1.1.1n-1.fc34.x86_64", "Installed: openssl-perl-1:1.1.1n-1.fc34.x86_64", "Installed: nfs-utils-1:2.5.4-2.rc3.fc34.x86_64", "Installed: perl-HTTP-Tiny-0.078-1.fc34.noarch", "Installed: copy-jdk-configs-4.0-1.fc34.noarch", "Installed: lua-5.4.4-1.fc34.x86_64", "Installed: perl-IO-1.43-477.fc34.x86_64", "Installed: jdeparser-2.0.3-6.fc34.noarch", "Installed: perl-IPC-Open3-1.21-477.fc34.noarch", "Installed: python3-pyusb-1.2.1-1.fc34.noarch", "Installed: apr-1.7.0-9.fc34.x86_64", "Installed: lua-posix-35.0-3.fc34.x86_64", "Installed: perl-libnet-3.13-2.fc34.noarch", "Installed: bash-completion-1:2.11-2.fc34.noarch", "Installed: harfbuzz-2.7.4-3.fc34.x86_64", "Installed: perl-Mozilla-CA-20211001-1.fc34.noarch", "Installed: perl-NDBM_File-1.15-477.fc34.x86_64", "Installed: perl-parent-1:0.238-458.fc34.noarch", "Installed: python3-jwcrypto-0.8-2.fc34.noarch", "Installed: perl-Pod-Escapes-1:1.07-458.fc34.noarch", "Installed: perl-podlators-1:4.14-458.fc34.noarch", "Installed: perl-Pod-Perldoc-3.28.01-459.fc34.noarch", "Installed: open-sans-fonts-1.10-14.fc34.noarch", "Installed: libverto-libev-0.3.2-1.fc34.x86_64", "Installed: perl-Carp-1.50-458.fc34.noarch", "Installed: perl-Pod-Simple-1:3.42-2.fc34.noarch", "Installed: perl-POSIX-1.94-477.fc34.x86_64", "Installed: perl-threads-1:2.25-458.fc34.x86_64", "Installed: perl-threads-shared-1.61-458.fc34.x86_64", "Installed: perl-Pod-Usage-4:2.01-2.fc34.noarch", "Installed: gssproxy-0.8.4-2.fc34.x86_64", "Installed: slf4j-1.7.30-8.fc34.noarch", "Installed: slf4j-jdk14-1.7.30-8.fc34.noarch", "Installed: freetype-2.10.4-3.fc34.x86_64", "Installed: perl-SelectSaver-1.02-477.fc34.noarch", "Installed: perl-Socket-4:2.032-1.fc34.x86_64", "Installed: xml-commons-apis-1.4.01-33.fc34.noarch", "Installed: xml-commons-resolver-1.2-33.fc34.noarch", "Installed: publicsuffix-list-20190417-5.fc34.noarch", "Installed: perl-Symbol-1.08-477.fc34.noarch", "Installed: python3-sss-2.5.2-2.fc34.x86_64", "Installed: perl-Term-ReadLine-1.17-477.fc34.noarch", "Installed: python3-sss-murmur-2.5.2-2.fc34.x86_64", "Installed: pki-acme-10.10.7-1.fc34.noarch", "Installed: pki-base-10.10.7-1.fc34.noarch", "Installed: pki-base-java-10.10.7-1.fc34.noarch", "Installed: perl-Digest-MD5-2.58-2.fc34.x86_64", "Installed: pki-ca-10.10.7-1.fc34.noarch", "Installed: python3-sssdconfig-2.5.2-2.fc34.noarch", "Installed: pki-kra-10.10.7-1.fc34.noarch", "Installed: samba-common-2:4.14.12-0.fc34.noarch", "Installed: pki-server-10.10.7-1.fc34.noarch", "Installed: pki-symkey-10.10.7-1.fc34.x86_64", "Installed: augeas-libs-1.13.0-1.fc34.x86_64", "Installed: pki-tools-10.10.7-1.fc34.x86_64", "Installed: python3-ipaclient-4.9.6-4.fc34.noarch", "Installed: python3-ipalib-4.9.6-4.fc34.noarch", "Installed: nss-tools-3.77.0-1.fc34.x86_64", "Installed: perl-Text-Tabs+Wrap-2021.0726-1.fc34.noarch", "Installed: python3-ipaserver-4.9.6-4.fc34.noarch", "Installed: python3-systemd-234-19.fc34.x86_64", "Installed: perl-Tie-4.6-477.fc34.noarch", "Installed: cups-libs-1:2.3.3op2-17.fc34.x86_64", "Installed: perl-Text-Diff-1.45-11.fc34.noarch", "Installed: perl-IO-Compress-2.102-2.fc34.noarch", "Installed: perl-IO-Compress-Lzma-2.101-2.fc34.noarch", "Installed: policycoreutils-python-utils-3.2-1.fc34.noarch", "Installed: mod_http2-1.15.24-1.fc34.x86_64", "Installed: mod_lua-2.4.53-1.fc34.x86_64", "Installed: ecj-1:4.19-1.fc34.noarch", "Installed: apache-commons-codec-1.15-2.fc34.noarch", "Installed: words-3.0-37.fc34.noarch", "Installed: mod_session-2.4.53-1.fc34.x86_64", "Installed: python3-qrcode-core-6.1-8.fc34.noarch", "Installed: libuv-1:1.44.1-1.fc34.x86_64", "Installed: mod_ssl-1:2.4.53-1.fc34.x86_64", "Installed: perl-base-2.27-477.fc34.noarch", "Installed: perl-debugger-1.56-477.fc34.noarch", "Installed: perl-IO-Socket-IP-0.41-3.fc34.noarch", "Installed: apache-commons-daemon-1.2.4-1.fc34.x86_64", "Installed: perl-Text-ParseWords-3.30-458.fc34.noarch", "Installed: perl-IO-Socket-SSL-2.070-2.fc34.noarch", "Installed: autofs-1:5.1.7-18.fc34.x86_64", "Installed: python3-kdcproxy-1.0.0-5.fc34.noarch", "Installed: apache-commons-io-1:2.8.0-3.fc34.noarch", "Installed: perl-IO-Zlib-1:1.11-2.fc34.noarch", "Installed: cyrus-sasl-gssapi-2.1.27-9.fc34.x86_64", "Installed: java-11-openjdk-headless-1:11.0.15.0.10-1.fc34.x86_64", "Installed: perl-if-0.60.800-477.fc34.noarch", "Installed: perl-interpreter-4:5.32.1-477.fc34.x86_64", "Installed: apache-commons-lang3-3.11-2.fc34.noarch", "Installed: python3-ldap-3.3.1-5.fc34.x86_64", "Installed: apache-commons-logging-1.2-25.fc34.noarch", "Installed: cyrus-sasl-md5-2.1.27-9.fc34.x86_64", "Installed: lcms2-2.12-1.fc34.x86_64", "Installed: cyrus-sasl-plain-2.1.27-9.fc34.x86_64", "Installed: perl-libs-4:5.32.1-477.fc34.x86_64", "Installed: apache-commons-net-3.6-11.fc34.noarch", "Installed: python3-lib389-2.0.15-1.fc34.noarch", "Installed: ldapjdk-4.22.0-5.fc34.noarch", "Installed: perl-meta-notation-5.32.1-477.fc34.noarch", "Installed: perl-mro-1.23-477.fc34.x86_64", "Installed: perl-overload-1.31-477.fc34.noarch", "Installed: perl-overloading-0.02-477.fc34.noarch", "Installed: avahi-libs-0.8-14.fc34.x86_64", "Installed: python3-libipa_hbac-2.5.2-2.fc34.x86_64", "Installed: perl-sigtrap-1.09-477.fc34.noarch", "Installed: perl-subs-1.03-477.fc34.noarch", "Installed: python-systemd-doc-234-19.fc34.x86_64", "Installed: perl-vars-1.05-477.fc34.noarch", "Installed: jackson-annotations-2.11.4-2.fc34.noarch", "Installed: perl-Scalar-List-Utils-4:1.56-459.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: jackson-core-2.11.4-2.fc34.noarch", "Installed: jackson-databind-2.11.4-2.fc34.noarch", "Installed: js-jquery-3.5.0-5.fc34.noarch", "Installed: jackson-jaxrs-json-provider-2.11.4-2.fc34.noarch", "Installed: jackson-jaxrs-providers-2.11.4-2.fc34.noarch", "Installed: lksctp-tools-1.0.18-9.fc34.x86_64", "Installed: jackson-module-jaxb-annotations-2.11.4-2.fc34.noarch", "Installed: python3-lxml-4.6.5-1.fc34.x86_64", "Installed: perl-Time-Local-2:1.300-5.fc34.noarch", "Installed: perl-Exporter-5.74-459.fc34.noarch", "Installed: perl-Compress-Raw-Bzip2-2.101-3.fc34.x86_64", "Installed: jakarta-activation-1.2.2-2.fc34.noarch", "Installed: perl-Compress-Raw-Lzma-2.101-1.fc34.x86_64", "Installed: mod_auth_gssapi-1.6.3-3.fc34.x86_64", "Installed: perl-Compress-Raw-Zlib-2.101-3.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: libwbclient-2:4.14.12-0.fc34.x86_64", "Installed: jaxb-impl-2.3.5-1.fc34.noarch", "Installed: apr-util-1.6.1-16.fc34.x86_64", "Installed: apr-util-bdb-1.6.1-16.fc34.x86_64", "Installed: libpkgconf-1.7.3-6.fc34.x86_64", "Installed: pkgconf-1.7.3-6.fc34.x86_64", "Installed: pkgconf-m4-1.7.3-6.fc34.noarch", "Installed: pkgconf-pkg-config-1.7.3-6.fc34.x86_64", "Installed: apr-util-openssl-1.6.1-16.fc34.x86_64", "Installed: authselect-1.2.3-1.fc34.x86_64", "Installed: mod_lookup_identity-1.0.0-13.fc34.x86_64", "Installed: resteasy-atom-provider-3.0.26-7.fc34.noarch", "Installed: resteasy-client-3.0.26-7.fc34.noarch", "Installed: resteasy-core-3.0.26-7.fc34.noarch", "Installed: authselect-libs-1.2.3-1.fc34.x86_64", "Installed: resteasy-jackson2-provider-3.0.26-7.fc34.noarch", "Installed: resteasy-jaxb-provider-3.0.26-7.fc34.noarch", "Installed: softhsm-2.6.1-5.fc34.1.x86_64", "Installed: perl-Storable-1:3.21-458.fc34.x86_64", "Installed: jss-4.8.1-2.fc34.x86_64", "Installed: slapi-nis-0.56.7-1.fc34.x86_64", "Installed: xalan-j2-2.7.2-7.fc34.noarch", "Installed: perl-Algorithm-Diff-1.2010-2.fc34.noarch", "Installed: keyutils-1.6.1-2.fc34.x86_64", "Installed: libpng-2:1.6.37-10.fc34.x86_64", "Installed: perl-URI-5.09-1.fc34.noarch", "Installed: python3-psutil-5.8.0-5.fc34.x86_64", "Installed: julietaula-montserrat-base-web-fonts-1:7.210-4.fc34.noarch", "Installed: julietaula-montserrat-fonts-common-1:7.210-4.fc34.noarch", "Installed: libicu-67.1-7.fc34.x86_64", "Installed: freeipa-client-4.9.6-4.fc34.x86_64", "Installed: freeipa-client-common-4.9.6-4.fc34.noarch", "Installed: perl-Net-SSLeay-1.90-2.fc34.x86_64", "Installed: freeipa-common-4.9.6-4.fc34.noarch", "Installed: freeipa-healthcheck-core-0.10-1.fc34.noarch", "Installed: freeipa-selinux-4.9.6-4.fc34.noarch", "Installed: freeipa-server-4.9.6-4.fc34.x86_64", "Installed: freeipa-server-common-4.9.6-4.fc34.noarch", "Installed: httpcomponents-client-4.5.10-6.fc34.noarch", "Installed: httpcomponents-core-4.4.12-5.fc34.noarch", "Installed: perl-File-Path-2.18-2.fc34.noarch", "Installed: python3-pyasn1-modules-0.4.8-4.fc34.noarch", "Installed: python3-mod_wsgi-4.7.1-4.fc34.x86_64", "Installed: mailcap-2.1.49-3.fc34.noarch", "Installed: python3-gssapi-1.6.9-3.fc34.x86_64", "Installed: libipa_hbac-2.5.2-2.fc34.x86_64", "Installed: perl-File-Temp-1:0.231.100-2.fc34.noarch", "Installed: bind-libs-32:9.16.27-1.fc34.x86_64", "Installed: bind-license-32:9.16.27-1.fc34.noarch", "Installed: tomcat-1:9.0.59-3.fc34.noarch", "Installed: bind-utils-32:9.16.27-1.fc34.x86_64", "Installed: tomcat-el-3.0-api-1:9.0.59-3.fc34.noarch", "Installed: fstrm-0.6.1-2.fc34.x86_64", "Installed: python3-decorator-4.4.2-4.fc34.noarch", "Installed: graphite2-1.3.14-7.fc34.x86_64", "Installed: openldap-clients-2.4.57-6.fc34.x86_64", "Installed: openldap-compat-2.4.57-6.fc34.x86_64", "Installed: tomcat-jsp-2.3-api-1:9.0.59-3.fc34.noarch", "Installed: tomcat-lib-1:9.0.59-3.fc34.noarch", "Installed: libjpeg-turbo-2.0.90-3.fc34.x86_64", "Installed: tomcat-servlet-4.0-api-1:9.0.59-3.fc34.noarch", "Installed: perl-Archive-Tar-2.40-1.fc34.noarch", "Installed: alsa-lib-1.2.6.1-3.fc34.x86_64", "Installed: libkadm5-1.19.2-5.fc34.x86_64", "Installed: perl-AutoLoader-5.74-477.fc34.noarch", "Installed: sscg-3.0.2-6.fc34.x86_64", "Installed: perl-B-1.80-477.fc34.x86_64", "Installed: perl-Term-ANSIColor-5.01-459.fc34.noarch", "Installed: httpd-2.4.53-1.fc34.x86_64", "Installed: perl-Term-Cap-1.17-458.fc34.noarch", "Installed: httpd-filesystem-2.4.53-1.fc34.noarch", "Installed: httpd-tools-2.4.53-1.fc34.x86_64", "Installed: 389-ds-base-2.0.15-1.fc34.x86_64", "Installed: perl-MIME-Base64-3.16-2.fc34.x86_64", "Installed: 389-ds-base-libs-2.0.15-1.fc34.x86_64", "Installed: sssd-common-pac-2.5.2-2.fc34.x86_64", "Installed: sssd-dbus-2.5.2-2.fc34.x86_64", "Installed: quota-1:4.06-4.fc34.x86_64", "Installed: sssd-ipa-2.5.2-2.fc34.x86_64", "Installed: sssd-krb5-common-2.5.2-2.fc34.x86_64", "Installed: quota-nls-1:4.06-4.fc34.noarch", "Installed: fontawesome-fonts-1:4.7.0-11.fc34.noarch", "Installed: perl-DB_File-1.855-2.fc34.x86_64", "Installed: perl-Class-Struct-0.66-477.fc34.noarch", "Installed: sssd-tools-2.5.2-2.fc34.x86_64", "Installed: python3-yubico-1.3.3-5.fc34.noarch", "Installed: python3-netaddr-0.8.0-3.fc34.noarch", "Installed: javapackages-filesystem-5.3.0-15.fc34.noarch", "Installed: python3-pki-10.10.7-1.fc34.noarch", "Installed: javapackages-tools-5.3.0-15.fc34.noarch", "Installed: python3-argcomplete-1.12.0-3.fc34.noarch", "Installed: python3-netifaces-0.10.6-13.fc34.x86_64", "Installed: perl-Getopt-Long-1:2.52-2.fc34.noarch", "Installed: jaxb-api-2.3.3-3.fc34.noarch", "Installed: libxslt-1.1.34-5.fc34.x86_64", "Installed: perl-Data-Dumper-2.174-460.fc34.x86_64", "Installed: perl-Devel-Peek-1.28-477.fc34.x86_64", "Installed: perl-Digest-1.20-1.fc34.noarch", "Installed: samba-client-libs-2:4.14.12-0.fc34.x86_64" ] } TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 Monday 09 May 2022 16:07:20 +0000 (0:00:47.238) 0:00:56.745 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: bind-dnssec-doc-32:9.16.27-1.fc34.noarch", "Installed: bind-dnssec-utils-32:9.16.27-1.fc34.x86_64", "Installed: freeipa-server-dns-4.9.6-4.fc34.noarch", "Installed: bind-dyndb-ldap-11.9-9.fc34.x86_64", "Installed: opendnssec-2.1.9-1.fc34.x86_64", "Installed: ldns-1.8.1-3.fc34.x86_64", "Installed: opencryptoki-3.16.0-2.fc34.x86_64", "Installed: opencryptoki-icsftok-3.16.0-2.fc34.x86_64", "Installed: opencryptoki-libs-3.16.0-2.fc34.x86_64", "Installed: python3-bind-32:9.16.27-1.fc34.noarch", "Installed: sqlite-3.34.1-2.fc34.x86_64", "Installed: bind-32:9.16.27-1.fc34.x86_64" ] } TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Monday 09 May 2022 16:07:28 +0000 (0:00:07.589) 0:01:04.334 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 Monday 09 May 2022 16:07:28 +0000 (0:00:00.035) 0:01:04.370 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: gobject-introspection-1.68.0-4.fc34.x86_64", "Installed: libnftnl-1.1.9-2.fc34.x86_64", "Installed: firewalld-0.9.4-1.fc34.noarch", "Installed: firewalld-filesystem-0.9.4-1.fc34.noarch", "Installed: ipset-7.11-1.fc34.x86_64", "Installed: python3-gobject-base-3.40.1-1.fc34.x86_64", "Installed: nftables-1:0.9.8-3.fc34.x86_64", "Installed: ipset-libs-7.11-1.fc34.x86_64", "Installed: python3-slip-0.6.4-22.fc34.noarch", "Installed: python3-slip-dbus-0.6.4-22.fc34.noarch", "Installed: iptables-nft-1.8.7-8.fc34.x86_64", "Installed: python3-nftables-1:0.9.8-3.fc34.x86_64", "Installed: python3-firewall-0.9.4-1.fc34.noarch" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Monday 09 May 2022 16:07:32 +0000 (0:00:04.421) 0:01:08.791 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "polkit.service sysinit.target dbus-broker.service system.slice basic.target dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "nftables.service iptables.service ip6tables.service ebtables.service shutdown.target ipset.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [ipaserver : Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 Monday 09 May 2022 16:07:33 +0000 (0:00:01.099) 0:01:09.890 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Monday 09 May 2022 16:07:33 +0000 (0:00:00.037) 0:01:09.928 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 Monday 09 May 2022 16:07:33 +0000 (0:00:00.034) 0:01:09.962 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 Monday 09 May 2022 16:07:33 +0000 (0:00:00.036) 0:01:09.999 ************ ok: [/cache/fedora-34.qcow2.snap] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 860199999, "idstart": 860000000, "ipa_python_version": 40906, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:138 Monday 09 May 2022 16:07:34 +0000 (0:00:01.270) 0:01:11.269 ************ changed: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:145 Monday 09 May 2022 16:07:36 +0000 (0:00:01.123) 0:01:12.392 ************ ok: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:153 Monday 09 May 2022 16:07:36 +0000 (0:00:00.026) 0:01:12.419 ************ changed: [/cache/fedora-34.qcow2.snap] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": [ "10.0.2.3" ], "ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:197 Monday 09 May 2022 16:07:38 +0000 (0:00:02.263) 0:01:14.682 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:204 Monday 09 May 2022 16:07:48 +0000 (0:00:10.508) 0:01:25.191 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:233 Monday 09 May 2022 16:08:05 +0000 (0:00:16.680) 0:01:41.872 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:260 Monday 09 May 2022 16:08:12 +0000 (0:00:06.481) 0:01:48.353 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:266 Monday 09 May 2022 16:08:16 +0000 (0:00:03.950) 0:01:52.304 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "/cache/fedora-34.qcow2.snap-ipa.csr"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:307 Monday 09 May 2022 16:10:33 +0000 (0:02:17.069) 0:04:09.374 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:316 Monday 09 May 2022 16:10:33 +0000 (0:00:00.037) 0:04:09.412 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:322 Monday 09 May 2022 16:10:35 +0000 (0:00:02.885) 0:04:12.298 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:354 Monday 09 May 2022 16:12:00 +0000 (0:01:24.807) 0:05:37.105 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:365 Monday 09 May 2022 16:12:00 +0000 (0:00:00.041) 0:05:37.146 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:382 Monday 09 May 2022 16:12:08 +0000 (0:00:07.600) 0:05:44.747 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:397 Monday 09 May 2022 16:12:08 +0000 (0:00:00.039) 0:05:44.787 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:414 Monday 09 May 2022 16:12:10 +0000 (0:00:02.153) 0:05:46.941 ************ TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Monday 09 May 2022 16:12:10 +0000 (0:00:00.060) 0:05:47.001 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => { "ansible_facts": { "ipaclient_packages": [ "ipa-client", "python3-libselinux" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:19 Monday 09 May 2022 16:12:10 +0000 (0:00:00.061) 0:05:47.062 ************ included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/fedora-34.qcow2.snap TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 Monday 09 May 2022 16:12:10 +0000 (0:00:00.112) 0:05:47.175 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [ipaclient : Install - Set ipaclient_servers] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 Monday 09 May 2022 16:12:12 +0000 (0:00:02.033) 0:05:49.208 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 Monday 09 May 2022 16:12:12 +0000 (0:00:00.042) 0:05:49.251 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 Monday 09 May 2022 16:12:12 +0000 (0:00:00.048) 0:05:49.299 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 Monday 09 May 2022 16:12:13 +0000 (0:00:00.038) 0:05:49.338 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 Monday 09 May 2022 16:12:13 +0000 (0:00:00.041) 0:05:49.379 ************ ok: [/cache/fedora-34.qcow2.snap] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40906, "kdc": "ipaserver.test.local", "nosssd_files": {}, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 Monday 09 May 2022 16:12:14 +0000 (0:00:00.942) 0:05:50.322 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 Monday 09 May 2022 16:12:14 +0000 (0:00:00.378) 0:05:50.701 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 Monday 09 May 2022 16:12:15 +0000 (0:00:00.855) 0:05:51.557 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 Monday 09 May 2022 16:12:15 +0000 (0:00:00.043) 0:05:51.601 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 Monday 09 May 2022 16:12:15 +0000 (0:00:00.040) 0:05:51.641 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 Monday 09 May 2022 16:12:16 +0000 (0:00:01.599) 0:05:53.241 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 Monday 09 May 2022 16:12:16 +0000 (0:00:00.036) 0:05:53.278 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 Monday 09 May 2022 16:12:17 +0000 (0:00:00.043) 0:05:53.321 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Monday 09 May 2022 16:12:17 +0000 (0:00:00.038) 0:05:53.360 ************ skipping: [/cache/fedora-34.qcow2.snap] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 Monday 09 May 2022 16:12:17 +0000 (0:00:00.036) 0:05:53.396 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 Monday 09 May 2022 16:12:17 +0000 (0:00:00.035) 0:05:53.431 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 Monday 09 May 2022 16:12:17 +0000 (0:00:00.033) 0:05:53.465 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 Monday 09 May 2022 16:12:17 +0000 (0:00:00.037) 0:05:53.503 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 Monday 09 May 2022 16:12:17 +0000 (0:00:00.036) 0:05:53.539 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:192 Monday 09 May 2022 16:12:17 +0000 (0:00:00.038) 0:05:53.577 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:197 Monday 09 May 2022 16:12:17 +0000 (0:00:00.037) 0:05:53.615 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : krb5 configuration not correct] ****************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:219 Monday 09 May 2022 16:12:17 +0000 (0:00:00.039) 0:05:53.654 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : IPA test failed] ********************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:225 Monday 09 May 2022 16:12:17 +0000 (0:00:00.050) 0:05:53.704 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : ca.crt file is missing] ************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:229 Monday 09 May 2022 16:12:17 +0000 (0:00:00.035) 0:05:53.740 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:242 Monday 09 May 2022 16:12:17 +0000 (0:00:00.036) 0:05:53.777 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:251 Monday 09 May 2022 16:12:17 +0000 (0:00:00.043) 0:05:53.820 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:273 Monday 09 May 2022 16:12:18 +0000 (0:00:00.911) 0:05:54.732 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:287 Monday 09 May 2022 16:12:18 +0000 (0:00:00.041) 0:05:54.773 ************ changed: [/cache/fedora-34.qcow2.snap] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:295 Monday 09 May 2022 16:12:20 +0000 (0:00:02.431) 0:05:57.205 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:305 Monday 09 May 2022 16:12:20 +0000 (0:00:00.045) 0:05:57.251 ************ changed: [/cache/fedora-34.qcow2.snap] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 Monday 09 May 2022 16:12:24 +0000 (0:00:04.004) 0:06:01.256 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:345 Monday 09 May 2022 16:12:25 +0000 (0:00:00.942) 0:06:02.198 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:351 Monday 09 May 2022 16:12:26 +0000 (0:00:00.863) 0:06:03.062 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:357 Monday 09 May 2022 16:12:26 +0000 (0:00:00.041) 0:06:03.103 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:375 Monday 09 May 2022 16:12:27 +0000 (0:00:01.089) 0:06:04.192 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:381 Monday 09 May 2022 16:12:27 +0000 (0:00:00.039) 0:06:04.232 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:23 Monday 09 May 2022 16:12:28 +0000 (0:00:00.388) 0:06:04.621 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2.snap TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:429 Monday 09 May 2022 16:12:28 +0000 (0:00:00.042) 0:06:04.663 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:436 Monday 09 May 2022 16:12:32 +0000 (0:00:04.624) 0:06:09.288 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:442 Monday 09 May 2022 16:12:33 +0000 (0:00:00.386) 0:06:09.675 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.297104", "end": "2022-05-09 16:12:34.326776", "rc": 0, "start": "2022-05-09 16:12:34.029672" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:456 Monday 09 May 2022 16:12:34 +0000 (0:00:00.843) 0:06:10.519 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.257960", "end": "2022-05-09 16:12:34.975780", "rc": 0, "start": "2022-05-09 16:12:34.717820" } STDOUT: success TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:472 Monday 09 May 2022 16:12:34 +0000 (0:00:00.649) 0:06:11.168 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [/cache/fedora-34.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [/cache/fedora-34.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:23 Monday 09 May 2022 16:12:35 +0000 (0:00:01.121) 0:06:12.289 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Issue IPA signed certificates] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_basic_ipa.yml:10 Monday 09 May 2022 16:12:36 +0000 (0:00:00.050) 0:06:12.340 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:12:36 +0000 (0:00:00.758) 0:06:13.098 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:12:36 +0000 (0:00:00.022) 0:06:13.120 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:12:37 +0000 (0:00:00.569) 0:06:13.689 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:12:37 +0000 (0:00:00.037) 0:06:13.727 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:12:39 +0000 (0:00:02.035) 0:06:15.763 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:12:41 +0000 (0:00:02.039) 0:06:17.803 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:12:41 +0000 (0:00:00.411) 0:06:18.214 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:12:42 +0000 (0:00:00.424) 0:06:18.639 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-05-09 16:09:49 UTC", "ActiveEnterTimestampMonotonic": "214952444", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target network.target system.slice systemd-journald.socket sysinit.target dbus-broker.service dbus.socket syslog.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-05-09 16:09:49 UTC", "AssertTimestampMonotonic": "214939999", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "31575259000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-05-09 16:09:49 UTC", "ConditionTimestampMonotonic": "214939997", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "16888", "ExecMainStartTimestamp": "Mon 2022-05-09 16:09:49 UTC", "ExecMainStartTimestampMonotonic": "214941391", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-05-09 16:09:49 UTC", "InactiveExitTimestampMonotonic": "214941865", "InvocationID": "5a28a4b9043b41ab84d1aeb27d0f11b3", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "16888", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "2629632", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-05-09 16:12:30 UTC", "StateChangeTimestampMonotonic": "376368354", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:12:42 +0000 (0:00:00.562) 0:06:19.201 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificates] ***************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_basic_ipa.yml:30 Monday 09 May 2022 16:12:47 +0000 (0:00:04.679) 0:06:23.881 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_basic_ipa.yml:89 Monday 09 May 2022 16:12:48 +0000 (0:00:00.760) 0:06:24.641 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_basic_ipa.crt', 'key_path': '/etc/pki/tls/private/mycert_basic_ipa.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/groupcert.crt', 'key_path': '/etc/pki/tls/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:12:48 +0000 (0:00:00.042) 0:06:24.684 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:12:48 +0000 (0:00:00.022) 0:06:24.706 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:12:50 +0000 (0:00:01.998) 0:06:26.705 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:12:55 +0000 (0:00:04.830) 0:06:31.535 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 94.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 29.7 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 105.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 46.3 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:12:58 +0000 (0:00:02.993) 0:06:34.528 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112765.963375, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "469a10aa3677204d47d8b03159475b6913d9a8d2", "ctime": 1652112765.9593751, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 142446, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112765.9593751, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_basic_ipa.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "3439461199", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:12:58 +0000 (0:00:00.504) 0:06:35.033 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:12:58 +0000 (0:00:00.023) 0:06:35.057 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:12:58 +0000 (0:00:00.039) 0:06:35.097 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:12:58 +0000 (0:00:00.033) 0:06:35.131 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112763.8853753, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d865da61d7ecf1fb8e5703a6eff0e9b8a29c9701", "ctime": 1652112765.9593751, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 142445, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112765.9593751, "nlink": 1, "path": "/etc/pki/tls/private/mycert_basic_ipa.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "2865970882", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:12:59 +0000 (0:00:00.374) 0:06:35.505 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:12:59 +0000 (0:00:00.023) 0:06:35.529 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:12:59 +0000 (0:00:00.037) 0:06:35.566 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_basic_ipa.crt" ], "delta": "0:00:00.200949", "end": "2022-05-09 16:12:59.933537", "rc": 0, "start": "2022-05-09 16:12:59.732588" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "FF:3E:0C:5F:21:2B:03:28:04:91:50:91:90:8D:23:48:2F:58:7C:9B", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "4A:C4:8C:EC:6B:25:5A:E4:45:7E:7C:CA:9E:C2:71:53:4C:71:83:17", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2A:AD:AD:79:AA:5B:11:A6:94:6D:A4:E5:67:1F:E0:9A:20:C5:9D:A0:95:D0:D0:11:DF:52:4E:E9:11:EC:E1:3B:1B:E7:26:6E:96:FA:04:6E:C8:DF:41:71:9B:EA:B9:D1:EC:D5:13:26:EF:65:F8:BC:03:AF:65:BC:98:BF:B0:14:A5:D8:2F:86:29:AA:D7:86:17:31:09:B3:E1:1B:E0:90:D7:A3:46:9B:FC:8A:EC:DD:4F:19:39:39:49:26:75:B6:02:E0:A1:D7:83:0A:76:B1:49:6F:19:47:68:E0:4E:3E:DA:6B:53:0A:8E:07:E3:13:09:FE:9E:6E:44:FC:73:E2:D2:62:41:F0:FC:EE:C6:AE:F8:0B:F8:C9:B4:9B:BD:FE:E7:32:9F:CF:A3:C9:6B:4D:C3:A6:91:EF:1E:79:6E:37:5B:B9:7A:0E:1F:1B:61:48:1C:D1:B4:F3:7E:2E:2A:58:2B:C8:A8:EA:B8:D1:49:18:4A:01:17:D6:2A:71:3E:F1:0E:61:D2:7F:A0:16:4E:77:7D:1E:4F:04:09:FF:6B:D2:C3:F5:E6:B8:D4:07:36:BC:41:7D:15:6D:7F:20:61:46:B1:84:28:72:FE:55:05:03:FF:72:ED:8B:2C:49:04:03:CB:67:3F:09:66:60:2C:C4:44:FC:48:03:C3:12:45:7D:07:AB:B7:29:0A:D0:4A:00:BC:1F:E6:F1:42:E0:4A:1B:FD:9A:17:D4:77:A7:D7:33:F1:7B:66:63:FC:1A:6A:63:BA:13:74:0E:0C:B7:A5:C4:B7:68:3A:63:35:83:75:59:8E:1A:94:F8:02:8F:D4:D2:1B:FB:F4:38:6D:17:D2:B7:A6:E1:C1:D3:AF:31:79:3D:D0:7F:C2:23:1F:C4:05:A5:16:51:E8:2A:71:3A:25:6C:95:18:1D:46:81:CA:78:2D:CD:BF:DE:24:7D:88:BD:D4:1F:EB:A7:BD:81:72:56:DC:E2:66:29:86:B7:23:6A:74:E3:2D:A6:A0:44:3C:1C:62" }, "key_size": 2048, "validity": { "not_valid_after": "2024-05-09 16:12:45", "not_valid_before": "2022-05-09 16:12:45" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:12:59 +0000 (0:00:00.561) 0:06:36.128 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "FF:3E:0C:5F:21:2B:03:28:04:91:50:91:90:8D:23:48:2F:58:7C:9B" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "4A:C4:8C:EC:6B:25:5A:E4:45:7E:7C:CA:9E:C2:71:53:4C:71:83:17" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2A:AD:AD:79:AA:5B:11:A6:94:6D:A4:E5:67:1F:E0:9A:20:C5:9D:A0:95:D0:D0:11:DF:52:4E:E9:11:EC:E1:3B:1B:E7:26:6E:96:FA:04:6E:C8:DF:41:71:9B:EA:B9:D1:EC:D5:13:26:EF:65:F8:BC:03:AF:65:BC:98:BF:B0:14:A5:D8:2F:86:29:AA:D7:86:17:31:09:B3:E1:1B:E0:90:D7:A3:46:9B:FC:8A:EC:DD:4F:19:39:39:49:26:75:B6:02:E0:A1:D7:83:0A:76:B1:49:6F:19:47:68:E0:4E:3E:DA:6B:53:0A:8E:07:E3:13:09:FE:9E:6E:44:FC:73:E2:D2:62:41:F0:FC:EE:C6:AE:F8:0B:F8:C9:B4:9B:BD:FE:E7:32:9F:CF:A3:C9:6B:4D:C3:A6:91:EF:1E:79:6E:37:5B:B9:7A:0E:1F:1B:61:48:1C:D1:B4:F3:7E:2E:2A:58:2B:C8:A8:EA:B8:D1:49:18:4A:01:17:D6:2A:71:3E:F1:0E:61:D2:7F:A0:16:4E:77:7D:1E:4F:04:09:FF:6B:D2:C3:F5:E6:B8:D4:07:36:BC:41:7D:15:6D:7F:20:61:46:B1:84:28:72:FE:55:05:03:FF:72:ED:8B:2C:49:04:03:CB:67:3F:09:66:60:2C:C4:44:FC:48:03:C3:12:45:7D:07:AB:B7:29:0A:D0:4A:00:BC:1F:E6:F1:42:E0:4A:1B:FD:9A:17:D4:77:A7:D7:33:F1:7B:66:63:FC:1A:6A:63:BA:13:74:0E:0C:B7:A5:C4:B7:68:3A:63:35:83:75:59:8E:1A:94:F8:02:8F:D4:D2:1B:FB:F4:38:6D:17:D2:B7:A6:E1:C1:D3:AF:31:79:3D:D0:7F:C2:23:1F:C4:05:A5:16:51:E8:2A:71:3A:25:6C:95:18:1D:46:81:CA:78:2D:CD:BF:DE:24:7D:88:BD:D4:1F:EB:A7:BD:81:72:56:DC:E2:66:29:86:B7:23:6A:74:E3:2D:A6:A0:44:3C:1C:62" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-05-09 16:12:45", "not_valid_before": "2022-05-09 16:12:45" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:12:59 +0000 (0:00:00.036) 0:06:36.164 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:12:59 +0000 (0:00:00.036) 0:06:36.200 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:12:59 +0000 (0:00:00.024) 0:06:36.225 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:12:59 +0000 (0:00:00.037) 0:06:36.263 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:12:59 +0000 (0:00:00.037) 0:06:36.300 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:13:00 +0000 (0:00:00.035) 0:06:36.336 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_basic_ipa.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.053757", "end": "2022-05-09 16:13:00.567549", "rc": 0, "start": "2022-05-09 16:13:00.513792" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:13:00 +0000 (0:00:00.424) 0:06:36.760 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:13:00 +0000 (0:00:00.037) 0:06:36.797 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:13:00 +0000 (0:00:00.017) 0:06:36.815 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:13:02 +0000 (0:00:02.046) 0:06:38.861 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:13:03 +0000 (0:00:01.077) 0:06:39.939 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:13:04 +0000 (0:00:00.951) 0:06:40.890 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112767.6173751, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1561cd49fb0285ad74564dff2cdec537776d81ab", "ctime": 1652112767.657375, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 142448, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652112767.614375, "nlink": 1, "path": "/etc/pki/tls/certs/groupcert.crt", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "931537539", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:13:04 +0000 (0:00:00.371) 0:06:41.261 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:13:04 +0000 (0:00:00.022) 0:06:41.283 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:13:05 +0000 (0:00:00.034) 0:06:41.318 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:13:05 +0000 (0:00:00.035) 0:06:41.354 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112766.8143752, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7251c07709a2540205041950028b0f89af324d3f", "ctime": 1652112767.6583753, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 142447, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652112767.614375, "nlink": 1, "path": "/etc/pki/tls/private/groupcert.key", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "12129939", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:13:05 +0000 (0:00:00.375) 0:06:41.729 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:13:05 +0000 (0:00:00.019) 0:06:41.749 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:13:05 +0000 (0:00:00.035) 0:06:41.784 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/groupcert.crt" ], "delta": "0:00:00.200501", "end": "2022-05-09 16:13:06.163056", "rc": 0, "start": "2022-05-09 16:13:05.962555" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "FF:3E:0C:5F:21:2B:03:28:04:91:50:91:90:8D:23:48:2F:58:7C:9B", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "78:84:AD:AA:EF:19:38:AB:44:13:C1:4E:84:17:24:41:E7:D9:20:A9", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "34:FB:55:B3:EF:F0:7F:2A:75:47:5A:4A:EE:FC:41:97:8F:1E:6F:1E:54:6D:4F:8B:4E:12:A9:5B:24:23:90:B9:D3:8C:33:C5:71:45:A1:75:3E:C4:D5:96:57:77:D0:28:76:C4:22:D1:59:10:76:A9:93:8F:23:4E:AB:C3:C2:9B:AC:78:4E:EE:1D:87:CA:DE:EB:84:E8:A0:15:39:51:05:27:1A:94:82:9B:8E:FF:BB:06:CE:BB:5C:4A:4A:37:E4:59:69:F6:17:AE:02:42:80:B5:4D:23:9A:F1:0D:38:44:20:C7:5A:D5:F3:5D:69:25:77:32:44:9A:20:44:5A:17:B2:A9:0C:96:22:55:CE:AE:05:EB:69:1A:E7:36:91:BE:0F:5E:ED:87:7C:A8:9D:B5:31:3B:0C:69:47:2D:22:8E:5A:E7:94:94:E2:12:22:8F:6D:6A:59:F3:9E:F1:A7:3F:44:7F:C4:4A:EF:0B:A0:56:73:45:0D:58:99:2E:F2:44:0E:F3:92:16:F1:9B:74:AE:5A:1F:0A:D2:69:0C:46:4B:C2:57:9D:30:3F:46:42:18:1C:87:85:FC:44:F1:7C:F8:C8:72:14:FA:53:41:83:85:B6:EC:90:59:75:E8:4D:0F:57:EB:22:C2:94:3D:D9:A9:17:8E:82:EE:29:95:14:81:A5:04:F3:9A:40:C0:6E:07:D6:4C:29:3E:24:D5:6E:C9:01:ED:5D:89:5C:16:82:71:93:38:DD:A3:23:35:27:9A:3E:CB:A8:70:0A:30:A3:8C:0E:E9:7F:E4:46:D2:02:3D:FC:C1:E0:6D:EA:9A:FB:C1:FA:EE:9E:84:C0:02:EA:A9:16:8A:1E:E7:4D:9F:85:59:61:C0:F6:F0:23:43:32:62:4E:DA:A1:90:8C:2B:7F:30:67:03:48:A4:64:D7:CD:AC:C9:E8:CF:95:A8:12:9D:6C:38:03:27:D7:E8:AC:7C:DC:0A:B1:40:06:02:23:D9:B4:C3:DC:33:2D:1C:B3:2D:1B" }, "key_size": 2048, "validity": { "not_valid_after": "2024-05-09 16:12:47", "not_valid_before": "2022-05-09 16:12:47" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:13:06 +0000 (0:00:00.572) 0:06:42.357 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "FF:3E:0C:5F:21:2B:03:28:04:91:50:91:90:8D:23:48:2F:58:7C:9B" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "78:84:AD:AA:EF:19:38:AB:44:13:C1:4E:84:17:24:41:E7:D9:20:A9" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "34:FB:55:B3:EF:F0:7F:2A:75:47:5A:4A:EE:FC:41:97:8F:1E:6F:1E:54:6D:4F:8B:4E:12:A9:5B:24:23:90:B9:D3:8C:33:C5:71:45:A1:75:3E:C4:D5:96:57:77:D0:28:76:C4:22:D1:59:10:76:A9:93:8F:23:4E:AB:C3:C2:9B:AC:78:4E:EE:1D:87:CA:DE:EB:84:E8:A0:15:39:51:05:27:1A:94:82:9B:8E:FF:BB:06:CE:BB:5C:4A:4A:37:E4:59:69:F6:17:AE:02:42:80:B5:4D:23:9A:F1:0D:38:44:20:C7:5A:D5:F3:5D:69:25:77:32:44:9A:20:44:5A:17:B2:A9:0C:96:22:55:CE:AE:05:EB:69:1A:E7:36:91:BE:0F:5E:ED:87:7C:A8:9D:B5:31:3B:0C:69:47:2D:22:8E:5A:E7:94:94:E2:12:22:8F:6D:6A:59:F3:9E:F1:A7:3F:44:7F:C4:4A:EF:0B:A0:56:73:45:0D:58:99:2E:F2:44:0E:F3:92:16:F1:9B:74:AE:5A:1F:0A:D2:69:0C:46:4B:C2:57:9D:30:3F:46:42:18:1C:87:85:FC:44:F1:7C:F8:C8:72:14:FA:53:41:83:85:B6:EC:90:59:75:E8:4D:0F:57:EB:22:C2:94:3D:D9:A9:17:8E:82:EE:29:95:14:81:A5:04:F3:9A:40:C0:6E:07:D6:4C:29:3E:24:D5:6E:C9:01:ED:5D:89:5C:16:82:71:93:38:DD:A3:23:35:27:9A:3E:CB:A8:70:0A:30:A3:8C:0E:E9:7F:E4:46:D2:02:3D:FC:C1:E0:6D:EA:9A:FB:C1:FA:EE:9E:84:C0:02:EA:A9:16:8A:1E:E7:4D:9F:85:59:61:C0:F6:F0:23:43:32:62:4E:DA:A1:90:8C:2B:7F:30:67:03:48:A4:64:D7:CD:AC:C9:E8:CF:95:A8:12:9D:6C:38:03:27:D7:E8:AC:7C:DC:0A:B1:40:06:02:23:D9:B4:C3:DC:33:2D:1C:B3:2D:1B" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-05-09 16:12:47", "not_valid_before": "2022-05-09 16:12:47" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:13:06 +0000 (0:00:00.034) 0:06:42.392 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:13:06 +0000 (0:00:00.034) 0:06:42.427 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:13:06 +0000 (0:00:00.022) 0:06:42.449 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:13:06 +0000 (0:00:00.035) 0:06:42.485 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:13:06 +0000 (0:00:00.032) 0:06:42.518 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:13:06 +0000 (0:00:00.034) 0:06:42.552 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/groupcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.049693", "end": "2022-05-09 16:13:06.763828", "rc": 0, "start": "2022-05-09 16:13:06.714135" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:13:06 +0000 (0:00:00.414) 0:06:42.966 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=98 changed=33 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 Monday 09 May 2022 16:13:06 +0000 (0:00:00.041) 0:06:43.008 ************ =============================================================================== ipaserver : Install - Setup CA ---------------------------------------- 137.07s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:266 ----------------------- ipaserver : Install - Setup HTTP --------------------------------------- 84.81s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:322 ----------------------- ipaserver : Install - Ensure that IPA server packages are installed ---- 47.24s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 ------------------------- ipaserver : Install - Setup DS ----------------------------------------- 16.68s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:204 ----------------------- ipaserver : Install - Setup NTP ---------------------------------------- 10.51s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:197 ----------------------- ipaserver : Install - Setup DNS ----------------------------------------- 7.60s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:365 ----------------------- ipaserver : Install - Ensure that IPA server packages for dns are installed --- 7.59s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 ------------------------ ipaserver : Install - Setup KRB ----------------------------------------- 6.48s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:233 ----------------------- Install the package, force upgrade -------------------------------------- 4.83s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 4.68s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 ipaserver : Install - Enable IPA ---------------------------------------- 4.62s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:429 ----------------------- ipaserver : Install - Ensure that firewall packages installed ----------- 4.42s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 ------------------------ ipaclient : Install - Create IPA NSS database --------------------------- 4.00s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:305 ----------------------- ipaserver : Install - Setup custodia ------------------------------------ 3.95s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:260 ----------------------- Ensure nss package is up-to-date ---------------------------------------- 3.05s /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:42 --------------------------------- Install certreader ------------------------------------------------------ 2.99s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- ipaserver : Install - Setup otpd ---------------------------------------- 2.89s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:316 ----------------------- ipaclient : Install - IPA API calls for remaining enrollment parts ------ 2.43s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:287 ----------------------- ensure hostname package is installed ------------------------------------ 2.41s /tmp/tmpd_ggxgwx/tests/tasks/setup_ipa.yml:33 --------------------------------- ipaserver : Install - Server preparation -------------------------------- 2.26s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:153 ----------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_basic_self_signed.yml:2 Monday 09 May 2022 16:13:17 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:13:19 +0000 (0:00:01.105) 0:00:01.117 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:13:19 +0000 (0:00:00.018) 0:00:01.135 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:13:19 +0000 (0:00:00.506) 0:00:01.642 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:13:19 +0000 (0:00:00.037) 0:00:01.679 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:13:22 +0000 (0:00:02.663) 0:00:04.342 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:13:25 +0000 (0:00:03.564) 0:00:07.906 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:13:26 +0000 (0:00:00.582) 0:00:08.488 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:13:26 +0000 (0:00:00.427) 0:00:08.916 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target dbus.socket dbus-broker.service basic.target network.target sysinit.target system.slice systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:13:27 +0000 (0:00:01.026) 0:00:09.943 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_basic_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_basic_self_signed" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_basic_self_signed.yml:13 Monday 09 May 2022 16:13:28 +0000 (0:00:00.819) 0:00:10.762 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_basic_self_signed.yml:27 Monday 09 May 2022 16:13:29 +0000 (0:00:00.764) 0:00:11.526 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_basic_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_basic_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:13:29 +0000 (0:00:00.034) 0:00:11.561 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:13:29 +0000 (0:00:00.015) 0:00:11.577 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:13:31 +0000 (0:00:02.066) 0:00:13.643 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:13:36 +0000 (0:00:05.203) 0:00:18.847 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 58.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 36.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 5.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 90.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 38.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:13:39 +0000 (0:00:03.048) 0:00:21.895 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112808.6589315, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "486681bf9946fa6fc6dfb803a6c95f6373312d15", "ctime": 1652112808.6559315, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112808.6559315, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_basic_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1087147210", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:13:40 +0000 (0:00:00.537) 0:00:22.432 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:13:40 +0000 (0:00:00.022) 0:00:22.455 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:13:40 +0000 (0:00:00.038) 0:00:22.493 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:13:40 +0000 (0:00:00.034) 0:00:22.528 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112808.6119316, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "592a87c941a75abe06f408d82896385fc026eea7", "ctime": 1652112808.6559315, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112808.6559315, "nlink": 1, "path": "/etc/pki/tls/private/mycert_basic_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3308060060", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:13:40 +0000 (0:00:00.385) 0:00:22.914 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:13:40 +0000 (0:00:00.020) 0:00:22.935 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:13:40 +0000 (0:00:00.041) 0:00:22.976 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_basic_self_signed.crt" ], "delta": "0:00:00.216738", "end": "2022-05-09 16:13:41.669837", "rc": 0, "start": "2022-05-09 16:13:41.453099" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "64:85:10:D0:2D:8E:D7:7B:B8:36:45:4E:F6:5C:BF:BD:49:78:2F:47", "critical": false }, "authorityKeyIdentifier": { "value": "F7:EF:C2:10:4F:6A:C8:BC:91:20:2F:A7:C9:24:C5:C1:44:C1:9F:82", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "72:6B:DE:2B:E5:1A:BC:03:53:BD:62:B8:61:3B:65:B9:42:EE:76:A8:3D:2B:E3:E5:37:C3:A6:9D:A6:54:D5:94:A9:2B:4D:39:D4:45:3D:CA:5A:21:68:DE:AA:85:45:D8:94:DF:D5:FE:13:52:1F:48:75:40:B8:59:5B:91:A4:99:C0:02:00:D4:0F:B1:28:85:38:FE:B0:AF:17:A9:E4:A0:A6:84:DA:B9:56:BD:FD:F0:C3:D3:0B:62:7F:A1:43:46:FC:7C:0F:ED:F9:CF:CF:CD:E6:BD:19:5D:0A:97:21:C0:13:4E:26:08:CB:49:C8:8C:7C:40:21:E8:69:43:99:56:4B:A0:A1:0E:28:AF:9D:B5:7B:73:B3:08:B3:4F:EC:C3:1D:01:83:25:E9:67:25:02:E6:A8:C6:A7:8B:F2:0C:63:0E:23:F7:3D:98:AF:97:38:7C:76:65:D1:7B:1E:0D:C5:4B:FD:A5:A3:1E:BA:43:3E:98:9B:36:49:C2:0F:3F:51:A4:66:28:40:40:79:F0:65:DB:B2:BC:DA:71:18:35:63:BC:C6:17:68:07:E3:C0:27:44:10:31:1A:2F:B3:D9:D4:91:37:22:64:D1:E0:95:79:59:55:CE:FD:95:4F:9F:4E:58:01:B0:A0:C0:5B:E6:D6:00:2D:35:9E:96:69:F9:69" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:13:28", "not_valid_before": "2022-05-09 16:13:28" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:13:41 +0000 (0:00:00.715) 0:00:23.691 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "F7:EF:C2:10:4F:6A:C8:BC:91:20:2F:A7:C9:24:C5:C1:44:C1:9F:82" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "64:85:10:D0:2D:8E:D7:7B:B8:36:45:4E:F6:5C:BF:BD:49:78:2F:47" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "72:6B:DE:2B:E5:1A:BC:03:53:BD:62:B8:61:3B:65:B9:42:EE:76:A8:3D:2B:E3:E5:37:C3:A6:9D:A6:54:D5:94:A9:2B:4D:39:D4:45:3D:CA:5A:21:68:DE:AA:85:45:D8:94:DF:D5:FE:13:52:1F:48:75:40:B8:59:5B:91:A4:99:C0:02:00:D4:0F:B1:28:85:38:FE:B0:AF:17:A9:E4:A0:A6:84:DA:B9:56:BD:FD:F0:C3:D3:0B:62:7F:A1:43:46:FC:7C:0F:ED:F9:CF:CF:CD:E6:BD:19:5D:0A:97:21:C0:13:4E:26:08:CB:49:C8:8C:7C:40:21:E8:69:43:99:56:4B:A0:A1:0E:28:AF:9D:B5:7B:73:B3:08:B3:4F:EC:C3:1D:01:83:25:E9:67:25:02:E6:A8:C6:A7:8B:F2:0C:63:0E:23:F7:3D:98:AF:97:38:7C:76:65:D1:7B:1E:0D:C5:4B:FD:A5:A3:1E:BA:43:3E:98:9B:36:49:C2:0F:3F:51:A4:66:28:40:40:79:F0:65:DB:B2:BC:DA:71:18:35:63:BC:C6:17:68:07:E3:C0:27:44:10:31:1A:2F:B3:D9:D4:91:37:22:64:D1:E0:95:79:59:55:CE:FD:95:4F:9F:4E:58:01:B0:A0:C0:5B:E6:D6:00:2D:35:9E:96:69:F9:69" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:13:28", "not_valid_before": "2022-05-09 16:13:28" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:13:41 +0000 (0:00:00.033) 0:00:23.725 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:13:41 +0000 (0:00:00.032) 0:00:23.758 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:13:41 +0000 (0:00:00.023) 0:00:23.781 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:13:41 +0000 (0:00:00.036) 0:00:23.817 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:13:41 +0000 (0:00:00.038) 0:00:23.855 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:13:41 +0000 (0:00:00.035) 0:00:23.891 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_basic_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039954", "end": "2022-05-09 16:13:42.268863", "rc": 0, "start": "2022-05-09 16:13:42.228909" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:13:42 +0000 (0:00:00.394) 0:00:24.286 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:13:42 +0000 (0:00:00.038) 0:00:24.324 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.20s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.56s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 3.05s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.66s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.07s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.11s /tmp/tmpd_ggxgwx/tests/tests_basic_self_signed.yml:2 -------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.03s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.82s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpd_ggxgwx/tests/tests_basic_self_signed.yml:13 ------------------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.58s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.54s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.51s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify certificate Key Usage -------------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 ------------ Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmpd_ggxgwx/tests/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:13:53 +0000 (0:00:00.013) 0:00:00.013 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:13:53 +0000 (0:00:00.015) 0:00:00.029 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:13:54 +0000 (0:00:00.888) 0:00:00.918 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:13:54 +0000 (0:00:00.035) 0:00:00.953 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:13:57 +0000 (0:00:02.508) 0:00:03.462 ************ TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:13:57 +0000 (0:00:00.028) 0:00:03.490 ************ TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:13:57 +0000 (0:00:00.026) 0:00:03.516 ************ TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:13:57 +0000 (0:00:00.024) 0:00:03.541 ************ TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:13:57 +0000 (0:00:00.024) 0:00:03.565 ************ META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=3 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 09 May 2022 16:13:57 +0000 (0:00:00.017) 0:00:03.583 ************ =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.51s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.89s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 linux-system-roles.certificate : Ensure provider packages are installed --- 0.03s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.03s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - linux-system-roles.certificate : Ensure provider service is running ----- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Set version specific variables --------- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_dns_ip_email.yml:2 Monday 09 May 2022 16:14:08 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:14:09 +0000 (0:00:01.135) 0:00:01.146 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:14:09 +0000 (0:00:00.018) 0:00:01.165 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:14:10 +0000 (0:00:00.499) 0:00:01.665 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:14:10 +0000 (0:00:00.042) 0:00:01.707 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:14:13 +0000 (0:00:02.607) 0:00:04.315 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:14:16 +0000 (0:00:03.290) 0:00:07.605 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:14:16 +0000 (0:00:00.638) 0:00:08.244 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:14:17 +0000 (0:00:00.386) 0:00:08.630 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice basic.target systemd-journald.socket dbus.socket sysinit.target syslog.target dbus-broker.service network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:14:18 +0000 (0:00:01.088) 0:00:09.718 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_dns_ip_email', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "My Certificate with SAN", "dns": [ "sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com" ], "email": [ "sysadmin@example.com", "support@example.com" ], "ip": [ "192.0.2.12", "198.51.100.65", "2001:db8::2:1" ], "name": "mycert_dns_ip_email" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_dns_ip_email.yml:24 Monday 09 May 2022 16:14:19 +0000 (0:00:00.967) 0:00:10.686 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_dns_ip_email.yml:54 Monday 09 May 2022 16:14:20 +0000 (0:00:00.770) 0:00:11.456 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_dns_ip_email.crt', 'key_path': '/etc/pki/tls/private/mycert_dns_ip_email.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'My Certificate with SAN'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'sub1.example.com'}, {'name': 'DNS', 'value': 'www.example.com'}, {'name': 'DNS', 'value': 'sub2.example.com'}, {'name': 'DNS', 'value': 'sub3.example.com'}, {'name': 'email', 'value': 'sysadmin@example.com'}, {'name': 'email', 'value': 'support@example.com'}, {'name': 'IP Address', 'value': '192.0.2.12'}, {'name': 'IP Address', 'value': '198.51.100.65'}, {'name': 'IP Address', 'value': '2001:db8::2:1'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:14:20 +0000 (0:00:00.037) 0:00:11.494 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:14:20 +0000 (0:00:00.018) 0:00:11.512 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:14:22 +0000 (0:00:02.163) 0:00:13.675 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:14:27 +0000 (0:00:05.412) 0:00:19.088 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.1 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 77.3 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 100.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 38.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:14:30 +0000 (0:00:02.796) 0:00:21.885 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112858.6954272, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ecddda09d6360988c699f94e8e219ab6d70255b4", "ctime": 1652112858.6924272, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112858.6924272, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_dns_ip_email.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1484, "uid": 0, "version": "3392588630", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:14:31 +0000 (0:00:00.520) 0:00:22.406 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:14:31 +0000 (0:00:00.022) 0:00:22.428 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:14:31 +0000 (0:00:00.036) 0:00:22.465 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:14:31 +0000 (0:00:00.033) 0:00:22.499 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112858.647427, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f822bc3777533ea206a2fbc108e418e363568753", "ctime": 1652112858.6924272, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112858.6924272, "nlink": 1, "path": "/etc/pki/tls/private/mycert_dns_ip_email.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1754505822", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:14:31 +0000 (0:00:00.370) 0:00:22.869 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:14:31 +0000 (0:00:00.020) 0:00:22.890 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:14:31 +0000 (0:00:00.035) 0:00:22.925 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_dns_ip_email.crt" ], "delta": "0:00:00.212578", "end": "2022-05-09 16:14:31.799368", "rc": 0, "start": "2022-05-09 16:14:31.586790" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "72:A7:AB:A7:6C:B7:B1:6F:00:00:75:2C:F0:C4:E6:00:6C:AC:44:42", "critical": false }, "authorityKeyIdentifier": { "value": "BD:D6:59:E6:17:4A:03:AC:08:E0:44:F5:A9:90:4A:81:F1:B2:EC:3C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "45:E0:05:8C:B4:29:79:64:0B:D4:70:58:27:49:43:61:88:DA:98:F8:5C:C5:A3:8F:FF:99:D7:DE:7D:F9:C7:69:89:01:21:C7:2B:68:6B:32:C8:0F:E5:58:4E:AC:98:AE:35:6A:0D:BD:E5:CC:01:87:A2:5E:68:07:66:C5:8F:B9:E6:11:E5:9A:0C:04:78:CA:C6:48:BC:AC:74:44:FC:66:01:29:81:20:A5:6C:EC:F2:09:A2:EE:71:FA:7C:90:CC:7B:B5:09:EC:E2:7F:30:4B:EA:CA:0D:40:44:52:DD:03:BE:72:66:5D:AE:7B:D4:37:6B:58:4F:82:C8:94:2F:D1:48:19:B3:BB:BE:46:1B:7B:30:8D:8C:DF:88:67:41:FB:86:FC:D4:DD:FA:94:BD:1D:DE:AB:FA:AD:06:A1:02:50:D9:39:E9:C6:3E:E9:A7:57:AF:62:BF:6A:0F:56:04:48:2E:F8:BE:3D:B0:8E:14:04:4D:04:1E:1B:67:22:7E:D0:21:AA:A7:CA:FA:E5:B6:84:EC:D7:1C:4D:26:B5:C5:01:C8:60:79:14:40:31:5B:93:63:F0:A6:B0:AA:AC:2A:CD:39:16:0E:6A:31:53:CE:3A:EC:D4:1D:26:AF:63:AB:C6:9E:66:76:B2:6B:09:6A:50:3D:ED:75:6A:15:01:81:B1" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:14:17", "not_valid_before": "2022-05-09 16:14:18" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:14:32 +0000 (0:00:00.716) 0:00:23.642 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "BD:D6:59:E6:17:4A:03:AC:08:E0:44:F5:A9:90:4A:81:F1:B2:EC:3C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "72:A7:AB:A7:6C:B7:B1:6F:00:00:75:2C:F0:C4:E6:00:6C:AC:44:42" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "45:E0:05:8C:B4:29:79:64:0B:D4:70:58:27:49:43:61:88:DA:98:F8:5C:C5:A3:8F:FF:99:D7:DE:7D:F9:C7:69:89:01:21:C7:2B:68:6B:32:C8:0F:E5:58:4E:AC:98:AE:35:6A:0D:BD:E5:CC:01:87:A2:5E:68:07:66:C5:8F:B9:E6:11:E5:9A:0C:04:78:CA:C6:48:BC:AC:74:44:FC:66:01:29:81:20:A5:6C:EC:F2:09:A2:EE:71:FA:7C:90:CC:7B:B5:09:EC:E2:7F:30:4B:EA:CA:0D:40:44:52:DD:03:BE:72:66:5D:AE:7B:D4:37:6B:58:4F:82:C8:94:2F:D1:48:19:B3:BB:BE:46:1B:7B:30:8D:8C:DF:88:67:41:FB:86:FC:D4:DD:FA:94:BD:1D:DE:AB:FA:AD:06:A1:02:50:D9:39:E9:C6:3E:E9:A7:57:AF:62:BF:6A:0F:56:04:48:2E:F8:BE:3D:B0:8E:14:04:4D:04:1E:1B:67:22:7E:D0:21:AA:A7:CA:FA:E5:B6:84:EC:D7:1C:4D:26:B5:C5:01:C8:60:79:14:40:31:5B:93:63:F0:A6:B0:AA:AC:2A:CD:39:16:0E:6A:31:53:CE:3A:EC:D4:1D:26:AF:63:AB:C6:9E:66:76:B2:6B:09:6A:50:3D:ED:75:6A:15:01:81:B1" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "validity": { "not_valid_after": "2023-05-09 16:14:17", "not_valid_before": "2022-05-09 16:14:18" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:14:32 +0000 (0:00:00.035) 0:00:23.677 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:14:32 +0000 (0:00:00.038) 0:00:23.715 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:14:32 +0000 (0:00:00.025) 0:00:23.741 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:14:32 +0000 (0:00:00.038) 0:00:23.779 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:14:32 +0000 (0:00:00.033) 0:00:23.813 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:14:32 +0000 (0:00:00.041) 0:00:23.855 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_dns_ip_email.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044680", "end": "2022-05-09 16:14:32.432207", "rc": 0, "start": "2022-05-09 16:14:32.387527" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:14:33 +0000 (0:00:00.416) 0:00:24.272 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:14:33 +0000 (0:00:00.043) 0:00:24.316 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.41s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.29s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 2.80s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.61s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.16s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.14s /tmp/tmpd_ggxgwx/tests/tests_dns_ip_email.yml:2 ------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.09s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.97s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpd_ggxgwx/tests/tests_dns_ip_email.yml:24 ------------------------------ Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.64s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.50s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 ------------ linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 ------------ Verify key size --------------------------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:2 Monday 09 May 2022 16:14:44 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:5 Monday 09 May 2022 16:14:45 +0000 (0:00:01.172) 0:00:01.182 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:9 Monday 09 May 2022 16:14:46 +0000 (0:00:00.897) 0:00:02.080 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:13 Monday 09 May 2022 16:14:47 +0000 (0:00:00.754) 0:00:02.834 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:14:48 +0000 (0:00:00.753) 0:00:03.588 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:14:48 +0000 (0:00:00.020) 0:00:03.609 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:14:48 +0000 (0:00:00.512) 0:00:04.121 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:14:48 +0000 (0:00:00.039) 0:00:04.160 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:14:51 +0000 (0:00:02.705) 0:00:06.866 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:14:54 +0000 (0:00:03.203) 0:00:10.070 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:14:55 +0000 (0:00:00.548) 0:00:10.618 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:14:55 +0000 (0:00:00.414) 0:00:11.033 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target system.slice sysinit.target dbus-broker.service dbus.socket network.target syslog.target systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:14:56 +0000 (0:00:01.004) 0:00:12.037 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:31 Monday 09 May 2022 16:14:58 +0000 (0:00:01.521) 0:00:13.558 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:60 Monday 09 May 2022 16:14:58 +0000 (0:00:00.762) 0:00:14.321 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_fs_attrs.crt', 'key_path': '/etc/pki/tls/private/mycert_fs_attrs.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'}) included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:14:58 +0000 (0:00:00.040) 0:00:14.361 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:14:58 +0000 (0:00:00.017) 0:00:14.379 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:15:01 +0000 (0:00:02.089) 0:00:16.468 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:15:05 +0000 (0:00:04.893) 0:00:21.361 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 38.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 87.5 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 22.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 85.9 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 32.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:15:08 +0000 (0:00:02.888) 0:00:24.250 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112896.9886127, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "47a82db8858a85901face9f70f318bc9eee0e041", "ctime": 1652112897.1426125, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 137736, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652112896.9866126, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "1766031786", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:15:09 +0000 (0:00:00.516) 0:00:24.767 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:15:09 +0000 (0:00:00.022) 0:00:24.789 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:15:09 +0000 (0:00:00.036) 0:00:24.825 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:15:09 +0000 (0:00:00.034) 0:00:24.860 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112896.9436126, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c58cf4d5fb504a599b1fcfce428f01f8f8e20635", "ctime": 1652112897.1426125, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 137735, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652112896.9866126, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "94980325", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:15:09 +0000 (0:00:00.380) 0:00:25.241 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:15:09 +0000 (0:00:00.021) 0:00:25.262 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:15:09 +0000 (0:00:00.035) 0:00:25.298 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_fs_attrs.crt" ], "delta": "0:00:00.216960", "end": "2022-05-09 16:15:10.221761", "rc": 0, "start": "2022-05-09 16:15:10.004801" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E2:C1:51:1F:08:38:3F:E5:FE:39:F7:02:3B:B3:24:11:E6:62:F7:25", "critical": false }, "authorityKeyIdentifier": { "value": "08:C0:90:49:9D:48:A6:95:51:47:42:3E:62:49:3B:1F:27:86:99:08", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "10:E2:3D:B0:95:79:1B:D6:A7:98:9D:71:31:65:29:47:0A:C6:7B:1B:1C:63:3D:72:75:65:07:A4:4D:C2:8C:46:D4:DC:38:C9:F6:0D:67:83:A3:81:A9:B3:A5:B0:D8:1C:77:D6:AF:3F:D4:F0:B5:C6:88:BE:E5:15:9F:BE:67:89:36:34:52:D4:3A:94:4C:65:06:9B:17:DE:F4:DC:60:FC:31:4E:F1:13:EB:3F:AB:E8:21:83:6C:7B:27:66:F1:29:02:69:B0:42:99:85:AF:A6:6B:80:B3:FC:87:75:F2:4D:B5:4F:35:A4:76:BF:6C:2B:E8:63:56:E3:2A:48:BC:66:1D:C1:7D:56:5B:36:13:65:13:D9:FC:F1:F8:39:14:FB:DF:CD:96:D3:8D:34:F9:7A:5F:7A:1E:BC:C7:58:65:DA:5B:63:F1:E6:BC:D7:08:B3:BB:38:04:ED:41:A9:61:29:28:8C:B7:CF:BF:AD:73:BA:59:AC:48:8D:0F:17:B5:A6:12:C4:25:A3:83:E8:1A:73:5B:C9:35:48:25:CB:6F:D0:85:DD:BA:1D:69:AC:27:8C:0D:98:BA:87:D3:03:1D:55:E5:6B:8C:C8:E2:03:67:B0:1F:65:F1:4D:65:E8:D9:CB:34:09:BF:5E:3F:0E:3D:04:FD:74:0F:7A:FB:71:C0:A1" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:14:56", "not_valid_before": "2022-05-09 16:14:56" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:15:10 +0000 (0:00:00.728) 0:00:26.026 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "08:C0:90:49:9D:48:A6:95:51:47:42:3E:62:49:3B:1F:27:86:99:08" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E2:C1:51:1F:08:38:3F:E5:FE:39:F7:02:3B:B3:24:11:E6:62:F7:25" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "10:E2:3D:B0:95:79:1B:D6:A7:98:9D:71:31:65:29:47:0A:C6:7B:1B:1C:63:3D:72:75:65:07:A4:4D:C2:8C:46:D4:DC:38:C9:F6:0D:67:83:A3:81:A9:B3:A5:B0:D8:1C:77:D6:AF:3F:D4:F0:B5:C6:88:BE:E5:15:9F:BE:67:89:36:34:52:D4:3A:94:4C:65:06:9B:17:DE:F4:DC:60:FC:31:4E:F1:13:EB:3F:AB:E8:21:83:6C:7B:27:66:F1:29:02:69:B0:42:99:85:AF:A6:6B:80:B3:FC:87:75:F2:4D:B5:4F:35:A4:76:BF:6C:2B:E8:63:56:E3:2A:48:BC:66:1D:C1:7D:56:5B:36:13:65:13:D9:FC:F1:F8:39:14:FB:DF:CD:96:D3:8D:34:F9:7A:5F:7A:1E:BC:C7:58:65:DA:5B:63:F1:E6:BC:D7:08:B3:BB:38:04:ED:41:A9:61:29:28:8C:B7:CF:BF:AD:73:BA:59:AC:48:8D:0F:17:B5:A6:12:C4:25:A3:83:E8:1A:73:5B:C9:35:48:25:CB:6F:D0:85:DD:BA:1D:69:AC:27:8C:0D:98:BA:87:D3:03:1D:55:E5:6B:8C:C8:E2:03:67:B0:1F:65:F1:4D:65:E8:D9:CB:34:09:BF:5E:3F:0E:3D:04:FD:74:0F:7A:FB:71:C0:A1" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:14:56", "not_valid_before": "2022-05-09 16:14:56" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:15:10 +0000 (0:00:00.037) 0:00:26.064 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:15:10 +0000 (0:00:00.039) 0:00:26.104 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:15:10 +0000 (0:00:00.029) 0:00:26.133 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:15:10 +0000 (0:00:00.041) 0:00:26.174 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:15:10 +0000 (0:00:00.042) 0:00:26.217 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:15:10 +0000 (0:00:00.040) 0:00:26.258 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.046565", "end": "2022-05-09 16:15:10.876709", "rc": 0, "start": "2022-05-09 16:15:10.830144" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:15:11 +0000 (0:00:00.420) 0:00:26.678 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:15:11 +0000 (0:00:00.034) 0:00:26.713 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:15:11 +0000 (0:00:00.015) 0:00:26.729 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:15:13 +0000 (0:00:02.122) 0:00:28.851 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:15:14 +0000 (0:00:01.057) 0:00:29.909 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:15:15 +0000 (0:00:00.953) 0:00:30.862 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112897.6856127, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2d2003571e20c49e777a26b9625ce37a47a11b1b", "ctime": 1652112897.7396126, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 137738, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652112897.6826127, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "1136223307", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:15:15 +0000 (0:00:00.353) 0:00:31.216 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:15:15 +0000 (0:00:00.019) 0:00:31.235 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:15:15 +0000 (0:00:00.034) 0:00:31.269 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:15:15 +0000 (0:00:00.031) 0:00:31.301 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112897.6396127, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "67b75a2b32f6dc74424cb9c619f47674703ceb27", "ctime": 1652112897.7396126, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 137737, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652112897.6826127, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "2793898579", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:15:16 +0000 (0:00:00.365) 0:00:31.667 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:15:16 +0000 (0:00:00.019) 0:00:31.687 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:15:16 +0000 (0:00:00.042) 0:00:31.729 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.206972", "end": "2022-05-09 16:15:16.512902", "rc": 0, "start": "2022-05-09 16:15:16.305930" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "CF:CF:A7:B0:37:75:17:43:E6:64:2C:44:DE:5E:F5:77:E0:5E:2B:34", "critical": false }, "authorityKeyIdentifier": { "value": "08:C0:90:49:9D:48:A6:95:51:47:42:3E:62:49:3B:1F:27:86:99:08", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "80:06:69:34:8E:3B:64:C2:70:7C:C1:10:86:61:2B:0E:96:73:82:84:45:7C:2F:E5:0E:67:20:C5:0C:B8:12:CA:DA:46:0C:10:F4:4A:84:1E:E1:38:3B:60:F9:A2:81:B0:48:61:96:26:68:FF:78:28:1D:8A:86:EE:93:6A:32:F4:BC:04:C2:A3:5D:67:1A:21:53:EA:15:BE:81:1B:68:89:5F:69:78:14:40:46:7C:00:24:F0:68:07:2D:C9:3D:85:F0:A9:BA:FF:65:34:FB:F2:2B:15:BF:35:04:84:1E:2B:DF:1D:06:A5:D1:77:CC:E2:04:E1:BB:96:17:4C:59:DC:CC:E8:90:92:FD:BE:6F:01:C7:00:A0:B3:D6:44:C7:41:D0:53:BB:3D:6B:B6:A1:5B:24:20:66:81:13:9E:B3:91:C0:0D:38:C2:6D:CF:A2:10:5F:7A:CD:1F:59:89:8C:7A:6A:6F:39:7C:18:9A:77:B6:DB:3F:34:33:DF:40:D9:F9:3F:4D:8E:31:34:44:C7:D6:45:AB:1A:87:15:35:11:8E:2E:E2:A4:D2:2A:C0:99:B7:A1:39:E2:04:16:40:F5:5D:4C:F3:60:35:80:53:2E:3A:22:A3:42:D3:EF:5C:83:6F:5A:DC:71:5D:CB:D4:0B:8E:9C:5A:8B:7D:CE:7B:F3:AA" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:14:56", "not_valid_before": "2022-05-09 16:14:57" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:15:16 +0000 (0:00:00.579) 0:00:32.309 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "08:C0:90:49:9D:48:A6:95:51:47:42:3E:62:49:3B:1F:27:86:99:08" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "CF:CF:A7:B0:37:75:17:43:E6:64:2C:44:DE:5E:F5:77:E0:5E:2B:34" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "80:06:69:34:8E:3B:64:C2:70:7C:C1:10:86:61:2B:0E:96:73:82:84:45:7C:2F:E5:0E:67:20:C5:0C:B8:12:CA:DA:46:0C:10:F4:4A:84:1E:E1:38:3B:60:F9:A2:81:B0:48:61:96:26:68:FF:78:28:1D:8A:86:EE:93:6A:32:F4:BC:04:C2:A3:5D:67:1A:21:53:EA:15:BE:81:1B:68:89:5F:69:78:14:40:46:7C:00:24:F0:68:07:2D:C9:3D:85:F0:A9:BA:FF:65:34:FB:F2:2B:15:BF:35:04:84:1E:2B:DF:1D:06:A5:D1:77:CC:E2:04:E1:BB:96:17:4C:59:DC:CC:E8:90:92:FD:BE:6F:01:C7:00:A0:B3:D6:44:C7:41:D0:53:BB:3D:6B:B6:A1:5B:24:20:66:81:13:9E:B3:91:C0:0D:38:C2:6D:CF:A2:10:5F:7A:CD:1F:59:89:8C:7A:6A:6F:39:7C:18:9A:77:B6:DB:3F:34:33:DF:40:D9:F9:3F:4D:8E:31:34:44:C7:D6:45:AB:1A:87:15:35:11:8E:2E:E2:A4:D2:2A:C0:99:B7:A1:39:E2:04:16:40:F5:5D:4C:F3:60:35:80:53:2E:3A:22:A3:42:D3:EF:5C:83:6F:5A:DC:71:5D:CB:D4:0B:8E:9C:5A:8B:7D:CE:7B:F3:AA" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:14:56", "not_valid_before": "2022-05-09 16:14:57" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:15:16 +0000 (0:00:00.035) 0:00:32.344 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:15:16 +0000 (0:00:00.037) 0:00:32.382 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:15:16 +0000 (0:00:00.020) 0:00:32.403 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:15:17 +0000 (0:00:00.033) 0:00:32.436 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:15:17 +0000 (0:00:00.044) 0:00:32.480 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:15:17 +0000 (0:00:00.036) 0:00:32.517 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042262", "end": "2022-05-09 16:15:17.151884", "rc": 0, "start": "2022-05-09 16:15:17.109622" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:15:17 +0000 (0:00:00.436) 0:00:32.953 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=55 changed=9 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:15:17 +0000 (0:00:00.041) 0:00:32.995 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.89s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.20s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 2.89s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.71s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.12s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 2.09s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure certificate requests ------------ 1.52s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 1.17s /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:2 ----------------------------------- Install the package, force upgrade -------------------------------------- 1.06s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.00s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Install certreader ------------------------------------------------------ 0.95s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure user exists ------------------------------------------------------ 0.90s /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:5 ----------------------------------- Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:31 ---------------------------------- Ensure group "somegroup" exists ----------------------------------------- 0.75s /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:9 ----------------------------------- Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpd_ggxgwx/tests/tests_fs_attrs.yml:13 ---------------------------------- Parse certificate ------------------------------------------------------- 0.73s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.58s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.51s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmpd_ggxgwx/tests/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_include_vars_from_parent.yml:1 Monday 09 May 2022 16:15:31 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmpd_ggxgwx/tests/tests_include_vars_from_parent.yml:3 Monday 09 May 2022 16:15:33 +0000 (0:00:01.197) 0:00:01.207 ************ changed: [/cache/fedora-34.qcow2.snap -> localhost] => (item=Fedora-34) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpd_ggxgwx/tests/roles/caller/vars/Fedora-34.yml", "gid": 0, "group": "root", "item": "Fedora-34", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652112933.1086876-308408-119314580121765/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2.snap -> localhost] => (item=Fedora_34) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpd_ggxgwx/tests/roles/caller/vars/Fedora_34.yml", "gid": 0, "group": "root", "item": "Fedora_34", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652112933.7192469-308408-79695333112359/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2.snap -> localhost] => (item=Fedora) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpd_ggxgwx/tests/roles/caller/vars/Fedora.yml", "gid": 0, "group": "root", "item": "Fedora", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652112934.0619261-308408-29731126223179/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2.snap -> localhost] => (item=RedHat) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpd_ggxgwx/tests/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652112934.48109-308408-12205436005380/source", "state": "file", "uid": 0 } TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmpd_ggxgwx/tests/roles/caller/tasks/main.yml:4 Monday 09 May 2022 16:15:34 +0000 (0:00:01.782) 0:00:02.989 ************ TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:15:34 +0000 (0:00:00.032) 0:00:03.022 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:15:34 +0000 (0:00:00.021) 0:00:03.043 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:15:35 +0000 (0:00:00.502) 0:00:03.546 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:15:35 +0000 (0:00:00.035) 0:00:03.581 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:15:38 +0000 (0:00:02.810) 0:00:06.392 ************ TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:15:38 +0000 (0:00:00.017) 0:00:06.409 ************ TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:15:38 +0000 (0:00:00.021) 0:00:06.430 ************ TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:15:38 +0000 (0:00:00.018) 0:00:06.448 ************ TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:15:38 +0000 (0:00:00.017) 0:00:06.466 ************ META: role_complete for /cache/fedora-34.qcow2.snap TASK [caller : assert] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/roles/caller/tasks/main.yml:7 Monday 09 May 2022 16:15:38 +0000 (0:00:00.019) 0:00:06.485 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=6 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 09 May 2022 16:15:38 +0000 (0:00:00.034) 0:00:06.519 ************ =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.81s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- create var file in caller that can override the one in called role ------ 1.78s /tmp/tmpd_ggxgwx/tests/tests_include_vars_from_parent.yml:3 ------------------- Gathering Facts --------------------------------------------------------- 1.20s /tmp/tmpd_ggxgwx/tests/tests_include_vars_from_parent.yml:1 ------------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.50s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 caller : assert --------------------------------------------------------- 0.03s /tmp/tmpd_ggxgwx/tests/roles/caller/tasks/main.yml:7 -------------------------- include_role : {{ roletoinclude }} -------------------------------------- 0.03s /tmp/tmpd_ggxgwx/tests/roles/caller/tasks/main.yml:4 -------------------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Set version specific variables --------- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- linux-system-roles.certificate : Ensure certificate requests ------------ 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - linux-system-roles.certificate : Ensure provider service is running ----- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure provider packages are installed --- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_key_size.yml:2 Monday 09 May 2022 16:15:49 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:15:50 +0000 (0:00:01.122) 0:00:01.133 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:15:50 +0000 (0:00:00.021) 0:00:01.155 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:15:51 +0000 (0:00:00.489) 0:00:01.644 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:15:51 +0000 (0:00:00.040) 0:00:01.685 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:15:53 +0000 (0:00:02.438) 0:00:04.123 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:15:57 +0000 (0:00:03.200) 0:00:07.324 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:15:57 +0000 (0:00:00.558) 0:00:07.882 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:15:58 +0000 (0:00:00.410) 0:00:08.293 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target network.target dbus-broker.service system.slice dbus.socket syslog.target systemd-journald.socket sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:15:58 +0000 (0:00:00.953) 0:00:09.247 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_key_size', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert_key_size" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_key_size.yml:14 Monday 09 May 2022 16:16:01 +0000 (0:00:02.036) 0:00:11.283 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_key_size.yml:29 Monday 09 May 2022 16:16:01 +0000 (0:00:00.748) 0:00:12.031 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_size.crt', 'key_path': '/etc/pki/tls/private/mycert_key_size.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_size': 4096}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:16:01 +0000 (0:00:00.033) 0:00:12.064 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:16:01 +0000 (0:00:00.016) 0:00:12.081 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:16:03 +0000 (0:00:01.979) 0:00:14.061 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:16:08 +0000 (0:00:04.874) 0:00:18.936 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 78.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 92.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 28.5 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:16:11 +0000 (0:00:03.012) 0:00:21.948 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112961.2421951, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ef8f8fa603605540f443fcc6a1c3d9f17747f0fa", "ctime": 1652112961.239195, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112961.239195, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_size.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1639, "uid": 0, "version": "2119189666", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:16:12 +0000 (0:00:00.539) 0:00:22.488 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:16:12 +0000 (0:00:00.023) 0:00:22.511 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:16:12 +0000 (0:00:00.040) 0:00:22.552 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:16:12 +0000 (0:00:00.034) 0:00:22.586 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112961.1851952, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "99c10d91c5a715024b343d5e51b9cb2194a86d06", "ctime": 1652112961.239195, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112961.239195, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_size.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "4066852891", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:16:12 +0000 (0:00:00.396) 0:00:22.983 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:16:12 +0000 (0:00:00.024) 0:00:23.007 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:16:12 +0000 (0:00:00.040) 0:00:23.048 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_size.crt" ], "delta": "0:00:00.199194", "end": "2022-05-09 16:16:13.875427", "rc": 0, "start": "2022-05-09 16:16:13.676233" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "52:9F:AB:10:2F:AD:9D:07:E2:C6:64:60:E8:9F:0D:8A:FA:A3:2D:23", "critical": false }, "authorityKeyIdentifier": { "value": "80:BE:72:B9:96:B4:FD:D4:06:28:D3:76:9A:9F:09:EB:9B:30:5B:A8", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "78:C0:09:C6:78:68:40:34:5A:61:79:84:1F:FC:62:62:B6:4B:F9:15:69:6B:2B:C4:02:61:35:EA:F5:6B:70:78:82:CE:CC:C4:A0:B3:EB:65:94:89:BE:2C:89:A7:30:E3:86:0F:B0:45:7F:96:3B:B2:11:F0:44:25:26:B9:72:9D:FC:76:3D:21:73:FA:FF:86:38:A6:DE:8D:F0:E3:29:B7:E3:58:28:04:E6:B3:59:A5:06:0B:E2:93:DE:0D:21:2C:5B:4B:0A:2D:06:DC:06:A4:F5:3E:C3:3A:5C:DD:B4:D7:91:53:9F:E9:8E:C1:B5:62:C5:EA:E8:CE:1E:94:F5:85:8D:EA:32:BE:71:7F:1B:E2:D0:1D:5D:1D:B5:ED:95:4A:5E:F8:28:0D:79:2B:B0:41:CE:36:18:09:E6:7A:05:7C:E2:0D:6F:0A:B8:49:C5:72:AA:86:3A:43:4B:12:27:ED:1B:06:9F:84:25:5C:F2:C4:95:9E:37:A1:22:3E:F9:26:99:E7:F3:BD:38:3A:F8:DD:22:3C:84:C6:10:C6:F1:4F:BC:0E:D1:7F:2F:82:9F:E3:23:01:E1:8C:2C:8A:55:38:8C:85:C0:68:D4:CD:4C:1B:7A:A5:3B:70:3E:CE:02:45:43:C8:44:4B:99:ED:57:74:30:B3:46:19:A3:69:5A:70" }, "key_size": 4096, "validity": { "not_valid_after": "2023-05-09 16:15:59", "not_valid_before": "2022-05-09 16:16:01" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:16:13 +0000 (0:00:00.723) 0:00:23.771 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "80:BE:72:B9:96:B4:FD:D4:06:28:D3:76:9A:9F:09:EB:9B:30:5B:A8" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "52:9F:AB:10:2F:AD:9D:07:E2:C6:64:60:E8:9F:0D:8A:FA:A3:2D:23" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "78:C0:09:C6:78:68:40:34:5A:61:79:84:1F:FC:62:62:B6:4B:F9:15:69:6B:2B:C4:02:61:35:EA:F5:6B:70:78:82:CE:CC:C4:A0:B3:EB:65:94:89:BE:2C:89:A7:30:E3:86:0F:B0:45:7F:96:3B:B2:11:F0:44:25:26:B9:72:9D:FC:76:3D:21:73:FA:FF:86:38:A6:DE:8D:F0:E3:29:B7:E3:58:28:04:E6:B3:59:A5:06:0B:E2:93:DE:0D:21:2C:5B:4B:0A:2D:06:DC:06:A4:F5:3E:C3:3A:5C:DD:B4:D7:91:53:9F:E9:8E:C1:B5:62:C5:EA:E8:CE:1E:94:F5:85:8D:EA:32:BE:71:7F:1B:E2:D0:1D:5D:1D:B5:ED:95:4A:5E:F8:28:0D:79:2B:B0:41:CE:36:18:09:E6:7A:05:7C:E2:0D:6F:0A:B8:49:C5:72:AA:86:3A:43:4B:12:27:ED:1B:06:9F:84:25:5C:F2:C4:95:9E:37:A1:22:3E:F9:26:99:E7:F3:BD:38:3A:F8:DD:22:3C:84:C6:10:C6:F1:4F:BC:0E:D1:7F:2F:82:9F:E3:23:01:E1:8C:2C:8A:55:38:8C:85:C0:68:D4:CD:4C:1B:7A:A5:3B:70:3E:CE:02:45:43:C8:44:4B:99:ED:57:74:30:B3:46:19:A3:69:5A:70" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:15:59", "not_valid_before": "2022-05-09 16:16:01" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:16:13 +0000 (0:00:00.034) 0:00:23.806 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:16:13 +0000 (0:00:00.034) 0:00:23.840 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:16:13 +0000 (0:00:00.022) 0:00:23.863 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:16:13 +0000 (0:00:00.035) 0:00:23.898 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:16:13 +0000 (0:00:00.035) 0:00:23.934 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:16:13 +0000 (0:00:00.035) 0:00:23.969 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_size.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044882", "end": "2022-05-09 16:16:14.489499", "rc": 0, "start": "2022-05-09 16:16:14.444617" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:16:14 +0000 (0:00:00.416) 0:00:24.385 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:16:14 +0000 (0:00:00.040) 0:00:24.426 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.87s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.20s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 3.01s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.44s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- linux-system-roles.certificate : Ensure certificate requests ------------ 2.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Ensure python3 is installed --------------------------------------------- 1.98s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmpd_ggxgwx/tests/tests_key_size.yml:2 ----------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.95s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpd_ggxgwx/tests/tests_key_size.yml:14 ---------------------------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.54s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.49s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve key file stats ------------------------------------------------- 0.40s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 ------------- linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 ------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_key_usage_and_extended_key_usage.yml:2 Monday 09 May 2022 16:16:25 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:16:26 +0000 (0:00:01.157) 0:00:01.168 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:16:26 +0000 (0:00:00.020) 0:00:01.189 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:16:27 +0000 (0:00:00.503) 0:00:01.692 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:16:27 +0000 (0:00:00.037) 0:00:01.730 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:16:30 +0000 (0:00:02.858) 0:00:04.588 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:16:33 +0000 (0:00:03.505) 0:00:08.094 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:16:34 +0000 (0:00:00.554) 0:00:08.649 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:16:34 +0000 (0:00:00.402) 0:00:09.051 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice dbus-broker.service sysinit.target syslog.target dbus.socket basic.target network.target systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:16:35 +0000 (0:00:01.034) 0:00:10.086 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_key_usage_and_extended_key_usage', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "extended_key_usage": [ "id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5" ], "key_usage": [ "digitalSignature", "nonRepudiation", "keyEncipherment" ], "name": "mycert_key_usage_and_extended_key_usage" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_key_usage_and_extended_key_usage.yml:22 Monday 09 May 2022 16:16:36 +0000 (0:00:00.821) 0:00:10.907 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_key_usage_and_extended_key_usage.yml:50 Monday 09 May 2022 16:16:37 +0000 (0:00:00.774) 0:00:11.681 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt', 'key_path': '/etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment'], 'extended_key_usage': [{'name': 'id-kp-clientAuth', 'oid': '1.3.6.1.5.5.7.3.2'}, {'name': 'id-kp-serverAuth', 'oid': '1.3.6.1.5.5.7.3.1'}, {'name': 'id-kp-ipsecTunnel', 'oid': '1.3.6.1.5.5.7.3.6'}, {'name': None, 'oid': '1.3.6.1.5.2.3.5'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:16:37 +0000 (0:00:00.034) 0:00:11.716 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:16:37 +0000 (0:00:00.017) 0:00:11.733 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:16:39 +0000 (0:00:02.002) 0:00:13.736 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:16:44 +0000 (0:00:05.107) 0:00:18.844 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.8 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 75.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.6 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 94.0 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 31.6 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:16:47 +0000 (0:00:02.902) 0:00:21.747 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112995.9843705, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9e90888acb0a0f0b78415d36f597f47d4fdf9422", "ctime": 1652112995.9823704, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112995.9823704, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1318, "uid": 0, "version": "1265965845", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:16:47 +0000 (0:00:00.519) 0:00:22.267 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:16:47 +0000 (0:00:00.024) 0:00:22.292 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:16:47 +0000 (0:00:00.040) 0:00:22.333 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:16:48 +0000 (0:00:00.038) 0:00:22.371 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652112995.9393704, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "03777eda470e17b7941980aa851033cbbe686a3a", "ctime": 1652112995.9823704, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652112995.9823704, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "617643608", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:16:48 +0000 (0:00:00.392) 0:00:22.764 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:16:48 +0000 (0:00:00.020) 0:00:22.784 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:16:48 +0000 (0:00:00.037) 0:00:22.822 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt" ], "delta": "0:00:00.217578", "end": "2022-05-09 16:16:48.734150", "rc": 0, "start": "2022-05-09 16:16:48.516572" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "65:8B:0F:EE:54:03:8D:75:7E:8F:4B:D6:1F:28:23:5E:32:F6:B4:88", "critical": false }, "authorityKeyIdentifier": { "value": "B4:CD:64:3A:C5:CD:F8:91:BB:97:CE:CC:E2:8B:FA:45:45:05:02:0C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "C6:DF:E4:44:C3:A5:74:5E:60:ED:73:76:EC:86:DE:C9:93:31:44:FC:AD:9C:FC:F2:44:49:5C:C6:2C:12:2A:23:2E:78:14:8F:5D:3F:6D:A3:6F:56:DC:FF:A7:7D:89:13:91:67:37:9C:1A:5C:C3:22:19:16:7F:B5:6C:B8:7D:B3:36:B8:9C:64:11:EA:7B:1A:56:8C:F6:9C:69:65:04:E8:79:A1:2C:AC:41:37:E7:35:2D:8F:21:24:9A:57:4E:1F:B6:E3:19:D7:F7:3D:19:B4:F3:7A:71:3D:74:55:CE:86:3A:30:E2:B6:90:2D:79:F4:F3:E7:70:A4:B5:B6:3C:EA:AD:BF:27:06:66:9D:A3:BF:CD:9A:AE:15:DA:88:65:08:AE:40:61:23:CB:C0:3C:E4:59:9C:4B:52:48:8C:F7:AC:38:F6:30:74:4C:1B:28:B1:6D:9C:9D:D3:E8:5F:42:51:02:3C:4E:BB:6E:EB:D9:3D:82:18:07:F5:10:20:E6:2C:7A:FA:9A:8A:B0:1F:64:15:2D:3C:1D:86:B7:91:23:C1:C7:B5:1C:59:C1:F5:3B:60:FF:93:6F:B3:2E:12:24:90:85:9A:2A:9C:57:DF:7B:3C:DC:30:0D:7C:2E:CE:DD:00:F6:E2:E6:5E:8C:A7:54:35:4E:FD:7D:E7:EE:7D:AF:61" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:16:35", "not_valid_before": "2022-05-09 16:16:35" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:16:49 +0000 (0:00:00.739) 0:00:23.561 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "B4:CD:64:3A:C5:CD:F8:91:BB:97:CE:CC:E2:8B:FA:45:45:05:02:0C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "content_commitment", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "65:8B:0F:EE:54:03:8D:75:7E:8F:4B:D6:1F:28:23:5E:32:F6:B4:88" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "C6:DF:E4:44:C3:A5:74:5E:60:ED:73:76:EC:86:DE:C9:93:31:44:FC:AD:9C:FC:F2:44:49:5C:C6:2C:12:2A:23:2E:78:14:8F:5D:3F:6D:A3:6F:56:DC:FF:A7:7D:89:13:91:67:37:9C:1A:5C:C3:22:19:16:7F:B5:6C:B8:7D:B3:36:B8:9C:64:11:EA:7B:1A:56:8C:F6:9C:69:65:04:E8:79:A1:2C:AC:41:37:E7:35:2D:8F:21:24:9A:57:4E:1F:B6:E3:19:D7:F7:3D:19:B4:F3:7A:71:3D:74:55:CE:86:3A:30:E2:B6:90:2D:79:F4:F3:E7:70:A4:B5:B6:3C:EA:AD:BF:27:06:66:9D:A3:BF:CD:9A:AE:15:DA:88:65:08:AE:40:61:23:CB:C0:3C:E4:59:9C:4B:52:48:8C:F7:AC:38:F6:30:74:4C:1B:28:B1:6D:9C:9D:D3:E8:5F:42:51:02:3C:4E:BB:6E:EB:D9:3D:82:18:07:F5:10:20:E6:2C:7A:FA:9A:8A:B0:1F:64:15:2D:3C:1D:86:B7:91:23:C1:C7:B5:1C:59:C1:F5:3B:60:FF:93:6F:B3:2E:12:24:90:85:9A:2A:9C:57:DF:7B:3C:DC:30:0D:7C:2E:CE:DD:00:F6:E2:E6:5E:8C:A7:54:35:4E:FD:7D:E7:EE:7D:AF:61" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:16:35", "not_valid_before": "2022-05-09 16:16:35" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:16:49 +0000 (0:00:00.032) 0:00:23.593 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:16:49 +0000 (0:00:00.037) 0:00:23.631 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:16:49 +0000 (0:00:00.023) 0:00:23.654 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:16:49 +0000 (0:00:00.038) 0:00:23.693 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:16:49 +0000 (0:00:00.036) 0:00:23.729 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:16:49 +0000 (0:00:00.036) 0:00:23.766 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039968", "end": "2022-05-09 16:16:49.387031", "rc": 0, "start": "2022-05-09 16:16:49.347063" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:16:49 +0000 (0:00:00.443) 0:00:24.209 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:16:49 +0000 (0:00:00.043) 0:00:24.253 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.11s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.51s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 2.90s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.86s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.00s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpd_ggxgwx/tests/tests_key_usage_and_extended_key_usage.yml:2 ----------- linux-system-roles.certificate : Ensure provider service is running ----- 1.03s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.82s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpd_ggxgwx/tests/tests_key_usage_and_extended_key_usage.yml:22 ---------- Parse certificate ------------------------------------------------------- 0.74s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.50s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.44s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify certificate permissions ------------------------------------------ 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 ------------- Verify key size --------------------------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmpd_ggxgwx/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_many_self_signed.yml:2 Monday 09 May 2022 16:17:01 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:17:02 +0000 (0:00:01.130) 0:00:01.142 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:17:02 +0000 (0:00:00.018) 0:00:01.160 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:17:02 +0000 (0:00:00.514) 0:00:01.675 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:17:02 +0000 (0:00:00.034) 0:00:01.710 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:17:05 +0000 (0:00:02.800) 0:00:04.510 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:17:09 +0000 (0:00:03.355) 0:00:07.865 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:17:09 +0000 (0:00:00.524) 0:00:08.390 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:17:09 +0000 (0:00:00.401) 0:00:08.791 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target systemd-journald.socket dbus-broker.service dbus.socket system.slice network.target syslog.target basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:17:10 +0000 (0:00:01.003) 0:00:09.795 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_many_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_many_self_signed" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_many_self_signed.yml:18 Monday 09 May 2022 16:17:13 +0000 (0:00:02.657) 0:00:12.453 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_many_self_signed.yml:50 Monday 09 May 2022 16:17:14 +0000 (0:00:00.729) 0:00:13.183 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_many_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_many_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:17:14 +0000 (0:00:00.047) 0:00:13.231 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:17:14 +0000 (0:00:00.017) 0:00:13.249 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:17:16 +0000 (0:00:02.358) 0:00:15.607 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:17:21 +0000 (0:00:05.042) 0:00:20.649 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 48.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 77.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.9 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 84.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 38.2 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:17:24 +0000 (0:00:02.925) 0:00:23.575 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113030.575791, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "58398c38c6c337a8138f4c9112ffc997a40ca190", "ctime": 1652113030.5737908, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113030.5737908, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_many_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3489373637", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:17:25 +0000 (0:00:00.525) 0:00:24.100 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:17:25 +0000 (0:00:00.031) 0:00:24.131 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:17:25 +0000 (0:00:00.040) 0:00:24.171 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:17:25 +0000 (0:00:00.037) 0:00:24.209 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113030.5297909, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "349e2b97ebd580a5d0689593918ffef43837f070", "ctime": 1652113030.5737908, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113030.5737908, "nlink": 1, "path": "/etc/pki/tls/private/mycert_many_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1657829989", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:17:25 +0000 (0:00:00.370) 0:00:24.579 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:17:25 +0000 (0:00:00.022) 0:00:24.601 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:17:25 +0000 (0:00:00.034) 0:00:24.636 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_many_self_signed.crt" ], "delta": "0:00:00.199168", "end": "2022-05-09 16:17:25.549863", "rc": 0, "start": "2022-05-09 16:17:25.350695" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "6D:25:25:8D:CE:57:C8:37:15:0A:CB:68:78:34:D4:58:FA:2E:EF:70", "critical": false }, "authorityKeyIdentifier": { "value": "5A:B9:46:8B:37:88:7E:15:D0:4F:C7:08:F1:8C:AE:FE:2F:4E:8F:3A", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A0:D3:1A:A8:64:9E:5E:24:6A:08:76:E9:AA:0F:31:30:D2:26:BD:26:4E:62:9D:04:26:67:93:45:BF:47:43:3C:64:45:B0:4A:9E:DE:68:C6:EA:0F:25:AA:BE:4C:9D:6F:51:EB:6B:B4:3E:3D:27:8D:36:A9:FE:12:EB:FA:A3:F1:F4:D6:0D:AB:27:40:F5:40:08:94:E5:67:D2:8C:C3:21:7B:EE:74:72:20:C1:29:11:75:2D:AC:D1:45:BC:04:96:D5:DA:1F:2A:A0:33:41:CD:C2:6A:EE:E3:9A:8F:49:4D:6C:1D:27:BF:BA:A8:4B:2D:45:12:B0:11:44:FA:D9:8E:43:48:E9:6F:CB:8C:88:63:D6:76:67:AE:A9:21:D1:5B:1D:70:D0:4E:1C:B7:63:E1:D7:B1:2F:6B:9A:D0:EA:A2:61:2C:64:6D:45:40:9B:DE:73:B3:16:D2:A8:89:27:BD:F1:88:53:F9:CA:EE:D3:D8:C6:08:A4:23:09:1F:8C:F4:74:71:07:81:91:75:5F:F2:06:3F:2A:12:77:36:DA:40:DB:15:EB:36:81:B8:6F:06:2F:92:BE:90:B9:E9:94:46:0F:3B:A2:58:14:91:1D:02:6C:6B:F5:BF:E8:50:A5:57:39:9F:8F:72:23:7B:04:20:E8:F8:DE:D6:B6:B4:ED:78" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:17:09", "not_valid_before": "2022-05-09 16:17:10" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:17:26 +0000 (0:00:00.909) 0:00:25.545 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5A:B9:46:8B:37:88:7E:15:D0:4F:C7:08:F1:8C:AE:FE:2F:4E:8F:3A" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "6D:25:25:8D:CE:57:C8:37:15:0A:CB:68:78:34:D4:58:FA:2E:EF:70" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A0:D3:1A:A8:64:9E:5E:24:6A:08:76:E9:AA:0F:31:30:D2:26:BD:26:4E:62:9D:04:26:67:93:45:BF:47:43:3C:64:45:B0:4A:9E:DE:68:C6:EA:0F:25:AA:BE:4C:9D:6F:51:EB:6B:B4:3E:3D:27:8D:36:A9:FE:12:EB:FA:A3:F1:F4:D6:0D:AB:27:40:F5:40:08:94:E5:67:D2:8C:C3:21:7B:EE:74:72:20:C1:29:11:75:2D:AC:D1:45:BC:04:96:D5:DA:1F:2A:A0:33:41:CD:C2:6A:EE:E3:9A:8F:49:4D:6C:1D:27:BF:BA:A8:4B:2D:45:12:B0:11:44:FA:D9:8E:43:48:E9:6F:CB:8C:88:63:D6:76:67:AE:A9:21:D1:5B:1D:70:D0:4E:1C:B7:63:E1:D7:B1:2F:6B:9A:D0:EA:A2:61:2C:64:6D:45:40:9B:DE:73:B3:16:D2:A8:89:27:BD:F1:88:53:F9:CA:EE:D3:D8:C6:08:A4:23:09:1F:8C:F4:74:71:07:81:91:75:5F:F2:06:3F:2A:12:77:36:DA:40:DB:15:EB:36:81:B8:6F:06:2F:92:BE:90:B9:E9:94:46:0F:3B:A2:58:14:91:1D:02:6C:6B:F5:BF:E8:50:A5:57:39:9F:8F:72:23:7B:04:20:E8:F8:DE:D6:B6:B4:ED:78" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:17:09", "not_valid_before": "2022-05-09 16:17:10" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:17:26 +0000 (0:00:00.034) 0:00:25.580 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:17:26 +0000 (0:00:00.038) 0:00:25.619 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:17:26 +0000 (0:00:00.022) 0:00:25.642 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:17:26 +0000 (0:00:00.036) 0:00:25.678 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:17:26 +0000 (0:00:00.067) 0:00:25.746 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:17:26 +0000 (0:00:00.035) 0:00:25.782 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_many_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041692", "end": "2022-05-09 16:17:26.197690", "rc": 0, "start": "2022-05-09 16:17:26.155998" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:17:27 +0000 (0:00:00.413) 0:00:26.195 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:17:27 +0000 (0:00:00.034) 0:00:26.230 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:17:27 +0000 (0:00:00.016) 0:00:26.247 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:17:29 +0000 (0:00:02.003) 0:00:28.251 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:17:30 +0000 (0:00:01.044) 0:00:29.295 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:17:31 +0000 (0:00:01.017) 0:00:30.313 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113031.2407908, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8ed5e3837f13c918c9e7933e116e825c07458d6a", "ctime": 1652113031.2377908, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137734, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113031.2377908, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "614404196", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:17:31 +0000 (0:00:00.384) 0:00:30.698 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:17:31 +0000 (0:00:00.022) 0:00:30.720 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:17:31 +0000 (0:00:00.037) 0:00:30.757 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:17:31 +0000 (0:00:00.037) 0:00:30.795 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113031.1947908, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c7f7a2ec937d790bee95b19bbcc7252f04fd4609", "ctime": 1652113031.2377908, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137733, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113031.2377908, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "98320441", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:17:32 +0000 (0:00:00.384) 0:00:31.179 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:17:32 +0000 (0:00:00.022) 0:00:31.202 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:17:32 +0000 (0:00:00.039) 0:00:31.241 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.227500", "end": "2022-05-09 16:17:31.852408", "rc": 0, "start": "2022-05-09 16:17:31.624908" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "31:D1:0F:6A:A3:E0:1A:0E:41:40:04:6A:B1:B5:80:B6:D0:31:30:05", "critical": false }, "authorityKeyIdentifier": { "value": "5A:B9:46:8B:37:88:7E:15:D0:4F:C7:08:F1:8C:AE:FE:2F:4E:8F:3A", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "37:61:80:17:30:1D:81:F1:62:89:9D:27:70:F6:3A:42:CC:B1:BC:0B:FC:E7:15:57:0C:15:9A:08:F4:A1:84:97:EE:05:4A:98:38:A7:F5:72:4B:12:84:8F:C6:09:B8:65:BA:64:B5:B0:72:80:01:DA:B7:8A:FC:7E:98:F6:7C:03:BC:69:0F:DF:BD:C5:6C:0D:88:70:8F:E6:F7:9B:FC:0E:79:5F:21:55:C4:A0:2C:D5:FB:C0:50:02:F1:03:F2:D3:D7:59:DA:8A:68:D8:F5:BC:86:5D:BB:BD:0F:11:95:A3:FE:AD:F2:F3:52:51:0F:69:7B:6E:4A:BB:2E:6E:7B:F8:E1:F6:FF:EC:77:CF:7A:51:1D:31:8D:41:AF:59:FA:49:41:45:33:B4:17:E0:6A:E4:88:50:EC:98:23:C0:08:5B:0C:B1:EE:06:E6:3A:2B:7C:12:C8:97:11:5F:10:04:CB:63:30:21:4F:56:17:D8:2B:78:67:CE:C3:00:6B:8A:F8:0C:10:CF:DB:93:DE:DE:F6:0E:EB:DD:4B:AC:8F:59:EE:DE:1E:1B:96:7B:05:D0:14:4D:B2:FA:D8:69:05:B0:4E:06:D0:85:57:FE:EC:0B:D0:22:D2:DC:32:A9:8D:9D:DC:72:46:79:FD:F0:FA:CE:8A:B2:74:03:4D:73:13:64:F6" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:17:09", "not_valid_before": "2022-05-09 16:17:11" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:17:33 +0000 (0:00:00.614) 0:00:31.855 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5A:B9:46:8B:37:88:7E:15:D0:4F:C7:08:F1:8C:AE:FE:2F:4E:8F:3A" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "31:D1:0F:6A:A3:E0:1A:0E:41:40:04:6A:B1:B5:80:B6:D0:31:30:05" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "37:61:80:17:30:1D:81:F1:62:89:9D:27:70:F6:3A:42:CC:B1:BC:0B:FC:E7:15:57:0C:15:9A:08:F4:A1:84:97:EE:05:4A:98:38:A7:F5:72:4B:12:84:8F:C6:09:B8:65:BA:64:B5:B0:72:80:01:DA:B7:8A:FC:7E:98:F6:7C:03:BC:69:0F:DF:BD:C5:6C:0D:88:70:8F:E6:F7:9B:FC:0E:79:5F:21:55:C4:A0:2C:D5:FB:C0:50:02:F1:03:F2:D3:D7:59:DA:8A:68:D8:F5:BC:86:5D:BB:BD:0F:11:95:A3:FE:AD:F2:F3:52:51:0F:69:7B:6E:4A:BB:2E:6E:7B:F8:E1:F6:FF:EC:77:CF:7A:51:1D:31:8D:41:AF:59:FA:49:41:45:33:B4:17:E0:6A:E4:88:50:EC:98:23:C0:08:5B:0C:B1:EE:06:E6:3A:2B:7C:12:C8:97:11:5F:10:04:CB:63:30:21:4F:56:17:D8:2B:78:67:CE:C3:00:6B:8A:F8:0C:10:CF:DB:93:DE:DE:F6:0E:EB:DD:4B:AC:8F:59:EE:DE:1E:1B:96:7B:05:D0:14:4D:B2:FA:D8:69:05:B0:4E:06:D0:85:57:FE:EC:0B:D0:22:D2:DC:32:A9:8D:9D:DC:72:46:79:FD:F0:FA:CE:8A:B2:74:03:4D:73:13:64:F6" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-05-09 16:17:09", "not_valid_before": "2022-05-09 16:17:11" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:17:33 +0000 (0:00:00.034) 0:00:31.890 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:17:33 +0000 (0:00:00.042) 0:00:31.933 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:17:33 +0000 (0:00:00.022) 0:00:31.955 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:17:33 +0000 (0:00:00.036) 0:00:31.992 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:17:33 +0000 (0:00:00.039) 0:00:32.031 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:17:33 +0000 (0:00:00.041) 0:00:32.073 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.049296", "end": "2022-05-09 16:17:32.510664", "rc": 0, "start": "2022-05-09 16:17:32.461368" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:17:33 +0000 (0:00:00.440) 0:00:32.513 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:17:33 +0000 (0:00:00.038) 0:00:32.551 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:17:33 +0000 (0:00:00.018) 0:00:32.570 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:17:35 +0000 (0:00:02.105) 0:00:34.675 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:17:36 +0000 (0:00:01.067) 0:00:35.743 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:17:37 +0000 (0:00:01.016) 0:00:36.759 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113032.3347907, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4474bff03770b6b91a054955faa3f8c83e49e8d5", "ctime": 1652113032.3317907, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137736, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113032.3317907, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "4105901337", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:17:38 +0000 (0:00:00.391) 0:00:37.150 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:17:38 +0000 (0:00:00.021) 0:00:37.172 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:17:38 +0000 (0:00:00.038) 0:00:37.211 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:17:38 +0000 (0:00:00.035) 0:00:37.246 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113032.2877908, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f78ba4b17dbae80e642641405bba023dad5cf0a2", "ctime": 1652113032.3317907, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137735, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113032.3317907, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "35191805", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:17:38 +0000 (0:00:00.385) 0:00:37.632 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:17:38 +0000 (0:00:00.021) 0:00:37.653 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:17:38 +0000 (0:00:00.037) 0:00:37.691 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.229664", "end": "2022-05-09 16:17:38.293750", "rc": 0, "start": "2022-05-09 16:17:38.064086" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "8E:4A:2C:FD:0B:30:D7:97:E7:73:D5:5E:3E:57:1D:F0:30:83:0C:41", "critical": false }, "authorityKeyIdentifier": { "value": "5A:B9:46:8B:37:88:7E:15:D0:4F:C7:08:F1:8C:AE:FE:2F:4E:8F:3A", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5E:26:C4:B9:DF:BA:24:CA:CC:7D:92:F1:C4:B9:9B:29:D6:6F:46:D7:3D:2E:19:60:0E:F9:0B:56:DC:AA:5F:DC:D2:6B:8F:7C:19:3B:C3:E1:48:26:48:47:E7:73:09:F0:49:43:E9:87:EC:66:51:49:94:D6:26:0C:BD:A0:95:4B:BF:75:53:04:5E:DB:E3:EA:E7:E7:AA:5C:CE:B2:D6:7B:16:63:E8:7E:8A:D8:66:09:1A:2E:1F:F7:26:41:C8:40:17:5B:A8:79:BF:96:EE:B9:0A:F7:7E:47:42:E0:BF:50:1B:32:92:05:6B:C0:4E:46:EF:E7:CA:43:3C:98:90:82:7A:2F:AE:40:51:F1:B4:3C:D5:06:B9:E1:42:86:99:ED:E3:FC:47:A3:09:77:6F:5A:00:E8:B3:19:06:17:F3:BE:F1:6C:1C:3F:E2:E5:6B:68:6F:AB:8F:8E:50:6A:98:6A:C5:6F:81:C5:41:F0:F4:3A:89:07:7F:6A:38:9A:E2:2E:A6:47:0D:E1:71:EC:CF:88:37:40:FA:B1:9B:1C:35:5F:DC:E2:D5:18:83:4D:E0:1D:11:33:F2:BA:25:56:9A:B8:4C:F9:F6:2F:6A:1A:18:12:09:B4:3E:3F:FA:0D:86:6A:57:66:37:E4:48:A2:AB:95:6A:25:E3:4D:F3:26:03:B1" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:17:09", "not_valid_before": "2022-05-09 16:17:12" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:17:39 +0000 (0:00:00.602) 0:00:38.293 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5A:B9:46:8B:37:88:7E:15:D0:4F:C7:08:F1:8C:AE:FE:2F:4E:8F:3A" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "8E:4A:2C:FD:0B:30:D7:97:E7:73:D5:5E:3E:57:1D:F0:30:83:0C:41" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5E:26:C4:B9:DF:BA:24:CA:CC:7D:92:F1:C4:B9:9B:29:D6:6F:46:D7:3D:2E:19:60:0E:F9:0B:56:DC:AA:5F:DC:D2:6B:8F:7C:19:3B:C3:E1:48:26:48:47:E7:73:09:F0:49:43:E9:87:EC:66:51:49:94:D6:26:0C:BD:A0:95:4B:BF:75:53:04:5E:DB:E3:EA:E7:E7:AA:5C:CE:B2:D6:7B:16:63:E8:7E:8A:D8:66:09:1A:2E:1F:F7:26:41:C8:40:17:5B:A8:79:BF:96:EE:B9:0A:F7:7E:47:42:E0:BF:50:1B:32:92:05:6B:C0:4E:46:EF:E7:CA:43:3C:98:90:82:7A:2F:AE:40:51:F1:B4:3C:D5:06:B9:E1:42:86:99:ED:E3:FC:47:A3:09:77:6F:5A:00:E8:B3:19:06:17:F3:BE:F1:6C:1C:3F:E2:E5:6B:68:6F:AB:8F:8E:50:6A:98:6A:C5:6F:81:C5:41:F0:F4:3A:89:07:7F:6A:38:9A:E2:2E:A6:47:0D:E1:71:EC:CF:88:37:40:FA:B1:9B:1C:35:5F:DC:E2:D5:18:83:4D:E0:1D:11:33:F2:BA:25:56:9A:B8:4C:F9:F6:2F:6A:1A:18:12:09:B4:3E:3F:FA:0D:86:6A:57:66:37:E4:48:A2:AB:95:6A:25:E3:4D:F3:26:03:B1" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-05-09 16:17:09", "not_valid_before": "2022-05-09 16:17:12" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:17:39 +0000 (0:00:00.036) 0:00:38.329 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:17:39 +0000 (0:00:00.032) 0:00:38.361 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:17:39 +0000 (0:00:00.019) 0:00:38.381 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:17:39 +0000 (0:00:00.030) 0:00:38.411 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:17:39 +0000 (0:00:00.032) 0:00:38.444 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:17:39 +0000 (0:00:00.038) 0:00:38.482 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043621", "end": "2022-05-09 16:17:38.913916", "rc": 0, "start": "2022-05-09 16:17:38.870295" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:17:40 +0000 (0:00:00.429) 0:00:38.911 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=73 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:17:40 +0000 (0:00:00.042) 0:00:38.954 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.36s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 2.93s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.80s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- linux-system-roles.certificate : Ensure certificate requests ------------ 2.66s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Ensure python3 is installed --------------------------------------------- 2.36s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 2.11s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 2.00s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.13s /tmp/tmpd_ggxgwx/tests/tests_many_self_signed.yml:2 --------------------------- Install the package, force upgrade -------------------------------------- 1.07s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install the package, force upgrade -------------------------------------- 1.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 1.02s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- Install certreader ------------------------------------------------------ 1.02s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.00s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Parse certificate ------------------------------------------------------- 0.91s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpd_ggxgwx/tests/tests_many_self_signed.yml:18 -------------------------- Parse certificate ------------------------------------------------------- 0.61s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.60s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- Retrieve certificate file stats ----------------------------------------- 0.53s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_no_auto_renew.yml:2 Monday 09 May 2022 16:17:55 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:17:56 +0000 (0:00:01.145) 0:00:01.155 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:17:56 +0000 (0:00:00.020) 0:00:01.176 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:17:57 +0000 (0:00:00.524) 0:00:01.700 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:17:57 +0000 (0:00:00.034) 0:00:01.734 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:17:59 +0000 (0:00:02.783) 0:00:04.518 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:18:03 +0000 (0:00:03.139) 0:00:07.657 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:18:03 +0000 (0:00:00.554) 0:00:08.212 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:18:03 +0000 (0:00:00.405) 0:00:08.617 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target dbus.socket syslog.target network.target basic.target dbus-broker.service system.slice systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:18:05 +0000 (0:00:01.065) 0:00:09.682 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_no_auto_renew', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => { "ansible_loop_var": "item", "changed": true, "item": { "auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert_no_auto_renew" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "defaultcert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_no_auto_renew.yml:17 Monday 09 May 2022 16:18:06 +0000 (0:00:01.697) 0:00:11.380 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_no_auto_renew.yml:42 Monday 09 May 2022 16:18:07 +0000 (0:00:00.758) 0:00:12.139 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_no_auto_renew.crt', 'key_path': '/etc/pki/tls/private/mycert_no_auto_renew.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': False}) included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/defaultcert.crt', 'key_path': '/etc/pki/tls/private/defaultcert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': True}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:18:07 +0000 (0:00:00.041) 0:00:12.180 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:18:07 +0000 (0:00:00.019) 0:00:12.200 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:18:09 +0000 (0:00:02.120) 0:00:14.320 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:18:14 +0000 (0:00:05.229) 0:00:19.550 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 48.8 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 11.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 12.4 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 28.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:18:18 +0000 (0:00:03.531) 0:00:23.081 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113085.450543, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5625f47f7d60f3c9c725e90b2e367fd9d2e5c538", "ctime": 1652113085.446543, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113085.446543, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_no_auto_renew.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "154581455", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:18:18 +0000 (0:00:00.523) 0:00:23.605 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:18:18 +0000 (0:00:00.023) 0:00:23.629 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:18:19 +0000 (0:00:00.036) 0:00:23.665 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:18:19 +0000 (0:00:00.036) 0:00:23.701 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113085.401543, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "60e8fad3312f77869d3151898ac35ee48fce914b", "ctime": 1652113085.446543, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113085.446543, "nlink": 1, "path": "/etc/pki/tls/private/mycert_no_auto_renew.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3383066059", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:18:19 +0000 (0:00:00.403) 0:00:24.105 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:18:19 +0000 (0:00:00.025) 0:00:24.131 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:18:19 +0000 (0:00:00.042) 0:00:24.173 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_no_auto_renew.crt" ], "delta": "0:00:00.209759", "end": "2022-05-09 16:18:19.859439", "rc": 0, "start": "2022-05-09 16:18:19.649680" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "D3:12:14:25:3E:F5:11:3B:7C:ED:EF:DD:5D:18:40:C4:BB:91:B7:A8", "critical": false }, "authorityKeyIdentifier": { "value": "48:24:8B:8C:0C:D1:34:1A:99:48:5A:79:CF:21:14:05:A9:96:45:EA", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "32:B8:4A:BE:EF:FD:88:42:50:BF:B1:47:98:E9:E7:1D:35:00:67:7B:6D:E0:FC:60:83:7A:FD:D5:91:8C:11:C3:D7:35:D0:B8:77:B3:3F:22:2B:FE:D2:B2:32:E7:DE:63:C3:40:73:BB:6F:0C:49:AF:44:1B:A5:89:0D:F9:5D:1F:B3:A0:23:AB:0D:C7:FB:1C:08:5E:2F:CD:2C:8A:3F:C8:70:D8:45:6B:A2:A7:47:E8:8E:7A:C1:CB:EE:0D:16:81:02:1C:27:B6:17:73:7E:B6:59:7A:49:EB:09:DF:AC:E4:99:DC:BD:9B:F4:4E:8A:4A:BA:41:B9:50:87:82:53:8E:1A:50:48:6B:89:98:A9:C3:EA:9A:BF:8A:A5:1B:15:28:81:91:78:2C:9F:32:28:A2:BF:3C:1D:BF:E6:02:33:1C:1E:D6:BC:B3:DF:E0:3E:DC:AD:03:C4:E2:0C:B2:28:09:89:C2:DA:8F:DD:EF:19:F6:B4:18:5F:8F:84:CD:64:4A:5B:5D:04:4A:21:E4:02:28:4F:45:44:A4:2A:95:03:B6:25:A6:13:12:3C:B7:A4:F0:57:62:D8:44:10:8E:F1:96:57:CC:D7:0E:2B:94:F7:7E:FA:63:39:DC:AF:6C:9E:2C:1B:07:8A:23:45:46:31:58:1C:45:19:B3:80:53:F7:87" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:18:04", "not_valid_before": "2022-05-09 16:18:05" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:18:20 +0000 (0:00:00.722) 0:00:24.895 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "48:24:8B:8C:0C:D1:34:1A:99:48:5A:79:CF:21:14:05:A9:96:45:EA" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "D3:12:14:25:3E:F5:11:3B:7C:ED:EF:DD:5D:18:40:C4:BB:91:B7:A8" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "32:B8:4A:BE:EF:FD:88:42:50:BF:B1:47:98:E9:E7:1D:35:00:67:7B:6D:E0:FC:60:83:7A:FD:D5:91:8C:11:C3:D7:35:D0:B8:77:B3:3F:22:2B:FE:D2:B2:32:E7:DE:63:C3:40:73:BB:6F:0C:49:AF:44:1B:A5:89:0D:F9:5D:1F:B3:A0:23:AB:0D:C7:FB:1C:08:5E:2F:CD:2C:8A:3F:C8:70:D8:45:6B:A2:A7:47:E8:8E:7A:C1:CB:EE:0D:16:81:02:1C:27:B6:17:73:7E:B6:59:7A:49:EB:09:DF:AC:E4:99:DC:BD:9B:F4:4E:8A:4A:BA:41:B9:50:87:82:53:8E:1A:50:48:6B:89:98:A9:C3:EA:9A:BF:8A:A5:1B:15:28:81:91:78:2C:9F:32:28:A2:BF:3C:1D:BF:E6:02:33:1C:1E:D6:BC:B3:DF:E0:3E:DC:AD:03:C4:E2:0C:B2:28:09:89:C2:DA:8F:DD:EF:19:F6:B4:18:5F:8F:84:CD:64:4A:5B:5D:04:4A:21:E4:02:28:4F:45:44:A4:2A:95:03:B6:25:A6:13:12:3C:B7:A4:F0:57:62:D8:44:10:8E:F1:96:57:CC:D7:0E:2B:94:F7:7E:FA:63:39:DC:AF:6C:9E:2C:1B:07:8A:23:45:46:31:58:1C:45:19:B3:80:53:F7:87" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:18:04", "not_valid_before": "2022-05-09 16:18:05" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:18:20 +0000 (0:00:00.035) 0:00:24.931 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:18:20 +0000 (0:00:00.036) 0:00:24.967 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:18:20 +0000 (0:00:00.022) 0:00:24.990 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:18:20 +0000 (0:00:00.087) 0:00:25.078 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:18:20 +0000 (0:00:00.033) 0:00:25.112 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:18:20 +0000 (0:00:00.040) 0:00:25.152 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_no_auto_renew.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043378", "end": "2022-05-09 16:18:20.537918", "rc": 0, "start": "2022-05-09 16:18:20.494540" } STDOUT: no TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:18:20 +0000 (0:00:00.421) 0:00:25.574 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:18:20 +0000 (0:00:00.036) 0:00:25.611 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:18:20 +0000 (0:00:00.014) 0:00:25.625 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:18:23 +0000 (0:00:02.302) 0:00:27.927 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:18:24 +0000 (0:00:01.051) 0:00:28.979 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:18:25 +0000 (0:00:00.962) 0:00:29.942 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113086.170543, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1c1dfcd9501339a977e169cfb92c7f6a25325ecb", "ctime": 1652113086.1685429, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137734, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113086.1685429, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2871462671", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:18:25 +0000 (0:00:00.365) 0:00:30.308 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:18:25 +0000 (0:00:00.022) 0:00:30.330 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:18:25 +0000 (0:00:00.036) 0:00:30.366 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:18:25 +0000 (0:00:00.034) 0:00:30.401 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113086.124543, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b898cf815981dc4303d76664df8f43e2d2965e29", "ctime": 1652113086.1685429, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137733, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113086.1685429, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1214524871", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:18:26 +0000 (0:00:00.388) 0:00:30.789 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:18:26 +0000 (0:00:00.022) 0:00:30.812 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:18:26 +0000 (0:00:00.038) 0:00:30.851 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt" ], "delta": "0:00:00.201991", "end": "2022-05-09 16:18:26.372867", "rc": 0, "start": "2022-05-09 16:18:26.170876" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "79:F7:A4:58:61:AA:D3:C8:8F:CC:D4:42:A0:FB:22:1F:1B:2E:B8:2A", "critical": false }, "authorityKeyIdentifier": { "value": "48:24:8B:8C:0C:D1:34:1A:99:48:5A:79:CF:21:14:05:A9:96:45:EA", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5F:29:96:D4:F9:6E:D0:2F:C8:04:A5:82:3F:B3:0C:5F:A6:27:BD:D2:21:28:8B:C0:D3:E7:48:77:76:E7:18:AA:F5:07:C4:60:0D:95:5E:5F:FE:7E:E1:00:0D:4B:11:28:DC:00:0A:EF:C7:2C:B2:BC:C2:1D:18:2C:ED:C2:2D:C0:3A:97:1D:36:72:55:BE:3A:B5:88:0F:3F:A6:5E:B3:DF:FA:32:39:11:A4:89:6F:9F:CA:F0:91:71:B1:12:E1:67:FA:D4:28:FE:18:3A:C1:52:66:64:AA:AB:35:90:93:42:08:99:5B:05:72:F7:0F:16:5A:64:55:BB:D6:0A:9C:E4:BB:F0:47:00:CD:29:4F:9A:EF:D7:6F:2A:B3:2D:87:71:31:86:D5:2D:9F:49:5A:A0:10:2B:20:AC:21:C0:4C:9D:03:42:E4:97:88:3D:C3:9D:02:4F:2C:89:F0:40:22:5A:65:47:17:78:DA:34:BA:1E:97:85:A1:54:55:83:2E:6D:44:7F:C1:51:78:5A:DC:CE:5A:93:A8:B4:72:31:03:D0:B9:EF:3C:62:BF:AB:93:58:13:CA:B4:85:2E:A6:81:4F:3F:58:57:EF:F8:67:51:EA:FC:E1:89:4C:95:E8:1E:2C:C1:8C:0E:77:59:B6:6C:BA:8C:D0:32:C4:4F:D6:D5:B1" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:18:04", "not_valid_before": "2022-05-09 16:18:06" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:18:26 +0000 (0:00:00.560) 0:00:31.411 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "48:24:8B:8C:0C:D1:34:1A:99:48:5A:79:CF:21:14:05:A9:96:45:EA" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "79:F7:A4:58:61:AA:D3:C8:8F:CC:D4:42:A0:FB:22:1F:1B:2E:B8:2A" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5F:29:96:D4:F9:6E:D0:2F:C8:04:A5:82:3F:B3:0C:5F:A6:27:BD:D2:21:28:8B:C0:D3:E7:48:77:76:E7:18:AA:F5:07:C4:60:0D:95:5E:5F:FE:7E:E1:00:0D:4B:11:28:DC:00:0A:EF:C7:2C:B2:BC:C2:1D:18:2C:ED:C2:2D:C0:3A:97:1D:36:72:55:BE:3A:B5:88:0F:3F:A6:5E:B3:DF:FA:32:39:11:A4:89:6F:9F:CA:F0:91:71:B1:12:E1:67:FA:D4:28:FE:18:3A:C1:52:66:64:AA:AB:35:90:93:42:08:99:5B:05:72:F7:0F:16:5A:64:55:BB:D6:0A:9C:E4:BB:F0:47:00:CD:29:4F:9A:EF:D7:6F:2A:B3:2D:87:71:31:86:D5:2D:9F:49:5A:A0:10:2B:20:AC:21:C0:4C:9D:03:42:E4:97:88:3D:C3:9D:02:4F:2C:89:F0:40:22:5A:65:47:17:78:DA:34:BA:1E:97:85:A1:54:55:83:2E:6D:44:7F:C1:51:78:5A:DC:CE:5A:93:A8:B4:72:31:03:D0:B9:EF:3C:62:BF:AB:93:58:13:CA:B4:85:2E:A6:81:4F:3F:58:57:EF:F8:67:51:EA:FC:E1:89:4C:95:E8:1E:2C:C1:8C:0E:77:59:B6:6C:BA:8C:D0:32:C4:4F:D6:D5:B1" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:18:04", "not_valid_before": "2022-05-09 16:18:06" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:18:26 +0000 (0:00:00.034) 0:00:31.446 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:18:26 +0000 (0:00:00.036) 0:00:31.482 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:18:26 +0000 (0:00:00.021) 0:00:31.504 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:18:26 +0000 (0:00:00.034) 0:00:31.539 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:18:26 +0000 (0:00:00.036) 0:00:31.575 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:18:26 +0000 (0:00:00.033) 0:00:31.609 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043248", "end": "2022-05-09 16:18:27.010792", "rc": 0, "start": "2022-05-09 16:18:26.967544" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:18:27 +0000 (0:00:00.438) 0:00:32.047 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=52 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:18:27 +0000 (0:00:00.041) 0:00:32.088 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.23s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.53s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.14s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.78s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.30s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 2.12s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure certificate requests ------------ 1.70s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmpd_ggxgwx/tests/tests_no_auto_renew.yml:2 ------------------------------ linux-system-roles.certificate : Ensure provider service is running ----- 1.07s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Install the package, force upgrade -------------------------------------- 1.05s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 0.96s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpd_ggxgwx/tests/tests_no_auto_renew.yml:17 ----------------------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.56s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.52s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.44s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_not_wait_for_cert.yml:2 Monday 09 May 2022 16:18:41 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:18:42 +0000 (0:00:01.158) 0:00:01.170 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:18:42 +0000 (0:00:00.021) 0:00:01.191 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:18:43 +0000 (0:00:00.554) 0:00:01.746 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:18:43 +0000 (0:00:00.035) 0:00:01.782 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:18:46 +0000 (0:00:02.872) 0:00:04.654 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:18:49 +0000 (0:00:03.368) 0:00:08.022 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:18:50 +0000 (0:00:00.545) 0:00:08.568 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:18:50 +0000 (0:00:00.401) 0:00:08.969 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket system.slice network.target systemd-journald.socket dbus-broker.service basic.target syslog.target sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:18:51 +0000 (0:00:01.060) 0:00:10.030 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_not_wait_for_cert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_not_wait_for_cert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_not_wait_for_cert.yml:14 Monday 09 May 2022 16:18:52 +0000 (0:00:00.688) 0:00:10.719 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_not_wait_for_cert.yml:28 Monday 09 May 2022 16:18:53 +0000 (0:00:00.776) 0:00:11.496 ************ ok: [/cache/fedora-34.qcow2.snap] => (item={'path': '/etc/pki/tls/certs/mycert_not_wait_for_cert.crt', 'key_path': '/etc/pki/tls/private/mycert_not_wait_for_cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => { "ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": { "key_path": "/etc/pki/tls/private/mycert_not_wait_for_cert.key", "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "subject_alt_name": [ { "name": "DNS", "value": "www.example.com" } ] }, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1294, "state": "file", "uid": 0 } TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_not_wait_for_cert.yml:34 Monday 09 May 2022 16:18:53 +0000 (0:00:00.487) 0:00:11.983 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_not_wait_for_cert.crt', 'key_path': '/etc/pki/tls/private/mycert_not_wait_for_cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:18:53 +0000 (0:00:00.030) 0:00:12.013 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:18:53 +0000 (0:00:00.013) 0:00:12.027 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:18:55 +0000 (0:00:01.982) 0:00:14.010 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:19:00 +0000 (0:00:05.206) 0:00:19.216 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 46.1 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 93.2 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.6 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 102.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:19:03 +0000 (0:00:02.907) 0:00:22.123 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113132.8093498, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a381025d2326343907a00f6d6fdbd45cf146a2a9", "ctime": 1652113132.80735, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113132.80735, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "875970921", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:19:04 +0000 (0:00:00.514) 0:00:22.638 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:19:04 +0000 (0:00:00.023) 0:00:22.662 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:19:04 +0000 (0:00:00.038) 0:00:22.701 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:19:04 +0000 (0:00:00.037) 0:00:22.739 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113132.7633498, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "87a3fedf8f4a5865aa04ef8db0327d96829dd4c7", "ctime": 1652113132.80735, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113132.80735, "nlink": 1, "path": "/etc/pki/tls/private/mycert_not_wait_for_cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "44932461", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:19:04 +0000 (0:00:00.416) 0:00:23.155 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:19:04 +0000 (0:00:00.024) 0:00:23.179 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:19:04 +0000 (0:00:00.042) 0:00:23.222 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt" ], "delta": "0:00:00.216602", "end": "2022-05-09 16:19:06.016876", "rc": 0, "start": "2022-05-09 16:19:05.800274" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "A6:AD:F3:4A:29:A4:4C:F8:0E:6F:A7:B5:2F:EF:03:65:96:58:71:4F", "critical": false }, "authorityKeyIdentifier": { "value": "BC:90:89:EC:FF:BB:FC:81:EE:C3:4D:04:81:9A:C1:CF:B0:53:57:56", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4D:F7:2F:06:80:F3:F7:E4:4D:D3:03:76:34:85:5F:19:E3:9D:96:05:14:EA:D0:76:FD:FC:02:6E:C5:DB:18:06:4D:77:7A:23:83:83:AA:F1:54:55:BA:7D:03:47:CB:6B:74:40:30:1F:8F:4C:7B:32:ED:D7:48:32:C4:18:13:FD:51:46:1B:E7:AD:64:C4:DB:58:10:48:85:81:03:4A:55:9F:E2:91:05:7B:65:75:E9:8B:80:ED:F8:D4:97:A8:07:22:FA:F9:46:63:B0:CD:16:5E:21:87:A5:CF:02:69:6B:01:07:05:C0:EF:1A:86:A8:05:6C:94:F2:93:B3:96:F7:A6:84:61:35:CE:F6:91:86:35:9F:A5:06:07:E4:F8:9B:EF:64:2F:22:A0:28:8E:49:00:32:27:FD:BD:B4:22:7F:72:CF:1E:AB:97:A3:83:34:30:D1:A2:EE:94:D5:56:FE:4E:86:EC:7B:59:BA:F1:A0:FA:D7:58:D2:01:7F:46:0C:A5:85:18:56:7A:3E:5F:2C:DE:E7:53:EE:D8:F5:B0:0E:26:23:D2:20:C1:D3:FD:6F:78:D0:2D:19:A0:86:AF:99:A2:5A:EB:FD:77:01:65:F5:25:81:04:EC:F1:9B:2F:AA:80:C0:BB:66:2E:A1:87:CF:73:F5:B5:9D:E4:E8:D4:43" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:18:52", "not_valid_before": "2022-05-09 16:18:52" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:19:05 +0000 (0:00:00.789) 0:00:24.012 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "BC:90:89:EC:FF:BB:FC:81:EE:C3:4D:04:81:9A:C1:CF:B0:53:57:56" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A6:AD:F3:4A:29:A4:4C:F8:0E:6F:A7:B5:2F:EF:03:65:96:58:71:4F" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4D:F7:2F:06:80:F3:F7:E4:4D:D3:03:76:34:85:5F:19:E3:9D:96:05:14:EA:D0:76:FD:FC:02:6E:C5:DB:18:06:4D:77:7A:23:83:83:AA:F1:54:55:BA:7D:03:47:CB:6B:74:40:30:1F:8F:4C:7B:32:ED:D7:48:32:C4:18:13:FD:51:46:1B:E7:AD:64:C4:DB:58:10:48:85:81:03:4A:55:9F:E2:91:05:7B:65:75:E9:8B:80:ED:F8:D4:97:A8:07:22:FA:F9:46:63:B0:CD:16:5E:21:87:A5:CF:02:69:6B:01:07:05:C0:EF:1A:86:A8:05:6C:94:F2:93:B3:96:F7:A6:84:61:35:CE:F6:91:86:35:9F:A5:06:07:E4:F8:9B:EF:64:2F:22:A0:28:8E:49:00:32:27:FD:BD:B4:22:7F:72:CF:1E:AB:97:A3:83:34:30:D1:A2:EE:94:D5:56:FE:4E:86:EC:7B:59:BA:F1:A0:FA:D7:58:D2:01:7F:46:0C:A5:85:18:56:7A:3E:5F:2C:DE:E7:53:EE:D8:F5:B0:0E:26:23:D2:20:C1:D3:FD:6F:78:D0:2D:19:A0:86:AF:99:A2:5A:EB:FD:77:01:65:F5:25:81:04:EC:F1:9B:2F:AA:80:C0:BB:66:2E:A1:87:CF:73:F5:B5:9D:E4:E8:D4:43" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:18:52", "not_valid_before": "2022-05-09 16:18:52" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:19:05 +0000 (0:00:00.036) 0:00:24.048 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:19:05 +0000 (0:00:00.038) 0:00:24.087 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:19:05 +0000 (0:00:00.028) 0:00:24.116 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:19:05 +0000 (0:00:00.040) 0:00:24.156 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:19:05 +0000 (0:00:00.039) 0:00:24.196 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:19:05 +0000 (0:00:00.039) 0:00:24.236 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_not_wait_for_cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044230", "end": "2022-05-09 16:19:06.691347", "rc": 0, "start": "2022-05-09 16:19:06.647117" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:19:06 +0000 (0:00:00.444) 0:00:24.680 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=32 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:19:06 +0000 (0:00:00.044) 0:00:24.725 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.21s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.37s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 2.91s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.87s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 1.98s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpd_ggxgwx/tests/tests_not_wait_for_cert.yml:2 -------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.06s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Parse certificate ------------------------------------------------------- 0.79s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpd_ggxgwx/tests/tests_not_wait_for_cert.yml:14 ------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.69s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.55s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- Wait for certificate ---------------------------------------------------- 0.49s /tmp/tmpd_ggxgwx/tests/tests_not_wait_for_cert.yml:28 ------------------------- Retrieve auto-renew flag ------------------------------------------------ 0.44s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.42s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify key size --------------------------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmpd_ggxgwx/tests/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_principal.yml:2 Monday 09 May 2022 16:19:20 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:19:21 +0000 (0:00:01.162) 0:00:01.172 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:19:21 +0000 (0:00:00.019) 0:00:01.192 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:19:22 +0000 (0:00:00.530) 0:00:01.723 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:19:22 +0000 (0:00:00.037) 0:00:01.760 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:19:24 +0000 (0:00:02.481) 0:00:04.242 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:19:28 +0000 (0:00:03.305) 0:00:07.548 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:19:28 +0000 (0:00:00.498) 0:00:08.046 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:19:29 +0000 (0:00:00.378) 0:00:08.424 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target system.slice syslog.target sysinit.target dbus-broker.service dbus.socket systemd-journald.socket network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:19:30 +0000 (0:00:01.033) 0:00:09.458 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_principal', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_principal", "principal": "HTTP/www.example.com@EXAMPLE.COM" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_principal.yml:13 Monday 09 May 2022 16:19:31 +0000 (0:00:00.918) 0:00:10.377 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_principal.yml:33 Monday 09 May 2022 16:19:31 +0000 (0:00:00.786) 0:00:11.164 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_principal.crt', 'key_path': '/etc/pki/tls/private/mycert_principal.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}, {'name': 'Universal Principal Name (UPN)', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.4.1.311.20.2.3'}, {'name': 'Kerberos principalname', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.5.2.2'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:19:31 +0000 (0:00:00.030) 0:00:11.194 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:19:31 +0000 (0:00:00.014) 0:00:11.209 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:19:33 +0000 (0:00:02.053) 0:00:13.262 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:19:38 +0000 (0:00:04.892) 0:00:18.155 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 75.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 86.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.3 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:19:41 +0000 (0:00:02.801) 0:00:20.957 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113171.1954772, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "250e4748d82d756c3380e774653eeea6f0980d74", "ctime": 1652113171.1934772, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113171.1934772, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_principal.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1456, "uid": 0, "version": "3508248265", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:19:42 +0000 (0:00:00.505) 0:00:21.462 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:19:42 +0000 (0:00:00.023) 0:00:21.486 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:19:42 +0000 (0:00:00.039) 0:00:21.525 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:19:42 +0000 (0:00:00.036) 0:00:21.562 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113171.1504772, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2581c8c03bd0c68b1facc7105f841c43be322e6d", "ctime": 1652113171.1934772, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113171.1934772, "nlink": 1, "path": "/etc/pki/tls/private/mycert_principal.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1541954148", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:19:42 +0000 (0:00:00.379) 0:00:21.941 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:19:42 +0000 (0:00:00.023) 0:00:21.964 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:19:42 +0000 (0:00:00.038) 0:00:22.003 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_principal.crt" ], "delta": "0:00:00.211384", "end": "2022-05-09 16:19:43.655275", "rc": 0, "start": "2022-05-09 16:19:43.443891" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.5.2.2" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "A8:AA:EA:61:90:6D:38:96:7B:9A:E9:8E:73:E4:C3:A5:67:EB:D2:76", "critical": false }, "authorityKeyIdentifier": { "value": "98:88:3C:4F:D2:A1:5A:4F:68:C3:A7:C4:95:BE:5E:41:9B:F1:B1:E9", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "41:49:E6:58:CC:3B:42:4D:9D:3F:17:48:97:51:7A:DB:D3:A5:73:77:B3:92:18:7F:EF:37:56:96:AA:1A:D8:E3:6A:32:A6:E3:43:E8:55:68:D7:2F:9D:80:20:5D:30:63:A9:61:AB:7C:7D:BA:3A:F0:F7:7C:92:5F:ED:08:2E:46:AE:F0:F4:E4:DD:F8:B2:00:17:88:E2:6D:2D:B3:2A:FC:43:41:CD:F2:1C:E9:96:52:30:F2:08:0F:30:45:EC:F2:1B:D8:EE:1F:A3:41:92:AF:FC:28:FD:A1:84:40:A6:FD:73:C4:6A:03:C3:7D:5E:53:2E:97:41:C3:B5:37:E4:D6:53:CD:58:98:C0:52:0C:4F:A1:99:80:A1:19:D4:0E:8F:93:39:26:A5:48:A5:B7:3D:65:5C:4E:9A:FA:B2:11:E4:6D:FA:55:E8:31:E9:5B:A7:D4:61:9C:EC:FA:46:87:12:ED:FC:BF:EA:2D:AB:07:71:15:0C:F0:B7:0B:A8:16:7F:05:3F:45:37:87:2F:0E:9B:AF:A1:5D:CC:A5:51:78:F8:4E:4F:AF:81:01:0A:CE:C2:9A:53:49:79:F4:6E:23:C6:83:34:86:9B:DB:0A:47:B2:C8:10:F7:FD:86:AB:4D:50:79:EE:44:BE:9B:7D:72:D1:DC:E2:A7:DD:B6:1A:C8:7D" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:19:30", "not_valid_before": "2022-05-09 16:19:31" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:19:43 +0000 (0:00:00.698) 0:00:22.701 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "98:88:3C:4F:D2:A1:5A:4F:68:C3:A7:C4:95:BE:5E:41:9B:F1:B1:E9" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A8:AA:EA:61:90:6D:38:96:7B:9A:E9:8E:73:E4:C3:A5:67:EB:D2:76" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "41:49:E6:58:CC:3B:42:4D:9D:3F:17:48:97:51:7A:DB:D3:A5:73:77:B3:92:18:7F:EF:37:56:96:AA:1A:D8:E3:6A:32:A6:E3:43:E8:55:68:D7:2F:9D:80:20:5D:30:63:A9:61:AB:7C:7D:BA:3A:F0:F7:7C:92:5F:ED:08:2E:46:AE:F0:F4:E4:DD:F8:B2:00:17:88:E2:6D:2D:B3:2A:FC:43:41:CD:F2:1C:E9:96:52:30:F2:08:0F:30:45:EC:F2:1B:D8:EE:1F:A3:41:92:AF:FC:28:FD:A1:84:40:A6:FD:73:C4:6A:03:C3:7D:5E:53:2E:97:41:C3:B5:37:E4:D6:53:CD:58:98:C0:52:0C:4F:A1:99:80:A1:19:D4:0E:8F:93:39:26:A5:48:A5:B7:3D:65:5C:4E:9A:FA:B2:11:E4:6D:FA:55:E8:31:E9:5B:A7:D4:61:9C:EC:FA:46:87:12:ED:FC:BF:EA:2D:AB:07:71:15:0C:F0:B7:0B:A8:16:7F:05:3F:45:37:87:2F:0E:9B:AF:A1:5D:CC:A5:51:78:F8:4E:4F:AF:81:01:0A:CE:C2:9A:53:49:79:F4:6E:23:C6:83:34:86:9B:DB:0A:47:B2:C8:10:F7:FD:86:AB:4D:50:79:EE:44:BE:9B:7D:72:D1:DC:E2:A7:DD:B6:1A:C8:7D" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:19:30", "not_valid_before": "2022-05-09 16:19:31" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:19:43 +0000 (0:00:00.032) 0:00:22.734 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:19:43 +0000 (0:00:00.031) 0:00:22.765 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:19:43 +0000 (0:00:00.022) 0:00:22.788 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:19:43 +0000 (0:00:00.032) 0:00:22.820 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:19:43 +0000 (0:00:00.034) 0:00:22.855 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:19:43 +0000 (0:00:00.038) 0:00:22.894 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_principal.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039207", "end": "2022-05-09 16:19:44.233830", "rc": 0, "start": "2022-05-09 16:19:44.194623" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:19:43 +0000 (0:00:00.379) 0:00:23.274 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_principal.yml:40 Monday 09 May 2022 16:19:44 +0000 (0:00:00.042) 0:00:23.316 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:19:44 +0000 (0:00:00.731) 0:00:24.048 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:19:44 +0000 (0:00:00.020) 0:00:24.068 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:19:45 +0000 (0:00:00.533) 0:00:24.602 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:19:45 +0000 (0:00:00.033) 0:00:24.635 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:19:47 +0000 (0:00:02.071) 0:00:26.707 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:19:49 +0000 (0:00:01.924) 0:00:28.632 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:19:49 +0000 (0:00:00.400) 0:00:29.032 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:19:50 +0000 (0:00:00.410) 0:00:29.443 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-05-09 16:19:30 UTC", "ActiveEnterTimestampMonotonic": "18966327", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "network.target dbus-broker.service sysinit.target syslog.target dbus.socket system.slice basic.target systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-05-09 16:19:30 UTC", "AssertTimestampMonotonic": "18954545", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "368340000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-05-09 16:19:30 UTC", "ConditionTimestampMonotonic": "18954543", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6537", "ExecMainStartTimestamp": "Mon 2022-05-09 16:19:30 UTC", "ExecMainStartTimestampMonotonic": "18955692", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Mon 2022-05-09 16:19:30 UTC] ; stop_time=[n/a] ; pid=6537 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Mon 2022-05-09 16:19:30 UTC] ; stop_time=[n/a] ; pid=6537 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-05-09 16:19:30 UTC", "InactiveExitTimestampMonotonic": "18956035", "InvocationID": "65e352d6da8e4946989d921d93ea6c09", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6537", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "1642496", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-05-09 16:19:30 UTC", "StateChangeTimestampMonotonic": "18966327", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:19:50 +0000 (0:00:00.502) 0:00:29.946 ************ failed: [/cache/fedora-34.qcow2.snap] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc" } } MSG: Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM' TASK [assert...] *************************************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_principal.yml:59 Monday 09 May 2022 16:19:51 +0000 (0:00:00.459) 0:00:30.405 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=40 changed=7 unreachable=0 failed=0 skipped=2 rescued=1 ignored=0 Monday 09 May 2022 16:19:51 +0000 (0:00:00.027) 0:00:30.433 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.89s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.31s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 2.80s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.48s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.07s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.05s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider packages are installed --- 1.92s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpd_ggxgwx/tests/tests_principal.yml:2 ---------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.03s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.92s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmpd_ggxgwx/tests/tests_principal.yml:13 --------------------------------- Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpd_ggxgwx/tests/tests_principal.yml:40 --------------------------------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.50s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.50s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.46s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_provider.yml:2 Monday 09 May 2022 16:20:05 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:20:06 +0000 (0:00:01.150) 0:00:01.161 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:20:06 +0000 (0:00:00.019) 0:00:01.181 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:20:07 +0000 (0:00:00.528) 0:00:01.709 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:20:07 +0000 (0:00:00.036) 0:00:01.746 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:20:09 +0000 (0:00:02.561) 0:00:04.307 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:20:13 +0000 (0:00:03.394) 0:00:07.702 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:20:13 +0000 (0:00:00.528) 0:00:08.231 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:20:14 +0000 (0:00:00.420) 0:00:08.651 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target sysinit.target network.target dbus-broker.service syslog.target dbus.socket system.slice systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:20:15 +0000 (0:00:01.053) 0:00:09.704 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_provider', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_provider", "provider": "certmonger" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_provider.yml:13 Monday 09 May 2022 16:20:16 +0000 (0:00:00.962) 0:00:10.667 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_provider.yml:27 Monday 09 May 2022 16:20:16 +0000 (0:00:00.767) 0:00:11.434 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_provider.crt', 'key_path': '/etc/pki/tls/private/mycert_provider.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:20:16 +0000 (0:00:00.030) 0:00:11.464 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:20:16 +0000 (0:00:00.013) 0:00:11.478 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:20:19 +0000 (0:00:02.066) 0:00:13.545 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:20:24 +0000 (0:00:05.056) 0:00:18.601 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 46.4 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 79.7 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 18.8 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 88.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 42.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:20:26 +0000 (0:00:02.906) 0:00:21.508 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113214.6073055, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c983519806be02eca1feaba0cf0961df3e887cd6", "ctime": 1652113214.6043055, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113214.6043055, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_provider.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1861213579", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:20:27 +0000 (0:00:00.525) 0:00:22.033 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:20:27 +0000 (0:00:00.022) 0:00:22.055 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:20:27 +0000 (0:00:00.039) 0:00:22.095 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:20:27 +0000 (0:00:00.034) 0:00:22.129 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113214.5613055, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "95366b2d1c08c88ff44bc55ee8c750150abed149", "ctime": 1652113214.6043055, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113214.6043055, "nlink": 1, "path": "/etc/pki/tls/private/mycert_provider.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3008626911", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:20:27 +0000 (0:00:00.393) 0:00:22.522 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:20:28 +0000 (0:00:00.022) 0:00:22.545 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:20:28 +0000 (0:00:00.041) 0:00:22.586 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_provider.crt" ], "delta": "0:00:00.227751", "end": "2022-05-09 16:20:27.397259", "rc": 0, "start": "2022-05-09 16:20:27.169508" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "63:4D:8A:17:EC:19:54:81:3C:38:5F:95:51:01:B5:32:2C:72:6C:CF", "critical": false }, "authorityKeyIdentifier": { "value": "7C:B4:4F:90:19:A1:CD:54:E8:FA:A8:8F:6D:80:52:43:14:0D:EC:99", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "09:ED:0A:E4:95:CB:6A:73:A4:8F:87:65:0E:B1:85:E7:3C:7D:BC:A0:6A:34:3D:77:68:7E:4B:89:30:96:DB:A5:F5:2D:44:FA:3C:9F:AB:BE:D0:BC:90:8C:5F:8F:03:36:CB:9D:46:67:BE:B4:93:57:C9:F7:D7:D8:BD:2B:E5:29:85:63:38:4F:1D:BD:97:1E:72:AB:1B:A1:51:46:36:5A:C9:C7:3C:32:95:79:91:F9:34:86:89:A2:FA:7C:6B:37:6A:AB:75:14:83:D0:A6:50:9B:47:27:E2:7F:EC:3D:76:EB:3D:0F:96:41:4A:CA:AD:98:B1:9A:67:CE:B9:22:FF:26:45:09:B3:54:81:04:A3:E0:03:9E:8A:C0:2E:27:AA:E3:11:77:DB:E9:FC:6F:D6:A7:B9:8F:FE:90:12:C0:A0:D7:B8:05:B8:0E:A3:96:A4:34:22:08:E1:9A:77:D7:B3:C9:54:9D:57:A4:41:BE:41:C1:41:9C:53:DF:39:6A:D3:02:2F:DE:78:8E:A6:0A:53:A2:CE:BE:BE:85:F0:FA:1C:85:05:FF:50:B1:E8:21:73:07:98:F9:0C:5F:10:91:36:F4:92:31:43:33:65:7C:6A:8B:91:B1:C6:2E:EE:5A:A3:02:40:A5:BB:A8:9B:2D:48:C1:62:9C:4B:B8:26:83:E2" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:20:13", "not_valid_before": "2022-05-09 16:20:14" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:20:28 +0000 (0:00:00.744) 0:00:23.331 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "7C:B4:4F:90:19:A1:CD:54:E8:FA:A8:8F:6D:80:52:43:14:0D:EC:99" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "63:4D:8A:17:EC:19:54:81:3C:38:5F:95:51:01:B5:32:2C:72:6C:CF" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "09:ED:0A:E4:95:CB:6A:73:A4:8F:87:65:0E:B1:85:E7:3C:7D:BC:A0:6A:34:3D:77:68:7E:4B:89:30:96:DB:A5:F5:2D:44:FA:3C:9F:AB:BE:D0:BC:90:8C:5F:8F:03:36:CB:9D:46:67:BE:B4:93:57:C9:F7:D7:D8:BD:2B:E5:29:85:63:38:4F:1D:BD:97:1E:72:AB:1B:A1:51:46:36:5A:C9:C7:3C:32:95:79:91:F9:34:86:89:A2:FA:7C:6B:37:6A:AB:75:14:83:D0:A6:50:9B:47:27:E2:7F:EC:3D:76:EB:3D:0F:96:41:4A:CA:AD:98:B1:9A:67:CE:B9:22:FF:26:45:09:B3:54:81:04:A3:E0:03:9E:8A:C0:2E:27:AA:E3:11:77:DB:E9:FC:6F:D6:A7:B9:8F:FE:90:12:C0:A0:D7:B8:05:B8:0E:A3:96:A4:34:22:08:E1:9A:77:D7:B3:C9:54:9D:57:A4:41:BE:41:C1:41:9C:53:DF:39:6A:D3:02:2F:DE:78:8E:A6:0A:53:A2:CE:BE:BE:85:F0:FA:1C:85:05:FF:50:B1:E8:21:73:07:98:F9:0C:5F:10:91:36:F4:92:31:43:33:65:7C:6A:8B:91:B1:C6:2E:EE:5A:A3:02:40:A5:BB:A8:9B:2D:48:C1:62:9C:4B:B8:26:83:E2" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:20:13", "not_valid_before": "2022-05-09 16:20:14" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:20:28 +0000 (0:00:00.033) 0:00:23.365 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:20:28 +0000 (0:00:00.038) 0:00:23.404 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:20:28 +0000 (0:00:00.022) 0:00:23.427 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:20:28 +0000 (0:00:00.035) 0:00:23.462 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:20:28 +0000 (0:00:00.036) 0:00:23.499 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:20:29 +0000 (0:00:00.038) 0:00:23.538 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_provider.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043107", "end": "2022-05-09 16:20:28.008418", "rc": 0, "start": "2022-05-09 16:20:27.965311" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:20:29 +0000 (0:00:00.401) 0:00:23.939 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:20:29 +0000 (0:00:00.040) 0:00:23.979 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.06s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.39s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 2.91s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.56s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.07s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmpd_ggxgwx/tests/tests_provider.yml:2 ----------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.05s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.96s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpd_ggxgwx/tests/tests_provider.yml:13 ---------------------------------- Parse certificate ------------------------------------------------------- 0.74s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.53s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.42s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:2 Monday 09 May 2022 16:20:43 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:20:44 +0000 (0:00:01.141) 0:00:01.151 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:20:44 +0000 (0:00:00.018) 0:00:01.170 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:20:45 +0000 (0:00:00.525) 0:00:01.696 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:20:45 +0000 (0:00:00.037) 0:00:01.733 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:20:48 +0000 (0:00:02.893) 0:00:04.627 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:20:51 +0000 (0:00:03.446) 0:00:08.073 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:20:52 +0000 (0:00:00.566) 0:00:08.640 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:20:52 +0000 (0:00:00.434) 0:00:09.075 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket sysinit.target basic.target dbus.socket system.slice syslog.target network.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:20:53 +0000 (0:00:01.098) 0:00:10.173 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_run_hooks', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_run_hooks", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n" } } MSG: Certificate requested (new). Pre/Post run hooks updated. META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:17 Monday 09 May 2022 16:20:54 +0000 (0:00:00.942) 0:00:11.116 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:31 Monday 09 May 2022 16:20:55 +0000 (0:00:00.788) 0:00:11.905 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_run_hooks.crt', 'key_path': '/etc/pki/tls/private/mycert_run_hooks.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:20:55 +0000 (0:00:00.029) 0:00:11.935 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:20:55 +0000 (0:00:00.014) 0:00:11.950 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:20:57 +0000 (0:00:02.085) 0:00:14.035 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:21:03 +0000 (0:00:05.247) 0:00:19.283 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 48.2 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 78.7 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 22.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 41.1 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:21:06 +0000 (0:00:03.208) 0:00:22.491 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113255.0350015, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5d655119a4d9311b338fc96d97a4c470eea3c080", "ctime": 1652113255.0320015, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137735, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113255.0320015, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_run_hooks.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1923156695", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:21:06 +0000 (0:00:00.537) 0:00:23.029 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:21:06 +0000 (0:00:00.020) 0:00:23.049 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:21:06 +0000 (0:00:00.038) 0:00:23.087 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:21:06 +0000 (0:00:00.038) 0:00:23.125 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113254.9810016, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d871d03c79a2dd44df3b0aa5b35ef35dd3ac6bb8", "ctime": 1652113255.0320015, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137733, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113255.0320015, "nlink": 1, "path": "/etc/pki/tls/private/mycert_run_hooks.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3977367791", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:21:07 +0000 (0:00:00.390) 0:00:23.515 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:21:07 +0000 (0:00:00.022) 0:00:23.538 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:21:07 +0000 (0:00:00.079) 0:00:23.617 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_run_hooks.crt" ], "delta": "0:00:00.220112", "end": "2022-05-09 16:21:08.372125", "rc": 0, "start": "2022-05-09 16:21:08.152013" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "31:41:AF:C6:0A:4B:C9:0C:AF:51:B5:54:C2:BC:38:5C:14:06:64:85", "critical": false }, "authorityKeyIdentifier": { "value": "DD:CF:64:67:0F:49:C7:C0:E3:15:A9:7E:39:45:18:17:1E:9B:F7:90", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "15:7C:62:F9:B6:3F:0A:6C:C1:3A:EE:6A:16:11:DF:4A:24:BD:A1:24:2D:42:9E:B9:A9:0D:EF:3B:F5:E7:4C:F3:65:24:47:1A:27:87:31:1B:11:A4:B9:A3:6D:1F:B1:E7:14:B0:E9:73:7F:57:29:C5:80:2E:3A:2C:49:E2:F3:26:FC:59:F8:76:FD:CA:5E:B9:3E:E5:29:3F:A4:A2:8B:58:49:FE:91:0C:EE:F4:55:FD:56:9D:DC:1F:DC:F0:00:80:3A:23:D0:76:5F:D9:9E:2B:57:2F:C9:D9:5C:81:4C:CD:28:79:98:EA:7D:0D:19:E3:E0:94:A0:A6:69:21:10:4F:2D:A1:0D:11:4B:75:66:D3:30:C9:47:B7:23:60:3C:62:A8:D0:9C:51:C0:86:C2:A2:08:DC:6E:D0:72:11:87:8C:2A:5B:A7:EC:E6:07:60:37:30:B4:BB:20:80:BB:BE:DD:5C:82:80:B7:61:57:6D:6E:5E:C5:2A:1C:60:6C:4D:64:24:13:0C:6F:27:C5:E6:62:E7:32:B5:AC:30:14:74:AD:0C:8C:1E:AC:D3:EA:B5:62:C4:56:28:28:B0:0A:C4:0C:8F:A6:AE:83:A7:AA:16:A6:11:87:E8:76:8A:70:57:46:B6:84:8B:17:C5:4C:5E:F1:30:CC:E4:15:91:D4:52:8A" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:20:54", "not_valid_before": "2022-05-09 16:20:55" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:21:08 +0000 (0:00:00.718) 0:00:24.336 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "DD:CF:64:67:0F:49:C7:C0:E3:15:A9:7E:39:45:18:17:1E:9B:F7:90" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "31:41:AF:C6:0A:4B:C9:0C:AF:51:B5:54:C2:BC:38:5C:14:06:64:85" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "15:7C:62:F9:B6:3F:0A:6C:C1:3A:EE:6A:16:11:DF:4A:24:BD:A1:24:2D:42:9E:B9:A9:0D:EF:3B:F5:E7:4C:F3:65:24:47:1A:27:87:31:1B:11:A4:B9:A3:6D:1F:B1:E7:14:B0:E9:73:7F:57:29:C5:80:2E:3A:2C:49:E2:F3:26:FC:59:F8:76:FD:CA:5E:B9:3E:E5:29:3F:A4:A2:8B:58:49:FE:91:0C:EE:F4:55:FD:56:9D:DC:1F:DC:F0:00:80:3A:23:D0:76:5F:D9:9E:2B:57:2F:C9:D9:5C:81:4C:CD:28:79:98:EA:7D:0D:19:E3:E0:94:A0:A6:69:21:10:4F:2D:A1:0D:11:4B:75:66:D3:30:C9:47:B7:23:60:3C:62:A8:D0:9C:51:C0:86:C2:A2:08:DC:6E:D0:72:11:87:8C:2A:5B:A7:EC:E6:07:60:37:30:B4:BB:20:80:BB:BE:DD:5C:82:80:B7:61:57:6D:6E:5E:C5:2A:1C:60:6C:4D:64:24:13:0C:6F:27:C5:E6:62:E7:32:B5:AC:30:14:74:AD:0C:8C:1E:AC:D3:EA:B5:62:C4:56:28:28:B0:0A:C4:0C:8F:A6:AE:83:A7:AA:16:A6:11:87:E8:76:8A:70:57:46:B6:84:8B:17:C5:4C:5E:F1:30:CC:E4:15:91:D4:52:8A" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:20:54", "not_valid_before": "2022-05-09 16:20:55" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:21:08 +0000 (0:00:00.034) 0:00:24.371 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:21:08 +0000 (0:00:00.036) 0:00:24.407 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:21:08 +0000 (0:00:00.023) 0:00:24.430 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:21:08 +0000 (0:00:00.035) 0:00:24.466 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:21:08 +0000 (0:00:00.034) 0:00:24.501 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:21:08 +0000 (0:00:00.038) 0:00:24.539 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_run_hooks.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043683", "end": "2022-05-09 16:21:08.991989", "rc": 0, "start": "2022-05-09 16:21:08.948306" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:21:08 +0000 (0:00:00.417) 0:00:24.956 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:39 Monday 09 May 2022 16:21:08 +0000 (0:00:00.035) 0:00:24.992 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113255.0350015, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5d655119a4d9311b338fc96d97a4c470eea3c080", "ctime": 1652113255.0320015, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137735, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113255.0320015, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_run_hooks.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1923156695", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:43 Monday 09 May 2022 16:21:09 +0000 (0:00:00.378) 0:00:25.371 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113255.0300016, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1652113255.0300016, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137734, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1652113255.0300016, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "2200153853", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:47 Monday 09 May 2022 16:21:09 +0000 (0:00:00.384) 0:00:25.755 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113255.0680015, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1652113255.0680015, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137736, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1652113255.0680015, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "1082842183", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Assert file created before cert] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:51 Monday 09 May 2022 16:21:09 +0000 (0:00:00.382) 0:00:26.138 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Assert file created after cert] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:58 Monday 09 May 2022 16:21:09 +0000 (0:00:00.023) 0:00:26.161 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Get the ansible_managed comment in pre/post-scripts] ********************* task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:66 Monday 09 May 2022 16:21:09 +0000 (0:00:00.022) 0:00:26.184 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "find", "/etc/certmonger/pre-scripts", "/etc/certmonger/post-scripts", "-type", "f", "-exec", "grep", "^# Ansible managed", "{}", ";" ], "delta": "0:00:00.008647", "end": "2022-05-09 16:21:10.601285", "rc": 0, "start": "2022-05-09 16:21:10.592638" } STDOUT: # Ansible managed # Ansible managed TASK [Verify the ansible_managed comment in pre/post-scripts] ****************** task path: /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:72 Monday 09 May 2022 16:21:10 +0000 (0:00:00.381) 0:00:26.566 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=38 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:21:10 +0000 (0:00:00.039) 0:00:26.605 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.25s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.45s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 3.21s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.89s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.09s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.14s /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:2 ---------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.10s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.94s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:17 --------------------------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.57s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.54s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- Get pre-run file timestamp ---------------------------------------------- 0.38s /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:43 --------------------------------- Get post-run file timestamp --------------------------------------------- 0.38s /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:47 --------------------------------- Get the ansible_managed comment in pre/post-scripts --------------------- 0.38s /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:66 --------------------------------- Get certificate timestamp ----------------------------------------------- 0.38s /tmp/tmpd_ggxgwx/tests/tests_run_hooks.yml:39 --------------------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_subject.yml:2 Monday 09 May 2022 16:21:24 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:21:25 +0000 (0:00:01.124) 0:00:01.135 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:21:25 +0000 (0:00:00.020) 0:00:01.156 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:21:26 +0000 (0:00:00.512) 0:00:01.669 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:21:26 +0000 (0:00:00.037) 0:00:01.707 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:21:29 +0000 (0:00:03.014) 0:00:04.721 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:21:32 +0000 (0:00:03.409) 0:00:08.131 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:21:33 +0000 (0:00:00.556) 0:00:08.688 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:21:33 +0000 (0:00:00.438) 0:00:09.126 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket basic.target dbus-broker.service dbus.socket system.slice syslog.target sysinit.target network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:21:34 +0000 (0:00:01.039) 0:00:10.165 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_subject', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert_subject", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_subject.yml:19 Monday 09 May 2022 16:21:35 +0000 (0:00:00.977) 0:00:11.143 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_subject.yml:48 Monday 09 May 2022 16:21:36 +0000 (0:00:00.766) 0:00:11.909 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_subject.crt', 'key_path': '/etc/pki/tls/private/mycert_subject.key', 'subject': [{'name': 'countryName', 'oid': '2.5.4.6', 'value': 'US'}, {'name': 'stateOrProvinceName', 'oid': '2.5.4.8', 'value': 'NC'}, {'name': 'localityName', 'oid': '2.5.4.7', 'value': 'Raleigh'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'Red Hat'}, {'name': 'organizationalUnitName', 'oid': '2.5.4.11', 'value': 'Linux'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': 'Some other common name'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:21:36 +0000 (0:00:00.034) 0:00:11.944 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:21:36 +0000 (0:00:00.018) 0:00:11.962 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:21:38 +0000 (0:00:02.258) 0:00:14.221 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:21:43 +0000 (0:00:05.017) 0:00:19.239 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 22.8 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 82.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.7 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 91.9 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 32.6 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:21:46 +0000 (0:00:03.017) 0:00:22.256 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113294.9114892, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9c7037bf9d3f52567362cb55f16f3341d52c71e2", "ctime": 1652113294.9084892, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113294.9084892, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_subject.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1407, "uid": 0, "version": "2738427409", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:21:47 +0000 (0:00:00.517) 0:00:22.774 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:21:47 +0000 (0:00:00.020) 0:00:22.794 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:21:47 +0000 (0:00:00.036) 0:00:22.831 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:21:47 +0000 (0:00:00.035) 0:00:22.866 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113294.8634892, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5d61ab561d794c6dd4c6fbde1bbaafef3fddb902", "ctime": 1652113294.9084892, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113294.9084892, "nlink": 1, "path": "/etc/pki/tls/private/mycert_subject.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "3510418756", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:21:47 +0000 (0:00:00.371) 0:00:23.238 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:21:47 +0000 (0:00:00.021) 0:00:23.260 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:21:47 +0000 (0:00:00.040) 0:00:23.300 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_subject.crt" ], "delta": "0:00:00.208268", "end": "2022-05-09 16:21:47.977463", "rc": 0, "start": "2022-05-09 16:21:47.769195" } STDOUT: { "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "0B:0D:B4:28:6C:DA:D2:26:F5:8B:7D:79:DD:EB:E6:D1:94:45:2F:C5", "critical": false }, "authorityKeyIdentifier": { "value": "A3:2D:B8:2C:24:AA:60:03:0B:FA:EF:BC:FB:DB:0E:29:C0:36:66:84", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "18:A7:5E:72:2D:7B:71:CB:89:E6:5F:D8:91:69:32:34:C7:18:56:82:A3:FA:C9:23:04:58:FD:5D:E5:C0:4F:D1:46:5D:D7:93:7C:B3:8B:CD:58:B6:8D:86:8C:1A:69:E5:30:F7:2B:7B:FC:08:4F:78:9E:BE:F1:8D:13:23:C0:E9:76:9C:62:39:75:34:E1:7D:99:08:0C:53:3D:7D:EA:E3:E7:5F:1A:FD:07:6C:6D:5A:2C:77:58:A3:40:54:D8:48:5E:CD:DB:A1:26:38:3D:F0:2F:27:DD:CE:7A:34:97:8F:EC:61:AC:1F:B1:F8:09:D4:00:18:8D:AD:E3:51:05:BB:7C:BE:20:DC:6A:83:C8:F1:A4:FD:73:DD:86:8E:49:A0:09:C0:24:E7:B8:D6:DE:33:92:48:4E:5D:44:1E:ED:E6:63:BB:BF:9C:50:72:D3:7F:5E:3F:EA:C6:70:ED:FF:98:44:26:62:14:BD:2A:C1:A3:E4:6D:51:66:DD:02:BB:12:78:95:2A:37:57:95:75:46:F2:B6:8C:A4:66:3C:20:FB:C5:37:FB:9C:7D:7C:11:FC:30:28:E4:27:14:EC:96:25:5F:A6:A1:14:1A:B4:9B:96:3E:9A:81:37:2F:AA:2A:8E:7D:FC:B4:8C:89:B5:81:50:8A:56:58:4D:C8:12:FE:01" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:21:34", "not_valid_before": "2022-05-09 16:21:34" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:21:48 +0000 (0:00:00.717) 0:00:24.018 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "A3:2D:B8:2C:24:AA:60:03:0B:FA:EF:BC:FB:DB:0E:29:C0:36:66:84" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "0B:0D:B4:28:6C:DA:D2:26:F5:8B:7D:79:DD:EB:E6:D1:94:45:2F:C5" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "18:A7:5E:72:2D:7B:71:CB:89:E6:5F:D8:91:69:32:34:C7:18:56:82:A3:FA:C9:23:04:58:FD:5D:E5:C0:4F:D1:46:5D:D7:93:7C:B3:8B:CD:58:B6:8D:86:8C:1A:69:E5:30:F7:2B:7B:FC:08:4F:78:9E:BE:F1:8D:13:23:C0:E9:76:9C:62:39:75:34:E1:7D:99:08:0C:53:3D:7D:EA:E3:E7:5F:1A:FD:07:6C:6D:5A:2C:77:58:A3:40:54:D8:48:5E:CD:DB:A1:26:38:3D:F0:2F:27:DD:CE:7A:34:97:8F:EC:61:AC:1F:B1:F8:09:D4:00:18:8D:AD:E3:51:05:BB:7C:BE:20:DC:6A:83:C8:F1:A4:FD:73:DD:86:8E:49:A0:09:C0:24:E7:B8:D6:DE:33:92:48:4E:5D:44:1E:ED:E6:63:BB:BF:9C:50:72:D3:7F:5E:3F:EA:C6:70:ED:FF:98:44:26:62:14:BD:2A:C1:A3:E4:6D:51:66:DD:02:BB:12:78:95:2A:37:57:95:75:46:F2:B6:8C:A4:66:3C:20:FB:C5:37:FB:9C:7D:7C:11:FC:30:28:E4:27:14:EC:96:25:5F:A6:A1:14:1A:B4:9B:96:3E:9A:81:37:2F:AA:2A:8E:7D:FC:B4:8C:89:B5:81:50:8A:56:58:4D:C8:12:FE:01" }, "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "validity": { "not_valid_after": "2023-05-09 16:21:34", "not_valid_before": "2022-05-09 16:21:34" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:21:48 +0000 (0:00:00.035) 0:00:24.054 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:21:48 +0000 (0:00:00.039) 0:00:24.094 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:21:48 +0000 (0:00:00.028) 0:00:24.123 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:21:48 +0000 (0:00:00.048) 0:00:24.171 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:21:48 +0000 (0:00:00.039) 0:00:24.211 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:21:48 +0000 (0:00:00.037) 0:00:24.248 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_subject.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040863", "end": "2022-05-09 16:21:48.630083", "rc": 0, "start": "2022-05-09 16:21:48.589220" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:21:49 +0000 (0:00:00.424) 0:00:24.673 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:21:49 +0000 (0:00:00.042) 0:00:24.715 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.02s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.41s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 3.02s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 3.01s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.26s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmpd_ggxgwx/tests/tests_subject.yml:2 ------------------------------------ linux-system-roles.certificate : Ensure provider service is running ----- 1.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.98s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpd_ggxgwx/tests/tests_subject.yml:19 ----------------------------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.51s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.44s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify key size --------------------------------------------------------- 0.05s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 ------------ Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 ------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmpd_ggxgwx/tests/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_subject_complex.yml:2 Monday 09 May 2022 16:22:03 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:22:04 +0000 (0:00:01.147) 0:00:01.158 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:22:04 +0000 (0:00:00.021) 0:00:01.180 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:22:05 +0000 (0:00:00.559) 0:00:01.739 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:22:05 +0000 (0:00:00.038) 0:00:01.778 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:22:08 +0000 (0:00:02.739) 0:00:04.517 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:22:11 +0000 (0:00:03.345) 0:00:07.863 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:22:11 +0000 (0:00:00.555) 0:00:08.419 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:22:12 +0000 (0:00:00.407) 0:00:08.826 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target system.slice systemd-journald.socket syslog.target network.target dbus-broker.service dbus.socket basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:22:13 +0000 (0:00:01.039) 0:00:09.866 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_subject_complex', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert_subject_complex" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_subject_complex.yml:16 Monday 09 May 2022 16:22:14 +0000 (0:00:00.959) 0:00:10.826 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_subject_complex.yml:36 Monday 09 May 2022 16:22:15 +0000 (0:00:00.796) 0:00:11.622 ************ included: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_subject_complex.crt', 'key_path': '/etc/pki/tls/private/mycert_subject_complex.key', 'subject': [{'name': 'emailAddress', 'oid': '1.2.840.113549.1.9.1', 'value': 'admin@example.com'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': '# \\\\Every"thing+that,ne;edsing\\0 '}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:22:15 +0000 (0:00:00.036) 0:00:11.659 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:22:15 +0000 (0:00:00.022) 0:00:11.681 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:22:17 +0000 (0:00:02.164) 0:00:13.846 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:22:22 +0000 (0:00:05.302) 0:00:19.148 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 47.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 51.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 87.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.7 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:22:25 +0000 (0:00:02.990) 0:00:22.139 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113332.8175554, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "39154114d96fe04042c70792778206392cd701a3", "ctime": 1652113332.8145554, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113332.8145554, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_subject_complex.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1375, "uid": 0, "version": "715787730", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:22:26 +0000 (0:00:00.534) 0:00:22.674 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:22:26 +0000 (0:00:00.025) 0:00:22.699 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 16:22:26 +0000 (0:00:00.038) 0:00:22.738 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 16:22:26 +0000 (0:00:00.041) 0:00:22.780 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113332.7695553, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7c85a96a444e45ea81bcf4a6e6ea6807578b001d", "ctime": 1652113332.8145554, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113332.8145554, "nlink": 1, "path": "/etc/pki/tls/private/mycert_subject_complex.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1660902249", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 16:22:26 +0000 (0:00:00.416) 0:00:23.196 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 16:22:26 +0000 (0:00:00.024) 0:00:23.221 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 16:22:26 +0000 (0:00:00.049) 0:00:23.270 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_subject_complex.crt" ], "delta": "0:00:00.233048", "end": "2022-05-09 16:22:26.103000", "rc": 0, "start": "2022-05-09 16:22:25.869952" } STDOUT: { "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E7:48:5C:56:DF:D3:81:29:12:CB:EB:05:4F:7A:1B:8D:08:5A:5F:3D", "critical": false }, "authorityKeyIdentifier": { "value": "A2:4C:88:32:D3:B7:E7:B0:DA:A7:21:D7:60:60:6E:A1:AE:BE:FE:5C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "11:7A:A2:17:D0:32:F4:A9:C0:61:81:0F:A1:36:71:C9:17:CA:61:98:F6:13:DB:80:82:09:16:DA:74:68:F8:15:3F:55:80:2F:61:2C:0A:A9:FA:29:E0:9C:C4:71:AA:80:AF:13:23:C7:BF:9B:EF:7C:8B:7A:83:B0:BB:09:43:E0:4A:37:CB:BF:D6:0F:B2:ED:47:3B:CA:3A:88:90:9E:84:51:93:26:61:9E:48:2B:C9:33:F8:60:A4:EB:F2:4F:9E:7A:C1:A8:5A:F3:91:00:DC:58:BC:D3:71:CA:8B:77:74:60:F2:87:C8:0C:08:0F:D7:9D:59:58:F6:AB:17:48:B6:D9:69:AD:0C:5E:FE:1D:C9:B5:81:8B:3C:E5:27:C0:FE:97:44:9F:C9:CE:03:7B:54:32:3D:4B:5C:12:A1:BC:87:6F:37:C0:51:F0:EA:3A:01:47:19:5E:B4:BC:21:B9:F9:F9:CC:71:72:E5:E5:84:F2:B1:F3:94:1A:E2:26:23:B9:6A:21:D5:2F:7B:A4:FB:0A:1B:5E:84:B6:AB:0D:26:18:95:CB:07:95:41:0F:4B:FA:CA:96:DB:55:C4:55:24:A5:BE:8A:DC:95:D0:71:B8:7F:2B:65:A2:49:8D:4E:9D:1A:66:3A:34:D9:19:95:B1:DA:39:EC:72:A1:02:E1:0C:77" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:22:12", "not_valid_before": "2022-05-09 16:22:12" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:22:27 +0000 (0:00:00.730) 0:00:24.001 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "A2:4C:88:32:D3:B7:E7:B0:DA:A7:21:D7:60:60:6E:A1:AE:BE:FE:5C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E7:48:5C:56:DF:D3:81:29:12:CB:EB:05:4F:7A:1B:8D:08:5A:5F:3D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "11:7A:A2:17:D0:32:F4:A9:C0:61:81:0F:A1:36:71:C9:17:CA:61:98:F6:13:DB:80:82:09:16:DA:74:68:F8:15:3F:55:80:2F:61:2C:0A:A9:FA:29:E0:9C:C4:71:AA:80:AF:13:23:C7:BF:9B:EF:7C:8B:7A:83:B0:BB:09:43:E0:4A:37:CB:BF:D6:0F:B2:ED:47:3B:CA:3A:88:90:9E:84:51:93:26:61:9E:48:2B:C9:33:F8:60:A4:EB:F2:4F:9E:7A:C1:A8:5A:F3:91:00:DC:58:BC:D3:71:CA:8B:77:74:60:F2:87:C8:0C:08:0F:D7:9D:59:58:F6:AB:17:48:B6:D9:69:AD:0C:5E:FE:1D:C9:B5:81:8B:3C:E5:27:C0:FE:97:44:9F:C9:CE:03:7B:54:32:3D:4B:5C:12:A1:BC:87:6F:37:C0:51:F0:EA:3A:01:47:19:5E:B4:BC:21:B9:F9:F9:CC:71:72:E5:E5:84:F2:B1:F3:94:1A:E2:26:23:B9:6A:21:D5:2F:7B:A4:FB:0A:1B:5E:84:B6:AB:0D:26:18:95:CB:07:95:41:0F:4B:FA:CA:96:DB:55:C4:55:24:A5:BE:8A:DC:95:D0:71:B8:7F:2B:65:A2:49:8D:4E:9D:1A:66:3A:34:D9:19:95:B1:DA:39:EC:72:A1:02:E1:0C:77" }, "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "validity": { "not_valid_after": "2023-05-09 16:22:12", "not_valid_before": "2022-05-09 16:22:12" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 16:22:27 +0000 (0:00:00.034) 0:00:24.035 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 16:22:27 +0000 (0:00:00.036) 0:00:24.072 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 16:22:27 +0000 (0:00:00.023) 0:00:24.095 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 16:22:27 +0000 (0:00:00.041) 0:00:24.136 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 16:22:27 +0000 (0:00:00.041) 0:00:24.177 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:22:27 +0000 (0:00:00.039) 0:00:24.216 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_subject_complex.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042685", "end": "2022-05-09 16:22:26.747235", "rc": 0, "start": "2022-05-09 16:22:26.704550" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 16:22:28 +0000 (0:00:00.428) 0:00:24.645 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:22:28 +0000 (0:00:00.044) 0:00:24.689 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.30s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.35s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Install certreader ------------------------------------------------------ 2.99s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.74s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 2.16s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmpd_ggxgwx/tests/tests_subject_complex.yml:2 ---------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.96s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.80s /tmp/tmpd_ggxgwx/tests/tests_subject_complex.yml:16 --------------------------- Parse certificate ------------------------------------------------------- 0.73s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.56s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.53s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.43s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.42s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Verify key file owner and group ----------------------------------------- 0.05s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate permissions ------------------------------------------ 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:49 ------------- Verify certificate Key Usage -------------------------------------------- 0.04s /tmp/tmpd_ggxgwx/tests/tasks/assert_certificate_parameters.yml:112 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmpd_ggxgwx/tests/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd_ggxgwx/tests/tests_wrong_provider.yml:2 Monday 09 May 2022 16:22:42 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 16:22:43 +0000 (0:00:01.171) 0:00:01.182 ************ included: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:22:43 +0000 (0:00:00.020) 0:00:01.203 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:22:44 +0000 (0:00:00.537) 0:00:01.741 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 16:22:44 +0000 (0:00:00.036) 0:00:01.778 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 16:22:47 +0000 (0:00:02.829) 0:00:04.607 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 16:22:47 +0000 (0:00:00.037) 0:00:04.645 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 16:22:47 +0000 (0:00:00.037) 0:00:04.683 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 16:22:47 +0000 (0:00:00.037) 0:00:04.721 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 16:22:47 +0000 (0:00:00.036) 0:00:04.758 ************ failed: [/cache/fedora-34.qcow2.snap] (item={'name': 'mycert_wrong_provider', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_wrong_provider", "provider": "fake-provider" } } MSG: Chosen provider 'fake-provider' is not available. TASK [assert...] *************************************************************** task path: /tmp/tmpd_ggxgwx/tests/tests_wrong_provider.yml:22 Monday 09 May 2022 16:22:47 +0000 (0:00:00.615) 0:00:05.373 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0 Monday 09 May 2022 16:22:47 +0000 (0:00:00.026) 0:00:05.400 ************ =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.83s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.17s /tmp/tmpd_ggxgwx/tests/tests_wrong_provider.yml:2 ----------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.62s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.54s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - linux-system-roles.certificate : Ensure provider packages are installed --- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 linux-system-roles.certificate : Ensure provider service is running ----- 0.04s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - assert... --------------------------------------------------------------- 0.03s /tmp/tmpd_ggxgwx/tests/tests_wrong_provider.yml:22 ---------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.02s /tmp/tmpd_ggxgwx/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file statically imported: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmpw536d1ja/tests/certificate/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_basic_ipa.yml:2 Monday 09 May 2022 16:22:59 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:2 Monday 09 May 2022 16:23:00 +0000 (0:00:01.114) 0:00:01.125 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:6 Monday 09 May 2022 16:23:00 +0000 (0:00:00.041) 0:00:01.166 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:12 Monday 09 May 2022 16:23:00 +0000 (0:00:00.019) 0:00:01.186 ************ ok: [/cache/fedora-34.qcow2.snap -> 127.0.0.1] => { "after": "ba3fe74b60bcfcc8140e32ed33d06bb3dd14b112", "before": "ba3fe74b60bcfcc8140e32ed33d06bb3dd14b112", "changed": false, "remote_url_changed": false } TASK [Create role symlinks] **************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:21 Monday 09 May 2022 16:23:01 +0000 (0:00:00.820) 0:00:02.006 ************ changed: [/cache/fedora-34.qcow2.snap -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpw536d1ja/tests/certificate/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [/cache/fedora-34.qcow2.snap -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpw536d1ja/tests/certificate/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:33 Monday 09 May 2022 16:23:01 +0000 (0:00:00.520) 0:00:02.526 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Set hostname] ************************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:38 Monday 09 May 2022 16:23:04 +0000 (0:00:02.693) 0:00:05.219 ************ changed: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:42 Monday 09 May 2022 16:23:05 +0000 (0:00:00.842) 0:00:06.062 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [Include ipaserver role] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:50 Monday 09 May 2022 16:23:08 +0000 (0:00:02.900) 0:00:08.962 ************ TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Monday 09 May 2022 16:23:08 +0000 (0:00:00.032) 0:00:08.995 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml) => { "ansible_facts": { "ipaserver_packages": [ "freeipa-server", "python3-libselinux" ], "ipaserver_packages_adtrust": [ "freeipa-server-trust-ad" ], "ipaserver_packages_dns": [ "freeipa-server-dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:19 Monday 09 May 2022 16:23:08 +0000 (0:00:00.034) 0:00:09.029 ************ included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/fedora-34.qcow2.snap TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 Monday 09 May 2022 16:23:08 +0000 (0:00:00.060) 0:00:09.090 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: libdb-utils-5.3.28-49.fc34.x86_64", "Installed: perl-DynaLoader-1.47-477.fc34.x86_64", "Installed: oddjob-0.34.7-2.fc34.x86_64", "Installed: oddjob-mkhomedir-0.34.7-2.fc34.x86_64", "Installed: perl-Encode-4:3.15-462.fc34.x86_64", "Installed: samba-common-libs-2:4.14.12-0.fc34.x86_64", "Installed: perl-Errno-1.30-477.fc34.x86_64", "Installed: libev-4.33-3.fc34.x86_64", "Installed: tzdata-java-2022a-1.fc34.noarch", "Installed: web-assets-filesystem-5-14.fc34.noarch", "Installed: jboss-annotations-1.2-api-1.0.2-5.fc34.noarch", "Installed: python3-augeas-0.5.0-23.fc34.noarch", "Installed: xerces-j2-2.12.1-3.fc34.noarch", "Installed: perl-Fcntl-1.13-477.fc34.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-14.fc34.noarch", "Installed: perl-File-Basename-2.85-477.fc34.noarch", "Installed: perl-File-Find-1.37-477.fc34.noarch", "Installed: krb5-pkinit-1.19.2-5.fc34.x86_64", "Installed: krb5-server-1.19.2-5.fc34.x86_64", "Installed: krb5-workstation-1.19.2-5.fc34.x86_64", "Installed: jboss-logging-3.4.1-6.fc34.noarch", "Installed: perl-constant-1.33-459.fc34.noarch", "Installed: jboss-logging-tools-2.2.1-4.fc34.noarch", "Installed: python3-nss-1.0.1-23.fc34.x86_64", "Installed: fedora-logos-httpd-34.0.4-1.fc34.noarch", "Installed: logrotate-3.18.0-3.fc34.x86_64", "Installed: tomcat-native-1.2.23-4.fc34.x86_64", "Installed: perl-File-stat-1.09-477.fc34.noarch", "Installed: python3-dns-2.1.0-3.fc34.noarch", "Installed: perl-FileHandle-2.03-477.fc34.noarch", "Installed: apache-commons-cli-1.5.0-1.fc34.noarch", "Installed: perl-Getopt-Std-1.12-477.fc34.noarch", "Installed: perl-PathTools-3.78-459.fc34.x86_64", "Installed: tomcatjss-7.6.1-2.fc34.noarch", "Installed: rpcbind-1.2.6-0.fc34.x86_64", "Installed: openssl-1:1.1.1n-1.fc34.x86_64", "Installed: openssl-perl-1:1.1.1n-1.fc34.x86_64", "Installed: nfs-utils-1:2.5.4-2.rc3.fc34.x86_64", "Installed: perl-HTTP-Tiny-0.078-1.fc34.noarch", "Installed: copy-jdk-configs-4.0-1.fc34.noarch", "Installed: lua-5.4.4-1.fc34.x86_64", "Installed: perl-IO-1.43-477.fc34.x86_64", "Installed: jdeparser-2.0.3-6.fc34.noarch", "Installed: perl-IPC-Open3-1.21-477.fc34.noarch", "Installed: python3-pyusb-1.2.1-1.fc34.noarch", "Installed: apr-1.7.0-9.fc34.x86_64", "Installed: lua-posix-35.0-3.fc34.x86_64", "Installed: perl-libnet-3.13-2.fc34.noarch", "Installed: bash-completion-1:2.11-2.fc34.noarch", "Installed: harfbuzz-2.7.4-3.fc34.x86_64", "Installed: perl-Mozilla-CA-20211001-1.fc34.noarch", "Installed: perl-NDBM_File-1.15-477.fc34.x86_64", "Installed: perl-parent-1:0.238-458.fc34.noarch", "Installed: python3-jwcrypto-0.8-2.fc34.noarch", "Installed: perl-Pod-Escapes-1:1.07-458.fc34.noarch", "Installed: perl-podlators-1:4.14-458.fc34.noarch", "Installed: perl-Pod-Perldoc-3.28.01-459.fc34.noarch", "Installed: open-sans-fonts-1.10-14.fc34.noarch", "Installed: libverto-libev-0.3.2-1.fc34.x86_64", "Installed: perl-Carp-1.50-458.fc34.noarch", "Installed: perl-Pod-Simple-1:3.42-2.fc34.noarch", "Installed: perl-POSIX-1.94-477.fc34.x86_64", "Installed: perl-threads-1:2.25-458.fc34.x86_64", "Installed: perl-threads-shared-1.61-458.fc34.x86_64", "Installed: perl-Pod-Usage-4:2.01-2.fc34.noarch", "Installed: gssproxy-0.8.4-2.fc34.x86_64", "Installed: slf4j-1.7.30-8.fc34.noarch", "Installed: slf4j-jdk14-1.7.30-8.fc34.noarch", "Installed: freetype-2.10.4-3.fc34.x86_64", "Installed: perl-SelectSaver-1.02-477.fc34.noarch", "Installed: perl-Socket-4:2.032-1.fc34.x86_64", "Installed: xml-commons-apis-1.4.01-33.fc34.noarch", "Installed: xml-commons-resolver-1.2-33.fc34.noarch", "Installed: publicsuffix-list-20190417-5.fc34.noarch", "Installed: perl-Symbol-1.08-477.fc34.noarch", "Installed: python3-sss-2.5.2-2.fc34.x86_64", "Installed: perl-Term-ReadLine-1.17-477.fc34.noarch", "Installed: python3-sss-murmur-2.5.2-2.fc34.x86_64", "Installed: pki-acme-10.10.7-1.fc34.noarch", "Installed: pki-base-10.10.7-1.fc34.noarch", "Installed: pki-base-java-10.10.7-1.fc34.noarch", "Installed: perl-Digest-MD5-2.58-2.fc34.x86_64", "Installed: pki-ca-10.10.7-1.fc34.noarch", "Installed: python3-sssdconfig-2.5.2-2.fc34.noarch", "Installed: pki-kra-10.10.7-1.fc34.noarch", "Installed: samba-common-2:4.14.12-0.fc34.noarch", "Installed: pki-server-10.10.7-1.fc34.noarch", "Installed: pki-symkey-10.10.7-1.fc34.x86_64", "Installed: augeas-libs-1.13.0-1.fc34.x86_64", "Installed: pki-tools-10.10.7-1.fc34.x86_64", "Installed: python3-ipaclient-4.9.6-4.fc34.noarch", "Installed: python3-ipalib-4.9.6-4.fc34.noarch", "Installed: nss-tools-3.77.0-1.fc34.x86_64", "Installed: perl-Text-Tabs+Wrap-2021.0726-1.fc34.noarch", "Installed: python3-ipaserver-4.9.6-4.fc34.noarch", "Installed: python3-systemd-234-19.fc34.x86_64", "Installed: perl-Tie-4.6-477.fc34.noarch", "Installed: cups-libs-1:2.3.3op2-17.fc34.x86_64", "Installed: perl-Text-Diff-1.45-11.fc34.noarch", "Installed: perl-IO-Compress-2.102-2.fc34.noarch", "Installed: perl-IO-Compress-Lzma-2.101-2.fc34.noarch", "Installed: policycoreutils-python-utils-3.2-1.fc34.noarch", "Installed: mod_http2-1.15.24-1.fc34.x86_64", "Installed: mod_lua-2.4.53-1.fc34.x86_64", "Installed: ecj-1:4.19-1.fc34.noarch", "Installed: apache-commons-codec-1.15-2.fc34.noarch", "Installed: words-3.0-37.fc34.noarch", "Installed: mod_session-2.4.53-1.fc34.x86_64", "Installed: python3-qrcode-core-6.1-8.fc34.noarch", "Installed: libuv-1:1.44.1-1.fc34.x86_64", "Installed: mod_ssl-1:2.4.53-1.fc34.x86_64", "Installed: perl-base-2.27-477.fc34.noarch", "Installed: perl-debugger-1.56-477.fc34.noarch", "Installed: perl-IO-Socket-IP-0.41-3.fc34.noarch", "Installed: apache-commons-daemon-1.2.4-1.fc34.x86_64", "Installed: perl-Text-ParseWords-3.30-458.fc34.noarch", "Installed: perl-IO-Socket-SSL-2.070-2.fc34.noarch", "Installed: autofs-1:5.1.7-18.fc34.x86_64", "Installed: python3-kdcproxy-1.0.0-5.fc34.noarch", "Installed: apache-commons-io-1:2.8.0-3.fc34.noarch", "Installed: perl-IO-Zlib-1:1.11-2.fc34.noarch", "Installed: cyrus-sasl-gssapi-2.1.27-9.fc34.x86_64", "Installed: java-11-openjdk-headless-1:11.0.15.0.10-1.fc34.x86_64", "Installed: perl-if-0.60.800-477.fc34.noarch", "Installed: perl-interpreter-4:5.32.1-477.fc34.x86_64", "Installed: apache-commons-lang3-3.11-2.fc34.noarch", "Installed: python3-ldap-3.3.1-5.fc34.x86_64", "Installed: apache-commons-logging-1.2-25.fc34.noarch", "Installed: cyrus-sasl-md5-2.1.27-9.fc34.x86_64", "Installed: lcms2-2.12-1.fc34.x86_64", "Installed: cyrus-sasl-plain-2.1.27-9.fc34.x86_64", "Installed: perl-libs-4:5.32.1-477.fc34.x86_64", "Installed: apache-commons-net-3.6-11.fc34.noarch", "Installed: python3-lib389-2.0.15-1.fc34.noarch", "Installed: ldapjdk-4.22.0-5.fc34.noarch", "Installed: perl-meta-notation-5.32.1-477.fc34.noarch", "Installed: perl-mro-1.23-477.fc34.x86_64", "Installed: perl-overload-1.31-477.fc34.noarch", "Installed: perl-overloading-0.02-477.fc34.noarch", "Installed: avahi-libs-0.8-14.fc34.x86_64", "Installed: python3-libipa_hbac-2.5.2-2.fc34.x86_64", "Installed: perl-sigtrap-1.09-477.fc34.noarch", "Installed: perl-subs-1.03-477.fc34.noarch", "Installed: python-systemd-doc-234-19.fc34.x86_64", "Installed: perl-vars-1.05-477.fc34.noarch", "Installed: jackson-annotations-2.11.4-2.fc34.noarch", "Installed: perl-Scalar-List-Utils-4:1.56-459.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: jackson-core-2.11.4-2.fc34.noarch", "Installed: jackson-databind-2.11.4-2.fc34.noarch", "Installed: js-jquery-3.5.0-5.fc34.noarch", "Installed: jackson-jaxrs-json-provider-2.11.4-2.fc34.noarch", "Installed: jackson-jaxrs-providers-2.11.4-2.fc34.noarch", "Installed: lksctp-tools-1.0.18-9.fc34.x86_64", "Installed: jackson-module-jaxb-annotations-2.11.4-2.fc34.noarch", "Installed: python3-lxml-4.6.5-1.fc34.x86_64", "Installed: perl-Time-Local-2:1.300-5.fc34.noarch", "Installed: perl-Exporter-5.74-459.fc34.noarch", "Installed: perl-Compress-Raw-Bzip2-2.101-3.fc34.x86_64", "Installed: jakarta-activation-1.2.2-2.fc34.noarch", "Installed: perl-Compress-Raw-Lzma-2.101-1.fc34.x86_64", "Installed: mod_auth_gssapi-1.6.3-3.fc34.x86_64", "Installed: perl-Compress-Raw-Zlib-2.101-3.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: libwbclient-2:4.14.12-0.fc34.x86_64", "Installed: jaxb-impl-2.3.5-1.fc34.noarch", "Installed: apr-util-1.6.1-16.fc34.x86_64", "Installed: apr-util-bdb-1.6.1-16.fc34.x86_64", "Installed: libpkgconf-1.7.3-6.fc34.x86_64", "Installed: pkgconf-1.7.3-6.fc34.x86_64", "Installed: pkgconf-m4-1.7.3-6.fc34.noarch", "Installed: pkgconf-pkg-config-1.7.3-6.fc34.x86_64", "Installed: apr-util-openssl-1.6.1-16.fc34.x86_64", "Installed: authselect-1.2.3-1.fc34.x86_64", "Installed: mod_lookup_identity-1.0.0-13.fc34.x86_64", "Installed: resteasy-atom-provider-3.0.26-7.fc34.noarch", "Installed: resteasy-client-3.0.26-7.fc34.noarch", "Installed: resteasy-core-3.0.26-7.fc34.noarch", "Installed: authselect-libs-1.2.3-1.fc34.x86_64", "Installed: resteasy-jackson2-provider-3.0.26-7.fc34.noarch", "Installed: resteasy-jaxb-provider-3.0.26-7.fc34.noarch", "Installed: softhsm-2.6.1-5.fc34.1.x86_64", "Installed: perl-Storable-1:3.21-458.fc34.x86_64", "Installed: jss-4.8.1-2.fc34.x86_64", "Installed: slapi-nis-0.56.7-1.fc34.x86_64", "Installed: xalan-j2-2.7.2-7.fc34.noarch", "Installed: perl-Algorithm-Diff-1.2010-2.fc34.noarch", "Installed: keyutils-1.6.1-2.fc34.x86_64", "Installed: libpng-2:1.6.37-10.fc34.x86_64", "Installed: perl-URI-5.09-1.fc34.noarch", "Installed: python3-psutil-5.8.0-5.fc34.x86_64", "Installed: julietaula-montserrat-base-web-fonts-1:7.210-4.fc34.noarch", "Installed: julietaula-montserrat-fonts-common-1:7.210-4.fc34.noarch", "Installed: libicu-67.1-7.fc34.x86_64", "Installed: freeipa-client-4.9.6-4.fc34.x86_64", "Installed: freeipa-client-common-4.9.6-4.fc34.noarch", "Installed: perl-Net-SSLeay-1.90-2.fc34.x86_64", "Installed: freeipa-common-4.9.6-4.fc34.noarch", "Installed: freeipa-healthcheck-core-0.10-1.fc34.noarch", "Installed: freeipa-selinux-4.9.6-4.fc34.noarch", "Installed: freeipa-server-4.9.6-4.fc34.x86_64", "Installed: freeipa-server-common-4.9.6-4.fc34.noarch", "Installed: httpcomponents-client-4.5.10-6.fc34.noarch", "Installed: httpcomponents-core-4.4.12-5.fc34.noarch", "Installed: perl-File-Path-2.18-2.fc34.noarch", "Installed: python3-pyasn1-modules-0.4.8-4.fc34.noarch", "Installed: python3-mod_wsgi-4.7.1-4.fc34.x86_64", "Installed: mailcap-2.1.49-3.fc34.noarch", "Installed: python3-gssapi-1.6.9-3.fc34.x86_64", "Installed: libipa_hbac-2.5.2-2.fc34.x86_64", "Installed: perl-File-Temp-1:0.231.100-2.fc34.noarch", "Installed: bind-libs-32:9.16.27-1.fc34.x86_64", "Installed: bind-license-32:9.16.27-1.fc34.noarch", "Installed: tomcat-1:9.0.59-3.fc34.noarch", "Installed: bind-utils-32:9.16.27-1.fc34.x86_64", "Installed: tomcat-el-3.0-api-1:9.0.59-3.fc34.noarch", "Installed: fstrm-0.6.1-2.fc34.x86_64", "Installed: python3-decorator-4.4.2-4.fc34.noarch", "Installed: graphite2-1.3.14-7.fc34.x86_64", "Installed: openldap-clients-2.4.57-6.fc34.x86_64", "Installed: openldap-compat-2.4.57-6.fc34.x86_64", "Installed: tomcat-jsp-2.3-api-1:9.0.59-3.fc34.noarch", "Installed: tomcat-lib-1:9.0.59-3.fc34.noarch", "Installed: libjpeg-turbo-2.0.90-3.fc34.x86_64", "Installed: tomcat-servlet-4.0-api-1:9.0.59-3.fc34.noarch", "Installed: perl-Archive-Tar-2.40-1.fc34.noarch", "Installed: alsa-lib-1.2.6.1-3.fc34.x86_64", "Installed: libkadm5-1.19.2-5.fc34.x86_64", "Installed: perl-AutoLoader-5.74-477.fc34.noarch", "Installed: sscg-3.0.2-6.fc34.x86_64", "Installed: perl-B-1.80-477.fc34.x86_64", "Installed: perl-Term-ANSIColor-5.01-459.fc34.noarch", "Installed: httpd-2.4.53-1.fc34.x86_64", "Installed: perl-Term-Cap-1.17-458.fc34.noarch", "Installed: httpd-filesystem-2.4.53-1.fc34.noarch", "Installed: httpd-tools-2.4.53-1.fc34.x86_64", "Installed: 389-ds-base-2.0.15-1.fc34.x86_64", "Installed: perl-MIME-Base64-3.16-2.fc34.x86_64", "Installed: 389-ds-base-libs-2.0.15-1.fc34.x86_64", "Installed: sssd-common-pac-2.5.2-2.fc34.x86_64", "Installed: sssd-dbus-2.5.2-2.fc34.x86_64", "Installed: quota-1:4.06-4.fc34.x86_64", "Installed: sssd-ipa-2.5.2-2.fc34.x86_64", "Installed: sssd-krb5-common-2.5.2-2.fc34.x86_64", "Installed: quota-nls-1:4.06-4.fc34.noarch", "Installed: fontawesome-fonts-1:4.7.0-11.fc34.noarch", "Installed: perl-DB_File-1.855-2.fc34.x86_64", "Installed: perl-Class-Struct-0.66-477.fc34.noarch", "Installed: sssd-tools-2.5.2-2.fc34.x86_64", "Installed: python3-yubico-1.3.3-5.fc34.noarch", "Installed: python3-netaddr-0.8.0-3.fc34.noarch", "Installed: javapackages-filesystem-5.3.0-15.fc34.noarch", "Installed: python3-pki-10.10.7-1.fc34.noarch", "Installed: javapackages-tools-5.3.0-15.fc34.noarch", "Installed: python3-argcomplete-1.12.0-3.fc34.noarch", "Installed: python3-netifaces-0.10.6-13.fc34.x86_64", "Installed: perl-Getopt-Long-1:2.52-2.fc34.noarch", "Installed: jaxb-api-2.3.3-3.fc34.noarch", "Installed: libxslt-1.1.34-5.fc34.x86_64", "Installed: perl-Data-Dumper-2.174-460.fc34.x86_64", "Installed: perl-Devel-Peek-1.28-477.fc34.x86_64", "Installed: perl-Digest-1.20-1.fc34.noarch", "Installed: samba-client-libs-2:4.14.12-0.fc34.x86_64" ] } TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 Monday 09 May 2022 16:23:46 +0000 (0:00:38.247) 0:00:47.337 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: bind-dnssec-doc-32:9.16.27-1.fc34.noarch", "Installed: bind-dnssec-utils-32:9.16.27-1.fc34.x86_64", "Installed: freeipa-server-dns-4.9.6-4.fc34.noarch", "Installed: bind-dyndb-ldap-11.9-9.fc34.x86_64", "Installed: opendnssec-2.1.9-1.fc34.x86_64", "Installed: ldns-1.8.1-3.fc34.x86_64", "Installed: opencryptoki-3.16.0-2.fc34.x86_64", "Installed: opencryptoki-icsftok-3.16.0-2.fc34.x86_64", "Installed: opencryptoki-libs-3.16.0-2.fc34.x86_64", "Installed: python3-bind-32:9.16.27-1.fc34.noarch", "Installed: sqlite-3.34.1-2.fc34.x86_64", "Installed: bind-32:9.16.27-1.fc34.x86_64" ] } TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Monday 09 May 2022 16:23:53 +0000 (0:00:06.304) 0:00:53.642 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 Monday 09 May 2022 16:23:53 +0000 (0:00:00.034) 0:00:53.676 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: gobject-introspection-1.68.0-4.fc34.x86_64", "Installed: libnftnl-1.1.9-2.fc34.x86_64", "Installed: firewalld-0.9.4-1.fc34.noarch", "Installed: firewalld-filesystem-0.9.4-1.fc34.noarch", "Installed: ipset-7.11-1.fc34.x86_64", "Installed: python3-gobject-base-3.40.1-1.fc34.x86_64", "Installed: nftables-1:0.9.8-3.fc34.x86_64", "Installed: ipset-libs-7.11-1.fc34.x86_64", "Installed: python3-slip-0.6.4-22.fc34.noarch", "Installed: python3-slip-dbus-0.6.4-22.fc34.noarch", "Installed: iptables-nft-1.8.7-8.fc34.x86_64", "Installed: python3-nftables-1:0.9.8-3.fc34.x86_64", "Installed: python3-firewall-0.9.4-1.fc34.noarch" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Monday 09 May 2022 16:23:56 +0000 (0:00:03.496) 0:00:57.173 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice sysinit.target dbus.socket basic.target dbus-broker.service polkit.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target multi-user.target network-pre.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "ebtables.service nftables.service ip6tables.service ipset.service iptables.service shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [ipaserver : Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 Monday 09 May 2022 16:23:57 +0000 (0:00:01.139) 0:00:58.312 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Monday 09 May 2022 16:23:57 +0000 (0:00:00.035) 0:00:58.348 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 Monday 09 May 2022 16:23:57 +0000 (0:00:00.036) 0:00:58.384 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 Monday 09 May 2022 16:23:57 +0000 (0:00:00.036) 0:00:58.421 ************ ok: [/cache/fedora-34.qcow2.snap] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 673599999, "idstart": 673400000, "ipa_python_version": 40906, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:138 Monday 09 May 2022 16:23:59 +0000 (0:00:01.339) 0:00:59.761 ************ changed: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:145 Monday 09 May 2022 16:24:00 +0000 (0:00:01.189) 0:01:00.951 ************ ok: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:153 Monday 09 May 2022 16:24:00 +0000 (0:00:00.034) 0:01:00.985 ************ changed: [/cache/fedora-34.qcow2.snap] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": [ "10.0.2.3" ], "ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:197 Monday 09 May 2022 16:24:02 +0000 (0:00:02.417) 0:01:03.403 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:204 Monday 09 May 2022 16:24:13 +0000 (0:00:10.586) 0:01:13.989 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:233 Monday 09 May 2022 16:24:31 +0000 (0:00:18.084) 0:01:32.074 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:260 Monday 09 May 2022 16:24:38 +0000 (0:00:06.686) 0:01:38.760 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:266 Monday 09 May 2022 16:24:42 +0000 (0:00:04.692) 0:01:43.452 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "/cache/fedora-34.qcow2.snap-ipa.csr"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:307 Monday 09 May 2022 16:27:11 +0000 (0:02:28.279) 0:04:11.732 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:316 Monday 09 May 2022 16:27:11 +0000 (0:00:00.034) 0:04:11.766 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:322 Monday 09 May 2022 16:27:13 +0000 (0:00:02.790) 0:04:14.557 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:354 Monday 09 May 2022 16:28:38 +0000 (0:01:24.454) 0:05:39.012 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:365 Monday 09 May 2022 16:28:38 +0000 (0:00:00.040) 0:05:39.053 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:382 Monday 09 May 2022 16:28:46 +0000 (0:00:08.426) 0:05:47.479 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:397 Monday 09 May 2022 16:28:46 +0000 (0:00:00.037) 0:05:47.516 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:414 Monday 09 May 2022 16:28:49 +0000 (0:00:02.473) 0:05:49.990 ************ TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Monday 09 May 2022 16:28:49 +0000 (0:00:00.057) 0:05:50.048 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => { "ansible_facts": { "ipaclient_packages": [ "ipa-client", "python3-libselinux" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:19 Monday 09 May 2022 16:28:49 +0000 (0:00:00.070) 0:05:50.118 ************ included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/fedora-34.qcow2.snap TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 Monday 09 May 2022 16:28:49 +0000 (0:00:00.073) 0:05:50.191 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [ipaclient : Install - Set ipaclient_servers] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 Monday 09 May 2022 16:28:51 +0000 (0:00:02.314) 0:05:52.506 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 Monday 09 May 2022 16:28:51 +0000 (0:00:00.044) 0:05:52.550 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 Monday 09 May 2022 16:28:51 +0000 (0:00:00.040) 0:05:52.591 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 Monday 09 May 2022 16:28:52 +0000 (0:00:00.037) 0:05:52.628 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 Monday 09 May 2022 16:28:52 +0000 (0:00:00.037) 0:05:52.666 ************ ok: [/cache/fedora-34.qcow2.snap] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40906, "kdc": "ipaserver.test.local", "nosssd_files": {}, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 Monday 09 May 2022 16:28:53 +0000 (0:00:01.219) 0:05:53.886 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 Monday 09 May 2022 16:28:53 +0000 (0:00:00.405) 0:05:54.292 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 Monday 09 May 2022 16:28:54 +0000 (0:00:00.944) 0:05:55.236 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 Monday 09 May 2022 16:28:54 +0000 (0:00:00.039) 0:05:55.276 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 Monday 09 May 2022 16:28:54 +0000 (0:00:00.042) 0:05:55.318 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 Monday 09 May 2022 16:28:56 +0000 (0:00:01.756) 0:05:57.075 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 Monday 09 May 2022 16:28:56 +0000 (0:00:00.042) 0:05:57.118 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 Monday 09 May 2022 16:28:56 +0000 (0:00:00.046) 0:05:57.164 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Monday 09 May 2022 16:28:56 +0000 (0:00:00.042) 0:05:57.207 ************ skipping: [/cache/fedora-34.qcow2.snap] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 Monday 09 May 2022 16:28:56 +0000 (0:00:00.044) 0:05:57.251 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 Monday 09 May 2022 16:28:56 +0000 (0:00:00.039) 0:05:57.291 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 Monday 09 May 2022 16:28:56 +0000 (0:00:00.044) 0:05:57.336 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 Monday 09 May 2022 16:28:56 +0000 (0:00:00.041) 0:05:57.378 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 Monday 09 May 2022 16:28:56 +0000 (0:00:00.041) 0:05:57.420 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:192 Monday 09 May 2022 16:28:56 +0000 (0:00:00.043) 0:05:57.463 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:197 Monday 09 May 2022 16:28:56 +0000 (0:00:00.041) 0:05:57.504 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : krb5 configuration not correct] ****************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:219 Monday 09 May 2022 16:28:56 +0000 (0:00:00.043) 0:05:57.547 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : IPA test failed] ********************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:225 Monday 09 May 2022 16:28:56 +0000 (0:00:00.041) 0:05:57.589 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : ca.crt file is missing] ************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:229 Monday 09 May 2022 16:28:57 +0000 (0:00:00.043) 0:05:57.632 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:242 Monday 09 May 2022 16:28:57 +0000 (0:00:00.038) 0:05:57.671 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:251 Monday 09 May 2022 16:28:57 +0000 (0:00:00.041) 0:05:57.712 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:273 Monday 09 May 2022 16:28:58 +0000 (0:00:00.980) 0:05:58.693 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:287 Monday 09 May 2022 16:28:58 +0000 (0:00:00.045) 0:05:58.738 ************ changed: [/cache/fedora-34.qcow2.snap] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:295 Monday 09 May 2022 16:29:00 +0000 (0:00:02.377) 0:06:01.116 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:305 Monday 09 May 2022 16:29:00 +0000 (0:00:00.041) 0:06:01.157 ************ changed: [/cache/fedora-34.qcow2.snap] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 Monday 09 May 2022 16:29:05 +0000 (0:00:04.519) 0:06:05.677 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:345 Monday 09 May 2022 16:29:06 +0000 (0:00:00.967) 0:06:06.645 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:351 Monday 09 May 2022 16:29:06 +0000 (0:00:00.848) 0:06:07.493 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:357 Monday 09 May 2022 16:29:06 +0000 (0:00:00.043) 0:06:07.536 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:375 Monday 09 May 2022 16:29:08 +0000 (0:00:01.163) 0:06:08.700 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:381 Monday 09 May 2022 16:29:08 +0000 (0:00:00.041) 0:06:08.741 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:23 Monday 09 May 2022 16:29:08 +0000 (0:00:00.400) 0:06:09.141 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2.snap TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:429 Monday 09 May 2022 16:29:08 +0000 (0:00:00.051) 0:06:09.193 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:436 Monday 09 May 2022 16:29:13 +0000 (0:00:04.853) 0:06:14.047 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:442 Monday 09 May 2022 16:29:13 +0000 (0:00:00.390) 0:06:14.437 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.314758", "end": "2022-05-09 16:29:14.478810", "rc": 0, "start": "2022-05-09 16:29:14.164052" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:456 Monday 09 May 2022 16:29:14 +0000 (0:00:00.839) 0:06:15.277 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.296672", "end": "2022-05-09 16:29:15.174473", "rc": 0, "start": "2022-05-09 16:29:14.877801" } STDOUT: success TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:472 Monday 09 May 2022 16:29:15 +0000 (0:00:00.697) 0:06:15.974 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [/cache/fedora-34.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [/cache/fedora-34.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:23 Monday 09 May 2022 16:29:16 +0000 (0:00:01.097) 0:06:17.072 ************ skipping: [/cache/fedora-34.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Issue IPA signed certificates] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_basic_ipa.yml:10 Monday 09 May 2022 16:29:16 +0000 (0:00:00.046) 0:06:17.118 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:29:17 +0000 (0:00:00.793) 0:06:17.911 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:29:17 +0000 (0:00:00.022) 0:06:17.934 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:29:17 +0000 (0:00:00.567) 0:06:18.501 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:29:17 +0000 (0:00:00.041) 0:06:18.543 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:29:20 +0000 (0:00:02.201) 0:06:20.744 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:29:22 +0000 (0:00:02.239) 0:06:22.983 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:29:22 +0000 (0:00:00.434) 0:06:23.417 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:29:23 +0000 (0:00:00.423) 0:06:23.841 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-05-09 16:26:19 UTC", "ActiveEnterTimestampMonotonic": "207530156", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket syslog.target basic.target dbus.socket system.slice sysinit.target dbus-broker.service network.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-05-09 16:26:19 UTC", "AssertTimestampMonotonic": "207516087", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "36036567000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-05-09 16:26:19 UTC", "ConditionTimestampMonotonic": "207516085", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "17238", "ExecMainStartTimestamp": "Mon 2022-05-09 16:26:19 UTC", "ExecMainStartTimestampMonotonic": "207517723", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-05-09 16:26:19 UTC", "InactiveExitTimestampMonotonic": "207518224", "InvocationID": "3ec3286059b44712898207084ba6d22e", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "17238", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "2621440", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-05-09 16:29:10 UTC", "StateChangeTimestampMonotonic": "378348883", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:29:23 +0000 (0:00:00.549) 0:06:24.390 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificates] ***************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_basic_ipa.yml:30 Monday 09 May 2022 16:29:28 +0000 (0:00:04.298) 0:06:28.688 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_basic_ipa.yml:89 Monday 09 May 2022 16:29:28 +0000 (0:00:00.793) 0:06:29.482 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_basic_ipa.crt', 'key_path': '/etc/pki/tls/private/mycert_basic_ipa.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/groupcert.crt', 'key_path': '/etc/pki/tls/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:29:28 +0000 (0:00:00.043) 0:06:29.525 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:29:28 +0000 (0:00:00.018) 0:06:29.543 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:29:31 +0000 (0:00:02.260) 0:06:31.804 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:29:36 +0000 (0:00:05.090) 0:06:36.895 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 19.4 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 96.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 2.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 110.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 51.3 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:29:39 +0000 (0:00:03.319) 0:06:40.214 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113766.1854925, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e2ef03d828dbdb7854e8dcc33e3064a237017f0a", "ctime": 1652113766.1814926, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 142553, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113766.1814926, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_basic_ipa.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "630570175", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:29:40 +0000 (0:00:00.574) 0:06:40.789 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:29:40 +0000 (0:00:00.023) 0:06:40.812 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:29:40 +0000 (0:00:00.035) 0:06:40.848 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:29:40 +0000 (0:00:00.037) 0:06:40.885 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113764.4134927, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ce38eafea741966cf2e97deece95979264b3aaf9", "ctime": 1652113766.1814926, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 142551, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113766.1814926, "nlink": 1, "path": "/etc/pki/tls/private/mycert_basic_ipa.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "3043720256", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:29:40 +0000 (0:00:00.395) 0:06:41.281 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:29:40 +0000 (0:00:00.022) 0:06:41.304 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:29:40 +0000 (0:00:00.035) 0:06:41.339 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_basic_ipa.crt" ], "delta": "0:00:00.213530", "end": "2022-05-09 16:29:41.127373", "rc": 0, "start": "2022-05-09 16:29:40.913843" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "18:F4:C5:CF:3A:24:30:C0:A5:36:0E:3A:10:B4:7E:90:E7:19:18:45", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "BE:A1:1E:5B:34:27:26:C8:20:CF:B0:D5:2B:D8:0F:32:C9:62:AF:BB", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "82:8D:86:6A:B7:08:BF:F9:6E:F4:B2:91:0C:EE:07:C0:5A:A7:EA:A3:89:60:9B:AE:DD:1D:22:FD:95:B5:B1:B2:70:A6:2A:67:B6:68:89:81:A4:65:7D:2B:62:E8:73:5F:54:2D:0B:2D:27:9E:24:24:C4:00:92:DF:70:3B:24:00:8C:AC:CF:98:71:4E:F2:F8:4F:93:EC:21:E6:DC:7A:A8:99:8C:4C:29:F2:0B:2C:A3:B7:2F:69:E5:9D:8A:0A:6F:C2:13:D8:68:4A:F9:CE:22:2C:4D:91:69:0A:55:FC:8E:83:5C:5B:C1:92:28:3D:30:6F:B9:9F:2A:04:D7:AA:A8:29:35:24:67:77:61:71:25:68:55:81:32:10:D0:0F:5E:E2:0A:81:2D:3F:C4:A9:48:48:40:01:CF:D2:7A:BE:F4:CE:9D:42:E1:0F:A6:8E:79:5C:E7:0D:06:90:BF:D7:56:C9:BB:C8:19:0C:8A:A1:77:90:B3:C7:92:F9:64:C0:F1:ED:92:A3:47:E4:40:0F:35:EA:BB:DD:7D:C7:A4:8E:1A:3E:FB:4C:7D:4D:64:73:A4:08:AE:F1:CA:BD:86:8F:0B:E0:A9:47:FD:8A:02:11:DD:13:FB:A0:33:46:A5:06:2B:27:70:83:ED:D9:BB:A1:7C:18:4A:52:EF:05:C6:76:9C:99:F5:D2:B5:DF:BF:CC:D1:05:5D:6C:6A:D9:DA:FC:81:E8:2C:A8:F8:9C:EC:B1:92:B3:2D:3D:46:6E:55:C7:BE:73:F5:28:6F:14:00:40:77:3E:F9:55:18:46:C9:9F:00:6D:97:CA:53:B4:B3:1D:9C:FE:5E:F3:84:4A:50:4F:5E:51:C7:CB:1C:FA:89:C1:F9:79:42:BA:52:5D:D2:DE:99:F8:D4:81:AD:D5:AA:18:C0:50:DE:E7:20:63:A2:3D:97:8A:30:62:FC:3A:78:7A:6F:A5:BF:A5:2C:58:AD:26:64:82:09:7C:FF:44:57:04:E6:E8:9C:91:FE:08:D5:A5:EE" }, "key_size": 2048, "validity": { "not_valid_after": "2024-05-09 16:29:25", "not_valid_before": "2022-05-09 16:29:25" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:29:41 +0000 (0:00:00.586) 0:06:41.925 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "18:F4:C5:CF:3A:24:30:C0:A5:36:0E:3A:10:B4:7E:90:E7:19:18:45" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "BE:A1:1E:5B:34:27:26:C8:20:CF:B0:D5:2B:D8:0F:32:C9:62:AF:BB" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "82:8D:86:6A:B7:08:BF:F9:6E:F4:B2:91:0C:EE:07:C0:5A:A7:EA:A3:89:60:9B:AE:DD:1D:22:FD:95:B5:B1:B2:70:A6:2A:67:B6:68:89:81:A4:65:7D:2B:62:E8:73:5F:54:2D:0B:2D:27:9E:24:24:C4:00:92:DF:70:3B:24:00:8C:AC:CF:98:71:4E:F2:F8:4F:93:EC:21:E6:DC:7A:A8:99:8C:4C:29:F2:0B:2C:A3:B7:2F:69:E5:9D:8A:0A:6F:C2:13:D8:68:4A:F9:CE:22:2C:4D:91:69:0A:55:FC:8E:83:5C:5B:C1:92:28:3D:30:6F:B9:9F:2A:04:D7:AA:A8:29:35:24:67:77:61:71:25:68:55:81:32:10:D0:0F:5E:E2:0A:81:2D:3F:C4:A9:48:48:40:01:CF:D2:7A:BE:F4:CE:9D:42:E1:0F:A6:8E:79:5C:E7:0D:06:90:BF:D7:56:C9:BB:C8:19:0C:8A:A1:77:90:B3:C7:92:F9:64:C0:F1:ED:92:A3:47:E4:40:0F:35:EA:BB:DD:7D:C7:A4:8E:1A:3E:FB:4C:7D:4D:64:73:A4:08:AE:F1:CA:BD:86:8F:0B:E0:A9:47:FD:8A:02:11:DD:13:FB:A0:33:46:A5:06:2B:27:70:83:ED:D9:BB:A1:7C:18:4A:52:EF:05:C6:76:9C:99:F5:D2:B5:DF:BF:CC:D1:05:5D:6C:6A:D9:DA:FC:81:E8:2C:A8:F8:9C:EC:B1:92:B3:2D:3D:46:6E:55:C7:BE:73:F5:28:6F:14:00:40:77:3E:F9:55:18:46:C9:9F:00:6D:97:CA:53:B4:B3:1D:9C:FE:5E:F3:84:4A:50:4F:5E:51:C7:CB:1C:FA:89:C1:F9:79:42:BA:52:5D:D2:DE:99:F8:D4:81:AD:D5:AA:18:C0:50:DE:E7:20:63:A2:3D:97:8A:30:62:FC:3A:78:7A:6F:A5:BF:A5:2C:58:AD:26:64:82:09:7C:FF:44:57:04:E6:E8:9C:91:FE:08:D5:A5:EE" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-05-09 16:29:25", "not_valid_before": "2022-05-09 16:29:25" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:29:41 +0000 (0:00:00.039) 0:06:41.965 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:29:41 +0000 (0:00:00.039) 0:06:42.005 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:29:41 +0000 (0:00:00.029) 0:06:42.034 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:29:41 +0000 (0:00:00.036) 0:06:42.071 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:29:41 +0000 (0:00:00.035) 0:06:42.106 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:29:41 +0000 (0:00:00.037) 0:06:42.144 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_basic_ipa.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.052455", "end": "2022-05-09 16:29:41.771094", "rc": 0, "start": "2022-05-09 16:29:41.718639" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:29:41 +0000 (0:00:00.423) 0:06:42.567 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:29:42 +0000 (0:00:00.038) 0:06:42.606 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:29:42 +0000 (0:00:00.018) 0:06:42.625 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:29:44 +0000 (0:00:02.172) 0:06:44.797 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:29:45 +0000 (0:00:01.062) 0:06:45.859 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:29:46 +0000 (0:00:00.986) 0:06:46.846 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113767.7514925, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "cc10af7898c55ce778bc25755be856d05de2cb80", "ctime": 1652113767.8544927, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 142556, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652113767.7474926, "nlink": 1, "path": "/etc/pki/tls/certs/groupcert.crt", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "2882216945", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:29:46 +0000 (0:00:00.411) 0:06:47.257 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:29:46 +0000 (0:00:00.021) 0:06:47.278 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:29:46 +0000 (0:00:00.039) 0:06:47.318 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:29:46 +0000 (0:00:00.037) 0:06:47.355 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113766.9124925, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "996bfe109a3b72cce5e0aa4dfa46f845d0dcd68c", "ctime": 1652113767.8544927, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 142552, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652113767.7474926, "nlink": 1, "path": "/etc/pki/tls/private/groupcert.key", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "195354206", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:29:47 +0000 (0:00:00.392) 0:06:47.748 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:29:47 +0000 (0:00:00.023) 0:06:47.771 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:29:47 +0000 (0:00:00.038) 0:06:47.810 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/groupcert.crt" ], "delta": "0:00:00.215333", "end": "2022-05-09 16:29:47.604104", "rc": 0, "start": "2022-05-09 16:29:47.388771" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "18:F4:C5:CF:3A:24:30:C0:A5:36:0E:3A:10:B4:7E:90:E7:19:18:45", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "81:8F:ED:24:90:F8:22:5A:2D:B9:15:C7:F3:63:72:63:7B:7D:8E:09", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "50:C8:29:60:81:16:AB:8E:F5:75:C2:AD:52:D2:4A:02:B4:B4:94:DF:10:D3:AD:36:B7:56:4B:D8:AD:22:D1:53:6B:AC:83:A3:95:70:07:A1:AE:16:03:9C:B7:93:64:C0:EE:81:20:E1:C4:0D:B0:EE:52:5D:63:6D:8E:9D:37:E2:D4:01:AF:95:0E:25:17:3E:F0:10:D5:31:57:D2:C8:45:19:DC:42:F9:87:8D:74:EB:48:28:7E:27:65:B2:59:7A:4A:ED:C5:D2:31:A4:37:4E:3D:58:F1:66:13:8A:0E:F8:E2:CF:43:0E:FE:F4:E6:78:D2:77:3D:B6:3E:B4:02:6A:9C:6A:3C:4F:89:A5:17:DD:45:28:A3:D3:8B:77:07:B6:BC:71:5A:FF:79:F3:C5:F5:68:0B:4D:EC:86:46:E5:30:94:06:11:DB:46:FF:FF:DD:CA:EE:13:F1:F0:F3:11:AC:36:90:3C:CC:DE:F0:A4:ED:D9:63:53:82:D2:DB:37:FB:77:0F:37:94:AF:7F:DA:FE:1A:F0:28:55:85:A7:3A:A1:E7:BB:86:4F:11:EA:F3:3D:49:DC:A4:8E:EB:23:CD:A9:FE:EA:C1:FA:E0:98:AA:01:F3:78:FB:ED:23:52:48:D7:1C:3D:C7:DB:78:59:05:07:73:3B:15:6B:DA:A0:CA:B2:75:74:1F:6B:20:6D:0E:16:F4:B6:7C:98:28:CD:4C:E2:6B:8E:2C:68:27:59:65:A6:80:E7:F3:D7:7B:9B:61:14:91:05:0E:C1:3C:11:80:DE:EF:DD:61:28:B0:8B:90:B6:4E:C1:37:DB:71:25:D0:2A:53:B2:67:80:A4:69:61:70:AB:16:31:A7:8A:30:BE:BE:E1:9A:00:D8:99:9C:09:0F:03:94:42:8C:85:6D:85:4E:B8:E3:84:9B:34:D8:F4:71:C9:40:DD:F9:48:4D:0B:0B:7A:ED:12:18:AE:55:32:11:82:5C:4B:D0:FC:72:C2:A4:CE:8F:BB:BD:63:4E:30:54" }, "key_size": 2048, "validity": { "not_valid_after": "2024-05-09 16:29:27", "not_valid_before": "2022-05-09 16:29:27" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:29:47 +0000 (0:00:00.596) 0:06:48.406 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "18:F4:C5:CF:3A:24:30:C0:A5:36:0E:3A:10:B4:7E:90:E7:19:18:45" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "81:8F:ED:24:90:F8:22:5A:2D:B9:15:C7:F3:63:72:63:7B:7D:8E:09" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "50:C8:29:60:81:16:AB:8E:F5:75:C2:AD:52:D2:4A:02:B4:B4:94:DF:10:D3:AD:36:B7:56:4B:D8:AD:22:D1:53:6B:AC:83:A3:95:70:07:A1:AE:16:03:9C:B7:93:64:C0:EE:81:20:E1:C4:0D:B0:EE:52:5D:63:6D:8E:9D:37:E2:D4:01:AF:95:0E:25:17:3E:F0:10:D5:31:57:D2:C8:45:19:DC:42:F9:87:8D:74:EB:48:28:7E:27:65:B2:59:7A:4A:ED:C5:D2:31:A4:37:4E:3D:58:F1:66:13:8A:0E:F8:E2:CF:43:0E:FE:F4:E6:78:D2:77:3D:B6:3E:B4:02:6A:9C:6A:3C:4F:89:A5:17:DD:45:28:A3:D3:8B:77:07:B6:BC:71:5A:FF:79:F3:C5:F5:68:0B:4D:EC:86:46:E5:30:94:06:11:DB:46:FF:FF:DD:CA:EE:13:F1:F0:F3:11:AC:36:90:3C:CC:DE:F0:A4:ED:D9:63:53:82:D2:DB:37:FB:77:0F:37:94:AF:7F:DA:FE:1A:F0:28:55:85:A7:3A:A1:E7:BB:86:4F:11:EA:F3:3D:49:DC:A4:8E:EB:23:CD:A9:FE:EA:C1:FA:E0:98:AA:01:F3:78:FB:ED:23:52:48:D7:1C:3D:C7:DB:78:59:05:07:73:3B:15:6B:DA:A0:CA:B2:75:74:1F:6B:20:6D:0E:16:F4:B6:7C:98:28:CD:4C:E2:6B:8E:2C:68:27:59:65:A6:80:E7:F3:D7:7B:9B:61:14:91:05:0E:C1:3C:11:80:DE:EF:DD:61:28:B0:8B:90:B6:4E:C1:37:DB:71:25:D0:2A:53:B2:67:80:A4:69:61:70:AB:16:31:A7:8A:30:BE:BE:E1:9A:00:D8:99:9C:09:0F:03:94:42:8C:85:6D:85:4E:B8:E3:84:9B:34:D8:F4:71:C9:40:DD:F9:48:4D:0B:0B:7A:ED:12:18:AE:55:32:11:82:5C:4B:D0:FC:72:C2:A4:CE:8F:BB:BD:63:4E:30:54" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-05-09 16:29:27", "not_valid_before": "2022-05-09 16:29:27" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:29:47 +0000 (0:00:00.036) 0:06:48.442 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:29:47 +0000 (0:00:00.044) 0:06:48.486 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:29:47 +0000 (0:00:00.027) 0:06:48.514 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:29:47 +0000 (0:00:00.036) 0:06:48.551 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:29:47 +0000 (0:00:00.038) 0:06:48.589 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:29:48 +0000 (0:00:00.039) 0:06:48.629 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/groupcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.063174", "end": "2022-05-09 16:29:48.272558", "rc": 0, "start": "2022-05-09 16:29:48.209384" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:29:48 +0000 (0:00:00.444) 0:06:49.073 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=98 changed=32 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 Monday 09 May 2022 16:29:48 +0000 (0:00:00.042) 0:06:49.116 ************ =============================================================================== ipaserver : Install - Setup CA ---------------------------------------- 148.28s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:266 ----------------------- ipaserver : Install - Setup HTTP --------------------------------------- 84.45s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:322 ----------------------- ipaserver : Install - Ensure that IPA server packages are installed ---- 38.25s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 ------------------------- ipaserver : Install - Setup DS ----------------------------------------- 18.08s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:204 ----------------------- ipaserver : Install - Setup NTP ---------------------------------------- 10.59s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:197 ----------------------- ipaserver : Install - Setup DNS ----------------------------------------- 8.43s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:365 ----------------------- ipaserver : Install - Setup KRB ----------------------------------------- 6.69s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:233 ----------------------- ipaserver : Install - Ensure that IPA server packages for dns are installed --- 6.30s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 ------------------------ Install the package, force upgrade -------------------------------------- 5.09s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - ipaserver : Install - Enable IPA ---------------------------------------- 4.85s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:429 ----------------------- ipaserver : Install - Setup custodia ------------------------------------ 4.69s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:260 ----------------------- ipaclient : Install - Create IPA NSS database --------------------------- 4.52s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:305 ----------------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 4.30s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 ipaserver : Install - Ensure that firewall packages installed ----------- 3.50s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 ------------------------ Install certreader ------------------------------------------------------ 3.32s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure nss package is up-to-date ---------------------------------------- 2.90s /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:42 --------------------- ipaserver : Install - Setup otpd ---------------------------------------- 2.79s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:316 ----------------------- ensure hostname package is installed ------------------------------------ 2.69s /tmp/tmpw536d1ja/tests/certificate/tasks/setup_ipa.yml:33 --------------------- ipaserver : Install - Set DS password ----------------------------------- 2.47s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:397 ----------------------- ipaserver : Install - Server preparation -------------------------------- 2.42s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:153 ----------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_basic_self_signed.yml:2 Monday 09 May 2022 16:30:02 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:30:03 +0000 (0:00:01.129) 0:00:01.140 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:30:04 +0000 (0:00:00.020) 0:00:01.160 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:30:04 +0000 (0:00:00.503) 0:00:01.664 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:30:04 +0000 (0:00:00.038) 0:00:01.703 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:30:07 +0000 (0:00:02.833) 0:00:04.536 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:30:10 +0000 (0:00:03.295) 0:00:07.832 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:30:11 +0000 (0:00:00.513) 0:00:08.345 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:30:11 +0000 (0:00:00.392) 0:00:08.738 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target dbus.socket syslog.target basic.target network.target dbus-broker.service systemd-journald.socket system.slice", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:30:12 +0000 (0:00:01.021) 0:00:09.760 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_basic_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_basic_self_signed" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_basic_self_signed.yml:13 Monday 09 May 2022 16:30:13 +0000 (0:00:00.940) 0:00:10.700 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_basic_self_signed.yml:27 Monday 09 May 2022 16:30:14 +0000 (0:00:00.752) 0:00:11.453 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_basic_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_basic_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:30:14 +0000 (0:00:00.034) 0:00:11.487 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:30:14 +0000 (0:00:00.015) 0:00:11.503 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:30:16 +0000 (0:00:02.049) 0:00:13.553 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:30:21 +0000 (0:00:04.997) 0:00:18.551 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 52.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 86.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 28.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 105.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 39.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:30:24 +0000 (0:00:02.806) 0:00:21.357 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113813.55865, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "178d15021bdde3ddc546d2ed858f4df83fc25d91", "ctime": 1652113813.55565, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113813.55565, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_basic_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2477179026", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:30:24 +0000 (0:00:00.535) 0:00:21.893 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:30:24 +0000 (0:00:00.022) 0:00:21.915 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:30:24 +0000 (0:00:00.041) 0:00:21.957 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:30:24 +0000 (0:00:00.038) 0:00:21.996 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113813.51365, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0807c609fdfd5e8758de03b3274a5fc59c5ddb30", "ctime": 1652113813.55565, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113813.55565, "nlink": 1, "path": "/etc/pki/tls/private/mycert_basic_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3525566243", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:30:25 +0000 (0:00:00.389) 0:00:22.385 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:30:25 +0000 (0:00:00.024) 0:00:22.410 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:30:25 +0000 (0:00:00.039) 0:00:22.450 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_basic_self_signed.crt" ], "delta": "0:00:00.213648", "end": "2022-05-09 16:30:26.167768", "rc": 0, "start": "2022-05-09 16:30:25.954120" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "29:14:64:06:09:D4:35:0A:7F:1B:5E:A0:56:6E:2C:47:A2:2B:14:F0", "critical": false }, "authorityKeyIdentifier": { "value": "8A:E9:14:3B:10:E4:E0:EB:26:9A:A1:AF:49:0B:C1:16:B6:EA:7C:36", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "87:98:20:2C:93:C6:2E:93:3B:94:61:A5:32:F0:EF:A1:9B:07:1D:D4:6D:8C:13:DB:FB:F4:85:AC:93:2B:43:CA:A6:CD:04:8C:38:7C:44:F0:F5:79:B7:C7:92:70:E0:3E:EE:14:43:9C:BE:C3:3C:B2:D9:AA:70:85:00:11:73:CE:E6:88:E9:EA:38:F2:8E:03:BD:89:EF:D4:D9:E6:AA:6B:83:35:41:61:B2:6C:BD:BF:51:B3:4D:12:F9:77:96:70:38:3E:6D:27:EF:37:5D:85:0B:B0:1D:7E:53:45:7F:5F:95:63:40:13:CF:A0:8F:8F:2F:D5:1E:6C:5C:57:D2:DC:0C:A1:F8:75:36:2B:69:FF:C7:A5:C9:1E:FF:E4:F3:49:27:2F:96:13:7B:F0:92:E6:E0:25:38:38:11:3B:68:AA:24:A6:B7:28:52:90:23:D1:CC:8C:E6:04:AC:5D:B3:33:6B:34:77:AC:77:D8:14:31:B3:4C:B8:9E:68:EF:83:CF:0C:98:02:11:D6:19:D6:27:0C:A9:F1:FD:91:BD:42:B7:8B:A6:BA:65:29:E7:82:6F:37:60:FE:C2:CB:F0:B1:F2:B9:5D:99:AF:C2:2D:2E:B2:12:9A:EE:57:6E:62:AB:FB:66:44:88:09:66:2D:F3:34:9A:84:F2:A7:91:3F:C7:1D" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:30:12", "not_valid_before": "2022-05-09 16:30:13" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:30:26 +0000 (0:00:00.717) 0:00:23.168 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "8A:E9:14:3B:10:E4:E0:EB:26:9A:A1:AF:49:0B:C1:16:B6:EA:7C:36" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "29:14:64:06:09:D4:35:0A:7F:1B:5E:A0:56:6E:2C:47:A2:2B:14:F0" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "87:98:20:2C:93:C6:2E:93:3B:94:61:A5:32:F0:EF:A1:9B:07:1D:D4:6D:8C:13:DB:FB:F4:85:AC:93:2B:43:CA:A6:CD:04:8C:38:7C:44:F0:F5:79:B7:C7:92:70:E0:3E:EE:14:43:9C:BE:C3:3C:B2:D9:AA:70:85:00:11:73:CE:E6:88:E9:EA:38:F2:8E:03:BD:89:EF:D4:D9:E6:AA:6B:83:35:41:61:B2:6C:BD:BF:51:B3:4D:12:F9:77:96:70:38:3E:6D:27:EF:37:5D:85:0B:B0:1D:7E:53:45:7F:5F:95:63:40:13:CF:A0:8F:8F:2F:D5:1E:6C:5C:57:D2:DC:0C:A1:F8:75:36:2B:69:FF:C7:A5:C9:1E:FF:E4:F3:49:27:2F:96:13:7B:F0:92:E6:E0:25:38:38:11:3B:68:AA:24:A6:B7:28:52:90:23:D1:CC:8C:E6:04:AC:5D:B3:33:6B:34:77:AC:77:D8:14:31:B3:4C:B8:9E:68:EF:83:CF:0C:98:02:11:D6:19:D6:27:0C:A9:F1:FD:91:BD:42:B7:8B:A6:BA:65:29:E7:82:6F:37:60:FE:C2:CB:F0:B1:F2:B9:5D:99:AF:C2:2D:2E:B2:12:9A:EE:57:6E:62:AB:FB:66:44:88:09:66:2D:F3:34:9A:84:F2:A7:91:3F:C7:1D" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:30:12", "not_valid_before": "2022-05-09 16:30:13" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:30:26 +0000 (0:00:00.034) 0:00:23.203 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:30:26 +0000 (0:00:00.039) 0:00:23.242 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:30:26 +0000 (0:00:00.022) 0:00:23.264 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:30:26 +0000 (0:00:00.033) 0:00:23.298 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:30:26 +0000 (0:00:00.034) 0:00:23.332 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:30:26 +0000 (0:00:00.034) 0:00:23.366 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_basic_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041352", "end": "2022-05-09 16:30:26.783911", "rc": 0, "start": "2022-05-09 16:30:26.742559" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:30:26 +0000 (0:00:00.416) 0:00:23.783 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:30:26 +0000 (0:00:00.045) 0:00:23.829 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.00s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.30s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.83s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Install certreader ------------------------------------------------------ 2.81s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.05s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.13s /tmp/tmpw536d1ja/tests/certificate/tests_basic_self_signed.yml:2 -------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.94s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpw536d1ja/tests/certificate/tests_basic_self_signed.yml:13 ------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Retrieve certificate file stats ----------------------------------------- 0.54s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.51s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.50s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.05s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmpw536d1ja/tests/certificate/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:30:41 +0000 (0:00:00.015) 0:00:00.015 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:30:42 +0000 (0:00:00.018) 0:00:00.033 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:30:42 +0000 (0:00:00.874) 0:00:00.908 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:30:42 +0000 (0:00:00.037) 0:00:00.946 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:30:45 +0000 (0:00:02.664) 0:00:03.610 ************ TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:30:45 +0000 (0:00:00.026) 0:00:03.637 ************ TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:30:45 +0000 (0:00:00.027) 0:00:03.664 ************ TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:30:45 +0000 (0:00:00.027) 0:00:03.691 ************ TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:30:45 +0000 (0:00:00.025) 0:00:03.717 ************ META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=3 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 09 May 2022 16:30:45 +0000 (0:00:00.018) 0:00:03.735 ************ =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.66s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.87s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.03s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.03s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.03s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.03s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Set version specific variables --- 0.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_dns_ip_email.yml:2 Monday 09 May 2022 16:30:57 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:30:58 +0000 (0:00:01.114) 0:00:01.125 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:30:58 +0000 (0:00:00.022) 0:00:01.147 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:30:58 +0000 (0:00:00.502) 0:00:01.650 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:30:58 +0000 (0:00:00.036) 0:00:01.686 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:31:01 +0000 (0:00:02.758) 0:00:04.445 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:31:04 +0000 (0:00:03.295) 0:00:07.741 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:31:05 +0000 (0:00:00.559) 0:00:08.300 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:31:05 +0000 (0:00:00.395) 0:00:08.696 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target syslog.target dbus.socket network.target systemd-journald.socket dbus-broker.service system.slice basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:31:06 +0000 (0:00:01.056) 0:00:09.752 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_dns_ip_email', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "My Certificate with SAN", "dns": [ "sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com" ], "email": [ "sysadmin@example.com", "support@example.com" ], "ip": [ "192.0.2.12", "198.51.100.65", "2001:db8::2:1" ], "name": "mycert_dns_ip_email" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_dns_ip_email.yml:24 Monday 09 May 2022 16:31:07 +0000 (0:00:00.828) 0:00:10.581 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_dns_ip_email.yml:54 Monday 09 May 2022 16:31:08 +0000 (0:00:00.757) 0:00:11.339 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_dns_ip_email.crt', 'key_path': '/etc/pki/tls/private/mycert_dns_ip_email.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'My Certificate with SAN'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'sub1.example.com'}, {'name': 'DNS', 'value': 'www.example.com'}, {'name': 'DNS', 'value': 'sub2.example.com'}, {'name': 'DNS', 'value': 'sub3.example.com'}, {'name': 'email', 'value': 'sysadmin@example.com'}, {'name': 'email', 'value': 'support@example.com'}, {'name': 'IP Address', 'value': '192.0.2.12'}, {'name': 'IP Address', 'value': '198.51.100.65'}, {'name': 'IP Address', 'value': '2001:db8::2:1'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:31:08 +0000 (0:00:00.036) 0:00:11.375 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:31:08 +0000 (0:00:00.014) 0:00:11.389 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:31:10 +0000 (0:00:02.060) 0:00:13.449 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:31:16 +0000 (0:00:05.484) 0:00:18.934 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 51.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 79.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 86.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.7 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:31:19 +0000 (0:00:03.166) 0:00:22.100 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113867.6194983, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1661f4d3159bfe7139a2c725e2a31831db2e1a49", "ctime": 1652113867.6164982, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113867.6164982, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_dns_ip_email.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1484, "uid": 0, "version": "3755278542", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:31:19 +0000 (0:00:00.716) 0:00:22.817 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:31:19 +0000 (0:00:00.027) 0:00:22.844 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:31:19 +0000 (0:00:00.040) 0:00:22.884 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:31:20 +0000 (0:00:00.042) 0:00:22.927 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113867.5714982, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "146f87e06ef3c793f40e1486f8eaf025feb34268", "ctime": 1652113867.6164982, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113867.6164982, "nlink": 1, "path": "/etc/pki/tls/private/mycert_dns_ip_email.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3797345214", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:31:20 +0000 (0:00:00.379) 0:00:23.306 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:31:20 +0000 (0:00:00.019) 0:00:23.326 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:31:20 +0000 (0:00:00.035) 0:00:23.362 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_dns_ip_email.crt" ], "delta": "0:00:00.230917", "end": "2022-05-09 16:31:21.208853", "rc": 0, "start": "2022-05-09 16:31:20.977936" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "84:E6:55:FF:55:F1:0C:1A:0B:2D:36:EE:D9:FA:51:50:2A:25:3C:57", "critical": false }, "authorityKeyIdentifier": { "value": "DD:28:9A:37:4E:03:DE:06:E1:38:8C:95:82:D8:A7:8A:7F:34:65:6E", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A1:85:2C:16:54:E2:F6:BE:52:0D:B4:41:63:3D:48:DA:A5:1F:A6:7C:CD:F2:32:85:3E:9B:71:39:FF:02:CE:AE:8A:61:3D:A9:62:C7:E8:2A:03:3A:F8:15:1B:68:24:DD:02:8E:0C:EE:F3:8D:0A:84:6C:42:0B:2B:16:F5:55:B8:A9:0C:BE:0A:F1:5D:25:C2:1B:6B:6C:C0:09:55:7C:5E:84:97:33:B9:11:9A:F2:FA:99:9C:F0:CA:26:D6:18:6F:E6:62:C1:3D:F3:9E:6A:BC:A6:5D:84:2E:D1:54:DA:87:38:7A:EC:56:E7:88:E8:BC:34:9A:DD:9D:4B:CF:D4:C8:AC:6A:A2:78:0E:7B:67:89:A0:C2:79:94:66:E0:3F:98:AC:5D:F3:1F:05:9D:E6:67:32:7D:D2:76:4A:5B:A7:51:75:D7:C5:48:87:2F:27:35:EE:B2:26:40:52:23:3C:53:0E:B2:84:3F:EB:74:9E:20:F4:E9:F9:78:2F:2F:B2:E1:9A:21:BC:BC:E4:FF:1A:70:79:8B:47:A5:C3:3A:EF:34:72:30:76:2E:DB:C7:6A:9D:DF:CD:7B:19:CF:44:AB:81:BC:03:8F:51:E2:CC:AB:B0:CB:57:A6:7D:B5:30:49:5C:4D:D7:61:D9:84:47:E5:65:52:90:05:47:74:F3:25:B9" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:31:06", "not_valid_before": "2022-05-09 16:31:07" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:31:21 +0000 (0:00:00.731) 0:00:24.093 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "DD:28:9A:37:4E:03:DE:06:E1:38:8C:95:82:D8:A7:8A:7F:34:65:6E" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "84:E6:55:FF:55:F1:0C:1A:0B:2D:36:EE:D9:FA:51:50:2A:25:3C:57" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A1:85:2C:16:54:E2:F6:BE:52:0D:B4:41:63:3D:48:DA:A5:1F:A6:7C:CD:F2:32:85:3E:9B:71:39:FF:02:CE:AE:8A:61:3D:A9:62:C7:E8:2A:03:3A:F8:15:1B:68:24:DD:02:8E:0C:EE:F3:8D:0A:84:6C:42:0B:2B:16:F5:55:B8:A9:0C:BE:0A:F1:5D:25:C2:1B:6B:6C:C0:09:55:7C:5E:84:97:33:B9:11:9A:F2:FA:99:9C:F0:CA:26:D6:18:6F:E6:62:C1:3D:F3:9E:6A:BC:A6:5D:84:2E:D1:54:DA:87:38:7A:EC:56:E7:88:E8:BC:34:9A:DD:9D:4B:CF:D4:C8:AC:6A:A2:78:0E:7B:67:89:A0:C2:79:94:66:E0:3F:98:AC:5D:F3:1F:05:9D:E6:67:32:7D:D2:76:4A:5B:A7:51:75:D7:C5:48:87:2F:27:35:EE:B2:26:40:52:23:3C:53:0E:B2:84:3F:EB:74:9E:20:F4:E9:F9:78:2F:2F:B2:E1:9A:21:BC:BC:E4:FF:1A:70:79:8B:47:A5:C3:3A:EF:34:72:30:76:2E:DB:C7:6A:9D:DF:CD:7B:19:CF:44:AB:81:BC:03:8F:51:E2:CC:AB:B0:CB:57:A6:7D:B5:30:49:5C:4D:D7:61:D9:84:47:E5:65:52:90:05:47:74:F3:25:B9" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "validity": { "not_valid_after": "2023-05-09 16:31:06", "not_valid_before": "2022-05-09 16:31:07" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:31:21 +0000 (0:00:00.035) 0:00:24.129 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:31:21 +0000 (0:00:00.034) 0:00:24.164 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:31:21 +0000 (0:00:00.022) 0:00:24.187 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:31:21 +0000 (0:00:00.037) 0:00:24.224 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:31:21 +0000 (0:00:00.035) 0:00:24.260 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:31:21 +0000 (0:00:00.034) 0:00:24.294 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_dns_ip_email.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044724", "end": "2022-05-09 16:31:21.815978", "rc": 0, "start": "2022-05-09 16:31:21.771254" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:31:21 +0000 (0:00:00.404) 0:00:24.699 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:31:21 +0000 (0:00:00.045) 0:00:24.744 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.48s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.30s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install certreader ------------------------------------------------------ 3.17s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.76s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 2.06s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.11s /tmp/tmpw536d1ja/tests/certificate/tests_dns_ip_email.yml:2 ------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.06s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.83s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpw536d1ja/tests/certificate/tests_dns_ip_email.yml:24 ------------------ Parse certificate ------------------------------------------------------- 0.73s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Retrieve certificate file stats ----------------------------------------- 0.72s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.50s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.05s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate permissions ------------------------------------------ 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 - Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify key size --------------------------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:2 Monday 09 May 2022 16:31:36 +0000 (0:00:00.008) 0:00:00.008 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:5 Monday 09 May 2022 16:31:37 +0000 (0:00:01.164) 0:00:01.173 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:9 Monday 09 May 2022 16:31:38 +0000 (0:00:00.844) 0:00:02.018 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:13 Monday 09 May 2022 16:31:38 +0000 (0:00:00.699) 0:00:02.717 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:31:39 +0000 (0:00:00.754) 0:00:03.472 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:31:39 +0000 (0:00:00.022) 0:00:03.494 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:31:40 +0000 (0:00:00.547) 0:00:04.042 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:31:40 +0000 (0:00:00.038) 0:00:04.081 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:31:43 +0000 (0:00:02.864) 0:00:06.945 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:31:46 +0000 (0:00:03.314) 0:00:10.260 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:31:46 +0000 (0:00:00.572) 0:00:10.833 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:31:47 +0000 (0:00:00.408) 0:00:11.242 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket systemd-journald.socket dbus-broker.service network.target system.slice syslog.target basic.target sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:31:48 +0000 (0:00:01.060) 0:00:12.302 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:31 Monday 09 May 2022 16:31:50 +0000 (0:00:01.706) 0:00:14.008 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:60 Monday 09 May 2022 16:31:50 +0000 (0:00:00.754) 0:00:14.763 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_fs_attrs.crt', 'key_path': '/etc/pki/tls/private/mycert_fs_attrs.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'}) included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:31:50 +0000 (0:00:00.041) 0:00:14.804 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:31:50 +0000 (0:00:00.017) 0:00:14.821 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:31:52 +0000 (0:00:02.081) 0:00:16.902 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:31:58 +0000 (0:00:05.083) 0:00:21.986 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 4.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 1.8 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 93.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 16.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:32:01 +0000 (0:00:03.107) 0:00:25.093 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113908.0883615, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b650fafac844626a37961dfe6846bb6e956bd13b", "ctime": 1652113908.2403617, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 137736, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652113908.0853617, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "3563028644", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:32:01 +0000 (0:00:00.520) 0:00:25.613 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:32:01 +0000 (0:00:00.023) 0:00:25.637 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:32:01 +0000 (0:00:00.090) 0:00:25.727 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:32:01 +0000 (0:00:00.035) 0:00:25.762 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113908.0393617, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b5b03360fbb194b02cecca2bc4d1114beb4614ac", "ctime": 1652113908.2403617, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 137735, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652113908.0853617, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "3002726309", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:32:02 +0000 (0:00:00.371) 0:00:26.133 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:32:02 +0000 (0:00:00.021) 0:00:26.154 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:32:02 +0000 (0:00:00.039) 0:00:26.194 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_fs_attrs.crt" ], "delta": "0:00:00.197739", "end": "2022-05-09 16:32:01.869049", "rc": 0, "start": "2022-05-09 16:32:01.671310" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "9D:E6:74:6B:7B:8F:4C:6F:04:2F:1A:FC:42:39:19:7D:AD:08:1D:A1", "critical": false }, "authorityKeyIdentifier": { "value": "33:9A:02:A2:19:95:D0:2D:F8:E2:E8:0C:C6:65:4C:DE:D8:90:85:97", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "AC:60:1D:E9:74:DE:2C:E7:1D:E3:75:28:B1:AF:9C:23:0F:D5:23:F1:E8:11:F9:F7:C0:3B:F2:05:45:46:F4:6A:CA:70:A9:23:34:2B:AC:09:EA:51:EA:78:1D:0F:21:0A:A6:71:BD:23:40:1F:1B:17:7B:BC:D2:9A:84:97:61:8E:7E:62:A7:AA:14:DA:46:F8:3F:4F:E8:FF:5F:F3:F8:3E:F4:3E:C5:54:EC:5A:48:94:01:E2:D5:E8:DB:82:5E:61:52:8B:87:C2:96:1D:DF:6F:36:9A:E3:C5:A8:CE:F9:C1:D6:14:8D:C4:63:9E:3A:3D:09:4B:CF:5F:06:98:91:F0:42:45:1C:C4:A5:18:CB:FD:F9:01:85:1A:58:2B:DC:D7:A9:F7:75:18:66:EC:F7:FE:8A:37:4F:2E:EB:21:6C:DE:66:2A:47:9C:A5:97:8A:0C:B8:FE:D1:8E:00:08:0C:0E:0A:7B:3A:07:9A:1C:0C:76:0A:AE:69:04:4B:B9:90:61:F3:EF:BD:06:04:DF:47:0A:72:F2:81:35:14:60:A4:8D:A0:3C:61:D1:55:A6:B9:93:AB:50:4C:02:D3:74:04:13:D1:FE:60:3B:55:91:0E:C4:65:01:66:B9:85:B3:71:85:11:B4:AD:EC:A9:51:F1:0C:2E:97:CE:09:E9:9F:25:73" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:31:47", "not_valid_before": "2022-05-09 16:31:48" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:32:02 +0000 (0:00:00.668) 0:00:26.863 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "33:9A:02:A2:19:95:D0:2D:F8:E2:E8:0C:C6:65:4C:DE:D8:90:85:97" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "9D:E6:74:6B:7B:8F:4C:6F:04:2F:1A:FC:42:39:19:7D:AD:08:1D:A1" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "AC:60:1D:E9:74:DE:2C:E7:1D:E3:75:28:B1:AF:9C:23:0F:D5:23:F1:E8:11:F9:F7:C0:3B:F2:05:45:46:F4:6A:CA:70:A9:23:34:2B:AC:09:EA:51:EA:78:1D:0F:21:0A:A6:71:BD:23:40:1F:1B:17:7B:BC:D2:9A:84:97:61:8E:7E:62:A7:AA:14:DA:46:F8:3F:4F:E8:FF:5F:F3:F8:3E:F4:3E:C5:54:EC:5A:48:94:01:E2:D5:E8:DB:82:5E:61:52:8B:87:C2:96:1D:DF:6F:36:9A:E3:C5:A8:CE:F9:C1:D6:14:8D:C4:63:9E:3A:3D:09:4B:CF:5F:06:98:91:F0:42:45:1C:C4:A5:18:CB:FD:F9:01:85:1A:58:2B:DC:D7:A9:F7:75:18:66:EC:F7:FE:8A:37:4F:2E:EB:21:6C:DE:66:2A:47:9C:A5:97:8A:0C:B8:FE:D1:8E:00:08:0C:0E:0A:7B:3A:07:9A:1C:0C:76:0A:AE:69:04:4B:B9:90:61:F3:EF:BD:06:04:DF:47:0A:72:F2:81:35:14:60:A4:8D:A0:3C:61:D1:55:A6:B9:93:AB:50:4C:02:D3:74:04:13:D1:FE:60:3B:55:91:0E:C4:65:01:66:B9:85:B3:71:85:11:B4:AD:EC:A9:51:F1:0C:2E:97:CE:09:E9:9F:25:73" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:31:47", "not_valid_before": "2022-05-09 16:31:48" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:32:02 +0000 (0:00:00.035) 0:00:26.899 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:32:03 +0000 (0:00:00.037) 0:00:26.936 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:32:03 +0000 (0:00:00.024) 0:00:26.960 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:32:03 +0000 (0:00:00.037) 0:00:26.997 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:32:03 +0000 (0:00:00.038) 0:00:27.036 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:32:03 +0000 (0:00:00.035) 0:00:27.072 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043880", "end": "2022-05-09 16:32:02.506340", "rc": 0, "start": "2022-05-09 16:32:02.462460" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:32:03 +0000 (0:00:00.423) 0:00:27.495 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:32:03 +0000 (0:00:00.037) 0:00:27.533 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:32:03 +0000 (0:00:00.016) 0:00:27.549 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:32:05 +0000 (0:00:02.259) 0:00:29.809 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:32:06 +0000 (0:00:01.055) 0:00:30.864 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:32:07 +0000 (0:00:01.001) 0:00:31.866 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113908.8833616, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fdbacc93e52986fd60d285f03e96dfb62c7b8209", "ctime": 1652113908.9753616, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 137738, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652113908.8803616, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "2735575767", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:32:08 +0000 (0:00:00.391) 0:00:32.257 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:32:08 +0000 (0:00:00.022) 0:00:32.280 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:32:08 +0000 (0:00:00.039) 0:00:32.320 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:32:08 +0000 (0:00:00.035) 0:00:32.356 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113908.8323617, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "586c0ca658a36f18d8de4689d59d79b3a9eed0a2", "ctime": 1652113908.9763615, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 137737, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652113908.8803616, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "1901839907", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:32:08 +0000 (0:00:00.381) 0:00:32.737 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:32:08 +0000 (0:00:00.020) 0:00:32.757 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:32:08 +0000 (0:00:00.036) 0:00:32.794 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.202325", "end": "2022-05-09 16:32:08.359791", "rc": 0, "start": "2022-05-09 16:32:08.157466" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "8C:4E:F8:A7:D0:2D:A0:23:C9:19:F4:5D:15:1F:92:57:FF:08:A6:0E", "critical": false }, "authorityKeyIdentifier": { "value": "33:9A:02:A2:19:95:D0:2D:F8:E2:E8:0C:C6:65:4C:DE:D8:90:85:97", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "0B:94:9B:D8:8F:41:D9:5D:B9:E4:A4:F3:A2:CA:05:73:78:E0:C4:6C:C8:AD:D5:25:14:89:BC:6C:D0:1E:1A:D5:DF:1F:48:C6:1A:96:AF:4D:9F:80:B4:6B:72:0C:28:3F:D9:34:CF:52:B6:3C:E4:BA:03:D5:49:AC:36:FF:49:0C:57:4E:0A:6C:42:3A:EC:62:27:54:0A:25:E5:7C:3D:C0:40:F5:F3:50:47:44:07:E0:0F:7C:97:B8:EA:84:C7:BA:8E:30:78:38:C3:2C:6B:3B:1C:45:53:CC:D9:27:7F:C9:5F:11:45:30:3C:9C:EB:61:C8:3F:9B:CF:91:F0:2C:C8:4D:22:5F:05:64:C6:DA:2A:71:E0:8F:66:60:03:5B:DB:06:1E:85:5D:0C:0F:27:77:55:A3:A7:9E:38:57:6F:FE:0A:1D:FA:47:CF:FD:5D:4D:93:1A:5E:67:19:21:77:11:86:04:BB:B9:D6:3C:28:C4:D2:49:3E:40:A8:86:1D:12:BA:24:E6:4E:A2:CD:A6:CF:6C:89:42:67:67:9E:3C:A9:C5:01:21:C8:0F:29:55:52:45:3C:90:6F:5B:10:43:BA:D6:96:64:88:10:F3:EE:9D:E9:64:07:08:50:18:C7:E7:96:99:FB:85:4E:4B:53:FA:35:17:AB:C6:16:C2:7A:D3" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:31:47", "not_valid_before": "2022-05-09 16:31:48" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:32:09 +0000 (0:00:00.557) 0:00:33.352 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "33:9A:02:A2:19:95:D0:2D:F8:E2:E8:0C:C6:65:4C:DE:D8:90:85:97" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "8C:4E:F8:A7:D0:2D:A0:23:C9:19:F4:5D:15:1F:92:57:FF:08:A6:0E" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "0B:94:9B:D8:8F:41:D9:5D:B9:E4:A4:F3:A2:CA:05:73:78:E0:C4:6C:C8:AD:D5:25:14:89:BC:6C:D0:1E:1A:D5:DF:1F:48:C6:1A:96:AF:4D:9F:80:B4:6B:72:0C:28:3F:D9:34:CF:52:B6:3C:E4:BA:03:D5:49:AC:36:FF:49:0C:57:4E:0A:6C:42:3A:EC:62:27:54:0A:25:E5:7C:3D:C0:40:F5:F3:50:47:44:07:E0:0F:7C:97:B8:EA:84:C7:BA:8E:30:78:38:C3:2C:6B:3B:1C:45:53:CC:D9:27:7F:C9:5F:11:45:30:3C:9C:EB:61:C8:3F:9B:CF:91:F0:2C:C8:4D:22:5F:05:64:C6:DA:2A:71:E0:8F:66:60:03:5B:DB:06:1E:85:5D:0C:0F:27:77:55:A3:A7:9E:38:57:6F:FE:0A:1D:FA:47:CF:FD:5D:4D:93:1A:5E:67:19:21:77:11:86:04:BB:B9:D6:3C:28:C4:D2:49:3E:40:A8:86:1D:12:BA:24:E6:4E:A2:CD:A6:CF:6C:89:42:67:67:9E:3C:A9:C5:01:21:C8:0F:29:55:52:45:3C:90:6F:5B:10:43:BA:D6:96:64:88:10:F3:EE:9D:E9:64:07:08:50:18:C7:E7:96:99:FB:85:4E:4B:53:FA:35:17:AB:C6:16:C2:7A:D3" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:31:47", "not_valid_before": "2022-05-09 16:31:48" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:32:09 +0000 (0:00:00.035) 0:00:33.387 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:32:09 +0000 (0:00:00.036) 0:00:33.424 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:32:09 +0000 (0:00:00.022) 0:00:33.446 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:32:09 +0000 (0:00:00.037) 0:00:33.484 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:32:09 +0000 (0:00:00.036) 0:00:33.521 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:32:09 +0000 (0:00:00.034) 0:00:33.555 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041944", "end": "2022-05-09 16:32:08.977387", "rc": 0, "start": "2022-05-09 16:32:08.935443" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:32:10 +0000 (0:00:00.413) 0:00:33.969 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=55 changed=9 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:32:10 +0000 (0:00:00.042) 0:00:34.011 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.08s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.31s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install certreader ------------------------------------------------------ 3.11s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.86s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 2.26s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 2.08s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.71s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:2 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.06s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Install the package, force upgrade -------------------------------------- 1.06s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 1.00s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure user exists ------------------------------------------------------ 0.84s /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:5 ----------------------- Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:13 ---------------------- Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:31 ---------------------- Ensure group "somegroup" exists ----------------------------------------- 0.70s /tmp/tmpw536d1ja/tests/certificate/tests_fs_attrs.yml:9 ----------------------- Parse certificate ------------------------------------------------------- 0.67s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.57s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Parse certificate ------------------------------------------------------- 0.56s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.55s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmpw536d1ja/tests/certificate/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_include_vars_from_parent.yml:1 Monday 09 May 2022 16:32:24 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmpw536d1ja/tests/certificate/tests_include_vars_from_parent.yml:3 Monday 09 May 2022 16:32:25 +0000 (0:00:01.184) 0:00:01.194 ************ changed: [/cache/fedora-34.qcow2.snap -> localhost] => (item=Fedora-34) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpw536d1ja/tests/certificate/roles/caller/vars/Fedora-34.yml", "gid": 0, "group": "root", "item": "Fedora-34", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652113945.6197076-316016-1813246959542/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2.snap -> localhost] => (item=Fedora_34) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpw536d1ja/tests/certificate/roles/caller/vars/Fedora_34.yml", "gid": 0, "group": "root", "item": "Fedora_34", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652113946.2206604-316016-189669087832885/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2.snap -> localhost] => (item=Fedora) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpw536d1ja/tests/certificate/roles/caller/vars/Fedora.yml", "gid": 0, "group": "root", "item": "Fedora", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652113946.5650423-316016-227441640941884/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2.snap -> localhost] => (item=RedHat) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpw536d1ja/tests/certificate/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652113946.920714-316016-233965381100735/source", "state": "file", "uid": 0 } TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/roles/caller/tasks/main.yml:4 Monday 09 May 2022 16:32:27 +0000 (0:00:01.712) 0:00:02.907 ************ TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:32:27 +0000 (0:00:00.034) 0:00:02.942 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:32:27 +0000 (0:00:00.023) 0:00:02.965 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:32:27 +0000 (0:00:00.505) 0:00:03.471 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:32:27 +0000 (0:00:00.034) 0:00:03.505 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:32:30 +0000 (0:00:02.698) 0:00:06.204 ************ TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:32:30 +0000 (0:00:00.019) 0:00:06.223 ************ TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:32:30 +0000 (0:00:00.018) 0:00:06.242 ************ TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:32:30 +0000 (0:00:00.019) 0:00:06.262 ************ TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:32:30 +0000 (0:00:00.019) 0:00:06.281 ************ META: role_complete for /cache/fedora-34.qcow2.snap TASK [caller : assert] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/roles/caller/tasks/main.yml:7 Monday 09 May 2022 16:32:30 +0000 (0:00:00.025) 0:00:06.307 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=6 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 09 May 2022 16:32:30 +0000 (0:00:00.030) 0:00:06.338 ************ =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.70s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 create var file in caller that can override the one in called role ------ 1.71s /tmp/tmpw536d1ja/tests/certificate/tests_include_vars_from_parent.yml:3 ------- Gathering Facts --------------------------------------------------------- 1.18s /tmp/tmpw536d1ja/tests/certificate/tests_include_vars_from_parent.yml:1 ------- fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.51s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 include_role : {{ roletoinclude }} -------------------------------------- 0.03s /tmp/tmpw536d1ja/tests/certificate/roles/caller/tasks/main.yml:4 -------------- fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.03s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 caller : assert --------------------------------------------------------- 0.03s /tmp/tmpw536d1ja/tests/certificate/roles/caller/tasks/main.yml:7 -------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.03s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Set version specific variables --- 0.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_key_size.yml:2 Monday 09 May 2022 16:32:44 +0000 (0:00:00.012) 0:00:00.012 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:32:46 +0000 (0:00:01.136) 0:00:01.148 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:32:46 +0000 (0:00:00.022) 0:00:01.170 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:32:46 +0000 (0:00:00.523) 0:00:01.694 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:32:46 +0000 (0:00:00.037) 0:00:01.731 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:32:49 +0000 (0:00:02.785) 0:00:04.516 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:32:52 +0000 (0:00:03.412) 0:00:07.929 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:32:53 +0000 (0:00:00.541) 0:00:08.470 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:32:53 +0000 (0:00:00.405) 0:00:08.876 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target basic.target system.slice sysinit.target dbus.socket syslog.target dbus-broker.service systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:32:54 +0000 (0:00:01.083) 0:00:09.960 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_key_size', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert_key_size" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_key_size.yml:14 Monday 09 May 2022 16:32:55 +0000 (0:00:00.938) 0:00:10.899 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_key_size.yml:29 Monday 09 May 2022 16:32:56 +0000 (0:00:00.779) 0:00:11.678 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_size.crt', 'key_path': '/etc/pki/tls/private/mycert_key_size.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_size': 4096}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:32:56 +0000 (0:00:00.038) 0:00:11.717 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:32:56 +0000 (0:00:00.016) 0:00:11.733 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:32:58 +0000 (0:00:02.125) 0:00:13.859 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:33:03 +0000 (0:00:04.872) 0:00:18.731 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 81.7 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 29.9 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 105.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 45.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:33:06 +0000 (0:00:02.703) 0:00:21.435 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113975.7358375, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6ea0ecf86e2490dd135d02613803027e02e7f4f3", "ctime": 1652113975.7328374, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113975.7328374, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_size.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1639, "uid": 0, "version": "3935289951", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:33:06 +0000 (0:00:00.521) 0:00:21.957 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:33:06 +0000 (0:00:00.022) 0:00:21.980 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:33:06 +0000 (0:00:00.036) 0:00:22.016 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:33:06 +0000 (0:00:00.037) 0:00:22.053 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652113975.6778376, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4cc270fa14e08cd3a47679206395928c53eb49a2", "ctime": 1652113975.7328374, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652113975.7328374, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_size.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "325633600", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:33:07 +0000 (0:00:00.369) 0:00:22.422 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:33:07 +0000 (0:00:00.022) 0:00:22.445 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:33:07 +0000 (0:00:00.038) 0:00:22.484 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_size.crt" ], "delta": "0:00:00.209454", "end": "2022-05-09 16:33:08.141551", "rc": 0, "start": "2022-05-09 16:33:07.932097" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "4F:AF:30:92:3D:05:BC:0D:92:9D:5B:9A:55:87:6B:30:07:6F:C3:68", "critical": false }, "authorityKeyIdentifier": { "value": "63:5B:D0:50:12:40:27:D5:41:DB:B1:C0:92:70:84:A8:65:6F:BB:5C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4B:74:14:DF:19:E8:D7:98:6D:BA:C4:05:83:BD:9E:07:CE:A8:B1:EB:00:16:83:62:E6:74:C9:25:9E:FD:42:68:AA:41:FC:A1:D3:B1:FF:D9:FD:2A:D2:73:0C:71:8E:24:8A:90:EF:38:50:92:C9:92:8C:DC:6D:74:E2:08:34:2D:EB:EF:2A:69:CD:F2:6C:69:BB:A2:C6:F8:27:AE:80:9C:A9:87:BE:25:34:02:EE:A4:78:BF:FB:1C:34:B7:87:41:6E:0F:A5:71:0C:09:94:73:40:4B:D3:85:AF:2E:BA:E2:01:BF:D3:1D:D9:91:3F:8F:3D:94:BE:05:7A:76:9D:ED:FA:94:76:9F:4B:0E:43:33:CE:6E:C4:FB:74:87:C1:0B:F8:1E:AB:46:86:0B:70:DC:0D:5A:59:DD:84:C7:34:B9:9A:B4:C6:10:42:87:96:59:56:DB:FB:86:18:94:88:7D:83:4E:50:9D:40:AD:D3:18:B6:CA:3A:73:E9:B1:B3:BA:56:04:1C:23:F3:81:B2:4B:78:76:71:A3:02:7C:E9:05:FB:EA:A7:59:6F:A1:FD:7F:86:FF:DA:43:75:14:95:D4:D2:15:17:CE:3C:CE:E3:2B:91:32:1E:19:87:ED:25:A5:67:67:1A:2C:BA:AD:5C:46:86:2F:BA:DD:C1:51:04:4D" }, "key_size": 4096, "validity": { "not_valid_after": "2023-05-09 16:32:54", "not_valid_before": "2022-05-09 16:32:55" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:33:08 +0000 (0:00:00.715) 0:00:23.200 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "63:5B:D0:50:12:40:27:D5:41:DB:B1:C0:92:70:84:A8:65:6F:BB:5C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "4F:AF:30:92:3D:05:BC:0D:92:9D:5B:9A:55:87:6B:30:07:6F:C3:68" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4B:74:14:DF:19:E8:D7:98:6D:BA:C4:05:83:BD:9E:07:CE:A8:B1:EB:00:16:83:62:E6:74:C9:25:9E:FD:42:68:AA:41:FC:A1:D3:B1:FF:D9:FD:2A:D2:73:0C:71:8E:24:8A:90:EF:38:50:92:C9:92:8C:DC:6D:74:E2:08:34:2D:EB:EF:2A:69:CD:F2:6C:69:BB:A2:C6:F8:27:AE:80:9C:A9:87:BE:25:34:02:EE:A4:78:BF:FB:1C:34:B7:87:41:6E:0F:A5:71:0C:09:94:73:40:4B:D3:85:AF:2E:BA:E2:01:BF:D3:1D:D9:91:3F:8F:3D:94:BE:05:7A:76:9D:ED:FA:94:76:9F:4B:0E:43:33:CE:6E:C4:FB:74:87:C1:0B:F8:1E:AB:46:86:0B:70:DC:0D:5A:59:DD:84:C7:34:B9:9A:B4:C6:10:42:87:96:59:56:DB:FB:86:18:94:88:7D:83:4E:50:9D:40:AD:D3:18:B6:CA:3A:73:E9:B1:B3:BA:56:04:1C:23:F3:81:B2:4B:78:76:71:A3:02:7C:E9:05:FB:EA:A7:59:6F:A1:FD:7F:86:FF:DA:43:75:14:95:D4:D2:15:17:CE:3C:CE:E3:2B:91:32:1E:19:87:ED:25:A5:67:67:1A:2C:BA:AD:5C:46:86:2F:BA:DD:C1:51:04:4D" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:32:54", "not_valid_before": "2022-05-09 16:32:55" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:33:08 +0000 (0:00:00.033) 0:00:23.234 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:33:08 +0000 (0:00:00.035) 0:00:23.269 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:33:08 +0000 (0:00:00.022) 0:00:23.291 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:33:08 +0000 (0:00:00.032) 0:00:23.324 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:33:08 +0000 (0:00:00.032) 0:00:23.357 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:33:08 +0000 (0:00:00.034) 0:00:23.391 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_size.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038562", "end": "2022-05-09 16:33:08.734653", "rc": 0, "start": "2022-05-09 16:33:08.696091" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:33:08 +0000 (0:00:00.394) 0:00:23.786 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:33:08 +0000 (0:00:00.040) 0:00:23.827 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.87s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.41s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.79s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Install certreader ------------------------------------------------------ 2.70s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.13s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.14s /tmp/tmpw536d1ja/tests/certificate/tests_key_size.yml:2 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.08s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.94s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpw536d1ja/tests/certificate/tests_key_size.yml:14 ---------------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.52s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify each certificate ------------------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tests_key_size.yml:29 ---------------------- Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 - fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_key_usage_and_extended_key_usage.yml:2 Monday 09 May 2022 16:33:24 +0000 (0:00:00.012) 0:00:00.012 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:33:25 +0000 (0:00:01.161) 0:00:01.173 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:33:25 +0000 (0:00:00.022) 0:00:01.196 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:33:25 +0000 (0:00:00.552) 0:00:01.749 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:33:25 +0000 (0:00:00.037) 0:00:01.787 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:33:28 +0000 (0:00:02.496) 0:00:04.284 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:33:31 +0000 (0:00:03.243) 0:00:07.527 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:33:32 +0000 (0:00:00.559) 0:00:08.087 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:33:32 +0000 (0:00:00.527) 0:00:08.615 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service system.slice network.target basic.target systemd-journald.socket syslog.target dbus.socket sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:33:33 +0000 (0:00:01.148) 0:00:09.764 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_key_usage_and_extended_key_usage', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "extended_key_usage": [ "id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5" ], "key_usage": [ "digitalSignature", "nonRepudiation", "keyEncipherment" ], "name": "mycert_key_usage_and_extended_key_usage" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_key_usage_and_extended_key_usage.yml:22 Monday 09 May 2022 16:33:34 +0000 (0:00:00.826) 0:00:10.590 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_key_usage_and_extended_key_usage.yml:50 Monday 09 May 2022 16:33:35 +0000 (0:00:00.784) 0:00:11.374 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt', 'key_path': '/etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment'], 'extended_key_usage': [{'name': 'id-kp-clientAuth', 'oid': '1.3.6.1.5.5.7.3.2'}, {'name': 'id-kp-serverAuth', 'oid': '1.3.6.1.5.5.7.3.1'}, {'name': 'id-kp-ipsecTunnel', 'oid': '1.3.6.1.5.5.7.3.6'}, {'name': None, 'oid': '1.3.6.1.5.2.3.5'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:33:35 +0000 (0:00:00.035) 0:00:11.410 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:33:35 +0000 (0:00:00.017) 0:00:11.427 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:33:37 +0000 (0:00:02.044) 0:00:13.471 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:33:43 +0000 (0:00:05.393) 0:00:18.864 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 48.1 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 83.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.8 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 100.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 39.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:33:45 +0000 (0:00:02.720) 0:00:21.585 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114013.6680968, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "12cde4c6a454d3c7f4e14993d3c9b4f4964a3c6d", "ctime": 1652114013.6650968, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114013.6650968, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1318, "uid": 0, "version": "431096081", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:33:46 +0000 (0:00:00.514) 0:00:22.100 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:33:46 +0000 (0:00:00.023) 0:00:22.124 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:33:46 +0000 (0:00:00.040) 0:00:22.164 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:33:46 +0000 (0:00:00.039) 0:00:22.203 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114013.6220968, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2b10fa9cbbd6dfc27b239987c6c9d2e53466fafe", "ctime": 1652114013.6650968, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114013.6650968, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "1065279953", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:33:46 +0000 (0:00:00.367) 0:00:22.571 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:33:46 +0000 (0:00:00.022) 0:00:22.594 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:33:46 +0000 (0:00:00.035) 0:00:22.629 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt" ], "delta": "0:00:00.207311", "end": "2022-05-09 16:33:46.490574", "rc": 0, "start": "2022-05-09 16:33:46.283263" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "DA:F2:85:B0:8A:34:85:FB:AD:01:3A:7F:8D:DB:A7:C1:80:35:A6:F7", "critical": false }, "authorityKeyIdentifier": { "value": "11:5F:99:3D:74:C3:3E:F2:12:72:23:22:DB:05:47:83:98:00:94:49", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "36:07:E3:33:E7:D8:DE:B5:20:AC:48:36:EF:43:7C:DF:62:5A:47:74:E8:2B:C8:BF:64:A6:29:CF:BD:53:13:EA:E6:12:0A:11:E2:83:9E:CD:8F:DE:1E:B4:4B:6E:86:49:BC:6D:52:9C:42:54:15:5E:52:21:37:B8:06:0D:76:D1:CF:8D:93:BB:44:BF:8E:F2:0D:33:79:1C:D0:55:B1:ED:C5:96:51:51:FB:8C:84:61:E4:83:95:CE:F6:FE:FC:E9:71:DD:4D:45:D9:7D:6F:03:20:A1:EC:F4:66:7D:91:30:DB:26:8E:DC:71:DD:1B:32:E2:9E:9F:59:91:2D:DE:B6:1B:BD:B3:AC:28:F8:B8:3E:8D:2B:7B:CB:66:27:05:33:35:E8:45:2B:56:A3:F8:0E:E2:93:52:87:54:A0:84:B6:5F:16:A8:F5:D6:07:A2:58:68:9F:F6:C4:A0:DA:A1:58:CA:B5:DD:9D:E4:17:A5:79:49:93:9E:18:DF:14:09:E5:8D:1C:72:DB:A8:6E:2C:F1:59:22:FD:80:45:FE:B3:9C:E0:03:B5:BC:17:D8:D4:9F:6C:A1:87:2A:F6:58:03:6B:EB:D9:0D:A9:6A:05:64:39:AE:63:EC:97:2D:28:36:D8:82:AE:EE:7A:89:6C:99:18:9F:37:3C:1E:9F:21:D9:69" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:33:32", "not_valid_before": "2022-05-09 16:33:33" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:33:47 +0000 (0:00:00.704) 0:00:23.333 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "11:5F:99:3D:74:C3:3E:F2:12:72:23:22:DB:05:47:83:98:00:94:49" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "content_commitment", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "DA:F2:85:B0:8A:34:85:FB:AD:01:3A:7F:8D:DB:A7:C1:80:35:A6:F7" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "36:07:E3:33:E7:D8:DE:B5:20:AC:48:36:EF:43:7C:DF:62:5A:47:74:E8:2B:C8:BF:64:A6:29:CF:BD:53:13:EA:E6:12:0A:11:E2:83:9E:CD:8F:DE:1E:B4:4B:6E:86:49:BC:6D:52:9C:42:54:15:5E:52:21:37:B8:06:0D:76:D1:CF:8D:93:BB:44:BF:8E:F2:0D:33:79:1C:D0:55:B1:ED:C5:96:51:51:FB:8C:84:61:E4:83:95:CE:F6:FE:FC:E9:71:DD:4D:45:D9:7D:6F:03:20:A1:EC:F4:66:7D:91:30:DB:26:8E:DC:71:DD:1B:32:E2:9E:9F:59:91:2D:DE:B6:1B:BD:B3:AC:28:F8:B8:3E:8D:2B:7B:CB:66:27:05:33:35:E8:45:2B:56:A3:F8:0E:E2:93:52:87:54:A0:84:B6:5F:16:A8:F5:D6:07:A2:58:68:9F:F6:C4:A0:DA:A1:58:CA:B5:DD:9D:E4:17:A5:79:49:93:9E:18:DF:14:09:E5:8D:1C:72:DB:A8:6E:2C:F1:59:22:FD:80:45:FE:B3:9C:E0:03:B5:BC:17:D8:D4:9F:6C:A1:87:2A:F6:58:03:6B:EB:D9:0D:A9:6A:05:64:39:AE:63:EC:97:2D:28:36:D8:82:AE:EE:7A:89:6C:99:18:9F:37:3C:1E:9F:21:D9:69" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:33:32", "not_valid_before": "2022-05-09 16:33:33" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:33:47 +0000 (0:00:00.031) 0:00:23.365 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:33:47 +0000 (0:00:00.039) 0:00:23.405 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:33:47 +0000 (0:00:00.023) 0:00:23.428 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:33:47 +0000 (0:00:00.036) 0:00:23.465 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:33:47 +0000 (0:00:00.037) 0:00:23.502 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:33:47 +0000 (0:00:00.036) 0:00:23.538 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039560", "end": "2022-05-09 16:33:47.090762", "rc": 0, "start": "2022-05-09 16:33:47.051202" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:33:48 +0000 (0:00:00.397) 0:00:23.936 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:33:48 +0000 (0:00:00.091) 0:00:24.028 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.39s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.24s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install certreader ------------------------------------------------------ 2.72s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.50s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 2.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpw536d1ja/tests/certificate/tests_key_usage_and_extended_key_usage.yml:2 fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.15s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.83s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpw536d1ja/tests/certificate/tests_key_usage_and_extended_key_usage.yml:22 Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.55s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.53s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.09s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify certificate permissions ------------------------------------------ 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 - Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_many_self_signed.yml:2 Monday 09 May 2022 16:34:02 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:34:03 +0000 (0:00:01.182) 0:00:01.193 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:34:03 +0000 (0:00:00.022) 0:00:01.216 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:34:04 +0000 (0:00:00.504) 0:00:01.721 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:34:04 +0000 (0:00:00.037) 0:00:01.758 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:34:06 +0000 (0:00:02.630) 0:00:04.388 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:34:10 +0000 (0:00:03.212) 0:00:07.601 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:34:10 +0000 (0:00:00.540) 0:00:08.142 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:34:10 +0000 (0:00:00.407) 0:00:08.549 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target dbus-broker.service sysinit.target basic.target system.slice systemd-journald.socket network.target dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:34:11 +0000 (0:00:01.031) 0:00:09.581 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_many_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_many_self_signed" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_many_self_signed.yml:18 Monday 09 May 2022 16:34:14 +0000 (0:00:02.949) 0:00:12.530 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_many_self_signed.yml:50 Monday 09 May 2022 16:34:15 +0000 (0:00:00.762) 0:00:13.293 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_many_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_many_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:34:15 +0000 (0:00:00.046) 0:00:13.340 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:34:15 +0000 (0:00:00.016) 0:00:13.356 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:34:17 +0000 (0:00:01.943) 0:00:15.300 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:34:22 +0000 (0:00:05.048) 0:00:20.348 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 89.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 42.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 37.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:34:25 +0000 (0:00:02.894) 0:00:23.242 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114052.2988198, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ca14e75dee2fe461edfccfabb2e7e494136956fa", "ctime": 1652114052.29682, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114052.29682, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_many_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3519619496", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:34:26 +0000 (0:00:00.521) 0:00:23.764 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:34:26 +0000 (0:00:00.023) 0:00:23.788 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:34:26 +0000 (0:00:00.039) 0:00:23.827 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:34:26 +0000 (0:00:00.037) 0:00:23.865 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114052.25382, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d8c24dc0aedae51a6b35cf8ad32a4df1be363b75", "ctime": 1652114052.29682, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114052.29682, "nlink": 1, "path": "/etc/pki/tls/private/mycert_many_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "381895238", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:34:26 +0000 (0:00:00.399) 0:00:24.264 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:34:26 +0000 (0:00:00.023) 0:00:24.287 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:34:26 +0000 (0:00:00.039) 0:00:24.327 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_many_self_signed.crt" ], "delta": "0:00:00.215342", "end": "2022-05-09 16:34:27.003109", "rc": 0, "start": "2022-05-09 16:34:26.787767" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "13:25:EA:18:A8:C7:E8:B4:4C:F9:C1:E6:0A:65:50:ED:EA:17:A9:BE", "critical": false }, "authorityKeyIdentifier": { "value": "38:39:6E:1F:1B:31:8E:70:45:21:28:1E:39:F6:C5:62:42:DA:E0:5C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "76:F5:B6:A7:1C:22:5D:DE:DB:BD:39:CD:2C:E2:86:4C:B6:3A:EB:CE:50:86:CB:1D:CF:A7:61:13:D8:4E:69:E4:C1:B1:65:BB:A4:2A:11:BF:37:EF:B7:65:13:37:B7:6A:84:25:07:8B:A1:4F:4E:18:8E:50:72:F9:75:20:DA:C3:08:FA:B8:A4:B6:1D:17:5F:01:AD:8D:5F:C0:4D:FE:36:DE:7D:C4:02:29:14:3E:9F:FE:D2:09:89:6F:F9:FB:B9:7C:43:72:13:1E:9E:8F:49:2A:31:9B:F6:91:72:29:E2:01:D8:FC:D8:DB:B7:69:09:74:0E:49:F6:E0:69:05:FC:18:82:C8:A6:89:31:AA:8A:82:60:E3:E4:C6:D2:61:E2:F9:CC:E6:27:C8:87:E2:2D:A6:6C:87:0B:59:52:33:F3:39:C7:5C:0E:AA:DE:7D:21:E9:46:4A:B0:F5:40:99:B1:0C:C6:56:3D:8B:0C:4C:28:47:EC:1E:F5:0F:F5:C8:E5:8F:7D:05:EE:AF:CE:DC:C7:0B:D8:8D:9F:BD:5E:8E:83:B8:06:6C:3F:D5:3F:32:68:9D:2D:4E:13:C5:73:A5:6C:D7:2C:B5:1F:3D:BB:05:C2:F5:23:8A:AA:E3:33:8E:37:9E:55:4D:81:F6:84:43:C0:E9:81:19:83:88:6A:A7:AA" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:34:11", "not_valid_before": "2022-05-09 16:34:12" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:34:27 +0000 (0:00:00.743) 0:00:25.070 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "38:39:6E:1F:1B:31:8E:70:45:21:28:1E:39:F6:C5:62:42:DA:E0:5C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "13:25:EA:18:A8:C7:E8:B4:4C:F9:C1:E6:0A:65:50:ED:EA:17:A9:BE" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "76:F5:B6:A7:1C:22:5D:DE:DB:BD:39:CD:2C:E2:86:4C:B6:3A:EB:CE:50:86:CB:1D:CF:A7:61:13:D8:4E:69:E4:C1:B1:65:BB:A4:2A:11:BF:37:EF:B7:65:13:37:B7:6A:84:25:07:8B:A1:4F:4E:18:8E:50:72:F9:75:20:DA:C3:08:FA:B8:A4:B6:1D:17:5F:01:AD:8D:5F:C0:4D:FE:36:DE:7D:C4:02:29:14:3E:9F:FE:D2:09:89:6F:F9:FB:B9:7C:43:72:13:1E:9E:8F:49:2A:31:9B:F6:91:72:29:E2:01:D8:FC:D8:DB:B7:69:09:74:0E:49:F6:E0:69:05:FC:18:82:C8:A6:89:31:AA:8A:82:60:E3:E4:C6:D2:61:E2:F9:CC:E6:27:C8:87:E2:2D:A6:6C:87:0B:59:52:33:F3:39:C7:5C:0E:AA:DE:7D:21:E9:46:4A:B0:F5:40:99:B1:0C:C6:56:3D:8B:0C:4C:28:47:EC:1E:F5:0F:F5:C8:E5:8F:7D:05:EE:AF:CE:DC:C7:0B:D8:8D:9F:BD:5E:8E:83:B8:06:6C:3F:D5:3F:32:68:9D:2D:4E:13:C5:73:A5:6C:D7:2C:B5:1F:3D:BB:05:C2:F5:23:8A:AA:E3:33:8E:37:9E:55:4D:81:F6:84:43:C0:E9:81:19:83:88:6A:A7:AA" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:34:11", "not_valid_before": "2022-05-09 16:34:12" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:34:27 +0000 (0:00:00.033) 0:00:25.104 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:34:27 +0000 (0:00:00.031) 0:00:25.136 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:34:27 +0000 (0:00:00.019) 0:00:25.155 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:34:27 +0000 (0:00:00.038) 0:00:25.193 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:34:27 +0000 (0:00:00.035) 0:00:25.228 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:34:27 +0000 (0:00:00.039) 0:00:25.268 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_many_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044471", "end": "2022-05-09 16:34:27.624790", "rc": 0, "start": "2022-05-09 16:34:27.580319" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:34:28 +0000 (0:00:00.423) 0:00:25.691 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:34:28 +0000 (0:00:00.035) 0:00:25.727 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:34:28 +0000 (0:00:00.018) 0:00:25.745 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:34:30 +0000 (0:00:02.105) 0:00:27.851 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:34:31 +0000 (0:00:01.033) 0:00:28.884 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:34:32 +0000 (0:00:00.930) 0:00:29.815 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114053.1538198, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b9fb05b0aa47d68f3333c7d0781061e5e775dfce", "ctime": 1652114053.1508198, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137734, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114053.1508198, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1661195600", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:34:32 +0000 (0:00:00.400) 0:00:30.216 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:34:32 +0000 (0:00:00.024) 0:00:30.240 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:34:32 +0000 (0:00:00.038) 0:00:30.279 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:34:32 +0000 (0:00:00.034) 0:00:30.314 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114053.10582, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "40eca5c5c6e7a7366611a8a2fd420afc91e33d32", "ctime": 1652114053.1508198, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137733, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114053.1508198, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "1747963918", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:34:33 +0000 (0:00:00.391) 0:00:30.705 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:34:33 +0000 (0:00:00.024) 0:00:30.730 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:34:33 +0000 (0:00:00.039) 0:00:30.769 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.197720", "end": "2022-05-09 16:34:33.268421", "rc": 0, "start": "2022-05-09 16:34:33.070701" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "C6:C3:38:5C:0D:00:29:27:30:1B:77:49:D0:29:EE:47:61:41:22:C0", "critical": false }, "authorityKeyIdentifier": { "value": "38:39:6E:1F:1B:31:8E:70:45:21:28:1E:39:F6:C5:62:42:DA:E0:5C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "9E:03:74:A2:C7:D2:82:30:51:75:E6:A7:D5:AE:C7:91:23:39:FE:9C:66:7E:21:AB:C2:F0:C7:AC:FD:79:D2:FE:C7:DE:A9:85:CD:CF:0C:FA:F4:BF:D4:7D:DC:FE:0F:13:9D:9D:61:18:93:4D:AB:0C:F2:7D:DD:F9:07:03:23:11:36:ED:FF:DF:FC:B9:53:F4:D2:A9:12:5C:25:8C:4B:67:EA:E2:50:75:C1:5F:B8:A8:D1:E6:C3:39:F9:98:26:2C:A1:7B:1D:D2:CF:21:A9:5D:71:91:4E:7F:F6:8C:F6:40:86:C4:07:17:DD:A7:E3:45:3D:53:5F:C5:5A:3E:56:05:58:2C:F1:A0:DB:BC:98:57:35:05:26:B1:96:2E:76:96:4D:C6:F6:6C:29:4E:61:0D:13:08:80:2D:39:15:09:D1:E4:76:17:09:81:FB:6F:8C:DA:A6:82:3F:94:80:B4:18:1D:8C:17:30:35:7C:E4:EF:85:E6:1D:05:A0:E6:1F:C8:F7:E1:D7:83:B6:25:16:49:6D:3C:F6:7E:D9:6D:C4:C7:43:20:23:EB:6E:7E:76:2F:74:7A:23:87:23:6B:70:E4:E6:EB:45:CE:17:5B:82:D2:1F:E1:58:6D:03:20:51:C9:A0:3D:FE:4B:C2:E1:6E:07:81:28:93:C9:FC:1F:7D:92" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:34:11", "not_valid_before": "2022-05-09 16:34:13" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:34:33 +0000 (0:00:00.563) 0:00:31.333 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "38:39:6E:1F:1B:31:8E:70:45:21:28:1E:39:F6:C5:62:42:DA:E0:5C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "C6:C3:38:5C:0D:00:29:27:30:1B:77:49:D0:29:EE:47:61:41:22:C0" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "9E:03:74:A2:C7:D2:82:30:51:75:E6:A7:D5:AE:C7:91:23:39:FE:9C:66:7E:21:AB:C2:F0:C7:AC:FD:79:D2:FE:C7:DE:A9:85:CD:CF:0C:FA:F4:BF:D4:7D:DC:FE:0F:13:9D:9D:61:18:93:4D:AB:0C:F2:7D:DD:F9:07:03:23:11:36:ED:FF:DF:FC:B9:53:F4:D2:A9:12:5C:25:8C:4B:67:EA:E2:50:75:C1:5F:B8:A8:D1:E6:C3:39:F9:98:26:2C:A1:7B:1D:D2:CF:21:A9:5D:71:91:4E:7F:F6:8C:F6:40:86:C4:07:17:DD:A7:E3:45:3D:53:5F:C5:5A:3E:56:05:58:2C:F1:A0:DB:BC:98:57:35:05:26:B1:96:2E:76:96:4D:C6:F6:6C:29:4E:61:0D:13:08:80:2D:39:15:09:D1:E4:76:17:09:81:FB:6F:8C:DA:A6:82:3F:94:80:B4:18:1D:8C:17:30:35:7C:E4:EF:85:E6:1D:05:A0:E6:1F:C8:F7:E1:D7:83:B6:25:16:49:6D:3C:F6:7E:D9:6D:C4:C7:43:20:23:EB:6E:7E:76:2F:74:7A:23:87:23:6B:70:E4:E6:EB:45:CE:17:5B:82:D2:1F:E1:58:6D:03:20:51:C9:A0:3D:FE:4B:C2:E1:6E:07:81:28:93:C9:FC:1F:7D:92" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-05-09 16:34:11", "not_valid_before": "2022-05-09 16:34:13" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:34:33 +0000 (0:00:00.038) 0:00:31.371 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:34:33 +0000 (0:00:00.034) 0:00:31.405 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:34:33 +0000 (0:00:00.023) 0:00:31.429 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:34:33 +0000 (0:00:00.048) 0:00:31.477 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:34:33 +0000 (0:00:00.036) 0:00:31.514 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:34:33 +0000 (0:00:00.037) 0:00:31.551 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044886", "end": "2022-05-09 16:34:33.901206", "rc": 0, "start": "2022-05-09 16:34:33.856320" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:34:34 +0000 (0:00:00.417) 0:00:31.968 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:34:34 +0000 (0:00:00.036) 0:00:32.005 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:34:34 +0000 (0:00:00.019) 0:00:32.024 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:34:36 +0000 (0:00:02.057) 0:00:34.081 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:34:37 +0000 (0:00:01.136) 0:00:35.218 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:34:38 +0000 (0:00:00.938) 0:00:36.156 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114054.3018198, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "aaedf701c6190d685aed0c498a9ceeb38fffe863", "ctime": 1652114054.2988198, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137736, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114054.2988198, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1344688984", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:34:38 +0000 (0:00:00.395) 0:00:36.551 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:34:38 +0000 (0:00:00.022) 0:00:36.573 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:34:39 +0000 (0:00:00.039) 0:00:36.613 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:34:39 +0000 (0:00:00.035) 0:00:36.648 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114054.25382, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7d73f0676b90eade8c91ac97b53254ae59574055", "ctime": 1652114054.2988198, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137735, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114054.2988198, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1244856869", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:34:39 +0000 (0:00:00.383) 0:00:37.032 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:34:39 +0000 (0:00:00.019) 0:00:37.052 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:34:39 +0000 (0:00:00.036) 0:00:37.088 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.203577", "end": "2022-05-09 16:34:39.595640", "rc": 0, "start": "2022-05-09 16:34:39.392063" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "1B:E6:E8:EF:A2:73:1F:38:B2:EE:0E:56:98:6D:6D:5F:71:64:21:D2", "critical": false }, "authorityKeyIdentifier": { "value": "38:39:6E:1F:1B:31:8E:70:45:21:28:1E:39:F6:C5:62:42:DA:E0:5C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "B9:4B:1E:85:5E:F0:00:F6:F5:DA:B7:3B:F6:CE:6E:63:42:25:7A:CD:F1:13:F6:8E:7D:73:38:47:E9:0E:AF:38:C4:05:43:94:5A:8E:8A:4E:C7:D1:B9:6C:6B:20:A1:44:67:D0:A2:60:62:9E:7E:5E:79:D5:D1:F2:E1:87:84:09:8B:DB:6B:A9:6D:F9:80:4C:A8:08:58:F8:3A:71:7F:33:8F:FC:B8:8A:E1:C0:A3:2E:85:6B:44:0F:2B:81:A5:AC:31:F3:2E:5D:A2:F0:59:40:C9:73:09:E1:21:CA:1A:CA:5E:81:5F:79:04:34:DD:38:07:9E:D6:8C:B9:C9:7C:CC:C7:34:34:AE:2B:D9:AB:9E:93:BF:9A:A9:12:37:AE:81:64:C7:DA:85:7A:A0:62:7E:69:BA:CC:9E:09:31:83:8B:CC:62:AF:99:85:7D:CA:5C:7F:2F:D4:FB:67:44:54:1E:BA:0D:09:CC:48:A4:61:99:55:3D:42:AD:2D:52:32:72:7C:62:EF:8C:F6:FA:B2:4A:CD:D7:A3:FB:C6:E4:D3:62:50:32:35:72:C8:70:F3:06:B2:05:10:26:2F:C1:7F:32:7B:3A:2E:AE:61:DA:90:8A:D1:C2:86:F8:E2:D3:56:9F:B4:BD:15:1B:21:6A:D2:F0:61:41:7B:B9:76:3C:C9:84" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:34:11", "not_valid_before": "2022-05-09 16:34:14" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:34:40 +0000 (0:00:00.579) 0:00:37.668 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "38:39:6E:1F:1B:31:8E:70:45:21:28:1E:39:F6:C5:62:42:DA:E0:5C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "1B:E6:E8:EF:A2:73:1F:38:B2:EE:0E:56:98:6D:6D:5F:71:64:21:D2" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "B9:4B:1E:85:5E:F0:00:F6:F5:DA:B7:3B:F6:CE:6E:63:42:25:7A:CD:F1:13:F6:8E:7D:73:38:47:E9:0E:AF:38:C4:05:43:94:5A:8E:8A:4E:C7:D1:B9:6C:6B:20:A1:44:67:D0:A2:60:62:9E:7E:5E:79:D5:D1:F2:E1:87:84:09:8B:DB:6B:A9:6D:F9:80:4C:A8:08:58:F8:3A:71:7F:33:8F:FC:B8:8A:E1:C0:A3:2E:85:6B:44:0F:2B:81:A5:AC:31:F3:2E:5D:A2:F0:59:40:C9:73:09:E1:21:CA:1A:CA:5E:81:5F:79:04:34:DD:38:07:9E:D6:8C:B9:C9:7C:CC:C7:34:34:AE:2B:D9:AB:9E:93:BF:9A:A9:12:37:AE:81:64:C7:DA:85:7A:A0:62:7E:69:BA:CC:9E:09:31:83:8B:CC:62:AF:99:85:7D:CA:5C:7F:2F:D4:FB:67:44:54:1E:BA:0D:09:CC:48:A4:61:99:55:3D:42:AD:2D:52:32:72:7C:62:EF:8C:F6:FA:B2:4A:CD:D7:A3:FB:C6:E4:D3:62:50:32:35:72:C8:70:F3:06:B2:05:10:26:2F:C1:7F:32:7B:3A:2E:AE:61:DA:90:8A:D1:C2:86:F8:E2:D3:56:9F:B4:BD:15:1B:21:6A:D2:F0:61:41:7B:B9:76:3C:C9:84" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-05-09 16:34:11", "not_valid_before": "2022-05-09 16:34:14" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:34:40 +0000 (0:00:00.034) 0:00:37.702 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:34:40 +0000 (0:00:00.038) 0:00:37.741 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:34:40 +0000 (0:00:00.023) 0:00:37.764 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:34:40 +0000 (0:00:00.034) 0:00:37.799 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:34:40 +0000 (0:00:00.038) 0:00:37.837 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:34:40 +0000 (0:00:00.037) 0:00:37.875 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044776", "end": "2022-05-09 16:34:40.245282", "rc": 0, "start": "2022-05-09 16:34:40.200506" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:34:40 +0000 (0:00:00.440) 0:00:38.315 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=73 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:34:40 +0000 (0:00:00.040) 0:00:38.356 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.05s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.21s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 2.95s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Install certreader ------------------------------------------------------ 2.89s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.63s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 2.11s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 2.06s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 1.94s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.18s /tmp/tmpw536d1ja/tests/certificate/tests_many_self_signed.yml:2 --------------- Install the package, force upgrade -------------------------------------- 1.14s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install the package, force upgrade -------------------------------------- 1.03s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.03s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Install certreader ------------------------------------------------------ 0.94s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install certreader ------------------------------------------------------ 0.93s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpw536d1ja/tests/certificate/tests_many_self_signed.yml:18 -------------- Parse certificate ------------------------------------------------------- 0.74s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.58s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.56s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_no_auto_renew.yml:2 Monday 09 May 2022 16:34:55 +0000 (0:00:00.012) 0:00:00.012 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:34:56 +0000 (0:00:01.168) 0:00:01.180 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:34:56 +0000 (0:00:00.022) 0:00:01.202 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:34:56 +0000 (0:00:00.517) 0:00:01.720 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:34:56 +0000 (0:00:00.037) 0:00:01.758 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:34:59 +0000 (0:00:02.846) 0:00:04.604 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:35:03 +0000 (0:00:03.404) 0:00:08.008 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:35:03 +0000 (0:00:00.564) 0:00:08.572 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:35:04 +0000 (0:00:00.413) 0:00:08.986 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket system.slice dbus-broker.service systemd-journald.socket network.target sysinit.target basic.target syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:35:05 +0000 (0:00:01.061) 0:00:10.048 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_no_auto_renew', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => { "ansible_loop_var": "item", "changed": true, "item": { "auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert_no_auto_renew" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "defaultcert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_no_auto_renew.yml:17 Monday 09 May 2022 16:35:06 +0000 (0:00:01.684) 0:00:11.732 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_no_auto_renew.yml:42 Monday 09 May 2022 16:35:07 +0000 (0:00:00.786) 0:00:12.518 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_no_auto_renew.crt', 'key_path': '/etc/pki/tls/private/mycert_no_auto_renew.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': False}) included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/defaultcert.crt', 'key_path': '/etc/pki/tls/private/defaultcert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': True}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:35:07 +0000 (0:00:00.045) 0:00:12.563 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:35:07 +0000 (0:00:00.017) 0:00:12.580 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:35:09 +0000 (0:00:02.086) 0:00:14.667 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:35:14 +0000 (0:00:05.125) 0:00:19.793 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 52.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 80.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 95.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:35:17 +0000 (0:00:02.927) 0:00:22.721 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114105.9627776, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7373bc7f0778f55c0e3990383eda19d697159acd", "ctime": 1652114105.9597776, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114105.9597776, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_no_auto_renew.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "791646380", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:35:18 +0000 (0:00:00.522) 0:00:23.244 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:35:18 +0000 (0:00:00.024) 0:00:23.268 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:35:18 +0000 (0:00:00.073) 0:00:23.341 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:35:18 +0000 (0:00:00.037) 0:00:23.379 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114105.9157774, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "90e1e0715fa303c4ece8df6debda31d1aa55bfc1", "ctime": 1652114105.9597776, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114105.9597776, "nlink": 1, "path": "/etc/pki/tls/private/mycert_no_auto_renew.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1990079909", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:35:18 +0000 (0:00:00.391) 0:00:23.770 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:35:18 +0000 (0:00:00.022) 0:00:23.792 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:35:18 +0000 (0:00:00.040) 0:00:23.833 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_no_auto_renew.crt" ], "delta": "0:00:00.210994", "end": "2022-05-09 16:35:19.560583", "rc": 0, "start": "2022-05-09 16:35:19.349589" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "97:E4:34:E7:75:C9:1D:0C:79:AA:4F:DC:BF:27:5B:45:3C:A5:2E:88", "critical": false }, "authorityKeyIdentifier": { "value": "D3:06:3A:21:08:52:98:9C:43:C6:8E:96:8E:DF:43:52:30:26:97:B6", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "80:91:5A:CB:6E:90:69:44:7C:8B:4B:27:9B:25:37:84:76:26:A1:E4:F2:18:01:F5:9D:BF:97:4C:1E:33:41:F7:E3:7A:76:4E:3D:DB:CD:57:E9:4D:4A:C6:13:C4:B2:DF:61:47:4C:6F:E4:15:6B:BF:AD:CF:3D:DD:14:E7:7E:5D:EB:D6:5D:02:90:7D:32:14:21:4E:7D:18:0F:8B:6C:B7:66:5E:C5:D8:F5:6A:BF:EF:D7:AF:A0:B4:24:A4:9B:8B:23:42:26:14:7E:6F:80:9B:20:68:5D:5F:F3:7F:01:71:9F:8A:D9:75:50:3A:CB:6E:F2:74:C8:2A:E9:D6:F1:CB:B8:64:8E:D2:83:84:34:E5:91:7D:63:5E:C3:6E:11:CA:D0:40:F4:9B:0C:99:3F:88:05:C2:56:73:7E:B8:C6:E5:4D:5A:0E:7B:41:32:7A:A6:06:2E:D3:70:B2:05:37:C9:94:E1:36:EF:4A:B8:51:63:D2:B0:E7:AA:0E:C5:CA:24:19:2E:7B:E5:3A:7D:FD:CA:33:82:6A:FE:27:9A:60:D1:38:04:E8:71:66:24:2F:FE:CA:CE:B5:26:67:17:B2:A4:7E:3E:77:03:24:05:BC:A6:D4:70:4F:28:BC:AB:28:B7:7A:EF:5B:C7:77:FB:9F:24:60:34:AE:3E:B5:C0:CE:33" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:35:05", "not_valid_before": "2022-05-09 16:35:05" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:35:19 +0000 (0:00:00.690) 0:00:24.524 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "D3:06:3A:21:08:52:98:9C:43:C6:8E:96:8E:DF:43:52:30:26:97:B6" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "97:E4:34:E7:75:C9:1D:0C:79:AA:4F:DC:BF:27:5B:45:3C:A5:2E:88" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "80:91:5A:CB:6E:90:69:44:7C:8B:4B:27:9B:25:37:84:76:26:A1:E4:F2:18:01:F5:9D:BF:97:4C:1E:33:41:F7:E3:7A:76:4E:3D:DB:CD:57:E9:4D:4A:C6:13:C4:B2:DF:61:47:4C:6F:E4:15:6B:BF:AD:CF:3D:DD:14:E7:7E:5D:EB:D6:5D:02:90:7D:32:14:21:4E:7D:18:0F:8B:6C:B7:66:5E:C5:D8:F5:6A:BF:EF:D7:AF:A0:B4:24:A4:9B:8B:23:42:26:14:7E:6F:80:9B:20:68:5D:5F:F3:7F:01:71:9F:8A:D9:75:50:3A:CB:6E:F2:74:C8:2A:E9:D6:F1:CB:B8:64:8E:D2:83:84:34:E5:91:7D:63:5E:C3:6E:11:CA:D0:40:F4:9B:0C:99:3F:88:05:C2:56:73:7E:B8:C6:E5:4D:5A:0E:7B:41:32:7A:A6:06:2E:D3:70:B2:05:37:C9:94:E1:36:EF:4A:B8:51:63:D2:B0:E7:AA:0E:C5:CA:24:19:2E:7B:E5:3A:7D:FD:CA:33:82:6A:FE:27:9A:60:D1:38:04:E8:71:66:24:2F:FE:CA:CE:B5:26:67:17:B2:A4:7E:3E:77:03:24:05:BC:A6:D4:70:4F:28:BC:AB:28:B7:7A:EF:5B:C7:77:FB:9F:24:60:34:AE:3E:B5:C0:CE:33" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:35:05", "not_valid_before": "2022-05-09 16:35:05" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:35:19 +0000 (0:00:00.035) 0:00:24.559 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:35:19 +0000 (0:00:00.036) 0:00:24.595 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:35:19 +0000 (0:00:00.023) 0:00:24.619 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:35:19 +0000 (0:00:00.035) 0:00:24.655 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:35:19 +0000 (0:00:00.036) 0:00:24.691 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:35:19 +0000 (0:00:00.038) 0:00:24.730 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_no_auto_renew.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041716", "end": "2022-05-09 16:35:20.192468", "rc": 0, "start": "2022-05-09 16:35:20.150752" } STDOUT: no TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:35:20 +0000 (0:00:00.413) 0:00:25.143 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:35:20 +0000 (0:00:00.036) 0:00:25.180 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:35:20 +0000 (0:00:00.016) 0:00:25.196 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:35:22 +0000 (0:00:02.166) 0:00:27.362 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:35:23 +0000 (0:00:01.167) 0:00:28.530 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:35:24 +0000 (0:00:00.945) 0:00:29.476 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114106.6097775, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0571e10ce5af9c44dec3c8aa0003d34225f07498", "ctime": 1652114106.6067774, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137734, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114106.6067774, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1067394199", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:35:24 +0000 (0:00:00.375) 0:00:29.852 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:35:24 +0000 (0:00:00.019) 0:00:29.871 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:35:25 +0000 (0:00:00.039) 0:00:29.911 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:35:25 +0000 (0:00:00.037) 0:00:29.948 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114106.5617776, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "eeb5b78b3361254c525e56acece82d331c8a2253", "ctime": 1652114106.6067774, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137733, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114106.6067774, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "364504215", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:35:25 +0000 (0:00:00.368) 0:00:30.317 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:35:25 +0000 (0:00:00.023) 0:00:30.340 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:35:25 +0000 (0:00:00.037) 0:00:30.378 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt" ], "delta": "0:00:00.225427", "end": "2022-05-09 16:35:26.012464", "rc": 0, "start": "2022-05-09 16:35:25.787037" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "F8:1F:40:BB:A6:AE:0B:BC:71:F6:A8:C0:E3:B4:9F:65:F5:F7:7F:ED", "critical": false }, "authorityKeyIdentifier": { "value": "D3:06:3A:21:08:52:98:9C:43:C6:8E:96:8E:DF:43:52:30:26:97:B6", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "12:A4:3D:D1:4B:7C:E1:C0:1D:A5:E1:CC:30:0B:F6:75:A0:62:99:55:14:E2:32:C3:68:B8:95:50:CE:03:A7:A1:86:E1:CB:0D:00:67:EC:C9:EB:3C:9F:3C:0D:89:54:7E:79:62:69:75:7F:89:33:05:FB:22:99:59:C1:DD:87:97:F7:26:46:F9:36:08:DC:06:74:A1:6F:C6:A9:28:40:B8:9A:34:92:D8:DA:BE:7E:35:3D:A2:EB:31:03:B0:2C:8D:89:A6:6B:8F:9D:9C:C1:58:B6:FB:1B:06:E9:E2:D7:A1:CD:04:A0:D4:BA:36:C0:FB:96:D8:06:6A:86:CC:51:73:89:F0:71:BE:C7:C1:C9:85:DA:83:D8:BF:09:EA:CC:A5:61:61:9B:9E:72:81:9C:C9:24:CA:43:21:07:96:7C:AF:3D:A5:6F:28:A8:E6:E4:10:24:D1:29:27:F2:74:5B:7E:C9:CB:3F:83:17:FD:DC:CC:D5:FC:54:6F:8F:69:96:D9:F1:A8:99:2C:7A:16:97:DA:B8:8F:B9:9D:A5:2D:1B:A3:EC:BD:56:9E:98:1E:A8:F7:63:18:81:20:E9:1A:15:D5:40:EA:FD:AD:C4:4D:D8:BC:74:36:F4:FC:1A:04:86:32:52:AC:EC:B2:F5:4A:66:A5:3E:F6:67:C9:2D:AE:F4:D4" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:35:05", "not_valid_before": "2022-05-09 16:35:06" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:35:26 +0000 (0:00:00.586) 0:00:30.964 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "D3:06:3A:21:08:52:98:9C:43:C6:8E:96:8E:DF:43:52:30:26:97:B6" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "F8:1F:40:BB:A6:AE:0B:BC:71:F6:A8:C0:E3:B4:9F:65:F5:F7:7F:ED" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "12:A4:3D:D1:4B:7C:E1:C0:1D:A5:E1:CC:30:0B:F6:75:A0:62:99:55:14:E2:32:C3:68:B8:95:50:CE:03:A7:A1:86:E1:CB:0D:00:67:EC:C9:EB:3C:9F:3C:0D:89:54:7E:79:62:69:75:7F:89:33:05:FB:22:99:59:C1:DD:87:97:F7:26:46:F9:36:08:DC:06:74:A1:6F:C6:A9:28:40:B8:9A:34:92:D8:DA:BE:7E:35:3D:A2:EB:31:03:B0:2C:8D:89:A6:6B:8F:9D:9C:C1:58:B6:FB:1B:06:E9:E2:D7:A1:CD:04:A0:D4:BA:36:C0:FB:96:D8:06:6A:86:CC:51:73:89:F0:71:BE:C7:C1:C9:85:DA:83:D8:BF:09:EA:CC:A5:61:61:9B:9E:72:81:9C:C9:24:CA:43:21:07:96:7C:AF:3D:A5:6F:28:A8:E6:E4:10:24:D1:29:27:F2:74:5B:7E:C9:CB:3F:83:17:FD:DC:CC:D5:FC:54:6F:8F:69:96:D9:F1:A8:99:2C:7A:16:97:DA:B8:8F:B9:9D:A5:2D:1B:A3:EC:BD:56:9E:98:1E:A8:F7:63:18:81:20:E9:1A:15:D5:40:EA:FD:AD:C4:4D:D8:BC:74:36:F4:FC:1A:04:86:32:52:AC:EC:B2:F5:4A:66:A5:3E:F6:67:C9:2D:AE:F4:D4" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:35:05", "not_valid_before": "2022-05-09 16:35:06" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:35:26 +0000 (0:00:00.033) 0:00:30.997 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:35:26 +0000 (0:00:00.030) 0:00:31.028 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:35:26 +0000 (0:00:00.021) 0:00:31.049 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:35:26 +0000 (0:00:00.036) 0:00:31.086 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:35:26 +0000 (0:00:00.037) 0:00:31.123 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:35:26 +0000 (0:00:00.037) 0:00:31.160 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.054390", "end": "2022-05-09 16:35:26.630445", "rc": 0, "start": "2022-05-09 16:35:26.576055" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:35:26 +0000 (0:00:00.429) 0:00:31.589 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=52 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:35:26 +0000 (0:00:00.041) 0:00:31.631 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.13s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.40s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install certreader ------------------------------------------------------ 2.93s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.85s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 2.17s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 2.09s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.68s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 1.17s /tmp/tmpw536d1ja/tests/certificate/tests_no_auto_renew.yml:2 ------------------ Install the package, force upgrade -------------------------------------- 1.17s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.06s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Install certreader ------------------------------------------------------ 0.95s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmpw536d1ja/tests/certificate/tests_no_auto_renew.yml:17 ----------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.59s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.52s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.43s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve auto-renew flag ------------------------------------------------ 0.41s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_not_wait_for_cert.yml:2 Monday 09 May 2022 16:35:41 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:35:42 +0000 (0:00:01.132) 0:00:01.143 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:35:42 +0000 (0:00:00.022) 0:00:01.166 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:35:42 +0000 (0:00:00.555) 0:00:01.721 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:35:42 +0000 (0:00:00.037) 0:00:01.758 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:35:45 +0000 (0:00:02.600) 0:00:04.359 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:35:48 +0000 (0:00:03.384) 0:00:07.743 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:35:49 +0000 (0:00:00.562) 0:00:08.305 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:35:49 +0000 (0:00:00.404) 0:00:08.710 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket dbus.socket network.target sysinit.target basic.target system.slice dbus-broker.service syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:35:50 +0000 (0:00:01.000) 0:00:09.710 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_not_wait_for_cert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_not_wait_for_cert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_not_wait_for_cert.yml:14 Monday 09 May 2022 16:35:51 +0000 (0:00:00.690) 0:00:10.401 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_not_wait_for_cert.yml:28 Monday 09 May 2022 16:35:52 +0000 (0:00:00.775) 0:00:11.176 ************ ok: [/cache/fedora-34.qcow2.snap] => (item={'path': '/etc/pki/tls/certs/mycert_not_wait_for_cert.crt', 'key_path': '/etc/pki/tls/private/mycert_not_wait_for_cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => { "ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": { "key_path": "/etc/pki/tls/private/mycert_not_wait_for_cert.key", "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "subject_alt_name": [ { "name": "DNS", "value": "www.example.com" } ] }, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1294, "state": "file", "uid": 0 } TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_not_wait_for_cert.yml:34 Monday 09 May 2022 16:35:52 +0000 (0:00:00.538) 0:00:11.714 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_not_wait_for_cert.crt', 'key_path': '/etc/pki/tls/private/mycert_not_wait_for_cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:35:52 +0000 (0:00:00.033) 0:00:11.747 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:35:52 +0000 (0:00:00.016) 0:00:11.764 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:35:54 +0000 (0:00:02.019) 0:00:13.783 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:35:59 +0000 (0:00:05.058) 0:00:18.842 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 34.9 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 81.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 26.6 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 90.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 39.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:36:02 +0000 (0:00:02.970) 0:00:21.813 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114151.5130682, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1706cbbafb9d2a20930667172adee492870a8bee", "ctime": 1652114151.5100682, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114151.5100682, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "351015643", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:36:03 +0000 (0:00:00.523) 0:00:22.336 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:36:03 +0000 (0:00:00.021) 0:00:22.358 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:36:03 +0000 (0:00:00.035) 0:00:22.394 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:36:03 +0000 (0:00:00.031) 0:00:22.425 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114151.466068, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "aa854aceaae117e01db1c451d8b7e2d072183350", "ctime": 1652114151.5100682, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114151.5100682, "nlink": 1, "path": "/etc/pki/tls/private/mycert_not_wait_for_cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "972260827", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:36:03 +0000 (0:00:00.375) 0:00:22.801 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:36:03 +0000 (0:00:00.023) 0:00:22.824 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:36:03 +0000 (0:00:00.039) 0:00:22.863 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt" ], "delta": "0:00:00.218298", "end": "2022-05-09 16:36:04.589743", "rc": 0, "start": "2022-05-09 16:36:04.371445" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "8D:AF:17:24:51:80:B2:DD:94:3B:EF:4C:D0:AB:7F:8D:28:75:7E:A1", "critical": false }, "authorityKeyIdentifier": { "value": "66:BB:C4:80:D7:A2:31:A3:F9:F3:69:9B:6E:35:45:89:15:C2:FE:CF", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "CE:60:9D:D8:76:B8:51:CC:77:5E:81:2E:C6:B8:AC:B8:F7:DC:48:05:3B:F9:77:E0:FD:D3:FB:B3:AB:81:04:FC:1D:62:2E:3B:F1:73:C2:E5:63:B0:D0:31:E2:4F:4A:88:5E:4B:BB:6E:CE:17:1C:55:52:20:B9:51:BD:81:2D:05:00:BB:57:AD:EA:3A:BF:A0:02:F1:F3:A6:22:5F:22:82:84:72:F5:FC:8D:26:47:CB:F2:77:EC:91:31:78:B3:A3:37:B8:55:D0:EB:48:F3:5C:83:65:65:2E:A1:45:F2:22:64:F2:4E:2C:0D:94:43:81:66:80:FF:62:9E:F3:82:CA:CA:CC:32:EC:6D:E8:AB:AC:8B:28:06:ED:4D:80:C5:6D:6D:16:81:79:0E:9A:0E:A4:C7:DF:73:80:FA:64:E1:79:58:6F:72:80:FC:C8:0B:38:09:92:74:3A:FB:20:B8:A8:09:DA:81:D5:1F:F3:2E:4E:C0:D3:D9:AA:35:3B:2B:B9:A8:AD:88:BA:C6:DE:7E:EF:CD:90:98:65:C5:86:12:C0:C2:67:A8:DB:E2:0C:6A:9B:B4:8D:D2:87:86:74:7F:86:6C:EF:A7:C0:D8:B9:F5:60:84:68:9B:76:A4:F7:33:78:E5:C9:83:A6:B5:82:54:36:62:F9:FC:27:93:3C:8D:64" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:35:50", "not_valid_before": "2022-05-09 16:35:51" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:36:04 +0000 (0:00:00.722) 0:00:23.586 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "66:BB:C4:80:D7:A2:31:A3:F9:F3:69:9B:6E:35:45:89:15:C2:FE:CF" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "8D:AF:17:24:51:80:B2:DD:94:3B:EF:4C:D0:AB:7F:8D:28:75:7E:A1" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "CE:60:9D:D8:76:B8:51:CC:77:5E:81:2E:C6:B8:AC:B8:F7:DC:48:05:3B:F9:77:E0:FD:D3:FB:B3:AB:81:04:FC:1D:62:2E:3B:F1:73:C2:E5:63:B0:D0:31:E2:4F:4A:88:5E:4B:BB:6E:CE:17:1C:55:52:20:B9:51:BD:81:2D:05:00:BB:57:AD:EA:3A:BF:A0:02:F1:F3:A6:22:5F:22:82:84:72:F5:FC:8D:26:47:CB:F2:77:EC:91:31:78:B3:A3:37:B8:55:D0:EB:48:F3:5C:83:65:65:2E:A1:45:F2:22:64:F2:4E:2C:0D:94:43:81:66:80:FF:62:9E:F3:82:CA:CA:CC:32:EC:6D:E8:AB:AC:8B:28:06:ED:4D:80:C5:6D:6D:16:81:79:0E:9A:0E:A4:C7:DF:73:80:FA:64:E1:79:58:6F:72:80:FC:C8:0B:38:09:92:74:3A:FB:20:B8:A8:09:DA:81:D5:1F:F3:2E:4E:C0:D3:D9:AA:35:3B:2B:B9:A8:AD:88:BA:C6:DE:7E:EF:CD:90:98:65:C5:86:12:C0:C2:67:A8:DB:E2:0C:6A:9B:B4:8D:D2:87:86:74:7F:86:6C:EF:A7:C0:D8:B9:F5:60:84:68:9B:76:A4:F7:33:78:E5:C9:83:A6:B5:82:54:36:62:F9:FC:27:93:3C:8D:64" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:35:50", "not_valid_before": "2022-05-09 16:35:51" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:36:04 +0000 (0:00:00.032) 0:00:23.618 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:36:04 +0000 (0:00:00.032) 0:00:23.651 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:36:04 +0000 (0:00:00.019) 0:00:23.670 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:36:04 +0000 (0:00:00.029) 0:00:23.700 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:36:04 +0000 (0:00:00.030) 0:00:23.730 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:36:04 +0000 (0:00:00.030) 0:00:23.760 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_not_wait_for_cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043317", "end": "2022-05-09 16:36:05.171419", "rc": 0, "start": "2022-05-09 16:36:05.128102" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:36:05 +0000 (0:00:00.404) 0:00:24.165 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=32 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:36:05 +0000 (0:00:00.042) 0:00:24.208 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.06s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.38s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install certreader ------------------------------------------------------ 2.97s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.60s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 2.02s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.13s /tmp/tmpw536d1ja/tests/certificate/tests_not_wait_for_cert.yml:2 -------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.00s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpw536d1ja/tests/certificate/tests_not_wait_for_cert.yml:14 ------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.69s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.56s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Wait for certificate ---------------------------------------------------- 0.54s /tmp/tmpw536d1ja/tests/certificate/tests_not_wait_for_cert.yml:28 ------------- Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 - fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml:2 Monday 09 May 2022 16:36:19 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:36:20 +0000 (0:00:01.155) 0:00:01.166 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:36:20 +0000 (0:00:00.023) 0:00:01.189 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:36:21 +0000 (0:00:00.557) 0:00:01.746 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:36:21 +0000 (0:00:00.037) 0:00:01.783 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:36:23 +0000 (0:00:02.661) 0:00:04.445 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:36:27 +0000 (0:00:03.202) 0:00:07.647 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:36:27 +0000 (0:00:00.535) 0:00:08.183 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:36:28 +0000 (0:00:00.405) 0:00:08.588 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target system.slice dbus.socket systemd-journald.socket network.target basic.target sysinit.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:36:29 +0000 (0:00:01.021) 0:00:09.610 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_principal', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_principal", "principal": "HTTP/www.example.com@EXAMPLE.COM" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml:13 Monday 09 May 2022 16:36:29 +0000 (0:00:00.798) 0:00:10.409 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml:33 Monday 09 May 2022 16:36:30 +0000 (0:00:00.764) 0:00:11.174 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_principal.crt', 'key_path': '/etc/pki/tls/private/mycert_principal.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}, {'name': 'Universal Principal Name (UPN)', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.4.1.311.20.2.3'}, {'name': 'Kerberos principalname', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.5.2.2'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:36:30 +0000 (0:00:00.036) 0:00:11.210 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:36:30 +0000 (0:00:00.018) 0:00:11.228 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:36:32 +0000 (0:00:02.080) 0:00:13.309 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:36:37 +0000 (0:00:04.826) 0:00:18.135 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 87.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 103.0 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 38.5 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:36:40 +0000 (0:00:02.745) 0:00:20.880 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114189.3260217, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "aeb2de58d094ce49621470fce776a8d0db3a16ac", "ctime": 1652114189.323022, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114189.323022, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_principal.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1456, "uid": 0, "version": "1739413306", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:36:40 +0000 (0:00:00.491) 0:00:21.372 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:36:40 +0000 (0:00:00.024) 0:00:21.396 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:36:40 +0000 (0:00:00.038) 0:00:21.434 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:36:40 +0000 (0:00:00.035) 0:00:21.470 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114189.2810218, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8fc60ec9525466f6480a1dfaac4eca139123ec0d", "ctime": 1652114189.323022, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114189.323022, "nlink": 1, "path": "/etc/pki/tls/private/mycert_principal.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1966937508", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:36:41 +0000 (0:00:00.362) 0:00:21.832 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:36:41 +0000 (0:00:00.023) 0:00:21.856 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:36:41 +0000 (0:00:00.039) 0:00:21.895 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_principal.crt" ], "delta": "0:00:00.194636", "end": "2022-05-09 16:36:41.575893", "rc": 0, "start": "2022-05-09 16:36:41.381257" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.5.2.2" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "91:01:0E:BE:67:D7:1E:9F:44:05:93:D0:F0:3D:E0:DB:19:8B:0E:81", "critical": false }, "authorityKeyIdentifier": { "value": "7E:8F:94:A9:A1:68:03:15:7F:AF:53:71:FF:72:8B:7C:F1:BF:38:F5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "85:6D:67:3F:09:6A:0C:7F:05:DC:B7:6F:C9:54:97:4F:11:E3:89:B1:0C:E4:84:3A:24:9A:E4:6D:56:15:CD:4E:52:9E:00:F0:D4:C8:CA:F9:21:54:2F:6C:94:5B:64:94:47:16:FA:A2:26:44:B4:54:25:28:DB:09:ED:C3:14:29:B7:73:E5:AC:57:A0:50:CD:3F:B0:72:FE:77:F2:11:66:74:F5:58:B3:4F:2D:F7:44:64:C3:2C:90:C0:BB:AB:3C:AE:5F:66:31:5B:FA:19:3D:2B:7C:22:B5:A1:4E:60:FC:35:B4:0E:6F:00:DE:3C:88:F3:6E:98:67:69:B9:D8:E1:41:02:6E:53:24:7C:CB:54:E7:38:66:0B:15:E0:28:33:FE:51:EE:2D:92:F9:87:68:FE:B4:75:8A:F7:CB:E4:60:E9:3E:6E:0F:45:6A:B1:B1:58:A3:E8:09:9D:E1:1B:AB:85:34:E5:7F:1B:32:60:B5:C9:8E:F1:4A:9E:1D:C2:40:86:29:D3:95:E5:A7:D1:AE:CC:8D:1E:CD:8E:83:CA:6E:31:92:B4:F2:FC:42:2E:E6:B6:51:E2:CF:B5:23:BD:7A:FB:86:5F:FC:5A:9F:32:A8:4D:16:79:ED:D9:C1:02:F4:AE:EC:BA:81:33:B8:9C:23:D7:C5:51:9A:9A:93:27:7A" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:36:28", "not_valid_before": "2022-05-09 16:36:29" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:36:42 +0000 (0:00:00.685) 0:00:22.580 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "7E:8F:94:A9:A1:68:03:15:7F:AF:53:71:FF:72:8B:7C:F1:BF:38:F5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "91:01:0E:BE:67:D7:1E:9F:44:05:93:D0:F0:3D:E0:DB:19:8B:0E:81" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "85:6D:67:3F:09:6A:0C:7F:05:DC:B7:6F:C9:54:97:4F:11:E3:89:B1:0C:E4:84:3A:24:9A:E4:6D:56:15:CD:4E:52:9E:00:F0:D4:C8:CA:F9:21:54:2F:6C:94:5B:64:94:47:16:FA:A2:26:44:B4:54:25:28:DB:09:ED:C3:14:29:B7:73:E5:AC:57:A0:50:CD:3F:B0:72:FE:77:F2:11:66:74:F5:58:B3:4F:2D:F7:44:64:C3:2C:90:C0:BB:AB:3C:AE:5F:66:31:5B:FA:19:3D:2B:7C:22:B5:A1:4E:60:FC:35:B4:0E:6F:00:DE:3C:88:F3:6E:98:67:69:B9:D8:E1:41:02:6E:53:24:7C:CB:54:E7:38:66:0B:15:E0:28:33:FE:51:EE:2D:92:F9:87:68:FE:B4:75:8A:F7:CB:E4:60:E9:3E:6E:0F:45:6A:B1:B1:58:A3:E8:09:9D:E1:1B:AB:85:34:E5:7F:1B:32:60:B5:C9:8E:F1:4A:9E:1D:C2:40:86:29:D3:95:E5:A7:D1:AE:CC:8D:1E:CD:8E:83:CA:6E:31:92:B4:F2:FC:42:2E:E6:B6:51:E2:CF:B5:23:BD:7A:FB:86:5F:FC:5A:9F:32:A8:4D:16:79:ED:D9:C1:02:F4:AE:EC:BA:81:33:B8:9C:23:D7:C5:51:9A:9A:93:27:7A" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:36:28", "not_valid_before": "2022-05-09 16:36:29" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:36:42 +0000 (0:00:00.035) 0:00:22.615 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:36:42 +0000 (0:00:00.034) 0:00:22.649 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:36:42 +0000 (0:00:00.021) 0:00:22.671 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:36:42 +0000 (0:00:00.032) 0:00:22.704 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:36:42 +0000 (0:00:00.032) 0:00:22.736 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:36:42 +0000 (0:00:00.033) 0:00:22.770 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_principal.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040957", "end": "2022-05-09 16:36:42.165124", "rc": 0, "start": "2022-05-09 16:36:42.124167" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:36:42 +0000 (0:00:00.397) 0:00:23.167 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml:40 Monday 09 May 2022 16:36:42 +0000 (0:00:00.049) 0:00:23.217 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:36:43 +0000 (0:00:00.773) 0:00:23.990 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:36:43 +0000 (0:00:00.054) 0:00:24.045 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:36:44 +0000 (0:00:00.508) 0:00:24.553 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:36:44 +0000 (0:00:00.037) 0:00:24.591 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:36:46 +0000 (0:00:02.049) 0:00:26.641 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:36:48 +0000 (0:00:02.066) 0:00:28.708 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:36:48 +0000 (0:00:00.422) 0:00:29.131 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:36:49 +0000 (0:00:00.405) 0:00:29.536 ************ ok: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-05-09 16:36:28 UTC", "ActiveEnterTimestampMonotonic": "19147367", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice dbus-broker.service syslog.target network.target dbus.socket basic.target systemd-journald.socket sysinit.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-05-09 16:36:28 UTC", "AssertTimestampMonotonic": "19135056", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "298697000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-05-09 16:36:28 UTC", "ConditionTimestampMonotonic": "19135054", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6643", "ExecMainStartTimestamp": "Mon 2022-05-09 16:36:28 UTC", "ExecMainStartTimestampMonotonic": "19136386", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Mon 2022-05-09 16:36:28 UTC] ; stop_time=[n/a] ; pid=6643 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Mon 2022-05-09 16:36:28 UTC] ; stop_time=[n/a] ; pid=6643 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-05-09 16:36:28 UTC", "InactiveExitTimestampMonotonic": "19136780", "InvocationID": "29339c552e9143fb945588cd8a7b07a2", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6643", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "1634304", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-05-09 16:36:28 UTC", "StateChangeTimestampMonotonic": "19147367", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:36:49 +0000 (0:00:00.568) 0:00:30.105 ************ failed: [/cache/fedora-34.qcow2.snap] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc" } } MSG: Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM' TASK [assert...] *************************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml:59 Monday 09 May 2022 16:36:50 +0000 (0:00:00.481) 0:00:30.586 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=40 changed=7 unreachable=0 failed=0 skipped=2 rescued=1 ignored=0 Monday 09 May 2022 16:36:50 +0000 (0:00:00.027) 0:00:30.614 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.83s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.20s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install certreader ------------------------------------------------------ 2.75s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.66s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 2.08s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.07s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.05s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml:2 ---------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.80s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml:40 --------------------- Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpw536d1ja/tests/certificate/tests_principal.yml:13 --------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.57s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.56s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.51s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.48s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.42s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_provider.yml:2 Monday 09 May 2022 16:37:04 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:37:05 +0000 (0:00:01.145) 0:00:01.157 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:37:05 +0000 (0:00:00.022) 0:00:01.179 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:37:06 +0000 (0:00:00.530) 0:00:01.710 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:37:06 +0000 (0:00:00.042) 0:00:01.752 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:37:09 +0000 (0:00:02.928) 0:00:04.681 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:37:12 +0000 (0:00:03.431) 0:00:08.113 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:37:13 +0000 (0:00:00.574) 0:00:08.688 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:37:13 +0000 (0:00:00.416) 0:00:09.104 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice dbus-broker.service sysinit.target dbus.socket network.target systemd-journald.socket syslog.target basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:37:14 +0000 (0:00:01.032) 0:00:10.137 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_provider', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_provider", "provider": "certmonger" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_provider.yml:13 Monday 09 May 2022 16:37:15 +0000 (0:00:00.958) 0:00:11.095 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_provider.yml:27 Monday 09 May 2022 16:37:16 +0000 (0:00:00.779) 0:00:11.874 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_provider.crt', 'key_path': '/etc/pki/tls/private/mycert_provider.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:37:16 +0000 (0:00:00.034) 0:00:11.909 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:37:16 +0000 (0:00:00.019) 0:00:11.928 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:37:18 +0000 (0:00:02.268) 0:00:14.196 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:37:23 +0000 (0:00:04.915) 0:00:19.111 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 51.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 82.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 96.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 40.3 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:37:26 +0000 (0:00:02.828) 0:00:21.940 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114234.9893045, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "602f35aae6ce071e1fd770b073b598c8444b1a58", "ctime": 1652114234.9863045, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114234.9863045, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_provider.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "511247133", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:37:26 +0000 (0:00:00.515) 0:00:22.455 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:37:26 +0000 (0:00:00.022) 0:00:22.478 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:37:27 +0000 (0:00:00.036) 0:00:22.515 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:37:27 +0000 (0:00:00.034) 0:00:22.549 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114234.9413044, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "da75506386b152edebde1278129b16b47645cc25", "ctime": 1652114234.9863045, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114234.9863045, "nlink": 1, "path": "/etc/pki/tls/private/mycert_provider.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2900576061", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:37:27 +0000 (0:00:00.384) 0:00:22.934 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:37:27 +0000 (0:00:00.019) 0:00:22.954 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:37:27 +0000 (0:00:00.033) 0:00:22.988 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_provider.crt" ], "delta": "0:00:00.212363", "end": "2022-05-09 16:37:27.776155", "rc": 0, "start": "2022-05-09 16:37:27.563792" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "6F:E4:53:1A:DB:FA:66:FF:29:84:79:72:BA:C8:33:D0:B3:91:0E:05", "critical": false }, "authorityKeyIdentifier": { "value": "BF:CE:A3:68:C8:9F:02:7B:5E:62:64:D2:DB:3D:18:E2:CD:B4:E5:35", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A4:83:B4:5E:80:6F:F2:77:56:B1:06:59:9E:3B:4A:CA:EC:37:B2:D1:3A:B8:BD:6B:CF:A7:9F:C0:10:8E:21:B9:C2:97:28:99:FE:3F:26:8C:B2:87:8C:B0:B6:27:62:82:0C:0F:95:3F:2E:DB:3E:0D:A8:7A:95:70:C6:E1:40:54:91:FA:0F:C2:3C:98:40:93:C7:08:E0:30:9E:85:E4:E2:96:94:20:2B:30:3C:74:7F:CF:AF:9A:D5:A2:1C:96:AF:98:99:37:96:D0:85:CA:2F:5D:EC:8B:F0:47:95:E5:A4:A1:A1:95:BB:F5:AF:85:20:44:C8:F5:D8:64:7A:EA:A9:B7:1B:18:EF:54:46:EF:E1:52:24:0C:18:3D:9B:03:EF:19:6C:7B:0E:5A:38:53:8F:17:C8:A6:33:D1:44:36:BB:DB:29:32:FD:09:59:12:7F:04:41:47:1F:4B:8D:8C:3B:B1:F2:90:A6:01:2F:F6:A8:DC:42:F7:21:67:8D:36:D0:01:34:9E:A1:2E:45:7F:30:FA:D2:57:94:B4:CD:45:AE:47:5C:F2:C9:68:BD:E7:6A:80:B1:29:9A:E3:6A:F9:C0:62:5D:EC:C1:EE:E2:D8:37:28:5A:C2:35:F5:3D:D9:03:31:51:BC:C4:CC:B3:41:C1:2E:8A:81:DB:F8:1C:4B:BF" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:37:14", "not_valid_before": "2022-05-09 16:37:14" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:37:28 +0000 (0:00:00.736) 0:00:23.724 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "BF:CE:A3:68:C8:9F:02:7B:5E:62:64:D2:DB:3D:18:E2:CD:B4:E5:35" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "6F:E4:53:1A:DB:FA:66:FF:29:84:79:72:BA:C8:33:D0:B3:91:0E:05" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A4:83:B4:5E:80:6F:F2:77:56:B1:06:59:9E:3B:4A:CA:EC:37:B2:D1:3A:B8:BD:6B:CF:A7:9F:C0:10:8E:21:B9:C2:97:28:99:FE:3F:26:8C:B2:87:8C:B0:B6:27:62:82:0C:0F:95:3F:2E:DB:3E:0D:A8:7A:95:70:C6:E1:40:54:91:FA:0F:C2:3C:98:40:93:C7:08:E0:30:9E:85:E4:E2:96:94:20:2B:30:3C:74:7F:CF:AF:9A:D5:A2:1C:96:AF:98:99:37:96:D0:85:CA:2F:5D:EC:8B:F0:47:95:E5:A4:A1:A1:95:BB:F5:AF:85:20:44:C8:F5:D8:64:7A:EA:A9:B7:1B:18:EF:54:46:EF:E1:52:24:0C:18:3D:9B:03:EF:19:6C:7B:0E:5A:38:53:8F:17:C8:A6:33:D1:44:36:BB:DB:29:32:FD:09:59:12:7F:04:41:47:1F:4B:8D:8C:3B:B1:F2:90:A6:01:2F:F6:A8:DC:42:F7:21:67:8D:36:D0:01:34:9E:A1:2E:45:7F:30:FA:D2:57:94:B4:CD:45:AE:47:5C:F2:C9:68:BD:E7:6A:80:B1:29:9A:E3:6A:F9:C0:62:5D:EC:C1:EE:E2:D8:37:28:5A:C2:35:F5:3D:D9:03:31:51:BC:C4:CC:B3:41:C1:2E:8A:81:DB:F8:1C:4B:BF" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:37:14", "not_valid_before": "2022-05-09 16:37:14" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:37:28 +0000 (0:00:00.035) 0:00:23.760 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:37:28 +0000 (0:00:00.036) 0:00:23.797 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:37:28 +0000 (0:00:00.022) 0:00:23.820 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:37:28 +0000 (0:00:00.071) 0:00:23.891 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:37:28 +0000 (0:00:00.036) 0:00:23.928 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:37:28 +0000 (0:00:00.036) 0:00:23.964 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_provider.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.051521", "end": "2022-05-09 16:37:28.425178", "rc": 0, "start": "2022-05-09 16:37:28.373657" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:37:28 +0000 (0:00:00.410) 0:00:24.375 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:37:28 +0000 (0:00:00.044) 0:00:24.419 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.92s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.43s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.93s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Install certreader ------------------------------------------------------ 2.83s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.27s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmpw536d1ja/tests/certificate/tests_provider.yml:2 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.03s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.96s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpw536d1ja/tests/certificate/tests_provider.yml:13 ---------------------- Parse certificate ------------------------------------------------------- 0.74s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.57s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.53s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.42s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve auto-renew flag ------------------------------------------------ 0.41s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify key size --------------------------------------------------------- 0.07s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:2 Monday 09 May 2022 16:37:43 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:37:44 +0000 (0:00:01.131) 0:00:01.142 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:37:44 +0000 (0:00:00.021) 0:00:01.164 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:37:44 +0000 (0:00:00.513) 0:00:01.678 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:37:44 +0000 (0:00:00.037) 0:00:01.715 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:37:47 +0000 (0:00:02.705) 0:00:04.421 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:37:50 +0000 (0:00:03.199) 0:00:07.620 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:37:51 +0000 (0:00:00.523) 0:00:08.144 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:37:51 +0000 (0:00:00.393) 0:00:08.538 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target network.target dbus.socket systemd-journald.socket dbus-broker.service sysinit.target system.slice basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:37:52 +0000 (0:00:01.039) 0:00:09.577 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_run_hooks', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_run_hooks", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n" } } MSG: Certificate requested (new). Pre/Post run hooks updated. META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:17 Monday 09 May 2022 16:37:53 +0000 (0:00:00.957) 0:00:10.534 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:31 Monday 09 May 2022 16:37:54 +0000 (0:00:00.755) 0:00:11.290 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_run_hooks.crt', 'key_path': '/etc/pki/tls/private/mycert_run_hooks.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:37:54 +0000 (0:00:00.033) 0:00:11.324 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:37:54 +0000 (0:00:00.016) 0:00:11.341 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:37:56 +0000 (0:00:01.984) 0:00:13.325 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:38:01 +0000 (0:00:04.990) 0:00:18.316 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 46.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 15.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 26.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 99.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 24.2 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:38:04 +0000 (0:00:02.926) 0:00:21.243 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114272.319079, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "602f5b2a740091c2c022497c10708cafbb7bbee9", "ctime": 1652114272.316079, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137735, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114272.316079, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_run_hooks.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2368575678", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:38:04 +0000 (0:00:00.523) 0:00:21.767 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:38:04 +0000 (0:00:00.024) 0:00:21.791 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:38:04 +0000 (0:00:00.038) 0:00:21.830 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:38:04 +0000 (0:00:00.035) 0:00:21.866 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114272.2690787, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d0dfb4fa82d757f051799d62cfa3031e9bdfc30a", "ctime": 1652114272.316079, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137733, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114272.316079, "nlink": 1, "path": "/etc/pki/tls/private/mycert_run_hooks.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "335007331", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:38:05 +0000 (0:00:00.370) 0:00:22.236 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:38:05 +0000 (0:00:00.022) 0:00:22.259 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:38:05 +0000 (0:00:00.038) 0:00:22.298 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_run_hooks.crt" ], "delta": "0:00:00.205664", "end": "2022-05-09 16:38:04.948116", "rc": 0, "start": "2022-05-09 16:38:04.742452" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "0C:D3:3C:5A:22:DA:01:D0:DF:5D:B9:C6:DF:6D:88:9E:C2:3A:21:EB", "critical": false }, "authorityKeyIdentifier": { "value": "A2:09:BE:20:FE:90:05:A9:5B:46:3C:03:14:1F:5D:39:71:7F:A1:7A", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "40:B2:BC:D7:AC:37:82:5B:A1:7C:FE:A0:39:76:03:A7:4B:B9:7C:7A:FA:3F:4E:FE:A5:2B:15:BD:4A:F0:72:E3:CE:9C:2C:D0:4A:C3:E2:90:50:2E:3A:83:D3:99:E7:99:C0:AA:21:39:7A:0C:78:7C:75:3A:C4:7C:B8:48:F3:5F:DC:15:CE:31:BA:F1:11:B7:63:16:55:30:29:4A:0C:02:DA:08:DB:4B:CF:81:FF:B1:DA:C1:70:8E:C0:1F:7F:40:29:B0:DF:FE:49:F5:60:0E:59:4E:B9:27:D6:88:8C:77:49:89:90:73:20:C4:04:DB:32:F5:B2:1C:D2:E0:EC:82:A5:D0:D8:00:9A:19:EB:36:A3:BA:A5:C0:CE:14:DB:2B:76:59:67:50:B9:CB:45:83:47:0F:28:63:D1:42:9C:56:DC:BD:AE:3B:B2:05:47:66:E2:D0:51:8C:28:C6:E9:F8:26:1C:E5:29:85:4E:E0:A7:FB:A9:BA:13:DE:A7:B4:93:82:03:F1:E6:61:3B:32:23:99:65:4D:9F:95:0D:AF:A3:08:23:C9:C8:DF:4F:F8:9C:EA:BF:13:C6:B4:6F:FD:7A:B4:DF:D3:CD:AA:B6:E2:5F:0F:7E:2B:99:90:45:6E:75:91:CD:6F:72:B2:BC:C0:27:F3:6D:C5:82:03:24:66:96" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:37:51", "not_valid_before": "2022-05-09 16:37:52" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:38:06 +0000 (0:00:00.690) 0:00:22.988 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "A2:09:BE:20:FE:90:05:A9:5B:46:3C:03:14:1F:5D:39:71:7F:A1:7A" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "0C:D3:3C:5A:22:DA:01:D0:DF:5D:B9:C6:DF:6D:88:9E:C2:3A:21:EB" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "40:B2:BC:D7:AC:37:82:5B:A1:7C:FE:A0:39:76:03:A7:4B:B9:7C:7A:FA:3F:4E:FE:A5:2B:15:BD:4A:F0:72:E3:CE:9C:2C:D0:4A:C3:E2:90:50:2E:3A:83:D3:99:E7:99:C0:AA:21:39:7A:0C:78:7C:75:3A:C4:7C:B8:48:F3:5F:DC:15:CE:31:BA:F1:11:B7:63:16:55:30:29:4A:0C:02:DA:08:DB:4B:CF:81:FF:B1:DA:C1:70:8E:C0:1F:7F:40:29:B0:DF:FE:49:F5:60:0E:59:4E:B9:27:D6:88:8C:77:49:89:90:73:20:C4:04:DB:32:F5:B2:1C:D2:E0:EC:82:A5:D0:D8:00:9A:19:EB:36:A3:BA:A5:C0:CE:14:DB:2B:76:59:67:50:B9:CB:45:83:47:0F:28:63:D1:42:9C:56:DC:BD:AE:3B:B2:05:47:66:E2:D0:51:8C:28:C6:E9:F8:26:1C:E5:29:85:4E:E0:A7:FB:A9:BA:13:DE:A7:B4:93:82:03:F1:E6:61:3B:32:23:99:65:4D:9F:95:0D:AF:A3:08:23:C9:C8:DF:4F:F8:9C:EA:BF:13:C6:B4:6F:FD:7A:B4:DF:D3:CD:AA:B6:E2:5F:0F:7E:2B:99:90:45:6E:75:91:CD:6F:72:B2:BC:C0:27:F3:6D:C5:82:03:24:66:96" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 16:37:51", "not_valid_before": "2022-05-09 16:37:52" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:38:06 +0000 (0:00:00.034) 0:00:23.022 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:38:06 +0000 (0:00:00.035) 0:00:23.058 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:38:06 +0000 (0:00:00.022) 0:00:23.081 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:38:06 +0000 (0:00:00.035) 0:00:23.116 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:38:06 +0000 (0:00:00.034) 0:00:23.150 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:38:06 +0000 (0:00:00.032) 0:00:23.183 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_run_hooks.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.049713", "end": "2022-05-09 16:38:05.556859", "rc": 0, "start": "2022-05-09 16:38:05.507146" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:38:06 +0000 (0:00:00.411) 0:00:23.595 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:39 Monday 09 May 2022 16:38:06 +0000 (0:00:00.036) 0:00:23.631 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114272.319079, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "602f5b2a740091c2c022497c10708cafbb7bbee9", "ctime": 1652114272.316079, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137735, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114272.316079, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_run_hooks.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2368575678", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:43 Monday 09 May 2022 16:38:07 +0000 (0:00:00.369) 0:00:24.001 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114272.3140788, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1652114272.3140788, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137734, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1652114272.3140788, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "1647141296", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:47 Monday 09 May 2022 16:38:07 +0000 (0:00:00.372) 0:00:24.373 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114272.3500788, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1652114272.3500788, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137736, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1652114272.3500788, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "1595801172", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Assert file created before cert] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:51 Monday 09 May 2022 16:38:07 +0000 (0:00:00.364) 0:00:24.737 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Assert file created after cert] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:58 Monday 09 May 2022 16:38:07 +0000 (0:00:00.026) 0:00:24.764 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Get the ansible_managed comment in pre/post-scripts] ********************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:66 Monday 09 May 2022 16:38:07 +0000 (0:00:00.024) 0:00:24.788 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "find", "/etc/certmonger/pre-scripts", "/etc/certmonger/post-scripts", "-type", "f", "-exec", "grep", "^# Ansible managed", "{}", ";" ], "delta": "0:00:00.007663", "end": "2022-05-09 16:38:07.110566", "rc": 0, "start": "2022-05-09 16:38:07.102903" } STDOUT: # Ansible managed # Ansible managed TASK [Verify the ansible_managed comment in pre/post-scripts] ****************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:72 Monday 09 May 2022 16:38:08 +0000 (0:00:00.356) 0:00:25.145 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=38 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:38:08 +0000 (0:00:00.037) 0:00:25.182 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.99s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.20s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install certreader ------------------------------------------------------ 2.93s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.71s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 1.98s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.13s /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:2 ---------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.96s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:17 --------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.51s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.41s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Get pre-run file timestamp ---------------------------------------------- 0.37s /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:43 --------------------- Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Get certificate timestamp ----------------------------------------------- 0.37s /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:39 --------------------- Get post-run file timestamp --------------------------------------------- 0.36s /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:47 --------------------- Get the ansible_managed comment in pre/post-scripts --------------------- 0.36s /tmp/tmpw536d1ja/tests/certificate/tests_run_hooks.yml:66 --------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_subject.yml:2 Monday 09 May 2022 16:38:22 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:38:23 +0000 (0:00:01.184) 0:00:01.196 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:38:23 +0000 (0:00:00.022) 0:00:01.218 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:38:24 +0000 (0:00:00.556) 0:00:01.774 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:38:24 +0000 (0:00:00.044) 0:00:01.818 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:38:27 +0000 (0:00:02.849) 0:00:04.667 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:38:30 +0000 (0:00:03.571) 0:00:08.239 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:38:31 +0000 (0:00:00.539) 0:00:08.779 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:38:31 +0000 (0:00:00.400) 0:00:09.180 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice basic.target systemd-journald.socket syslog.target dbus.socket sysinit.target dbus-broker.service network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:38:32 +0000 (0:00:01.073) 0:00:10.253 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_subject', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert_subject", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_subject.yml:19 Monday 09 May 2022 16:38:33 +0000 (0:00:00.945) 0:00:11.198 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_subject.yml:48 Monday 09 May 2022 16:38:34 +0000 (0:00:00.745) 0:00:11.943 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_subject.crt', 'key_path': '/etc/pki/tls/private/mycert_subject.key', 'subject': [{'name': 'countryName', 'oid': '2.5.4.6', 'value': 'US'}, {'name': 'stateOrProvinceName', 'oid': '2.5.4.8', 'value': 'NC'}, {'name': 'localityName', 'oid': '2.5.4.7', 'value': 'Raleigh'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'Red Hat'}, {'name': 'organizationalUnitName', 'oid': '2.5.4.11', 'value': 'Linux'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': 'Some other common name'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:38:34 +0000 (0:00:00.034) 0:00:11.978 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:38:34 +0000 (0:00:00.017) 0:00:11.996 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:38:36 +0000 (0:00:01.997) 0:00:13.993 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:38:41 +0000 (0:00:04.964) 0:00:18.958 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 80.0 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 22.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 102.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 31.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:38:44 +0000 (0:00:02.794) 0:00:21.753 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114313.0436554, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b055dc24e193a35d04e70830a7b1459eb5e68759", "ctime": 1652114313.0406554, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114313.0406554, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_subject.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1407, "uid": 0, "version": "479008592", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:38:44 +0000 (0:00:00.517) 0:00:22.270 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:38:44 +0000 (0:00:00.022) 0:00:22.293 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:38:44 +0000 (0:00:00.038) 0:00:22.331 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:38:44 +0000 (0:00:00.034) 0:00:22.365 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114312.9986556, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5757e89db0102f475b42482ff0e2ce94f1ad9157", "ctime": 1652114313.0406554, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114313.0406554, "nlink": 1, "path": "/etc/pki/tls/private/mycert_subject.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1399590459", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:38:45 +0000 (0:00:00.383) 0:00:22.749 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:38:45 +0000 (0:00:00.022) 0:00:22.772 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:38:45 +0000 (0:00:00.037) 0:00:22.809 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_subject.crt" ], "delta": "0:00:00.198305", "end": "2022-05-09 16:38:45.460406", "rc": 0, "start": "2022-05-09 16:38:45.262101" } STDOUT: { "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "DB:DD:33:27:90:1F:D1:24:78:59:D9:91:10:C7:B9:BE:60:ED:D8:9A", "critical": false }, "authorityKeyIdentifier": { "value": "A9:93:7C:56:48:C5:98:9E:DC:AB:86:9B:A9:2B:A8:94:74:B8:C5:E5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "78:C3:02:FD:CF:79:2B:B8:20:1E:EA:E6:A6:35:FA:92:24:A8:35:36:E3:1D:C9:A9:78:D1:12:DC:31:CC:36:2A:F0:57:A8:35:B1:F2:24:E9:65:1F:03:E4:B8:6A:FC:77:15:D3:E4:30:00:1D:AD:70:9E:EB:91:F5:5F:56:19:0C:C6:9D:C0:5A:7F:C1:C3:CD:4C:9D:09:FA:51:6A:ED:44:73:1D:7F:2B:85:4A:A0:0E:1B:07:4A:70:B7:6D:A8:95:03:AF:93:94:4B:0A:B6:2E:B8:A2:62:4D:2A:61:24:66:FD:68:12:24:A2:82:3A:1F:B0:2D:0E:EB:C3:BB:09:49:09:DF:AF:E5:77:9D:B9:3F:B0:E2:6D:6B:77:A4:68:CA:75:55:99:18:3B:B6:4C:01:05:9D:43:97:19:65:F2:F6:B4:44:C2:36:A3:7E:B9:6A:93:3C:04:E0:84:46:D3:11:FC:B6:90:32:69:22:14:6F:01:11:0B:B9:DE:56:36:CB:95:61:E9:CE:CE:A4:3F:FB:E3:0B:EB:B0:32:F0:88:85:73:74:4C:39:D8:F1:4E:8A:E5:EE:A1:0E:99:3E:2D:CA:A1:3B:85:43:50:0A:91:74:8A:68:07:73:B8:06:31:5E:D4:0D:8A:08:1C:9A:CA:42:87:08:FF:C9:0B:5A:97:A7" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:38:32", "not_valid_before": "2022-05-09 16:38:33" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:38:46 +0000 (0:00:00.679) 0:00:23.489 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "A9:93:7C:56:48:C5:98:9E:DC:AB:86:9B:A9:2B:A8:94:74:B8:C5:E5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "DB:DD:33:27:90:1F:D1:24:78:59:D9:91:10:C7:B9:BE:60:ED:D8:9A" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "78:C3:02:FD:CF:79:2B:B8:20:1E:EA:E6:A6:35:FA:92:24:A8:35:36:E3:1D:C9:A9:78:D1:12:DC:31:CC:36:2A:F0:57:A8:35:B1:F2:24:E9:65:1F:03:E4:B8:6A:FC:77:15:D3:E4:30:00:1D:AD:70:9E:EB:91:F5:5F:56:19:0C:C6:9D:C0:5A:7F:C1:C3:CD:4C:9D:09:FA:51:6A:ED:44:73:1D:7F:2B:85:4A:A0:0E:1B:07:4A:70:B7:6D:A8:95:03:AF:93:94:4B:0A:B6:2E:B8:A2:62:4D:2A:61:24:66:FD:68:12:24:A2:82:3A:1F:B0:2D:0E:EB:C3:BB:09:49:09:DF:AF:E5:77:9D:B9:3F:B0:E2:6D:6B:77:A4:68:CA:75:55:99:18:3B:B6:4C:01:05:9D:43:97:19:65:F2:F6:B4:44:C2:36:A3:7E:B9:6A:93:3C:04:E0:84:46:D3:11:FC:B6:90:32:69:22:14:6F:01:11:0B:B9:DE:56:36:CB:95:61:E9:CE:CE:A4:3F:FB:E3:0B:EB:B0:32:F0:88:85:73:74:4C:39:D8:F1:4E:8A:E5:EE:A1:0E:99:3E:2D:CA:A1:3B:85:43:50:0A:91:74:8A:68:07:73:B8:06:31:5E:D4:0D:8A:08:1C:9A:CA:42:87:08:FF:C9:0B:5A:97:A7" }, "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "validity": { "not_valid_after": "2023-05-09 16:38:32", "not_valid_before": "2022-05-09 16:38:33" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:38:46 +0000 (0:00:00.036) 0:00:23.525 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:38:46 +0000 (0:00:00.037) 0:00:23.563 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:38:46 +0000 (0:00:00.021) 0:00:23.584 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:38:46 +0000 (0:00:00.036) 0:00:23.620 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:38:46 +0000 (0:00:00.036) 0:00:23.657 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:38:46 +0000 (0:00:00.036) 0:00:23.693 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_subject.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041819", "end": "2022-05-09 16:38:46.084634", "rc": 0, "start": "2022-05-09 16:38:46.042815" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:38:46 +0000 (0:00:00.428) 0:00:24.122 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:38:46 +0000 (0:00:00.046) 0:00:24.168 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.96s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.57s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.85s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Install certreader ------------------------------------------------------ 2.79s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.00s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.18s /tmp/tmpw536d1ja/tests/certificate/tests_subject.yml:2 ------------------------ fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.07s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.95s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpw536d1ja/tests/certificate/tests_subject.yml:19 ----------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.56s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.43s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.05s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmpw536d1ja/tests/certificate/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_subject_complex.yml:2 Monday 09 May 2022 16:38:58 +0000 (0:00:00.012) 0:00:00.012 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:38:59 +0000 (0:00:01.152) 0:00:01.164 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:38:59 +0000 (0:00:00.020) 0:00:01.184 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:38:59 +0000 (0:00:00.507) 0:00:01.692 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:38:59 +0000 (0:00:00.039) 0:00:01.731 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:39:02 +0000 (0:00:02.659) 0:00:04.390 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-5.fc34.x86_64", "Installed: nss-3.77.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nss-softokn-3.77.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.77.0-1.fc34.x86_64", "Installed: nss-sysinit-3.77.0-1.fc34.x86_64", "Installed: nss-util-3.77.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:39:05 +0000 (0:00:03.260) 0:00:07.651 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:39:06 +0000 (0:00:00.548) 0:00:08.199 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:39:06 +0000 (0:00:00.415) 0:00:08.614 ************ changed: [/cache/fedora-34.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target sysinit.target systemd-journald.socket system.slice syslog.target network.target dbus-broker.service dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15550", "LimitNPROCSoft": "15550", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15550", "LimitSIGPENDINGSoft": "15550", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4665", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:39:07 +0000 (0:00:01.022) 0:00:09.636 ************ changed: [/cache/fedora-34.qcow2.snap] => (item={'name': 'mycert_subject_complex', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert_subject_complex" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_subject_complex.yml:16 Monday 09 May 2022 16:39:08 +0000 (0:00:00.949) 0:00:10.586 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_subject_complex.yml:36 Monday 09 May 2022 16:39:09 +0000 (0:00:00.758) 0:00:11.344 ************ included: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_subject_complex.crt', 'key_path': '/etc/pki/tls/private/mycert_subject_complex.key', 'subject': [{'name': 'emailAddress', 'oid': '1.2.840.113549.1.9.1', 'value': 'admin@example.com'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': '# \\\\Every"thing+that,ne;edsing\\0 '}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 16:39:09 +0000 (0:00:00.037) 0:00:11.382 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 16:39:09 +0000 (0:00:00.022) 0:00:11.404 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 16:39:11 +0000 (0:00:02.052) 0:00:13.457 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 16:39:16 +0000 (0:00:04.887) 0:00:18.344 ************ changed: [/cache/fedora-34.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 85.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 22.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 98.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 14.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 16:39:19 +0000 (0:00:02.892) 0:00:21.237 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114347.95441, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a034179560f6d50bd578d8124fe85af8460e695c", "ctime": 1652114347.95141, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114347.95141, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_subject_complex.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1375, "uid": 0, "version": "2922686381", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 16:39:19 +0000 (0:00:00.504) 0:00:21.742 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 16:39:20 +0000 (0:00:00.024) 0:00:21.766 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 16:39:20 +0000 (0:00:00.036) 0:00:21.803 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 16:39:20 +0000 (0:00:00.032) 0:00:21.835 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "stat": { "atime": 1652114347.90641, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "22bbf7c3ad9b0c26d21fe856d647dbd7d756ca69", "ctime": 1652114347.95141, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652114347.95141, "nlink": 1, "path": "/etc/pki/tls/private/mycert_subject_complex.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4103075783", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 16:39:20 +0000 (0:00:00.339) 0:00:22.174 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 16:39:20 +0000 (0:00:00.023) 0:00:22.198 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 16:39:20 +0000 (0:00:00.039) 0:00:22.237 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_subject_complex.crt" ], "delta": "0:00:00.197253", "end": "2022-05-09 16:39:20.427956", "rc": 0, "start": "2022-05-09 16:39:20.230703" } STDOUT: { "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "43:16:FD:AC:CC:A0:D2:FB:86:12:01:B0:E7:A6:88:2E:E5:90:3D:54", "critical": false }, "authorityKeyIdentifier": { "value": "4F:5B:3F:39:B9:20:52:19:C2:A9:03:81:7E:A8:D8:E0:00:DE:6E:CF", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "36:FE:25:7F:F6:C2:83:7E:A8:1D:CF:D3:B6:04:93:55:C1:BB:A0:59:1F:B7:98:11:B9:A0:14:2E:49:39:E8:EE:84:07:6A:E9:19:D1:9A:1D:C8:42:AE:AE:9B:C8:5A:57:B8:14:4C:60:B2:62:06:24:EF:08:81:E4:A3:29:D7:C3:B0:85:C2:41:2D:94:64:94:0A:09:96:E8:8E:28:03:3E:C2:BE:F2:65:C6:43:D9:7F:EA:1F:8D:EF:BB:D6:50:74:FE:3C:4C:87:B0:9C:BE:83:2D:18:53:7E:2F:1E:4D:33:06:94:83:46:87:D5:D2:29:A0:CD:12:93:BD:05:3A:CA:60:17:66:14:2A:60:2F:F4:1B:36:61:A7:B7:A0:87:06:85:4C:75:A5:02:6B:44:8E:61:75:65:9F:1E:81:61:C5:E7:39:97:4E:1D:F9:F8:D3:39:F2:44:1C:52:1A:4B:6E:1E:04:34:A6:A6:0F:F8:A3:C3:7C:B4:22:83:59:78:1C:81:89:5A:3F:75:9A:88:F1:43:A3:A3:5F:92:D0:2A:7E:54:31:C6:77:A1:8B:4E:9D:E3:8E:E1:BE:3D:48:00:CC:46:75:0F:3F:B0:E3:86:B2:8E:E4:08:F4:BA:61:FA:ED:AE:0B:81:DF:60:63:72:2A:6A:43:44:06:3B:E4:DA:07" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 16:39:07", "not_valid_before": "2022-05-09 16:39:07" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 16:39:21 +0000 (0:00:00.688) 0:00:22.925 ************ ok: [/cache/fedora-34.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "4F:5B:3F:39:B9:20:52:19:C2:A9:03:81:7E:A8:D8:E0:00:DE:6E:CF" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "43:16:FD:AC:CC:A0:D2:FB:86:12:01:B0:E7:A6:88:2E:E5:90:3D:54" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "36:FE:25:7F:F6:C2:83:7E:A8:1D:CF:D3:B6:04:93:55:C1:BB:A0:59:1F:B7:98:11:B9:A0:14:2E:49:39:E8:EE:84:07:6A:E9:19:D1:9A:1D:C8:42:AE:AE:9B:C8:5A:57:B8:14:4C:60:B2:62:06:24:EF:08:81:E4:A3:29:D7:C3:B0:85:C2:41:2D:94:64:94:0A:09:96:E8:8E:28:03:3E:C2:BE:F2:65:C6:43:D9:7F:EA:1F:8D:EF:BB:D6:50:74:FE:3C:4C:87:B0:9C:BE:83:2D:18:53:7E:2F:1E:4D:33:06:94:83:46:87:D5:D2:29:A0:CD:12:93:BD:05:3A:CA:60:17:66:14:2A:60:2F:F4:1B:36:61:A7:B7:A0:87:06:85:4C:75:A5:02:6B:44:8E:61:75:65:9F:1E:81:61:C5:E7:39:97:4E:1D:F9:F8:D3:39:F2:44:1C:52:1A:4B:6E:1E:04:34:A6:A6:0F:F8:A3:C3:7C:B4:22:83:59:78:1C:81:89:5A:3F:75:9A:88:F1:43:A3:A3:5F:92:D0:2A:7E:54:31:C6:77:A1:8B:4E:9D:E3:8E:E1:BE:3D:48:00:CC:46:75:0F:3F:B0:E3:86:B2:8E:E4:08:F4:BA:61:FA:ED:AE:0B:81:DF:60:63:72:2A:6A:43:44:06:3B:E4:DA:07" }, "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "validity": { "not_valid_after": "2023-05-09 16:39:07", "not_valid_before": "2022-05-09 16:39:07" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 16:39:21 +0000 (0:00:00.039) 0:00:22.965 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 16:39:21 +0000 (0:00:00.038) 0:00:23.003 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 16:39:21 +0000 (0:00:00.024) 0:00:23.027 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 16:39:21 +0000 (0:00:00.038) 0:00:23.065 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 16:39:21 +0000 (0:00:00.037) 0:00:23.103 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 16:39:21 +0000 (0:00:00.035) 0:00:23.139 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_subject_complex.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040118", "end": "2022-05-09 16:39:21.036595", "rc": 0, "start": "2022-05-09 16:39:20.996477" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 16:39:21 +0000 (0:00:00.391) 0:00:23.531 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 16:39:21 +0000 (0:00:00.043) 0:00:23.574 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.89s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.26s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install certreader ------------------------------------------------------ 2.89s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.66s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 2.05s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmpw536d1ja/tests/certificate/tests_subject_complex.yml:2 ---------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.95s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpw536d1ja/tests/certificate/tests_subject_complex.yml:16 --------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.51s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.42s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.34s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:141 Load certificate YAML to cert_issued variable --------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:79 - Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpw536d1ja/tests/certificate/tasks/assert_certificate_parameters.yml:64 - fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpjv4cc_10 executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmpw536d1ja/tests/certificate/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpw536d1ja/tests/certificate/tests_wrong_provider.yml:2 Monday 09 May 2022 16:39:33 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/fedora-34.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 16:39:34 +0000 (0:00:01.132) 0:00:01.142 ************ included: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-34.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:39:34 +0000 (0:00:00.023) 0:00:01.166 ************ ok: [/cache/fedora-34.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 16:39:35 +0000 (0:00:00.518) 0:00:01.684 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-34.qcow2.snap] => (item=Fedora_34.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_34.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 16:39:35 +0000 (0:00:00.040) 0:00:01.724 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 16:39:37 +0000 (0:00:02.735) 0:00:04.460 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 16:39:37 +0000 (0:00:00.044) 0:00:04.504 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 16:39:37 +0000 (0:00:00.044) 0:00:04.549 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 16:39:37 +0000 (0:00:00.040) 0:00:04.589 ************ skipping: [/cache/fedora-34.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 16:39:38 +0000 (0:00:00.036) 0:00:04.625 ************ failed: [/cache/fedora-34.qcow2.snap] (item={'name': 'mycert_wrong_provider', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_wrong_provider", "provider": "fake-provider" } } MSG: Chosen provider 'fake-provider' is not available. TASK [assert...] *************************************************************** task path: /tmp/tmpw536d1ja/tests/certificate/tests_wrong_provider.yml:22 Monday 09 May 2022 16:39:38 +0000 (0:00:00.577) 0:00:05.203 ************ ok: [/cache/fedora-34.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2.snap : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0 Monday 09 May 2022 16:39:38 +0000 (0:00:00.027) 0:00:05.230 ************ =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.74s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.13s /tmp/tmpw536d1ja/tests/certificate/tests_wrong_provider.yml:2 ----------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.58s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.52s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.04s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 assert... --------------------------------------------------------------- 0.03s /tmp/tmpw536d1ja/tests/certificate/tests_wrong_provider.yml:22 ---------------- fedora.linux_system_roles.certificate : Set version specific variables --- 0.02s /tmp/tmpjv4cc_10/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2