+ cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_basic_ipa.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 statically imported: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmp_19esxv5/tests/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_basic_ipa.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__is_beaker_env": false}, "changed": false} TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml:6 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml:12 ok: [/cache/fedora-32.qcow2] => {"after": "6c7f433135795d3ebec2ce26d6ca398301792588", "before": "6c7f433135795d3ebec2ce26d6ca398301792588", "changed": false, "remote_url_changed": false} TASK [Create role symlinks] **************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml:21 changed: [/cache/fedora-32.qcow2] => (item=ipaserver) => {"ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmp_19esxv5/tests/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0} changed: [/cache/fedora-32.qcow2] => (item=ipaclient) => {"ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmp_19esxv5/tests/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0} TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml:33 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Set hostname] ************************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml:38 changed: [/cache/fedora-32.qcow2] => {"ansible_facts": {"ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local"}, "changed": true, "name": "ipaserver.test.local"} TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml:42 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64"]} TASK [include_role : ipaserver] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/setup_ipa.yml:50 TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 ok: [/cache/fedora-32.qcow2] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml) => {"ansible_facts": {"ipaserver_packages": ["freeipa-server", "python3-libselinux"], "ipaserver_packages_adtrust": ["freeipa-server-trust-ad"], "ipaserver_packages_dns": ["freeipa-server-dns"], "ipaserver_packages_firewalld": ["firewalld"]}, "ansible_included_var_files": ["/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml"], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml"} TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:12 included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/fedora-32.qcow2 TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: pkgconf-1.6.3-3.fc32.x86_64", "Installed: perl-Time-Local-2:1.300-2.fc32.noarch", "Installed: cyrus-sasl-plain-2.1.27-4.fc32.x86_64", "Installed: bea-stax-api-1.2.0-20.fc32.noarch", "Installed: perl-IO-Socket-SSL-2.068-1.fc32.noarch", "Installed: pkgconf-m4-1.6.3-3.fc32.noarch", "Installed: pkgconf-pkg-config-1.6.3-3.fc32.x86_64", "Installed: perl-Scalar-List-Utils-3:1.54-440.fc32.x86_64", "Installed: python3-jwcrypto-0.6.0-7.fc32.noarch", "Installed: python3-kdcproxy-0.4.2-3.fc32.noarch", "Installed: jackson-annotations-2.10.5-1.fc32.noarch", "Installed: python3-argcomplete-1.10.0-4.fc32.noarch", "Installed: 389-ds-base-1.4.3.22-1.fc32.x86_64", "Installed: jackson-core-2.10.5-1.fc32.noarch", "Installed: jackson-databind-2.10.5.1-1.fc32.noarch", "Installed: 389-ds-base-libs-1.4.3.22-1.fc32.x86_64", "Installed: jackson-jaxrs-json-provider-2.10.5-1.fc32.noarch", "Installed: jackson-jaxrs-providers-2.10.5-1.fc32.noarch", "Installed: openldap-clients-2.4.47-5.fc32.x86_64", "Installed: perl-IO-Socket-IP-0.39-441.fc32.noarch", "Installed: jackson-module-jaxb-annotations-2.10.5-1.fc32.noarch", "Installed: python3-asn1crypto-1.3.0-2.fc32.noarch", "Installed: jakarta-activation-1.2.1-5.fc32.noarch", "Installed: glassfish-fastinfoset-1.2.15-2.fc32.noarch", "Installed: authselect-1.2.1-1.fc32.x86_64", "Installed: python3-atomicwrites-1.3.0-7.fc32.noarch", "Installed: authselect-libs-1.2.1-1.fc32.x86_64", "Installed: python3-augeas-0.5.0-19.fc32.noarch", "Installed: java-1.8.0-openjdk-headless-1:1.8.0.292.b10-0.fc32.x86_64", "Installed: python3-ecdsa-0.15-1.fc32.noarch", "Installed: perl-URI-1.76-6.fc32.noarch", "Installed: httpcomponents-client-4.5.10-2.fc32.noarch", "Installed: xml-commons-apis-1.4.01-29.fc32.noarch", "Installed: libwbclient-2:4.12.14-0.fc32.x86_64", "Installed: httpcomponents-core-4.4.12-2.fc32.noarch", "Installed: glassfish-jaxb-api-2.2.12-14.fc32.noarch", "Installed: python3-yubico-1.3.3-1.fc32.noarch", "Installed: copy-jdk-configs-3.7-5.fc32.noarch", "Installed: glassfish-jaxb-core-2.2.11-16.fc32.noarch", "Installed: resteasy-atom-provider-3.0.26-6.fc32.noarch", "Installed: resteasy-client-3.0.26-6.fc32.noarch", "Installed: resteasy-core-3.0.26-6.fc32.noarch", "Installed: resteasy-jackson2-provider-3.0.26-6.fc32.noarch", "Installed: tomcat-1:9.0.39-2.fc32.noarch", "Installed: resteasy-jaxb-provider-3.0.26-6.fc32.noarch", "Installed: tomcat-el-3.0-api-1:9.0.39-2.fc32.noarch", "Installed: tomcat-jsp-2.3-api-1:9.0.39-2.fc32.noarch", "Installed: apache-commons-cli-1.4-8.fc32.noarch", "Installed: tomcat-lib-1:9.0.39-2.fc32.noarch", "Installed: python3-pki-10.10.5-5.fc32.noarch", "Installed: python3-pluggy-0.13.1-1.fc32.noarch", "Installed: tomcat-servlet-4.0-api-1:9.0.39-2.fc32.noarch", "Installed: tomcatjss-7.6.1-1.fc32.noarch", "Installed: apache-commons-collections-3.2.2-16.fc32.noarch", "Installed: apache-commons-daemon-1.2.2-2.fc32.x86_64", "Installed: autofs-1:5.1.6-11.fc32.x86_64", "Installed: libipa_hbac-2.4.0-1.fc32.x86_64", "Installed: perl-Unicode-Normalize-1.26-440.fc32.x86_64", "Installed: rpcbind-1.2.5-5.rc1.fc32.1.x86_64", "Installed: perl-Exporter-5.74-2.fc32.noarch", "Installed: apache-commons-io-1:2.6-8.fc32.noarch", "Installed: javapackages-filesystem-5.3.0-9.fc32.noarch", "Installed: perl-Archive-Tar-2.38-1.fc32.noarch", "Installed: python3-py-1.10.0-1.fc32.noarch", "Installed: javapackages-tools-5.3.0-9.fc32.noarch", "Installed: libxslt-1.1.34-4.fc32.x86_64", "Installed: python3-psutil-5.6.7-1.fc32.x86_64", "Installed: perl-Compress-Raw-Bzip2-2.093-2.fc32.x86_64", "Installed: avahi-libs-0.7-24.fc32.x86_64", "Installed: ecj-1:4.16-4.fc32.noarch", "Installed: samba-client-libs-2:4.12.14-0.fc32.x86_64", "Installed: samba-common-2:4.12.14-0.fc32.noarch", "Installed: samba-common-libs-2:4.12.14-0.fc32.x86_64", "Installed: apache-commons-lang-2.6-27.fc32.noarch", "Installed: perl-Compress-Raw-Lzma-2.093-4.fc32.x86_64", "Installed: python3-pycryptodomex-3.9.8-1.fc32.x86_64", "Installed: libjpeg-turbo-2.0.4-3.fc32.x86_64", "Installed: apache-commons-logging-1.2-20.fc32.noarch", "Installed: perl-Compress-Raw-Zlib-2.093-2.fc32.x86_64", "Installed: perl-Net-SSLeay-1.88-5.fc32.x86_64", "Installed: libkadm5-1.18.2-29.fc32.x86_64", "Installed: apache-commons-net-3.6-8.fc32.noarch", "Installed: perl-DB_File-1.855-1.fc32.x86_64", "Installed: perl-Data-Dumper-2.174-444.fc32.x86_64", "Installed: xmlstreambuffer-1.5.4-11.fc32.noarch", "Installed: jboss-annotations-1.2-api-1.0.2-2.fc32.noarch", "Installed: python3-pyasn1-0.4.8-1.fc32.noarch", "Installed: python3-pyasn1-modules-0.4.8-1.fc32.noarch", "Installed: words-3.0-35.fc32.noarch", "Installed: python3-dns-1.16.0-10.fc32.noarch", "Installed: perl-Digest-1.19-1.fc32.noarch", "Installed: perl-Digest-MD5-2.58-1.fc32.x86_64", "Installed: lua-posix-33.3.1-16.fc32.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-10.fc32.noarch", "Installed: perl-Encode-4:3.08-458.fc32.x86_64", "Installed: cups-libs-1:2.3.3op2-4.fc32.x86_64", "Installed: perl-Errno-1.30-461.fc32.x86_64", "Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: jboss-logging-3.4.1-2.fc32.noarch", "Installed: jboss-logging-tools-2.2.0-2.fc32.noarch", "Installed: perl-File-Path-2.17-1.fc32.noarch", "Installed: libev-4.31-2.fc32.x86_64", "Installed: protobuf-c-1.3.2-2.fc32.x86_64", "Installed: js-jquery-3.5.0-2.fc32.noarch", "Installed: perl-Algorithm-Diff-1.1903-15.fc32.noarch", "Installed: perl-Getopt-Long-1:2.52-1.fc32.noarch", "Installed: openssl-perl-1:1.1.1k-1.fc32.x86_64", "Installed: perl-Term-ANSIColor-5.01-2.fc32.noarch", "Installed: perl-Term-Cap-1.17-440.fc32.noarch", "Installed: jss-4.8.1-1.fc32.x86_64", "Installed: perl-IO-1.40-461.fc32.x86_64", "Installed: perl-IO-Zlib-1:1.10-461.fc32.noarch", "Installed: augeas-libs-1.12.0-3.fc32.x86_64", "Installed: apr-1.7.0-3.fc32.x86_64", "Installed: jdeparser-2.0.3-2.fc32.noarch", "Installed: python3-pytest-4.6.11-1.fc32.noarch", "Installed: tzdata-java-2021a-1.fc32.noarch", "Installed: apr-util-1.6.1-12.fc32.x86_64", "Installed: apr-util-bdb-1.6.1-12.fc32.x86_64", "Installed: fontawesome-fonts-4.7.0-8.fc32.noarch", "Installed: libverto-libev-0.3.0-9.fc32.x86_64", "Installed: perl-File-Temp-1:0.230.900-440.fc32.noarch", "Installed: apr-util-openssl-1.6.1-12.fc32.x86_64", "Installed: fedora-logos-httpd-30.0.2-4.fc32.noarch", "Installed: slf4j-1.7.30-2.fc32.noarch", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64", "Installed: slf4j-jdk14-1.7.30-2.fc32.noarch", "Installed: perl-MIME-Base64-3.15-440.fc32.x86_64", "Installed: perl-Mozilla-CA-20200520-1.fc32.noarch", "Installed: perl-constant-1.33-441.fc32.noarch", "Installed: python3-mod_wsgi-4.6.8-2.fc32.x86_64", "Installed: perl-PathTools-3.78-442.fc32.x86_64", "Installed: pki-acme-10.10.5-5.fc32.noarch", "Installed: pki-base-10.10.5-5.fc32.noarch", "Installed: pki-base-java-10.10.5-5.fc32.noarch", "Installed: nss-tools-3.63.0-1.fc32.x86_64", "Installed: pki-ca-10.10.5-5.fc32.noarch", "Installed: python-systemd-doc-234-12.fc32.x86_64", "Installed: lua-5.3.5-8.fc32.x86_64", "Installed: pki-kra-10.10.5-5.fc32.noarch", "Installed: pki-server-10.10.5-5.fc32.noarch", "Installed: pki-symkey-10.10.5-5.fc32.x86_64", "Installed: python3-more-itertools-7.2.0-4.fc32.noarch", "Installed: perl-Pod-Usage-4:2.01-1.fc32.noarch", "Installed: pki-tools-10.10.5-5.fc32.x86_64", "Installed: python3-pyparsing-2.4.7-1.fc32.noarch", "Installed: relaxngDatatype-2011.1-12.fc32.noarch", "Installed: stax-ex-1.7.7-12.fc32.noarch", "Installed: slapi-nis-0.56.5-2.fc32.x86_64", "Installed: glassfish-jaxb-runtime-2.2.11-16.fc32.noarch", "Installed: perl-Socket-4:2.031-1.fc32.x86_64", "Installed: python3-systemd-234-12.fc32.x86_64", "Installed: gssproxy-0.8.2-8.fc32.x86_64", "Installed: glassfish-jaxb-txw2-2.2.11-16.fc32.noarch", "Installed: publicsuffix-list-20190417-3.fc32.noarch", "Installed: libicu-65.1-2.fc32.x86_64", "Installed: httpd-2.4.46-1.fc32.x86_64", "Installed: mod_auth_gssapi-1.6.1-8.fc32.x86_64", "Installed: httpd-filesystem-2.4.46-1.fc32.noarch", "Installed: python3-ipaclient-4.9.3-1.fc32.noarch", "Installed: httpd-tools-2.4.46-1.fc32.x86_64", "Installed: python3-ipalib-4.9.3-1.fc32.noarch", "Installed: python3-ipaserver-4.9.3-1.fc32.noarch", "Installed: bind-libs-32:9.11.28-1.fc32.x86_64", "Installed: bind-libs-lite-32:9.11.28-1.fc32.x86_64", "Installed: bind-license-32:9.11.28-1.fc32.noarch", "Installed: perl-parent-1:0.238-1.fc32.noarch", "Installed: perl-podlators-1:4.14-2.fc32.noarch", "Installed: python3-gssapi-1.6.1-5.fc32.x86_64", "Installed: bind-utils-32:9.11.28-1.fc32.x86_64", "Installed: mod_lookup_identity-1.0.0-11.fc32.x86_64", "Installed: python3-netaddr-0.7.19-21.fc32.noarch", "Installed: python3-netifaces-0.10.6-10.fc32.x86_64", "Installed: krb5-pkinit-1.18.2-29.fc32.x86_64", "Installed: krb5-server-1.18.2-29.fc32.x86_64", "Installed: perl-interpreter-4:5.30.3-461.fc32.x86_64", "Installed: krb5-workstation-1.18.2-29.fc32.x86_64", "Installed: perl-libnet-3.13-1.fc32.noarch", "Installed: jna-5.4.0-2.fc32.x86_64", "Installed: perl-libs-4:5.30.3-461.fc32.x86_64", "Installed: perl-threads-1:2.22-442.fc32.x86_64", "Installed: perl-threads-shared-1.60-441.fc32.x86_64", "Installed: perl-macros-4:5.30.3-461.fc32.noarch", "Installed: nfs-utils-1:2.5.3-1.fc32.x86_64", "Installed: lksctp-tools-1.0.18-4.fc32.x86_64", "Installed: keyutils-1.6.1-1.fc32.x86_64", "Installed: softhsm-2.6.1-3.fc32.x86_64", "Installed: python3-ldap-3.3.1-1.fc32.x86_64", "Installed: python3-sss-2.4.0-1.fc32.x86_64", "Installed: python3-sss-murmur-2.4.0-1.fc32.x86_64", "Installed: python3-sssdconfig-2.4.0-1.fc32.noarch", "Installed: python3-lib389-1.4.3.22-1.fc32.noarch", "Installed: freeipa-client-4.9.3-1.fc32.x86_64", "Installed: freeipa-client-common-4.9.3-1.fc32.noarch", "Installed: freeipa-common-4.9.3-1.fc32.noarch", "Installed: python3-libipa_hbac-2.4.0-1.fc32.x86_64", "Installed: policycoreutils-python-utils-3.0-2.fc32.noarch", "Installed: freeipa-healthcheck-core-0.8-2.fc32.noarch", "Installed: perl-Pod-Escapes-1:1.07-440.fc32.noarch", "Installed: freeipa-selinux-4.9.3-1.fc32.noarch", "Installed: freeipa-server-4.9.3-1.fc32.x86_64", "Installed: freeipa-server-common-4.9.3-1.fc32.noarch", "Installed: python3-custodia-0.6.0-11.fc32.noarch", "Installed: python3-nss-1.0.1-18.fc32.x86_64", "Installed: perl-Pod-Perldoc-3.28.01-443.fc32.noarch", "Installed: istack-commons-runtime-2.21-12.fc32.noarch", "Installed: perl-Pod-Simple-1:3.40-2.fc32.noarch", "Installed: web-assets-filesystem-5-11.fc32.noarch", "Installed: python3-lxml-4.4.1-5.fc32.x86_64", "Installed: apache-commons-lang3-3.11-1.fc32.noarch", "Installed: python3-pyusb-1.0.2-6.fc32.noarch", "Installed: xsom-20140514-3.fc32.noarch", "Installed: freetype-2.10.4-1.fc32.x86_64", "Installed: python3-decorator-4.4.0-6.fc32.noarch", "Installed: mod_http2-1.15.14-1.fc32.x86_64", "Installed: mod_session-2.4.46-1.fc32.x86_64", "Installed: mod_ssl-1:2.4.46-1.fc32.x86_64", "Installed: perl-Text-Diff-1.45-8.fc32.noarch", "Installed: python3-argparse-manpage-1.5-1.fc32.noarch", "Installed: python3-qrcode-core-6.1-5.fc32.noarch", "Installed: custodia-0.6.0-11.fc32.noarch", "Installed: oddjob-0.34.6-1.fc32.x86_64", "Installed: oddjob-mkhomedir-0.34.6-1.fc32.x86_64", "Installed: sscg-2.6.2-1.fc32.x86_64", "Installed: perl-Storable-1:3.15-443.fc32.x86_64", "Installed: quota-1:4.05-10.fc32.x86_64", "Installed: ldapjdk-4.22.0-1.fc32.noarch", "Installed: perl-HTTP-Tiny-0.076-440.fc32.noarch", "Installed: quota-nls-1:4.05-10.fc32.noarch", "Installed: libpkgconf-1.6.3-3.fc32.x86_64", "Installed: perl-Text-ParseWords-3.30-440.fc32.noarch", "Installed: xerces-j2-2.12.0-4.fc32.noarch", "Installed: sssd-common-pac-2.4.0-1.fc32.x86_64", "Installed: sssd-dbus-2.4.0-1.fc32.x86_64", "Installed: sssd-ipa-2.4.0-1.fc32.x86_64", "Installed: sssd-krb5-common-2.4.0-1.fc32.x86_64", "Installed: fstrm-0.5.0-2.fc32.x86_64", "Installed: apache-commons-codec-1.13-2.fc32.noarch", "Installed: python3-wcwidth-0.2.4-1.fc32.noarch", "Installed: sssd-tools-2.4.0-1.fc32.x86_64", "Installed: bash-completion-1:2.8-8.fc32.noarch", "Installed: libtomcrypt-1.18.2-6.fc32.x86_64", "Installed: mailcap-2.1.48-7.fc32.noarch", "Installed: perl-Carp-1.50-440.fc32.noarch", "Installed: perl-Text-Tabs+Wrap-2013.0523-440.fc32.noarch", "Installed: python3-packaging-20.1-2.fc32.noarch", "Installed: velocity-1.7-27.fc32.noarch", "Installed: xml-commons-resolver-1.2-29.fc32.noarch", "Installed: libtommath-1.1.0-2.fc32.x86_64", "Installed: libpng-2:1.6.37-3.fc32.x86_64", "Installed: perl-IO-Compress-2.093-2.fc32.noarch", "Installed: perl-IO-Compress-Lzma-2.093-2.fc32.noarch", "Installed: tomcat-native-1.2.23-1.fc32.x86_64", "Installed: logrotate-3.15.1-3.fc32.x86_64", "Installed: cyrus-sasl-gssapi-2.1.27-4.fc32.x86_64", "Installed: xalan-j2-2.7.2-2.fc32.noarch", "Installed: cyrus-sasl-md5-2.1.27-4.fc32.x86_64", "Installed: open-sans-fonts-1.10-12.fc32.noarch"]} TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: bind-pkcs11-libs-32:9.11.28-1.fc32.x86_64", "Installed: bind-pkcs11-utils-32:9.11.28-1.fc32.x86_64", "Installed: mariadb-connector-c-3.1.12-1.fc32.x86_64", "Installed: mariadb-connector-c-config-3.1.12-1.fc32.noarch", "Installed: opendnssec-2.1.7-2.fc32.x86_64", "Installed: sqlite-3.34.0-1.fc32.x86_64", "Installed: bind-32:9.11.28-1.fc32.x86_64", "Installed: python3-bind-32:9.11.28-1.fc32.noarch", "Installed: ldns-1.7.0-29.fc32.x86_64", "Installed: bind-dnssec-doc-32:9.11.28-1.fc32.noarch", "Installed: bind-dnssec-utils-32:9.11.28-1.fc32.x86_64", "Installed: bind-dyndb-ldap-11.3-4.fc32.x86_64", "Installed: opencryptoki-3.13.0-1.fc32.x86_64", "Installed: opencryptoki-icsftok-3.13.0-1.fc32.x86_64", "Installed: opencryptoki-libs-3.13.0-1.fc32.x86_64", "Installed: bind-pkcs11-32:9.11.28-1.fc32.x86_64", "Installed: freeipa-server-dns-4.9.3-1.fc32.noarch"]} TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-gobject-base-3.36.1-1.fc32.x86_64", "Installed: python3-slip-0.6.4-19.fc32.noarch", "Installed: ipset-7.6-1.fc32.x86_64", "Installed: python3-slip-dbus-0.6.4-19.fc32.noarch", "Installed: gobject-introspection-1.64.1-1.fc32.x86_64", "Installed: ipset-libs-7.6-1.fc32.x86_64", "Installed: python3-firewall-0.8.6-1.fc32.noarch", "Installed: nftables-1:0.9.3-4.fc32.x86_64", "Installed: python3-nftables-1:0.9.3-4.fc32.x86_64", "Installed: iptables-nft-1.8.4-9.fc32.x86_64", "Installed: libnftnl-1.1.5-2.fc32.x86_64", "Installed: firewalld-0.8.6-1.fc32.noarch", "Installed: firewalld-filesystem-0.8.6-1.fc32.noarch"]} TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 changed: [/cache/fedora-32.qcow2] => {"changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice dbus-broker.service polkit.service dbus.socket basic.target sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target multi-user.target network-pre.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "iptables.service ip6tables.service ebtables.service ipset.service nftables.service shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "dbus-org.fedoraproject.FirewallD1.service firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 ok: [/cache/fedora-32.qcow2] => {"_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 302199999, "idstart": 302000000, "ipa_python_version": 40903, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false} TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:137 changed: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true} TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:144 ok: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:152 changed: [/cache/fedora-32.qcow2] => {"_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": ["10.0.2.15", "fec0::5054:ff:fe12:3456"], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": ["10.0.2.3"], "ip_addresses": ["10.0.2.15", "fec0::5054:ff:fe12:3456"], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL"} TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 changed: [/cache/fedora-32.qcow2] => {"changed": true, "csr_generated": false} TASK [ipaserver : Copy /root/ipa.csr to "/cache/fedora-32.qcow2-ipa.csr"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:306 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:353 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:381 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:396 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:413 TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 ok: [/cache/fedora-32.qcow2] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => {"ansible_facts": {"ipaclient_packages": ["ipa-client", "python3-libselinux"]}, "ansible_included_var_files": ["/tmp/freeipa-repo/roles/ipaclient/vars/default.yml"], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml"} TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:12 included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/fedora-32.qcow2 TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install - Set ipaclient_servers] ***************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Install - Set ipaclient_servers from cluster inventory] ****************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false} TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 ok: [/cache/fedora-32.qcow2] => {"basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40903, "kdc": "ipaserver.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": ["ipaserver.test.local"], "sssd": true} TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 ok: [/cache/fedora-32.qcow2] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 ok: [/cache/fedora-32.qcow2] => {"changed": false} TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 ok: [/cache/fedora-32.qcow2] => {"ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true} TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 skipping: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 skipping: [/cache/fedora-32.qcow2] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 skipping: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 skipping: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:188 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:193 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:215 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:220 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:223 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:235 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:244 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:266 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 changed: [/cache/fedora-32.qcow2] => {"ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL"} TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:288 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 changed: [/cache/fedora-32.qcow2] => {"ca_enabled_ra": true, "changed": true} TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:329 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:343 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:349 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:367 skipping: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:373 ok: [/cache/fedora-32.qcow2] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:16 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:435 ok: [/cache/fedora-32.qcow2] => {"changed": false, "path": "/root/.ipa_cache", "state": "absent"} TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:441 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.244176", "end": "2021-05-05 03:15:53.058577", "rc": 0, "start": "2021-05-05 03:15:52.814401", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:455 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.253376", "end": "2021-05-05 03:15:53.670725", "rc": 0, "start": "2021-05-05 03:15:53.417349", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 ok: [/cache/fedora-32.qcow2] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent"} ok: [/cache/fedora-32.qcow2] => (item=/etc/ipa/.tmp_pkcs12_http) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent"} ok: [/cache/fedora-32.qcow2] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent"} TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:16 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY [Issue IPA signed certificate] ******************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_basic_ipa.yml:8 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestamp": "Wed 2021-05-05 03:14:13 UTC", "ActiveEnterTimestampMonotonic": "263573486", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "dbus.socket basic.target dbus-broker.service sysinit.target network.target syslog.target system.slice systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Wed 2021-05-05 03:14:13 UTC", "AssertTimestampMonotonic": "263563622", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "29298300000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2021-05-05 03:14:13 UTC", "ConditionTimestampMonotonic": "263563622", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "19393", "ExecMainStartTimestamp": "Wed 2021-05-05 03:14:13 UTC", "ExecMainStartTimestampMonotonic": "263564544", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2021-05-05 03:14:13 UTC", "InactiveExitTimestampMonotonic": "263564816", "InvocationID": "caf5f2ac365c488f9f9b9f565f9f0a27", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "19393", "MemoryAccounting": "yes", "MemoryCurrent": "2805760", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2021-05-05 03:15:50 UTC", "StateChangeTimestampMonotonic": "360436688", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_basic_ipa.yml:21 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_basic_ipa.yml:51 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184564.923885, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f716c3a46d8d7254c638703b3c5f7a70783e7c70", "ctime": 1620184564.920885, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 161903, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184564.920885, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "3984032641", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184563.111885, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9a3714d04b2a67decbeed2242378bd04babe9ef6", "ctime": 1620184564.920885, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 161902, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184564.920885, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "2176591935", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.189431", "end": "2021-05-05 03:16:17.240205", "rc": 0, "start": "2021-05-05 03:16:17.050774", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"TEST.LOCAL\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"ipaserver.test.local\"\n }\n ],\n \"extensions\": {\n \"authorityKeyIdentifier\": {\n \"value\": \"B3:1C:C1:0B:58:C5:7E:C4:C4:50:0B:22:38:41:43:52:F2:34:C0:C0\",\n \"critical\": false\n },\n \"authorityInfoAccess\": {\n \"value\": [\n {\n \"method\": \"OCSP\",\n \"location\": \"http://ipa-ca.test.local/ca/ocsp\"\n }\n ],\n \"critical\": false\n },\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\",\n \"data_encipherment\"\n ],\n \"critical\": true\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"cRLDistributionPoints\": {\n \"value\": [\n {\n \"full_name\": [\n \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"\n ],\n \"crl_issuer\": [\n {\n \"organizationName\": \"ipaca\",\n \"commonName\": \"Certificate Authority\"\n }\n ]\n }\n ],\n \"critical\": false\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"00:3B:C4:20:BE:CD:FA:86:5A:78:8C:35:82:35:0E:53:65:E4:58:F6\",\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"ipaserver.test.local\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"95:2C:AC:3B:E9:4E:29:A2:D3:C3:C3:1D:AF:B6:F6:2A:62:DD:F3:84:07:1A:BF:16:2E:E5:6F:0B:D1:FF:1B:F0:CD:BB:0C:B8:E4:44:A8:A4:B1:6F:6A:02:55:0E:95:53:91:86:F4:D6:FD:16:F1:5B:3F:B7:C1:E7:A6:13:5C:13:09:F0:8B:F5:F9:26:3C:52:40:44:3C:85:F2:8B:9F:BD:C6:74:48:5D:79:AE:A8:D4:F5:6D:2B:27:18:6E:90:BF:3C:45:7B:2B:31:06:B2:D3:CC:55:BB:0B:AE:C7:E4:0E:CD:1D:92:E4:CF:60:CB:09:CE:13:6D:5B:5A:74:F2:15:DC:C5:C2:8B:70:30:67:DF:27:B5:50:DB:3A:E1:2C:01:75:2F:8A:2D:66:E1:94:A3:6B:4A:BE:F2:FF:A0:8A:87:0F:01:F8:E9:12:16:0B:D6:10:FC:73:97:E3:8B:D2:4B:49:8A:C0:F2:16:B4:DA:03:1E:CD:4D:AC:A7:E6:2B:D5:CF:8F:DB:5C:1F:8E:35:37:56:E4:F4:8A:43:B7:3D:37:D3:F2:AB:06:D7:09:43:71:2E:94:EC:AD:01:56:79:F6:E0:04:E9:53:42:FD:CF:8E:0A:22:CD:58:51:03:4F:96:2B:63:41:62:A4:F9:7C:B5:EB:77:91:0D:A7:65:5E:AB:2E:18:F7:62:B0:CE:04:AD:26:F1:F3:C5:23:3A:07:32:CB:A9:9A:F2:5F:77:84:28:FA:22:B3:90:37:CC:B3:58:FF:83:29:3E:78:88:D6:CA:00:23:43:46:EA:88:BC:67:D8:F5:A5:3A:18:47:1F:C4:34:EB:F6:E2:7C:C6:E9:08:27:58:88:2C:E8:BC:EE:5A:01:57:88:01:B9:49:DF:7B:57:1E:F2:B6:14:96:29:10:A9:78:CB:3B:7A:CD:D7:BE:41:B4:84:B1:35:A0:D8:6B:6E:95:9F:6A:67:52:1D:DD:2A:9A:30:2A:15:07:8A:61:D6:FD:CC:4F:A8:DA:A7:A9\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2023-05-06 03:16:04\",\n \"not_valid_before\": \"2021-05-05 03:16:04\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"TEST.LOCAL\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"ipaserver.test.local\"", " }", " ],", " \"extensions\": {", " \"authorityKeyIdentifier\": {", " \"value\": \"B3:1C:C1:0B:58:C5:7E:C4:C4:50:0B:22:38:41:43:52:F2:34:C0:C0\",", " \"critical\": false", " },", " \"authorityInfoAccess\": {", " \"value\": [", " {", " \"method\": \"OCSP\",", " \"location\": \"http://ipa-ca.test.local/ca/ocsp\"", " }", " ],", " \"critical\": false", " },", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\",", " \"data_encipherment\"", " ],", " \"critical\": true", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"cRLDistributionPoints\": {", " \"value\": [", " {", " \"full_name\": [", " \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"", " ],", " \"crl_issuer\": [", " {", " \"organizationName\": \"ipaca\",", " \"commonName\": \"Certificate Authority\"", " }", " ]", " }", " ],", " \"critical\": false", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"00:3B:C4:20:BE:CD:FA:86:5A:78:8C:35:82:35:0E:53:65:E4:58:F6\",", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"ipaserver.test.local\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"95:2C:AC:3B:E9:4E:29:A2:D3:C3:C3:1D:AF:B6:F6:2A:62:DD:F3:84:07:1A:BF:16:2E:E5:6F:0B:D1:FF:1B:F0:CD:BB:0C:B8:E4:44:A8:A4:B1:6F:6A:02:55:0E:95:53:91:86:F4:D6:FD:16:F1:5B:3F:B7:C1:E7:A6:13:5C:13:09:F0:8B:F5:F9:26:3C:52:40:44:3C:85:F2:8B:9F:BD:C6:74:48:5D:79:AE:A8:D4:F5:6D:2B:27:18:6E:90:BF:3C:45:7B:2B:31:06:B2:D3:CC:55:BB:0B:AE:C7:E4:0E:CD:1D:92:E4:CF:60:CB:09:CE:13:6D:5B:5A:74:F2:15:DC:C5:C2:8B:70:30:67:DF:27:B5:50:DB:3A:E1:2C:01:75:2F:8A:2D:66:E1:94:A3:6B:4A:BE:F2:FF:A0:8A:87:0F:01:F8:E9:12:16:0B:D6:10:FC:73:97:E3:8B:D2:4B:49:8A:C0:F2:16:B4:DA:03:1E:CD:4D:AC:A7:E6:2B:D5:CF:8F:DB:5C:1F:8E:35:37:56:E4:F4:8A:43:B7:3D:37:D3:F2:AB:06:D7:09:43:71:2E:94:EC:AD:01:56:79:F6:E0:04:E9:53:42:FD:CF:8E:0A:22:CD:58:51:03:4F:96:2B:63:41:62:A4:F9:7C:B5:EB:77:91:0D:A7:65:5E:AB:2E:18:F7:62:B0:CE:04:AD:26:F1:F3:C5:23:3A:07:32:CB:A9:9A:F2:5F:77:84:28:FA:22:B3:90:37:CC:B3:58:FF:83:29:3E:78:88:D6:CA:00:23:43:46:EA:88:BC:67:D8:F5:A5:3A:18:47:1F:C4:34:EB:F6:E2:7C:C6:E9:08:27:58:88:2C:E8:BC:EE:5A:01:57:88:01:B9:49:DF:7B:57:1E:F2:B6:14:96:29:10:A9:78:CB:3B:7A:CD:D7:BE:41:B4:84:B1:35:A0:D8:6B:6E:95:9F:6A:67:52:1D:DD:2A:9A:30:2A:15:07:8A:61:D6:FD:CC:4F:A8:DA:A7:A9\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2023-05-06 03:16:04\",", " \"not_valid_before\": \"2021-05-05 03:16:04\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityInfoAccess": {"critical": false, "value": [{"location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP"}]}, "authorityKeyIdentifier": {"critical": false, "value": "B3:1C:C1:0B:58:C5:7E:C4:C4:50:0B:22:38:41:43:52:F2:34:C0:C0"}, "cRLDistributionPoints": {"critical": false, "value": [{"crl_issuer": [{"commonName": "Certificate Authority", "organizationName": "ipaca"}], "full_name": ["http://ipa-ca.test.local/ipa/crl/MasterCRL.bin"]}]}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": true, "value": ["digital_signature", "content_commitment", "key_encipherment", "data_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "ipaserver.test.local"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}]}, "subjectKeyIdentifier": {"critical": false, "value": "00:3B:C4:20:BE:CD:FA:86:5A:78:8C:35:82:35:0E:53:65:E4:58:F6"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "95:2C:AC:3B:E9:4E:29:A2:D3:C3:C3:1D:AF:B6:F6:2A:62:DD:F3:84:07:1A:BF:16:2E:E5:6F:0B:D1:FF:1B:F0:CD:BB:0C:B8:E4:44:A8:A4:B1:6F:6A:02:55:0E:95:53:91:86:F4:D6:FD:16:F1:5B:3F:B7:C1:E7:A6:13:5C:13:09:F0:8B:F5:F9:26:3C:52:40:44:3C:85:F2:8B:9F:BD:C6:74:48:5D:79:AE:A8:D4:F5:6D:2B:27:18:6E:90:BF:3C:45:7B:2B:31:06:B2:D3:CC:55:BB:0B:AE:C7:E4:0E:CD:1D:92:E4:CF:60:CB:09:CE:13:6D:5B:5A:74:F2:15:DC:C5:C2:8B:70:30:67:DF:27:B5:50:DB:3A:E1:2C:01:75:2F:8A:2D:66:E1:94:A3:6B:4A:BE:F2:FF:A0:8A:87:0F:01:F8:E9:12:16:0B:D6:10:FC:73:97:E3:8B:D2:4B:49:8A:C0:F2:16:B4:DA:03:1E:CD:4D:AC:A7:E6:2B:D5:CF:8F:DB:5C:1F:8E:35:37:56:E4:F4:8A:43:B7:3D:37:D3:F2:AB:06:D7:09:43:71:2E:94:EC:AD:01:56:79:F6:E0:04:E9:53:42:FD:CF:8E:0A:22:CD:58:51:03:4F:96:2B:63:41:62:A4:F9:7C:B5:EB:77:91:0D:A7:65:5E:AB:2E:18:F7:62:B0:CE:04:AD:26:F1:F3:C5:23:3A:07:32:CB:A9:9A:F2:5F:77:84:28:FA:22:B3:90:37:CC:B3:58:FF:83:29:3E:78:88:D6:CA:00:23:43:46:EA:88:BC:67:D8:F5:A5:3A:18:47:1F:C4:34:EB:F6:E2:7C:C6:E9:08:27:58:88:2C:E8:BC:EE:5A:01:57:88:01:B9:49:DF:7B:57:1E:F2:B6:14:96:29:10:A9:78:CB:3B:7A:CD:D7:BE:41:B4:84:B1:35:A0:D8:6B:6E:95:9F:6A:67:52:1D:DD:2A:9A:30:2A:15:07:8A:61:D6:FD:CC:4F:A8:DA:A7:A9"}, "subject": [{"name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL"}, {"name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local"}], "validity": {"not_valid_after": "2023-05-06 03:16:04", "not_valid_before": "2021-05-05 03:16:04"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.054181", "end": "2021-05-05 03:16:17.784672", "rc": 0, "start": "2021-05-05 03:16:17.730491", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=76 changed=32 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_basic_self_signed.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_basic_self_signed.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target network.target dbus.socket system.slice dbus-broker.service systemd-journald.socket basic.target syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_basic_self_signed.yml:13 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_basic_self_signed.yml:27 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184649.522236, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6166f998e8da6510f0e13ac29eca2724b7190748", "ctime": 1620184649.520236, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132571, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184649.520236, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "2421261808", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184649.476236, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8c1d965eb76f2debedf7b9b5112ae672f521136c", "ctime": 1620184649.520236, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132570, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184649.520236, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3723419927", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.190506", "end": "2021-05-05 03:17:42.445794", "rc": 0, "start": "2021-05-05 03:17:42.255288", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"02:0D:AC:E6:B4:2C:6F:9F:D2:B4:9A:6D:DA:52:BE:2C:50:DB:EC:77\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"00:8C:C0:3D:FE:DF:22:77:D3:AD:3E:24:FA:4E:3D:3C:D2:48:1E:74\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"7D:0B:3A:F8:ED:CC:72:17:50:D0:BE:A1:DE:9A:85:83:B1:14:82:D2:DD:A4:B8:3C:83:A9:90:00:22:FA:E4:3B:39:63:B3:A2:C7:00:79:EF:29:1D:51:BB:62:BF:A6:78:0B:CE:BB:B4:AA:FE:6D:36:62:E5:FE:4D:5D:CA:C3:63:CB:78:09:ED:CC:4D:01:1F:2E:F3:96:6C:BA:A9:8A:C5:5D:3A:E1:DC:0D:09:8A:DF:ED:CE:2B:F5:FC:57:5D:F6:A7:FF:D8:3E:A8:38:01:69:1B:A5:ED:79:8B:0F:B7:12:7A:C3:E6:F3:9A:50:BD:A2:68:57:4C:EC:71:08:A9:DE:FB:B2:48:D5:7B:35:DB:43:0B:0C:03:95:55:61:39:1A:81:7A:4C:06:76:8B:B0:46:9B:35:68:7F:52:33:3D:84:0D:C5:E2:70:C6:2D:A6:39:6D:BF:B7:A2:FD:AD:E5:7A:89:D1:DE:86:E6:EF:41:2E:7A:98:45:9C:F3:08:EF:03:31:29:69:6C:89:3D:22:E4:36:8B:95:DA:31:F2:2D:AD:57:F2:38:6F:5D:AD:3B:EB:66:46:43:7F:AD:68:C5:6A:70:96:0C:58:BB:6C:61:2A:A0:0F:16:6B:AE:42:6A:88:01:36:91:83:B8:DB:CC:4A:84:A2:EB:77:24:13:63:81\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:17:28\",\n \"not_valid_before\": \"2021-05-05 03:17:29\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"02:0D:AC:E6:B4:2C:6F:9F:D2:B4:9A:6D:DA:52:BE:2C:50:DB:EC:77\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"00:8C:C0:3D:FE:DF:22:77:D3:AD:3E:24:FA:4E:3D:3C:D2:48:1E:74\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"7D:0B:3A:F8:ED:CC:72:17:50:D0:BE:A1:DE:9A:85:83:B1:14:82:D2:DD:A4:B8:3C:83:A9:90:00:22:FA:E4:3B:39:63:B3:A2:C7:00:79:EF:29:1D:51:BB:62:BF:A6:78:0B:CE:BB:B4:AA:FE:6D:36:62:E5:FE:4D:5D:CA:C3:63:CB:78:09:ED:CC:4D:01:1F:2E:F3:96:6C:BA:A9:8A:C5:5D:3A:E1:DC:0D:09:8A:DF:ED:CE:2B:F5:FC:57:5D:F6:A7:FF:D8:3E:A8:38:01:69:1B:A5:ED:79:8B:0F:B7:12:7A:C3:E6:F3:9A:50:BD:A2:68:57:4C:EC:71:08:A9:DE:FB:B2:48:D5:7B:35:DB:43:0B:0C:03:95:55:61:39:1A:81:7A:4C:06:76:8B:B0:46:9B:35:68:7F:52:33:3D:84:0D:C5:E2:70:C6:2D:A6:39:6D:BF:B7:A2:FD:AD:E5:7A:89:D1:DE:86:E6:EF:41:2E:7A:98:45:9C:F3:08:EF:03:31:29:69:6C:89:3D:22:E4:36:8B:95:DA:31:F2:2D:AD:57:F2:38:6F:5D:AD:3B:EB:66:46:43:7F:AD:68:C5:6A:70:96:0C:58:BB:6C:61:2A:A0:0F:16:6B:AE:42:6A:88:01:36:91:83:B8:DB:CC:4A:84:A2:EB:77:24:13:63:81\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:17:28\",", " \"not_valid_before\": \"2021-05-05 03:17:29\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "00:8C:C0:3D:FE:DF:22:77:D3:AD:3E:24:FA:4E:3D:3C:D2:48:1E:74"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "02:0D:AC:E6:B4:2C:6F:9F:D2:B4:9A:6D:DA:52:BE:2C:50:DB:EC:77"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "7D:0B:3A:F8:ED:CC:72:17:50:D0:BE:A1:DE:9A:85:83:B1:14:82:D2:DD:A4:B8:3C:83:A9:90:00:22:FA:E4:3B:39:63:B3:A2:C7:00:79:EF:29:1D:51:BB:62:BF:A6:78:0B:CE:BB:B4:AA:FE:6D:36:62:E5:FE:4D:5D:CA:C3:63:CB:78:09:ED:CC:4D:01:1F:2E:F3:96:6C:BA:A9:8A:C5:5D:3A:E1:DC:0D:09:8A:DF:ED:CE:2B:F5:FC:57:5D:F6:A7:FF:D8:3E:A8:38:01:69:1B:A5:ED:79:8B:0F:B7:12:7A:C3:E6:F3:9A:50:BD:A2:68:57:4C:EC:71:08:A9:DE:FB:B2:48:D5:7B:35:DB:43:0B:0C:03:95:55:61:39:1A:81:7A:4C:06:76:8B:B0:46:9B:35:68:7F:52:33:3D:84:0D:C5:E2:70:C6:2D:A6:39:6D:BF:B7:A2:FD:AD:E5:7A:89:D1:DE:86:E6:EF:41:2E:7A:98:45:9C:F3:08:EF:03:31:29:69:6C:89:3D:22:E4:36:8B:95:DA:31:F2:2D:AD:57:F2:38:6F:5D:AD:3B:EB:66:46:43:7F:AD:68:C5:6A:70:96:0C:58:BB:6C:61:2A:A0:0F:16:6B:AE:42:6A:88:01:36:91:83:B8:DB:CC:4A:84:A2:EB:77:24:13:63:81"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:17:28", "not_valid_before": "2021-05-05 03:17:29"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037720", "end": "2021-05-05 03:17:43.150200", "rc": 0, "start": "2021-05-05 03:17:43.112480", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_default.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmp_19esxv5/tests/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_default.yml:3 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=4 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_dns_ip_email.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_dns_ip_email.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target sysinit.target dbus-broker.service dbus.socket syslog.target network.target system.slice systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "My Certificate with SAN", "dns": ["sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com"], "email": ["sysadmin@example.com", "support@example.com"], "ip": ["192.0.2.12", "198.51.100.65", "2001:db8::2:1"], "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_dns_ip_email.yml:24 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_dns_ip_email.yml:54 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184776.9159107, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0762fe2e959a0037a51c15823947c67fb7da11cf", "ctime": 1620184776.9129107, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132616, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184776.9129107, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1501, "uid": 0, "version": "2947413103", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184776.8699107, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7f36bfe4ef9838ad09657300be2b98883bc26b84", "ctime": 1620184776.9129107, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184776.9129107, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1798966969", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.193462", "end": "2021-05-05 03:19:49.923688", "rc": 0, "start": "2021-05-05 03:19:49.730226", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"My Certificate with SAN\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"sub1.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"sub2.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"sub3.example.com\"\n },\n {\n \"name\": \"email\",\n \"value\": \"sysadmin@example.com\"\n },\n {\n \"name\": \"email\",\n \"value\": \"support@example.com\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"192.0.2.12\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"198.51.100.65\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"2001:db8::2:1\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"E1:44:8D:9D:C5:A8:DB:17:84:9E:47:43:86:3F:B2:E5:F9:92:37:5B\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"46:A6:77:67:74:97:9E:3F:07:B0:3C:32:13:E2:EA:5C:5E:BE:DC:5B\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"A9:02:FB:DD:47:44:43:DC:DD:C6:D8:A2:D7:8E:B3:51:1C:A8:98:A0:DA:1E:52:A7:90:F4:71:9A:C0:54:85:51:1B:6E:43:12:19:84:37:D4:0E:20:24:2D:9E:C8:48:E1:8D:27:2C:E6:41:52:37:81:F9:3B:9E:BB:20:15:31:06:65:5A:3C:51:12:33:CD:5F:40:17:BE:A1:4B:37:5D:E8:99:2A:2A:E1:FB:E3:EF:73:B9:2E:36:64:29:68:A2:D4:B0:D0:DA:50:E9:96:C8:91:E0:0A:F6:32:FF:B2:E8:B2:68:73:84:F5:86:03:92:8D:BD:5C:EE:C2:DB:24:00:CF:39:F1:96:F1:53:18:6B:AA:3D:98:1B:BA:DC:E4:67:B6:66:16:FE:DA:7E:60:C9:4A:4A:67:8D:14:E9:AE:02:41:10:8D:43:5A:9D:3B:14:39:23:66:13:36:A5:FE:4F:71:BC:A9:5C:E7:12:81:75:EC:71:D6:99:67:EC:A2:5E:D0:E5:AC:01:52:85:47:D2:A9:85:5D:5D:DB:89:BF:DC:D1:C8:04:9A:86:49:0F:8C:C0:71:04:EE:EE:EF:F6:DA:31:3D:FF:F8:2B:77:CD:16:3D:8C:0E:CB:DD:72:82:46:E8:73:75:A2:7D:CC:8D:AA:FC:97:F4:8A:52:E9:12:79:26\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:19:36\",\n \"not_valid_before\": \"2021-05-05 03:19:36\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"My Certificate with SAN\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"sub1.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"sub2.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"sub3.example.com\"", " },", " {", " \"name\": \"email\",", " \"value\": \"sysadmin@example.com\"", " },", " {", " \"name\": \"email\",", " \"value\": \"support@example.com\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"192.0.2.12\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"198.51.100.65\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"2001:db8::2:1\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"E1:44:8D:9D:C5:A8:DB:17:84:9E:47:43:86:3F:B2:E5:F9:92:37:5B\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"46:A6:77:67:74:97:9E:3F:07:B0:3C:32:13:E2:EA:5C:5E:BE:DC:5B\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"A9:02:FB:DD:47:44:43:DC:DD:C6:D8:A2:D7:8E:B3:51:1C:A8:98:A0:DA:1E:52:A7:90:F4:71:9A:C0:54:85:51:1B:6E:43:12:19:84:37:D4:0E:20:24:2D:9E:C8:48:E1:8D:27:2C:E6:41:52:37:81:F9:3B:9E:BB:20:15:31:06:65:5A:3C:51:12:33:CD:5F:40:17:BE:A1:4B:37:5D:E8:99:2A:2A:E1:FB:E3:EF:73:B9:2E:36:64:29:68:A2:D4:B0:D0:DA:50:E9:96:C8:91:E0:0A:F6:32:FF:B2:E8:B2:68:73:84:F5:86:03:92:8D:BD:5C:EE:C2:DB:24:00:CF:39:F1:96:F1:53:18:6B:AA:3D:98:1B:BA:DC:E4:67:B6:66:16:FE:DA:7E:60:C9:4A:4A:67:8D:14:E9:AE:02:41:10:8D:43:5A:9D:3B:14:39:23:66:13:36:A5:FE:4F:71:BC:A9:5C:E7:12:81:75:EC:71:D6:99:67:EC:A2:5E:D0:E5:AC:01:52:85:47:D2:A9:85:5D:5D:DB:89:BF:DC:D1:C8:04:9A:86:49:0F:8C:C0:71:04:EE:EE:EF:F6:DA:31:3D:FF:F8:2B:77:CD:16:3D:8C:0E:CB:DD:72:82:46:E8:73:75:A2:7D:CC:8D:AA:FC:97:F4:8A:52:E9:12:79:26\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:19:36\",", " \"not_valid_before\": \"2021-05-05 03:19:36\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "46:A6:77:67:74:97:9E:3F:07:B0:3C:32:13:E2:EA:5C:5E:BE:DC:5B"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "sub1.example.com"}, {"name": "DNS", "value": "www.example.com"}, {"name": "DNS", "value": "sub2.example.com"}, {"name": "DNS", "value": "sub3.example.com"}, {"name": "email", "value": "sysadmin@example.com"}, {"name": "email", "value": "support@example.com"}, {"name": "IP Address", "value": "192.0.2.12"}, {"name": "IP Address", "value": "198.51.100.65"}, {"name": "IP Address", "value": "2001:db8::2:1"}]}, "subjectKeyIdentifier": {"critical": false, "value": "E1:44:8D:9D:C5:A8:DB:17:84:9E:47:43:86:3F:B2:E5:F9:92:37:5B"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "A9:02:FB:DD:47:44:43:DC:DD:C6:D8:A2:D7:8E:B3:51:1C:A8:98:A0:DA:1E:52:A7:90:F4:71:9A:C0:54:85:51:1B:6E:43:12:19:84:37:D4:0E:20:24:2D:9E:C8:48:E1:8D:27:2C:E6:41:52:37:81:F9:3B:9E:BB:20:15:31:06:65:5A:3C:51:12:33:CD:5F:40:17:BE:A1:4B:37:5D:E8:99:2A:2A:E1:FB:E3:EF:73:B9:2E:36:64:29:68:A2:D4:B0:D0:DA:50:E9:96:C8:91:E0:0A:F6:32:FF:B2:E8:B2:68:73:84:F5:86:03:92:8D:BD:5C:EE:C2:DB:24:00:CF:39:F1:96:F1:53:18:6B:AA:3D:98:1B:BA:DC:E4:67:B6:66:16:FE:DA:7E:60:C9:4A:4A:67:8D:14:E9:AE:02:41:10:8D:43:5A:9D:3B:14:39:23:66:13:36:A5:FE:4F:71:BC:A9:5C:E7:12:81:75:EC:71:D6:99:67:EC:A2:5E:D0:E5:AC:01:52:85:47:D2:A9:85:5D:5D:DB:89:BF:DC:D1:C8:04:9A:86:49:0F:8C:C0:71:04:EE:EE:EF:F6:DA:31:3D:FF:F8:2B:77:CD:16:3D:8C:0E:CB:DD:72:82:46:E8:73:75:A2:7D:CC:8D:AA:FC:97:F4:8A:52:E9:12:79:26"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN"}], "validity": {"not_valid_after": "2022-05-05 03:19:36", "not_valid_before": "2021-05-05 03:19:36"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040595", "end": "2021-05-05 03:19:50.624959", "rc": 0, "start": "2021-05-05 03:19:50.584364", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_fs_attrs.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmp_19esxv5/tests/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_fs_attrs.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tests_fs_attrs.yml:5 changed: [/cache/fedora-32.qcow2] => {"changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040} TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmp_19esxv5/tests/tests_fs_attrs.yml:9 changed: [/cache/fedora-32.qcow2] => {"changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false} META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_fs_attrs.yml:13 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target network.target dbus.socket syslog.target dbus-broker.service systemd-journald.socket system.slice sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert", "owner": "ftp"}, "msg": "Certificate requested (new). File attributes updated."} changed: [/cache/fedora-32.qcow2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040}, "msg": "Certificate requested (new). File attributes updated."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_fs_attrs.yml:31 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_fs_attrs.yml:58 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184854.1038144, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c670525fa2146ffef960c4ad108c87097245f3e5", "ctime": 1620184854.2518144, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 132676, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184854.0958145, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 14, "version": "463145268", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184854.0518143, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "823f329322d8cba0dd37269d139ecd24918be1af", "ctime": 1620184854.2518144, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 132675, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184854.0958145, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 14, "version": "317124121", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.199370", "end": "2021-05-05 03:21:08.011539", "rc": 0, "start": "2021-05-05 03:21:07.812169", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"65:D3:5F:98:88:3E:C6:FA:33:1D:73:57:79:46:82:79:AB:39:D6:F2\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"9C:97:C9:98:64:22:20:B3:B3:96:2D:1B:4F:95:00:EA:90:5F:89:FB\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"1E:80:23:FE:09:3D:4E:D8:23:A9:D6:BB:C1:60:B5:83:E1:9F:74:00:AB:17:C4:28:8D:A2:51:B5:38:25:70:52:97:09:85:73:24:A6:E8:BB:B1:ED:4B:63:EE:10:6E:6C:9F:1A:33:96:EF:29:63:2D:DB:B6:D5:01:D1:9C:04:19:69:A4:86:CF:64:F4:4B:43:75:F3:C3:48:F5:CB:20:E3:B0:CC:54:AA:97:DC:D0:12:E4:4E:B6:FA:27:03:18:BB:79:1C:B8:FB:AE:50:AD:B6:CC:4F:EC:8E:4F:A8:8B:7E:7F:0C:A2:E7:C5:2F:93:8B:DC:A9:8B:6B:DD:04:A0:97:98:7E:B8:5D:5D:A6:4B:E1:7C:95:92:08:13:8D:00:D3:29:0E:FC:8D:6E:A2:0B:44:F4:7A:DD:08:0D:B7:1A:1C:F1:4D:F8:12:E8:C2:F1:71:CC:A4:48:3A:18:AF:42:D2:FD:57:47:ED:A1:36:66:E9:53:7A:99:74:CD:3C:4E:3F:B2:39:F8:DB:95:C4:22:7C:69:27:B6:06:7A:F0:E3:BE:A5:41:B6:2E:9C:A1:C1:1F:9D:72:2F:A1:2E:C9:FB:F1:D0:38:C3:AB:67:27:3D:8E:60:E4:40:74:B0:45:33:CB:02:21:79:4F:AC:66:47:31:80:3B:2F:F3:5F:B7:FB:C9\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:20:53\",\n \"not_valid_before\": \"2021-05-05 03:20:54\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"65:D3:5F:98:88:3E:C6:FA:33:1D:73:57:79:46:82:79:AB:39:D6:F2\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"9C:97:C9:98:64:22:20:B3:B3:96:2D:1B:4F:95:00:EA:90:5F:89:FB\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"1E:80:23:FE:09:3D:4E:D8:23:A9:D6:BB:C1:60:B5:83:E1:9F:74:00:AB:17:C4:28:8D:A2:51:B5:38:25:70:52:97:09:85:73:24:A6:E8:BB:B1:ED:4B:63:EE:10:6E:6C:9F:1A:33:96:EF:29:63:2D:DB:B6:D5:01:D1:9C:04:19:69:A4:86:CF:64:F4:4B:43:75:F3:C3:48:F5:CB:20:E3:B0:CC:54:AA:97:DC:D0:12:E4:4E:B6:FA:27:03:18:BB:79:1C:B8:FB:AE:50:AD:B6:CC:4F:EC:8E:4F:A8:8B:7E:7F:0C:A2:E7:C5:2F:93:8B:DC:A9:8B:6B:DD:04:A0:97:98:7E:B8:5D:5D:A6:4B:E1:7C:95:92:08:13:8D:00:D3:29:0E:FC:8D:6E:A2:0B:44:F4:7A:DD:08:0D:B7:1A:1C:F1:4D:F8:12:E8:C2:F1:71:CC:A4:48:3A:18:AF:42:D2:FD:57:47:ED:A1:36:66:E9:53:7A:99:74:CD:3C:4E:3F:B2:39:F8:DB:95:C4:22:7C:69:27:B6:06:7A:F0:E3:BE:A5:41:B6:2E:9C:A1:C1:1F:9D:72:2F:A1:2E:C9:FB:F1:D0:38:C3:AB:67:27:3D:8E:60:E4:40:74:B0:45:33:CB:02:21:79:4F:AC:66:47:31:80:3B:2F:F3:5F:B7:FB:C9\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:20:53\",", " \"not_valid_before\": \"2021-05-05 03:20:54\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "9C:97:C9:98:64:22:20:B3:B3:96:2D:1B:4F:95:00:EA:90:5F:89:FB"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "65:D3:5F:98:88:3E:C6:FA:33:1D:73:57:79:46:82:79:AB:39:D6:F2"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "1E:80:23:FE:09:3D:4E:D8:23:A9:D6:BB:C1:60:B5:83:E1:9F:74:00:AB:17:C4:28:8D:A2:51:B5:38:25:70:52:97:09:85:73:24:A6:E8:BB:B1:ED:4B:63:EE:10:6E:6C:9F:1A:33:96:EF:29:63:2D:DB:B6:D5:01:D1:9C:04:19:69:A4:86:CF:64:F4:4B:43:75:F3:C3:48:F5:CB:20:E3:B0:CC:54:AA:97:DC:D0:12:E4:4E:B6:FA:27:03:18:BB:79:1C:B8:FB:AE:50:AD:B6:CC:4F:EC:8E:4F:A8:8B:7E:7F:0C:A2:E7:C5:2F:93:8B:DC:A9:8B:6B:DD:04:A0:97:98:7E:B8:5D:5D:A6:4B:E1:7C:95:92:08:13:8D:00:D3:29:0E:FC:8D:6E:A2:0B:44:F4:7A:DD:08:0D:B7:1A:1C:F1:4D:F8:12:E8:C2:F1:71:CC:A4:48:3A:18:AF:42:D2:FD:57:47:ED:A1:36:66:E9:53:7A:99:74:CD:3C:4E:3F:B2:39:F8:DB:95:C4:22:7C:69:27:B6:06:7A:F0:E3:BE:A5:41:B6:2E:9C:A1:C1:1F:9D:72:2F:A1:2E:C9:FB:F1:D0:38:C3:AB:67:27:3D:8E:60:E4:40:74:B0:45:33:CB:02:21:79:4F:AC:66:47:31:80:3B:2F:F3:5F:B7:FB:C9"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:20:53", "not_valid_before": "2021-05-05 03:20:54"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039971", "end": "2021-05-05 03:21:08.747586", "rc": 0, "start": "2021-05-05 03:21:08.707615", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184854.8238144, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f167fff7cfd4cb0ab2ae6788361837015a02fae2", "ctime": 1620184854.9708145, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 132678, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184854.8218145, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 1040, "version": "1905659580", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620184854.7788143, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d9d72500f28baf964bf56bbc5362b74890379066", "ctime": 1620184854.9718144, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 132677, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620184854.8218145, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "755231294", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt"], "delta": "0:00:00.206681", "end": "2021-05-05 03:21:14.704944", "rc": 0, "start": "2021-05-05 03:21:14.498263", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"F4:6F:FA:09:20:DE:EE:4E:ED:9E:0A:05:D0:EE:DC:C5:96:47:71:44\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"9C:97:C9:98:64:22:20:B3:B3:96:2D:1B:4F:95:00:EA:90:5F:89:FB\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"91:9D:1E:22:9B:C1:C6:C2:8E:97:D8:53:B8:E7:F2:B0:2B:2F:AE:A0:8E:69:0D:84:B9:A2:F9:EC:2F:32:48:D9:25:F9:A3:D5:98:9C:D0:0A:D9:7F:CF:4F:1A:B5:CA:C2:A4:87:2D:AE:0D:28:E6:16:0E:BA:C5:6D:3D:91:8A:DD:EB:08:68:1B:51:C8:6A:29:BE:10:5A:78:60:96:B0:9E:15:49:8E:B7:6E:90:C6:0C:62:A7:83:C5:A7:0A:39:22:15:62:47:8E:00:0B:38:EE:DF:C9:C7:CD:C2:EF:95:3A:23:18:4E:39:2E:F7:3B:31:E3:94:9E:CE:CA:05:8D:6A:B5:FB:0D:93:DB:09:88:30:BF:08:91:D8:38:DD:67:E0:77:44:BC:00:13:F8:4E:2F:11:25:FC:BE:DF:16:45:16:8A:E5:62:25:AD:66:0F:58:6C:CA:D9:67:0E:40:F5:6B:B2:48:27:A6:05:B6:FA:DF:22:12:7E:60:DC:0E:31:19:AC:C9:C0:DC:7F:0C:56:0D:60:DE:62:3A:FC:9E:B4:A2:0F:31:61:83:E2:25:AE:BA:CE:0A:C6:D9:67:95:48:0C:D2:B3:F2:FF:D1:9F:91:48:42:D7:2C:E3:37:91:33:DC:70:4F:11:EB:BD:63:6C:9E:F1:39:93:8C:83:68:3A:7F\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:20:53\",\n \"not_valid_before\": \"2021-05-05 03:20:54\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"F4:6F:FA:09:20:DE:EE:4E:ED:9E:0A:05:D0:EE:DC:C5:96:47:71:44\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"9C:97:C9:98:64:22:20:B3:B3:96:2D:1B:4F:95:00:EA:90:5F:89:FB\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"91:9D:1E:22:9B:C1:C6:C2:8E:97:D8:53:B8:E7:F2:B0:2B:2F:AE:A0:8E:69:0D:84:B9:A2:F9:EC:2F:32:48:D9:25:F9:A3:D5:98:9C:D0:0A:D9:7F:CF:4F:1A:B5:CA:C2:A4:87:2D:AE:0D:28:E6:16:0E:BA:C5:6D:3D:91:8A:DD:EB:08:68:1B:51:C8:6A:29:BE:10:5A:78:60:96:B0:9E:15:49:8E:B7:6E:90:C6:0C:62:A7:83:C5:A7:0A:39:22:15:62:47:8E:00:0B:38:EE:DF:C9:C7:CD:C2:EF:95:3A:23:18:4E:39:2E:F7:3B:31:E3:94:9E:CE:CA:05:8D:6A:B5:FB:0D:93:DB:09:88:30:BF:08:91:D8:38:DD:67:E0:77:44:BC:00:13:F8:4E:2F:11:25:FC:BE:DF:16:45:16:8A:E5:62:25:AD:66:0F:58:6C:CA:D9:67:0E:40:F5:6B:B2:48:27:A6:05:B6:FA:DF:22:12:7E:60:DC:0E:31:19:AC:C9:C0:DC:7F:0C:56:0D:60:DE:62:3A:FC:9E:B4:A2:0F:31:61:83:E2:25:AE:BA:CE:0A:C6:D9:67:95:48:0C:D2:B3:F2:FF:D1:9F:91:48:42:D7:2C:E3:37:91:33:DC:70:4F:11:EB:BD:63:6C:9E:F1:39:93:8C:83:68:3A:7F\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:20:53\",", " \"not_valid_before\": \"2021-05-05 03:20:54\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "9C:97:C9:98:64:22:20:B3:B3:96:2D:1B:4F:95:00:EA:90:5F:89:FB"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "F4:6F:FA:09:20:DE:EE:4E:ED:9E:0A:05:D0:EE:DC:C5:96:47:71:44"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "91:9D:1E:22:9B:C1:C6:C2:8E:97:D8:53:B8:E7:F2:B0:2B:2F:AE:A0:8E:69:0D:84:B9:A2:F9:EC:2F:32:48:D9:25:F9:A3:D5:98:9C:D0:0A:D9:7F:CF:4F:1A:B5:CA:C2:A4:87:2D:AE:0D:28:E6:16:0E:BA:C5:6D:3D:91:8A:DD:EB:08:68:1B:51:C8:6A:29:BE:10:5A:78:60:96:B0:9E:15:49:8E:B7:6E:90:C6:0C:62:A7:83:C5:A7:0A:39:22:15:62:47:8E:00:0B:38:EE:DF:C9:C7:CD:C2:EF:95:3A:23:18:4E:39:2E:F7:3B:31:E3:94:9E:CE:CA:05:8D:6A:B5:FB:0D:93:DB:09:88:30:BF:08:91:D8:38:DD:67:E0:77:44:BC:00:13:F8:4E:2F:11:25:FC:BE:DF:16:45:16:8A:E5:62:25:AD:66:0F:58:6C:CA:D9:67:0E:40:F5:6B:B2:48:27:A6:05:B6:FA:DF:22:12:7E:60:DC:0E:31:19:AC:C9:C0:DC:7F:0C:56:0D:60:DE:62:3A:FC:9E:B4:A2:0F:31:61:83:E2:25:AE:BA:CE:0A:C6:D9:67:95:48:0C:D2:B3:F2:FF:D1:9F:91:48:42:D7:2C:E3:37:91:33:DC:70:4F:11:EB:BD:63:6C:9E:F1:39:93:8C:83:68:3A:7F"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:20:53", "not_valid_before": "2021-05-05 03:20:54"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038425", "end": "2021-05-05 03:21:15.388437", "rc": 0, "start": "2021-05-05 03:21:15.350012", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=53 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_include_vars_from_parent.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmp_19esxv5/tests/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_include_vars_from_parent.yml:1 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmp_19esxv5/tests/tests_include_vars_from_parent.yml:3 changed: [/cache/fedora-32.qcow2] => (item=Fedora-32) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp_19esxv5/tests/roles/caller/vars/Fedora-32.yml", "gid": 0, "group": "root", "item": "Fedora-32", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1620184890.6679027-135691-193855412333010/source", "state": "file", "uid": 0} changed: [/cache/fedora-32.qcow2] => (item=Fedora_32) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp_19esxv5/tests/roles/caller/vars/Fedora_32.yml", "gid": 0, "group": "root", "item": "Fedora_32", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1620184891.2795174-135691-269319420793361/source", "state": "file", "uid": 0} changed: [/cache/fedora-32.qcow2] => (item=Fedora) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp_19esxv5/tests/roles/caller/vars/Fedora.yml", "gid": 0, "group": "root", "item": "Fedora", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1620184891.6194363-135691-136962955087377/source", "state": "file", "uid": 0} changed: [/cache/fedora-32.qcow2] => (item=RedHat) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp_19esxv5/tests/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1620184891.9519882-135691-21793664753344/source", "state": "file", "uid": 0} TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmp_19esxv5/tests/roles/caller/tasks/main.yml:4 TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 TASK [caller : assert] ********************************************************* task path: /tmp/tmp_19esxv5/tests/roles/caller/tasks/main.yml:7 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=6 changed=2 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_key_size.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_key_size.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target systemd-journald.socket dbus-broker.service basic.target network.target dbus.socket system.slice syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_key_size.yml:14 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_key_size.yml:29 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185000.1780741, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3ac027ee3d36ab490479bc9b95c1ffdcc179e115", "ctime": 1620185000.1740742, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132616, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185000.1740742, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1655, "uid": 0, "version": "3218811432", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185000.1170743, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fe4fbe7ce6744e9c9898e3969a428329b6898830", "ctime": 1620185000.1740742, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185000.1740742, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3268, "uid": 0, "version": "1199142403", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.199142", "end": "2021-05-05 03:23:33.134164", "rc": 0, "start": "2021-05-05 03:23:32.935022", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"29:C5:A6:EC:5D:8F:4C:2F:54:8D:BD:5C:66:DB:A1:7A:9B:F6:A9:14\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"68:2B:A0:EE:E3:57:D3:0F:9D:D3:B7:BD:BC:D0:B1:E6:E9:4D:5D:31\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"CD:D8:97:6F:6A:F1:A4:BB:B6:DC:39:B6:5F:CC:43:04:63:F6:DA:51:04:36:91:E4:4A:6C:1F:EF:1A:8E:CE:D6:C1:41:A1:7D:66:9A:BC:31:04:E0:28:0A:FE:6B:B4:D2:B7:17:92:28:65:75:75:81:B8:74:A3:60:68:7C:8F:C0:8F:1D:48:E3:0A:35:58:DE:FC:0D:4E:09:99:D6:53:55:78:08:A8:08:94:0A:D6:A3:B8:5A:44:F8:E9:4C:31:48:41:D3:3C:F6:E7:8D:2E:3D:3A:A9:40:7E:23:56:63:EE:13:0D:56:94:77:C6:69:F1:93:3D:CF:23:F7:FE:07:9E:D5:12:06:36:56:9B:84:9A:E2:0F:3B:56:BE:6D:31:7C:9E:26:88:87:84:3D:54:B1:6E:20:14:70:0F:C9:5D:BD:19:36:C6:43:2C:59:0C:5D:59:69:A2:9E:BA:29:94:FA:1F:2C:3A:08:E0:C4:E3:4A:61:C1:C9:AB:9F:8A:CF:BB:D4:79:70:32:21:CF:7E:38:74:08:7F:D0:E1:B4:23:16:82:92:1F:AA:6F:B8:94:22:0B:54:D6:5C:3B:CA:37:6C:6C:D0:ED:D9:82:E4:4F:AA:D1:2C:2A:8E:7E:AE:A2:51:93:DE:06:78:2E:4E:47:DD:81:EF:D1:41:A3:3A:13:A9\"\n },\n \"key_size\": 4096,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:23:19\",\n \"not_valid_before\": \"2021-05-05 03:23:20\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"29:C5:A6:EC:5D:8F:4C:2F:54:8D:BD:5C:66:DB:A1:7A:9B:F6:A9:14\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"68:2B:A0:EE:E3:57:D3:0F:9D:D3:B7:BD:BC:D0:B1:E6:E9:4D:5D:31\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"CD:D8:97:6F:6A:F1:A4:BB:B6:DC:39:B6:5F:CC:43:04:63:F6:DA:51:04:36:91:E4:4A:6C:1F:EF:1A:8E:CE:D6:C1:41:A1:7D:66:9A:BC:31:04:E0:28:0A:FE:6B:B4:D2:B7:17:92:28:65:75:75:81:B8:74:A3:60:68:7C:8F:C0:8F:1D:48:E3:0A:35:58:DE:FC:0D:4E:09:99:D6:53:55:78:08:A8:08:94:0A:D6:A3:B8:5A:44:F8:E9:4C:31:48:41:D3:3C:F6:E7:8D:2E:3D:3A:A9:40:7E:23:56:63:EE:13:0D:56:94:77:C6:69:F1:93:3D:CF:23:F7:FE:07:9E:D5:12:06:36:56:9B:84:9A:E2:0F:3B:56:BE:6D:31:7C:9E:26:88:87:84:3D:54:B1:6E:20:14:70:0F:C9:5D:BD:19:36:C6:43:2C:59:0C:5D:59:69:A2:9E:BA:29:94:FA:1F:2C:3A:08:E0:C4:E3:4A:61:C1:C9:AB:9F:8A:CF:BB:D4:79:70:32:21:CF:7E:38:74:08:7F:D0:E1:B4:23:16:82:92:1F:AA:6F:B8:94:22:0B:54:D6:5C:3B:CA:37:6C:6C:D0:ED:D9:82:E4:4F:AA:D1:2C:2A:8E:7E:AE:A2:51:93:DE:06:78:2E:4E:47:DD:81:EF:D1:41:A3:3A:13:A9\"", " },", " \"key_size\": 4096,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:23:19\",", " \"not_valid_before\": \"2021-05-05 03:23:20\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "68:2B:A0:EE:E3:57:D3:0F:9D:D3:B7:BD:BC:D0:B1:E6:E9:4D:5D:31"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "29:C5:A6:EC:5D:8F:4C:2F:54:8D:BD:5C:66:DB:A1:7A:9B:F6:A9:14"}}, "key_size": 4096, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "CD:D8:97:6F:6A:F1:A4:BB:B6:DC:39:B6:5F:CC:43:04:63:F6:DA:51:04:36:91:E4:4A:6C:1F:EF:1A:8E:CE:D6:C1:41:A1:7D:66:9A:BC:31:04:E0:28:0A:FE:6B:B4:D2:B7:17:92:28:65:75:75:81:B8:74:A3:60:68:7C:8F:C0:8F:1D:48:E3:0A:35:58:DE:FC:0D:4E:09:99:D6:53:55:78:08:A8:08:94:0A:D6:A3:B8:5A:44:F8:E9:4C:31:48:41:D3:3C:F6:E7:8D:2E:3D:3A:A9:40:7E:23:56:63:EE:13:0D:56:94:77:C6:69:F1:93:3D:CF:23:F7:FE:07:9E:D5:12:06:36:56:9B:84:9A:E2:0F:3B:56:BE:6D:31:7C:9E:26:88:87:84:3D:54:B1:6E:20:14:70:0F:C9:5D:BD:19:36:C6:43:2C:59:0C:5D:59:69:A2:9E:BA:29:94:FA:1F:2C:3A:08:E0:C4:E3:4A:61:C1:C9:AB:9F:8A:CF:BB:D4:79:70:32:21:CF:7E:38:74:08:7F:D0:E1:B4:23:16:82:92:1F:AA:6F:B8:94:22:0B:54:D6:5C:3B:CA:37:6C:6C:D0:ED:D9:82:E4:4F:AA:D1:2C:2A:8E:7E:AE:A2:51:93:DE:06:78:2E:4E:47:DD:81:EF:D1:41:A3:3A:13:A9"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:23:19", "not_valid_before": "2021-05-05 03:23:20"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039211", "end": "2021-05-05 03:23:33.847314", "rc": 0, "start": "2021-05-05 03:23:33.808103", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_key_usage_and_extended_key_usage.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_key_usage_and_extended_key_usage.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus-broker.service dbus.socket system.slice sysinit.target systemd-journald.socket basic.target syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "extended_key_usage": ["id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5"], "key_usage": ["digitalSignature", "nonRepudiation", "keyEncipherment"], "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_key_usage_and_extended_key_usage.yml:22 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_key_usage_and_extended_key_usage.yml:49 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185078.958714, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0a4d30387e4e18cd86e6ce5d84f7a65128f1216d", "ctime": 1620185078.956714, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132624, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185078.956714, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1338, "uid": 0, "version": "2309287234", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185078.912714, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e23c909db89b4720c7604f1f757d5929c9e54663", "ctime": 1620185078.956714, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132504, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185078.956714, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "4026681746", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.210172", "end": "2021-05-05 03:24:52.055153", "rc": 0, "start": "2021-05-05 03:24:51.844981", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n },\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-ipsecTunnel\",\n \"oid\": \"1.3.6.1.5.5.7.3.6\"\n },\n {\n \"name\": null,\n \"oid\": \"1.3.6.1.5.2.3.5\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"6F:6E:5D:2B:D7:D9:07:53:86:4E:A1:71:BD:00:F2:2D:6F:6F:5F:B7\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"BB:92:E6:C7:0E:89:19:3E:FD:E2:D3:D6:54:E0:FC:47:BD:94:2F:B4\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"45:C1:DD:ED:53:AB:95:B7:8E:E1:42:3A:AA:89:5C:0E:FD:86:E3:7B:3C:E8:3F:76:96:B0:B3:5B:C3:99:AA:AB:D4:05:49:BD:DD:E8:78:1A:1A:EC:8A:87:8F:E6:E8:36:55:2A:E1:4C:D6:0F:E8:DC:21:FF:F9:3C:D8:8E:83:63:76:55:42:66:AF:2D:E9:D3:55:A4:E5:DD:5B:91:0A:BA:41:A0:48:90:A5:A3:30:0A:E6:0C:8B:F1:BF:6A:0F:6F:B0:E9:10:2C:0E:27:6F:54:C8:FF:15:72:88:13:37:AD:81:A3:F2:39:FC:44:BF:56:F3:B8:C1:95:52:A6:E6:F9:A0:94:F5:51:89:EB:11:BC:08:27:3A:C7:37:E0:1A:A7:DA:5A:2E:95:8B:F2:5E:11:AB:BF:26:89:87:36:CE:97:DB:11:CD:13:78:8E:DA:29:4A:C4:9D:EC:22:47:26:BC:F4:99:35:93:46:7C:40:66:4B:95:E9:76:2A:FC:5A:04:13:5C:C1:4D:0A:37:61:DA:42:0E:95:E8:11:6D:5A:FA:E0:B1:14:D7:85:14:D0:D8:15:28:07:40:D7:EB:E9:78:5D:5B:56:84:F0:BD:54:D2:A9:A0:11:BC:E1:68:97:6F:85:D7:42:CF:6D:6F:94:71:38:14:53:81:D7:18:19:BB\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:24:38\",\n \"not_valid_before\": \"2021-05-05 03:24:38\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " },", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-ipsecTunnel\",", " \"oid\": \"1.3.6.1.5.5.7.3.6\"", " },", " {", " \"name\": null,", " \"oid\": \"1.3.6.1.5.2.3.5\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"6F:6E:5D:2B:D7:D9:07:53:86:4E:A1:71:BD:00:F2:2D:6F:6F:5F:B7\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"BB:92:E6:C7:0E:89:19:3E:FD:E2:D3:D6:54:E0:FC:47:BD:94:2F:B4\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"45:C1:DD:ED:53:AB:95:B7:8E:E1:42:3A:AA:89:5C:0E:FD:86:E3:7B:3C:E8:3F:76:96:B0:B3:5B:C3:99:AA:AB:D4:05:49:BD:DD:E8:78:1A:1A:EC:8A:87:8F:E6:E8:36:55:2A:E1:4C:D6:0F:E8:DC:21:FF:F9:3C:D8:8E:83:63:76:55:42:66:AF:2D:E9:D3:55:A4:E5:DD:5B:91:0A:BA:41:A0:48:90:A5:A3:30:0A:E6:0C:8B:F1:BF:6A:0F:6F:B0:E9:10:2C:0E:27:6F:54:C8:FF:15:72:88:13:37:AD:81:A3:F2:39:FC:44:BF:56:F3:B8:C1:95:52:A6:E6:F9:A0:94:F5:51:89:EB:11:BC:08:27:3A:C7:37:E0:1A:A7:DA:5A:2E:95:8B:F2:5E:11:AB:BF:26:89:87:36:CE:97:DB:11:CD:13:78:8E:DA:29:4A:C4:9D:EC:22:47:26:BC:F4:99:35:93:46:7C:40:66:4B:95:E9:76:2A:FC:5A:04:13:5C:C1:4D:0A:37:61:DA:42:0E:95:E8:11:6D:5A:FA:E0:B1:14:D7:85:14:D0:D8:15:28:07:40:D7:EB:E9:78:5D:5B:56:84:F0:BD:54:D2:A9:A0:11:BC:E1:68:97:6F:85:D7:42:CF:6D:6F:94:71:38:14:53:81:D7:18:19:BB\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:24:38\",", " \"not_valid_before\": \"2021-05-05 03:24:38\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "BB:92:E6:C7:0E:89:19:3E:FD:E2:D3:D6:54:E0:FC:47:BD:94:2F:B4"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}, {"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6"}, {"name": null, "oid": "1.3.6.1.5.2.3.5"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "content_commitment", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "6F:6E:5D:2B:D7:D9:07:53:86:4E:A1:71:BD:00:F2:2D:6F:6F:5F:B7"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "45:C1:DD:ED:53:AB:95:B7:8E:E1:42:3A:AA:89:5C:0E:FD:86:E3:7B:3C:E8:3F:76:96:B0:B3:5B:C3:99:AA:AB:D4:05:49:BD:DD:E8:78:1A:1A:EC:8A:87:8F:E6:E8:36:55:2A:E1:4C:D6:0F:E8:DC:21:FF:F9:3C:D8:8E:83:63:76:55:42:66:AF:2D:E9:D3:55:A4:E5:DD:5B:91:0A:BA:41:A0:48:90:A5:A3:30:0A:E6:0C:8B:F1:BF:6A:0F:6F:B0:E9:10:2C:0E:27:6F:54:C8:FF:15:72:88:13:37:AD:81:A3:F2:39:FC:44:BF:56:F3:B8:C1:95:52:A6:E6:F9:A0:94:F5:51:89:EB:11:BC:08:27:3A:C7:37:E0:1A:A7:DA:5A:2E:95:8B:F2:5E:11:AB:BF:26:89:87:36:CE:97:DB:11:CD:13:78:8E:DA:29:4A:C4:9D:EC:22:47:26:BC:F4:99:35:93:46:7C:40:66:4B:95:E9:76:2A:FC:5A:04:13:5C:C1:4D:0A:37:61:DA:42:0E:95:E8:11:6D:5A:FA:E0:B1:14:D7:85:14:D0:D8:15:28:07:40:D7:EB:E9:78:5D:5B:56:84:F0:BD:54:D2:A9:A0:11:BC:E1:68:97:6F:85:D7:42:CF:6D:6F:94:71:38:14:53:81:D7:18:19:BB"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:24:38", "not_valid_before": "2021-05-05 03:24:38"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042303", "end": "2021-05-05 03:24:52.761697", "rc": 0, "start": "2021-05-05 03:24:52.719394", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_many_self_signed.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmp_19esxv5/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_many_self_signed.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus-broker.service system.slice basic.target systemd-journald.socket sysinit.target dbus.socket syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-32.qcow2] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.org", "name": "other-cert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-32.qcow2] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.net", "name": "another-cert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_many_self_signed.yml:18 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_many_self_signed.yml:50 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185154.8787484, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "807bacbf614e5595da569f22e7e12ee1dc89c03c", "ctime": 1620185154.8757484, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132616, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185154.8757484, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "2418694882", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185154.8327484, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "569c37bebaa0b7ef370ce9862f73ad78071113b2", "ctime": 1620185154.8757484, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185154.8757484, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "2296757450", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.201107", "end": "2021-05-05 03:26:09.233636", "rc": 0, "start": "2021-05-05 03:26:09.032529", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"DA:0A:34:28:56:33:0C:69:32:3B:9A:F7:A5:9C:01:78:AE:29:D0:FB\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"42:13:FC:1D:DA:D3:C7:74:DF:5E:FA:13:55:AE:31:66:00:AC:66:B8:A0:EE:7C:0C:8A:73:56:A5:A4:F2:72:6E:56:5D:5D:94:77:04:88:78:38:D9:65:F2:81:BB:38:AB:B3:81:C3:80:10:A5:87:CE:DD:E2:87:F4:91:04:5E:7A:09:76:7E:8C:A4:C7:CB:2F:FB:31:C1:A2:C5:62:E0:CE:10:C3:9F:77:ED:86:4F:B6:61:84:83:43:17:53:A9:D6:00:5B:7E:0F:4E:26:CE:ED:BD:8A:92:F1:32:C9:50:7A:8B:16:9C:A1:16:6B:47:34:C1:F5:2D:E0:69:E5:CB:1F:1C:8F:90:A3:27:69:FA:8D:BE:22:7C:5B:64:02:DB:6A:52:9E:39:98:5C:31:4D:09:AD:7E:4E:5C:77:B9:73:86:57:97:38:B4:18:01:9C:2C:62:32:8A:57:F1:68:23:3C:E2:65:33:0C:AF:44:12:D4:21:BD:49:0B:E8:70:F4:D0:6F:FA:D7:CE:AE:AE:35:FF:DA:DD:24:F7:C5:F2:E4:D7:AC:3D:D8:F3:ED:A5:F5:C8:2B:50:7D:EE:43:5F:36:9F:CE:B6:65:CF:E6:AF:02:77:25:9A:07:9E:06:A8:8A:0D:1E:50:EB:FD:62:C1:0D:EE:EB:C8:C2:29:31:C9:47:14\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:25:54\",\n \"not_valid_before\": \"2021-05-05 03:25:54\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"DA:0A:34:28:56:33:0C:69:32:3B:9A:F7:A5:9C:01:78:AE:29:D0:FB\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"42:13:FC:1D:DA:D3:C7:74:DF:5E:FA:13:55:AE:31:66:00:AC:66:B8:A0:EE:7C:0C:8A:73:56:A5:A4:F2:72:6E:56:5D:5D:94:77:04:88:78:38:D9:65:F2:81:BB:38:AB:B3:81:C3:80:10:A5:87:CE:DD:E2:87:F4:91:04:5E:7A:09:76:7E:8C:A4:C7:CB:2F:FB:31:C1:A2:C5:62:E0:CE:10:C3:9F:77:ED:86:4F:B6:61:84:83:43:17:53:A9:D6:00:5B:7E:0F:4E:26:CE:ED:BD:8A:92:F1:32:C9:50:7A:8B:16:9C:A1:16:6B:47:34:C1:F5:2D:E0:69:E5:CB:1F:1C:8F:90:A3:27:69:FA:8D:BE:22:7C:5B:64:02:DB:6A:52:9E:39:98:5C:31:4D:09:AD:7E:4E:5C:77:B9:73:86:57:97:38:B4:18:01:9C:2C:62:32:8A:57:F1:68:23:3C:E2:65:33:0C:AF:44:12:D4:21:BD:49:0B:E8:70:F4:D0:6F:FA:D7:CE:AE:AE:35:FF:DA:DD:24:F7:C5:F2:E4:D7:AC:3D:D8:F3:ED:A5:F5:C8:2B:50:7D:EE:43:5F:36:9F:CE:B6:65:CF:E6:AF:02:77:25:9A:07:9E:06:A8:8A:0D:1E:50:EB:FD:62:C1:0D:EE:EB:C8:C2:29:31:C9:47:14\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:25:54\",", " \"not_valid_before\": \"2021-05-05 03:25:54\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "DA:0A:34:28:56:33:0C:69:32:3B:9A:F7:A5:9C:01:78:AE:29:D0:FB"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "42:13:FC:1D:DA:D3:C7:74:DF:5E:FA:13:55:AE:31:66:00:AC:66:B8:A0:EE:7C:0C:8A:73:56:A5:A4:F2:72:6E:56:5D:5D:94:77:04:88:78:38:D9:65:F2:81:BB:38:AB:B3:81:C3:80:10:A5:87:CE:DD:E2:87:F4:91:04:5E:7A:09:76:7E:8C:A4:C7:CB:2F:FB:31:C1:A2:C5:62:E0:CE:10:C3:9F:77:ED:86:4F:B6:61:84:83:43:17:53:A9:D6:00:5B:7E:0F:4E:26:CE:ED:BD:8A:92:F1:32:C9:50:7A:8B:16:9C:A1:16:6B:47:34:C1:F5:2D:E0:69:E5:CB:1F:1C:8F:90:A3:27:69:FA:8D:BE:22:7C:5B:64:02:DB:6A:52:9E:39:98:5C:31:4D:09:AD:7E:4E:5C:77:B9:73:86:57:97:38:B4:18:01:9C:2C:62:32:8A:57:F1:68:23:3C:E2:65:33:0C:AF:44:12:D4:21:BD:49:0B:E8:70:F4:D0:6F:FA:D7:CE:AE:AE:35:FF:DA:DD:24:F7:C5:F2:E4:D7:AC:3D:D8:F3:ED:A5:F5:C8:2B:50:7D:EE:43:5F:36:9F:CE:B6:65:CF:E6:AF:02:77:25:9A:07:9E:06:A8:8A:0D:1E:50:EB:FD:62:C1:0D:EE:EB:C8:C2:29:31:C9:47:14"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:25:54", "not_valid_before": "2021-05-05 03:25:54"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043285", "end": "2021-05-05 03:26:09.932260", "rc": 0, "start": "2021-05-05 03:26:09.888975", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185155.4987485, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "cfe14e4d0f4e7feebda4a2d7c5c2c6f0dcbedfdd", "ctime": 1620185155.4957485, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132618, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185155.4957485, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "2489436042", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185155.4537485, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "01f7550f86e2cfd4fca76e2b05a48376a8d53056", "ctime": 1620185155.4957485, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132617, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185155.4957485, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2234065894", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt"], "delta": "0:00:00.221909", "end": "2021-05-05 03:26:16.258439", "rc": 0, "start": "2021-05-05 03:26:16.036530", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.org\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.org\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"EE:2A:C5:C3:2E:13:0D:8B:14:BF:5C:EB:70:94:17:96:12:18:DB:EC\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"95:59:D0:6E:00:58:A0:17:FC:68:81:4A:16:EE:95:5E:42:77:69:1D:0E:31:92:BD:3A:F4:3D:DE:34:F8:91:0A:6C:F6:86:EA:22:80:4F:B5:8E:7F:BA:9C:2B:7B:F7:FC:1B:60:6C:B6:81:E9:77:3C:71:66:27:9C:D9:1F:06:E5:13:20:87:C9:FA:6B:64:45:37:BC:33:B0:E4:11:C6:81:FF:58:0F:97:82:AD:96:72:86:D5:F3:0E:5C:69:85:6C:93:89:1B:6D:09:3C:DA:AE:17:51:CA:A1:03:65:C2:F8:FF:07:0F:E8:AA:E8:EF:BC:5B:E4:97:EC:BE:15:3F:DE:4B:68:2F:D9:BA:24:4A:A6:ED:26:78:5F:B2:F9:5E:41:5C:A2:3D:BA:AD:48:23:E8:A8:87:87:46:48:A2:78:2C:6E:F7:1B:74:55:89:C6:EB:13:7F:26:61:DF:E7:5E:F0:A5:5E:31:F4:10:DE:00:74:04:2E:E8:1D:DC:AE:0E:83:1F:7C:B5:67:85:9E:B0:7F:CF:5B:78:45:F9:E3:55:49:44:CA:E2:25:9C:2C:EC:43:80:22:6C:D3:76:DF:CA:CD:2B:29:16:19:8E:27:9C:AB:A2:F7:69:B2:73:D1:DF:E2:BC:62:30:E0:4C:24:59:CC:F9:C7:6E:4E:D4:56:CE:45\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:25:54\",\n \"not_valid_before\": \"2021-05-05 03:25:55\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.org\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.org\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"EE:2A:C5:C3:2E:13:0D:8B:14:BF:5C:EB:70:94:17:96:12:18:DB:EC\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"95:59:D0:6E:00:58:A0:17:FC:68:81:4A:16:EE:95:5E:42:77:69:1D:0E:31:92:BD:3A:F4:3D:DE:34:F8:91:0A:6C:F6:86:EA:22:80:4F:B5:8E:7F:BA:9C:2B:7B:F7:FC:1B:60:6C:B6:81:E9:77:3C:71:66:27:9C:D9:1F:06:E5:13:20:87:C9:FA:6B:64:45:37:BC:33:B0:E4:11:C6:81:FF:58:0F:97:82:AD:96:72:86:D5:F3:0E:5C:69:85:6C:93:89:1B:6D:09:3C:DA:AE:17:51:CA:A1:03:65:C2:F8:FF:07:0F:E8:AA:E8:EF:BC:5B:E4:97:EC:BE:15:3F:DE:4B:68:2F:D9:BA:24:4A:A6:ED:26:78:5F:B2:F9:5E:41:5C:A2:3D:BA:AD:48:23:E8:A8:87:87:46:48:A2:78:2C:6E:F7:1B:74:55:89:C6:EB:13:7F:26:61:DF:E7:5E:F0:A5:5E:31:F4:10:DE:00:74:04:2E:E8:1D:DC:AE:0E:83:1F:7C:B5:67:85:9E:B0:7F:CF:5B:78:45:F9:E3:55:49:44:CA:E2:25:9C:2C:EC:43:80:22:6C:D3:76:DF:CA:CD:2B:29:16:19:8E:27:9C:AB:A2:F7:69:B2:73:D1:DF:E2:BC:62:30:E0:4C:24:59:CC:F9:C7:6E:4E:D4:56:CE:45\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:25:54\",", " \"not_valid_before\": \"2021-05-05 03:25:55\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.org"}]}, "subjectKeyIdentifier": {"critical": false, "value": "EE:2A:C5:C3:2E:13:0D:8B:14:BF:5C:EB:70:94:17:96:12:18:DB:EC"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "95:59:D0:6E:00:58:A0:17:FC:68:81:4A:16:EE:95:5E:42:77:69:1D:0E:31:92:BD:3A:F4:3D:DE:34:F8:91:0A:6C:F6:86:EA:22:80:4F:B5:8E:7F:BA:9C:2B:7B:F7:FC:1B:60:6C:B6:81:E9:77:3C:71:66:27:9C:D9:1F:06:E5:13:20:87:C9:FA:6B:64:45:37:BC:33:B0:E4:11:C6:81:FF:58:0F:97:82:AD:96:72:86:D5:F3:0E:5C:69:85:6C:93:89:1B:6D:09:3C:DA:AE:17:51:CA:A1:03:65:C2:F8:FF:07:0F:E8:AA:E8:EF:BC:5B:E4:97:EC:BE:15:3F:DE:4B:68:2F:D9:BA:24:4A:A6:ED:26:78:5F:B2:F9:5E:41:5C:A2:3D:BA:AD:48:23:E8:A8:87:87:46:48:A2:78:2C:6E:F7:1B:74:55:89:C6:EB:13:7F:26:61:DF:E7:5E:F0:A5:5E:31:F4:10:DE:00:74:04:2E:E8:1D:DC:AE:0E:83:1F:7C:B5:67:85:9E:B0:7F:CF:5B:78:45:F9:E3:55:49:44:CA:E2:25:9C:2C:EC:43:80:22:6C:D3:76:DF:CA:CD:2B:29:16:19:8E:27:9C:AB:A2:F7:69:B2:73:D1:DF:E2:BC:62:30:E0:4C:24:59:CC:F9:C7:6E:4E:D4:56:CE:45"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.org"}], "validity": {"not_valid_after": "2022-05-05 03:25:54", "not_valid_before": "2021-05-05 03:25:55"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041476", "end": "2021-05-05 03:26:17.022143", "rc": 0, "start": "2021-05-05 03:26:16.980667", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185156.1837485, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a6473d23c9821667a0a1da686a5352ec8673915a", "ctime": 1620185156.1807485, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132620, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185156.1807485, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "2610469147", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185156.1387484, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "48df5142c13d5a9079284fb55d04020a21e69196", "ctime": 1620185156.1807485, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132619, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185156.1807485, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "247666574", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt"], "delta": "0:00:00.201154", "end": "2021-05-05 03:26:23.264574", "rc": 0, "start": "2021-05-05 03:26:23.063420", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.net\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.net\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"0D:2B:04:DC:80:96:F4:91:4D:A7:87:EA:D5:E8:9A:0F:F9:44:B9:6A\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"4D:B4:5E:B0:93:D2:6C:97:DB:31:53:9C:9B:77:A5:4F:AD:9E:05:A1:4E:72:2B:39:1E:EE:05:E9:07:9E:1A:C0:95:61:F1:48:6E:30:0D:5F:17:C5:8D:12:1A:3A:0D:62:58:58:9F:7B:49:7C:DA:5C:FB:74:95:F4:00:A4:07:3F:BE:EF:60:2B:D3:F6:57:EA:A3:24:04:03:EF:56:40:05:F3:21:3C:1D:A3:31:8A:CD:67:C8:CD:4A:5A:A6:5B:8C:A1:65:F6:A8:45:5B:12:AE:96:24:03:99:94:E1:A0:F6:19:DE:7B:1F:FA:B7:2C:B2:31:0A:62:53:22:74:FF:90:2B:01:C7:47:02:81:76:1E:9D:6D:59:2D:44:58:A4:B6:99:BB:05:61:0F:BF:D6:01:CF:EB:2C:9D:C1:82:CA:5A:26:70:2E:53:F5:35:7F:07:4B:79:E9:B0:85:02:98:50:97:F0:0D:11:6F:25:77:0D:53:C4:8A:81:2F:E6:03:BA:EA:4D:2B:94:F3:C4:5D:FA:20:3F:6F:AE:7A:CF:7C:FB:1B:8C:F7:55:84:F9:1B:0B:84:D3:A2:6E:60:A7:7A:5F:47:B4:3D:FA:5B:F1:5B:B0:92:95:86:18:48:7B:14:8D:2E:0E:C8:43:40:58:F2:59:5A:96:65:6C:EF:A9:79:52\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:25:54\",\n \"not_valid_before\": \"2021-05-05 03:25:56\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.net\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.net\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"0D:2B:04:DC:80:96:F4:91:4D:A7:87:EA:D5:E8:9A:0F:F9:44:B9:6A\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"4D:B4:5E:B0:93:D2:6C:97:DB:31:53:9C:9B:77:A5:4F:AD:9E:05:A1:4E:72:2B:39:1E:EE:05:E9:07:9E:1A:C0:95:61:F1:48:6E:30:0D:5F:17:C5:8D:12:1A:3A:0D:62:58:58:9F:7B:49:7C:DA:5C:FB:74:95:F4:00:A4:07:3F:BE:EF:60:2B:D3:F6:57:EA:A3:24:04:03:EF:56:40:05:F3:21:3C:1D:A3:31:8A:CD:67:C8:CD:4A:5A:A6:5B:8C:A1:65:F6:A8:45:5B:12:AE:96:24:03:99:94:E1:A0:F6:19:DE:7B:1F:FA:B7:2C:B2:31:0A:62:53:22:74:FF:90:2B:01:C7:47:02:81:76:1E:9D:6D:59:2D:44:58:A4:B6:99:BB:05:61:0F:BF:D6:01:CF:EB:2C:9D:C1:82:CA:5A:26:70:2E:53:F5:35:7F:07:4B:79:E9:B0:85:02:98:50:97:F0:0D:11:6F:25:77:0D:53:C4:8A:81:2F:E6:03:BA:EA:4D:2B:94:F3:C4:5D:FA:20:3F:6F:AE:7A:CF:7C:FB:1B:8C:F7:55:84:F9:1B:0B:84:D3:A2:6E:60:A7:7A:5F:47:B4:3D:FA:5B:F1:5B:B0:92:95:86:18:48:7B:14:8D:2E:0E:C8:43:40:58:F2:59:5A:96:65:6C:EF:A9:79:52\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:25:54\",", " \"not_valid_before\": \"2021-05-05 03:25:56\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "AB:CA:28:F6:CE:C6:4D:81:A9:60:AE:90:A0:BC:F7:70:10:90:23:67"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.net"}]}, "subjectKeyIdentifier": {"critical": false, "value": "0D:2B:04:DC:80:96:F4:91:4D:A7:87:EA:D5:E8:9A:0F:F9:44:B9:6A"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "4D:B4:5E:B0:93:D2:6C:97:DB:31:53:9C:9B:77:A5:4F:AD:9E:05:A1:4E:72:2B:39:1E:EE:05:E9:07:9E:1A:C0:95:61:F1:48:6E:30:0D:5F:17:C5:8D:12:1A:3A:0D:62:58:58:9F:7B:49:7C:DA:5C:FB:74:95:F4:00:A4:07:3F:BE:EF:60:2B:D3:F6:57:EA:A3:24:04:03:EF:56:40:05:F3:21:3C:1D:A3:31:8A:CD:67:C8:CD:4A:5A:A6:5B:8C:A1:65:F6:A8:45:5B:12:AE:96:24:03:99:94:E1:A0:F6:19:DE:7B:1F:FA:B7:2C:B2:31:0A:62:53:22:74:FF:90:2B:01:C7:47:02:81:76:1E:9D:6D:59:2D:44:58:A4:B6:99:BB:05:61:0F:BF:D6:01:CF:EB:2C:9D:C1:82:CA:5A:26:70:2E:53:F5:35:7F:07:4B:79:E9:B0:85:02:98:50:97:F0:0D:11:6F:25:77:0D:53:C4:8A:81:2F:E6:03:BA:EA:4D:2B:94:F3:C4:5D:FA:20:3F:6F:AE:7A:CF:7C:FB:1B:8C:F7:55:84:F9:1B:0B:84:D3:A2:6E:60:A7:7A:5F:47:B4:3D:FA:5B:F1:5B:B0:92:95:86:18:48:7B:14:8D:2E:0E:C8:43:40:58:F2:59:5A:96:65:6C:EF:A9:79:52"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.net"}], "validity": {"not_valid_after": "2022-05-05 03:25:54", "not_valid_before": "2021-05-05 03:25:56"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041944", "end": "2021-05-05 03:26:23.969290", "rc": 0, "start": "2021-05-05 03:26:23.927346", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=70 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_no_auto_renew.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_no_auto_renew.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice syslog.target basic.target network.target dbus-broker.service systemd-journald.socket dbus.socket sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => {"ansible_loop_var": "item", "changed": true, "item": {"auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-32.qcow2] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "defaultcert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_no_auto_renew.yml:17 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_no_auto_renew.yml:42 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185246.027052, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e7083bf4b6d1c7c79d9fd6cc62ca83b9121353e0", "ctime": 1620185246.024052, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132624, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185246.024052, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "2354328881", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185245.981052, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4a17933f59a73a962c629ed1ef0284e028084013", "ctime": 1620185246.024052, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132504, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185246.024052, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "170616624", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.209831", "end": "2021-05-05 03:27:40.024775", "rc": 0, "start": "2021-05-05 03:27:39.814944", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"A3:C7:2C:28:92:C7:46:21:8E:B5:C8:1F:5D:6B:1C:46:E6:A9:53:6C\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"30:E7:06:F7:76:7D:44:11:D4:1F:26:7D:06:5F:88:B3:4A:5F:89:9E\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"00:AB:42:48:4F:57:B7:49:60:C3:D4:04:B3:17:4D:10:AA:F0:84:2E:6B:E8:D7:D3:96:14:A8:7F:CC:EE:99:42:00:A9:00:68:1B:65:6E:2C:58:81:A2:A5:02:9C:CD:1A:5D:4C:D6:3A:BB:3E:96:59:24:A4:93:47:84:BE:97:AC:20:8E:3F:73:F9:B7:0D:E4:00:5A:F6:5C:06:BB:C7:9A:7E:8E:9A:4F:61:F7:5B:32:F0:75:02:45:0C:8D:12:2D:EF:22:98:A4:66:7C:AA:8F:9A:CF:5D:DD:82:5A:FE:0E:48:3F:4B:62:C0:72:03:61:AB:44:64:42:C2:FE:27:D3:C3:E5:1B:86:E8:0A:D0:98:3C:B5:BB:21:97:EE:81:66:32:DA:8D:06:0D:A8:FB:A0:E6:68:98:68:7C:E1:DA:95:3A:5F:11:8D:BB:96:D1:F3:8B:98:FB:66:A9:D8:BB:9D:84:CB:BD:9B:07:7E:6C:06:63:EB:09:2B:70:79:86:15:9F:8C:D8:E8:FB:88:66:D0:26:C2:23:16:FE:23:CD:A9:AE:D8:89:A1:E7:D2:35:A0:13:92:62:E2:AB:00:24:19:F6:D8:BD:9C:36:03:FA:86:88:F4:14:79:C5:38:CE:AD:61:EA:3E:62:90:58:22:CD:50:E1:F7:C7:64:13:61:0F\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:27:25\",\n \"not_valid_before\": \"2021-05-05 03:27:26\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"A3:C7:2C:28:92:C7:46:21:8E:B5:C8:1F:5D:6B:1C:46:E6:A9:53:6C\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"30:E7:06:F7:76:7D:44:11:D4:1F:26:7D:06:5F:88:B3:4A:5F:89:9E\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"00:AB:42:48:4F:57:B7:49:60:C3:D4:04:B3:17:4D:10:AA:F0:84:2E:6B:E8:D7:D3:96:14:A8:7F:CC:EE:99:42:00:A9:00:68:1B:65:6E:2C:58:81:A2:A5:02:9C:CD:1A:5D:4C:D6:3A:BB:3E:96:59:24:A4:93:47:84:BE:97:AC:20:8E:3F:73:F9:B7:0D:E4:00:5A:F6:5C:06:BB:C7:9A:7E:8E:9A:4F:61:F7:5B:32:F0:75:02:45:0C:8D:12:2D:EF:22:98:A4:66:7C:AA:8F:9A:CF:5D:DD:82:5A:FE:0E:48:3F:4B:62:C0:72:03:61:AB:44:64:42:C2:FE:27:D3:C3:E5:1B:86:E8:0A:D0:98:3C:B5:BB:21:97:EE:81:66:32:DA:8D:06:0D:A8:FB:A0:E6:68:98:68:7C:E1:DA:95:3A:5F:11:8D:BB:96:D1:F3:8B:98:FB:66:A9:D8:BB:9D:84:CB:BD:9B:07:7E:6C:06:63:EB:09:2B:70:79:86:15:9F:8C:D8:E8:FB:88:66:D0:26:C2:23:16:FE:23:CD:A9:AE:D8:89:A1:E7:D2:35:A0:13:92:62:E2:AB:00:24:19:F6:D8:BD:9C:36:03:FA:86:88:F4:14:79:C5:38:CE:AD:61:EA:3E:62:90:58:22:CD:50:E1:F7:C7:64:13:61:0F\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:27:25\",", " \"not_valid_before\": \"2021-05-05 03:27:26\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "30:E7:06:F7:76:7D:44:11:D4:1F:26:7D:06:5F:88:B3:4A:5F:89:9E"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "A3:C7:2C:28:92:C7:46:21:8E:B5:C8:1F:5D:6B:1C:46:E6:A9:53:6C"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "00:AB:42:48:4F:57:B7:49:60:C3:D4:04:B3:17:4D:10:AA:F0:84:2E:6B:E8:D7:D3:96:14:A8:7F:CC:EE:99:42:00:A9:00:68:1B:65:6E:2C:58:81:A2:A5:02:9C:CD:1A:5D:4C:D6:3A:BB:3E:96:59:24:A4:93:47:84:BE:97:AC:20:8E:3F:73:F9:B7:0D:E4:00:5A:F6:5C:06:BB:C7:9A:7E:8E:9A:4F:61:F7:5B:32:F0:75:02:45:0C:8D:12:2D:EF:22:98:A4:66:7C:AA:8F:9A:CF:5D:DD:82:5A:FE:0E:48:3F:4B:62:C0:72:03:61:AB:44:64:42:C2:FE:27:D3:C3:E5:1B:86:E8:0A:D0:98:3C:B5:BB:21:97:EE:81:66:32:DA:8D:06:0D:A8:FB:A0:E6:68:98:68:7C:E1:DA:95:3A:5F:11:8D:BB:96:D1:F3:8B:98:FB:66:A9:D8:BB:9D:84:CB:BD:9B:07:7E:6C:06:63:EB:09:2B:70:79:86:15:9F:8C:D8:E8:FB:88:66:D0:26:C2:23:16:FE:23:CD:A9:AE:D8:89:A1:E7:D2:35:A0:13:92:62:E2:AB:00:24:19:F6:D8:BD:9C:36:03:FA:86:88:F4:14:79:C5:38:CE:AD:61:EA:3E:62:90:58:22:CD:50:E1:F7:C7:64:13:61:0F"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:27:25", "not_valid_before": "2021-05-05 03:27:26"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040978", "end": "2021-05-05 03:27:40.760961", "rc": 0, "start": "2021-05-05 03:27:40.719983", "stderr": "", "stderr_lines": [], "stdout": "no", "stdout_lines": ["no"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185246.692052, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2673584da60d1533037e688afbc40cb6f9a4ea3f", "ctime": 1620185246.690052, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132626, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185246.690052, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "915357198", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185246.6470518, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8401b7d9d281215657626d75708cc75d2ba91367", "ctime": 1620185246.6890519, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132625, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185246.6890519, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "930620356", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt"], "delta": "0:00:00.213972", "end": "2021-05-05 03:27:47.019950", "rc": 0, "start": "2021-05-05 03:27:46.805978", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"0C:CA:42:A7:31:9F:2D:67:68:E7:52:E5:FE:8B:8A:3A:5C:52:F2:13\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"30:E7:06:F7:76:7D:44:11:D4:1F:26:7D:06:5F:88:B3:4A:5F:89:9E\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"8C:8A:A0:BA:0F:9E:65:22:F4:5D:92:7B:D7:00:EA:D3:9F:4C:37:3A:9F:E8:CD:31:83:B6:08:63:B0:6D:53:1D:53:C0:2D:F5:C2:0F:10:D5:16:76:2F:88:3A:7C:EA:81:36:97:BB:81:07:F7:72:5E:DF:D5:98:C3:7F:16:B9:2F:D6:F0:6D:E4:9A:70:67:7C:54:54:32:EC:AA:AD:2E:49:BB:4D:C2:40:A3:BB:EC:CE:FB:A4:95:49:B5:48:58:CE:DB:D0:9C:E1:15:BA:5D:E4:4F:11:7B:A3:1D:F8:D8:02:3E:DE:A3:3B:26:CC:7D:59:E7:25:F2:A4:21:9A:72:B0:B7:75:82:57:CC:2D:58:B9:E3:0B:9D:8F:1F:84:BB:7C:39:5A:2F:75:5E:E2:6F:EB:30:56:14:F5:83:98:D5:82:F2:26:9B:49:AE:0F:73:DD:15:85:E6:3C:80:AA:80:08:11:6D:A0:AB:61:67:EF:1C:50:69:01:C4:9A:F5:B6:AA:A6:93:93:40:19:5D:9D:1F:9A:2B:A0:BC:21:DB:9A:C2:D9:FE:12:82:38:F2:49:C6:30:BB:72:35:5F:56:3A:4F:66:5D:11:81:21:28:00:12:C9:8E:BE:6F:96:14:FB:2B:21:23:55:80:4E:4B:49:79:A1:5A:41:EB:C3:3C:5E:81\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:27:25\",\n \"not_valid_before\": \"2021-05-05 03:27:26\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"0C:CA:42:A7:31:9F:2D:67:68:E7:52:E5:FE:8B:8A:3A:5C:52:F2:13\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"30:E7:06:F7:76:7D:44:11:D4:1F:26:7D:06:5F:88:B3:4A:5F:89:9E\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"8C:8A:A0:BA:0F:9E:65:22:F4:5D:92:7B:D7:00:EA:D3:9F:4C:37:3A:9F:E8:CD:31:83:B6:08:63:B0:6D:53:1D:53:C0:2D:F5:C2:0F:10:D5:16:76:2F:88:3A:7C:EA:81:36:97:BB:81:07:F7:72:5E:DF:D5:98:C3:7F:16:B9:2F:D6:F0:6D:E4:9A:70:67:7C:54:54:32:EC:AA:AD:2E:49:BB:4D:C2:40:A3:BB:EC:CE:FB:A4:95:49:B5:48:58:CE:DB:D0:9C:E1:15:BA:5D:E4:4F:11:7B:A3:1D:F8:D8:02:3E:DE:A3:3B:26:CC:7D:59:E7:25:F2:A4:21:9A:72:B0:B7:75:82:57:CC:2D:58:B9:E3:0B:9D:8F:1F:84:BB:7C:39:5A:2F:75:5E:E2:6F:EB:30:56:14:F5:83:98:D5:82:F2:26:9B:49:AE:0F:73:DD:15:85:E6:3C:80:AA:80:08:11:6D:A0:AB:61:67:EF:1C:50:69:01:C4:9A:F5:B6:AA:A6:93:93:40:19:5D:9D:1F:9A:2B:A0:BC:21:DB:9A:C2:D9:FE:12:82:38:F2:49:C6:30:BB:72:35:5F:56:3A:4F:66:5D:11:81:21:28:00:12:C9:8E:BE:6F:96:14:FB:2B:21:23:55:80:4E:4B:49:79:A1:5A:41:EB:C3:3C:5E:81\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:27:25\",", " \"not_valid_before\": \"2021-05-05 03:27:26\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "30:E7:06:F7:76:7D:44:11:D4:1F:26:7D:06:5F:88:B3:4A:5F:89:9E"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "0C:CA:42:A7:31:9F:2D:67:68:E7:52:E5:FE:8B:8A:3A:5C:52:F2:13"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "8C:8A:A0:BA:0F:9E:65:22:F4:5D:92:7B:D7:00:EA:D3:9F:4C:37:3A:9F:E8:CD:31:83:B6:08:63:B0:6D:53:1D:53:C0:2D:F5:C2:0F:10:D5:16:76:2F:88:3A:7C:EA:81:36:97:BB:81:07:F7:72:5E:DF:D5:98:C3:7F:16:B9:2F:D6:F0:6D:E4:9A:70:67:7C:54:54:32:EC:AA:AD:2E:49:BB:4D:C2:40:A3:BB:EC:CE:FB:A4:95:49:B5:48:58:CE:DB:D0:9C:E1:15:BA:5D:E4:4F:11:7B:A3:1D:F8:D8:02:3E:DE:A3:3B:26:CC:7D:59:E7:25:F2:A4:21:9A:72:B0:B7:75:82:57:CC:2D:58:B9:E3:0B:9D:8F:1F:84:BB:7C:39:5A:2F:75:5E:E2:6F:EB:30:56:14:F5:83:98:D5:82:F2:26:9B:49:AE:0F:73:DD:15:85:E6:3C:80:AA:80:08:11:6D:A0:AB:61:67:EF:1C:50:69:01:C4:9A:F5:B6:AA:A6:93:93:40:19:5D:9D:1F:9A:2B:A0:BC:21:DB:9A:C2:D9:FE:12:82:38:F2:49:C6:30:BB:72:35:5F:56:3A:4F:66:5D:11:81:21:28:00:12:C9:8E:BE:6F:96:14:FB:2B:21:23:55:80:4E:4B:49:79:A1:5A:41:EB:C3:3C:5E:81"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:27:25", "not_valid_before": "2021-05-05 03:27:26"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042816", "end": "2021-05-05 03:27:47.808220", "rc": 0, "start": "2021-05-05 03:27:47.765404", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=50 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_not_wait_for_cert.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_not_wait_for_cert.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service basic.target systemd-journald.socket system.slice dbus.socket network.target sysinit.target syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_not_wait_for_cert.yml:14 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmp_19esxv5/tests/tests_not_wait_for_cert.yml:28 ok: [/cache/fedora-32.qcow2] => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => {"ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": {"key_path": "/etc/pki/tls/private/mycert.key", "path": "/etc/pki/tls/certs/mycert.crt", "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "subject_alt_name": [{"name": "DNS", "value": "www.example.com"}]}, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1310, "state": "file", "uid": 0} TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_not_wait_for_cert.yml:34 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185326.8475814, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "71e22d9bdf9578ca05d9f7c5022463741b669238", "ctime": 1620185326.8445814, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132647, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185326.8445814, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "341326686", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185326.8015814, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "37d5ed43391e5cd65b47771cb2f512db9539ff01", "ctime": 1620185326.8445814, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132646, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185326.8445814, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1376156488", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.188059", "end": "2021-05-05 03:29:00.038124", "rc": 0, "start": "2021-05-05 03:28:59.850065", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"47:C7:11:CD:3D:DE:F4:28:F4:44:03:B8:11:91:29:C0:D1:AB:64:D7\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"F3:41:7A:38:49:F3:FD:39:F0:91:34:D7:56:36:2B:CC:60:60:18:9B\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"72:27:7A:FD:08:29:DA:15:F7:C7:48:98:36:C3:74:83:65:AF:AC:63:59:C0:95:3F:4C:E9:D9:93:EA:DF:3F:84:05:39:81:CE:CA:04:22:70:0C:4F:5F:56:94:63:13:D0:AF:31:0A:4A:31:3A:E3:38:43:B9:67:29:14:FA:D5:4F:6E:75:BF:9E:AB:4D:FE:BD:6D:98:15:AC:54:EF:C7:D1:B6:E0:64:D5:3D:8F:9D:3D:4F:74:F1:57:EA:4D:A4:F9:8F:BA:08:83:A0:98:ED:D0:D2:A1:D0:69:51:78:45:44:DF:F3:3E:3F:A6:15:15:DD:C7:B5:4D:C0:8A:85:52:29:54:EF:9E:F5:16:C2:C3:7D:90:EA:67:2A:ED:58:9C:3C:A6:6D:0E:F2:E1:B1:CF:19:3D:C4:F5:76:1D:81:65:29:4B:1D:A5:31:49:2D:98:3B:C8:63:7A:E1:3A:A5:62:E1:8C:01:11:12:7D:6A:0D:0C:75:89:05:94:B6:84:15:2E:AD:16:2F:57:4A:64:EB:58:88:FD:51:44:98:9A:D0:C8:DB:EB:7F:A7:D7:86:26:9C:89:1D:BC:1E:87:97:CC:74:AC:FF:BE:42:29:D5:8B:31:29:BE:E8:1C:16:F8:2A:5D:7B:DF:11:D1:61:A9:F5:F4:D4:EC:CD:67:05:07:08:44\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:28:46\",\n \"not_valid_before\": \"2021-05-05 03:28:46\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"47:C7:11:CD:3D:DE:F4:28:F4:44:03:B8:11:91:29:C0:D1:AB:64:D7\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"F3:41:7A:38:49:F3:FD:39:F0:91:34:D7:56:36:2B:CC:60:60:18:9B\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"72:27:7A:FD:08:29:DA:15:F7:C7:48:98:36:C3:74:83:65:AF:AC:63:59:C0:95:3F:4C:E9:D9:93:EA:DF:3F:84:05:39:81:CE:CA:04:22:70:0C:4F:5F:56:94:63:13:D0:AF:31:0A:4A:31:3A:E3:38:43:B9:67:29:14:FA:D5:4F:6E:75:BF:9E:AB:4D:FE:BD:6D:98:15:AC:54:EF:C7:D1:B6:E0:64:D5:3D:8F:9D:3D:4F:74:F1:57:EA:4D:A4:F9:8F:BA:08:83:A0:98:ED:D0:D2:A1:D0:69:51:78:45:44:DF:F3:3E:3F:A6:15:15:DD:C7:B5:4D:C0:8A:85:52:29:54:EF:9E:F5:16:C2:C3:7D:90:EA:67:2A:ED:58:9C:3C:A6:6D:0E:F2:E1:B1:CF:19:3D:C4:F5:76:1D:81:65:29:4B:1D:A5:31:49:2D:98:3B:C8:63:7A:E1:3A:A5:62:E1:8C:01:11:12:7D:6A:0D:0C:75:89:05:94:B6:84:15:2E:AD:16:2F:57:4A:64:EB:58:88:FD:51:44:98:9A:D0:C8:DB:EB:7F:A7:D7:86:26:9C:89:1D:BC:1E:87:97:CC:74:AC:FF:BE:42:29:D5:8B:31:29:BE:E8:1C:16:F8:2A:5D:7B:DF:11:D1:61:A9:F5:F4:D4:EC:CD:67:05:07:08:44\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:28:46\",", " \"not_valid_before\": \"2021-05-05 03:28:46\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "F3:41:7A:38:49:F3:FD:39:F0:91:34:D7:56:36:2B:CC:60:60:18:9B"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "47:C7:11:CD:3D:DE:F4:28:F4:44:03:B8:11:91:29:C0:D1:AB:64:D7"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "72:27:7A:FD:08:29:DA:15:F7:C7:48:98:36:C3:74:83:65:AF:AC:63:59:C0:95:3F:4C:E9:D9:93:EA:DF:3F:84:05:39:81:CE:CA:04:22:70:0C:4F:5F:56:94:63:13:D0:AF:31:0A:4A:31:3A:E3:38:43:B9:67:29:14:FA:D5:4F:6E:75:BF:9E:AB:4D:FE:BD:6D:98:15:AC:54:EF:C7:D1:B6:E0:64:D5:3D:8F:9D:3D:4F:74:F1:57:EA:4D:A4:F9:8F:BA:08:83:A0:98:ED:D0:D2:A1:D0:69:51:78:45:44:DF:F3:3E:3F:A6:15:15:DD:C7:B5:4D:C0:8A:85:52:29:54:EF:9E:F5:16:C2:C3:7D:90:EA:67:2A:ED:58:9C:3C:A6:6D:0E:F2:E1:B1:CF:19:3D:C4:F5:76:1D:81:65:29:4B:1D:A5:31:49:2D:98:3B:C8:63:7A:E1:3A:A5:62:E1:8C:01:11:12:7D:6A:0D:0C:75:89:05:94:B6:84:15:2E:AD:16:2F:57:4A:64:EB:58:88:FD:51:44:98:9A:D0:C8:DB:EB:7F:A7:D7:86:26:9C:89:1D:BC:1E:87:97:CC:74:AC:FF:BE:42:29:D5:8B:31:29:BE:E8:1C:16:F8:2A:5D:7B:DF:11:D1:61:A9:F5:F4:D4:EC:CD:67:05:07:08:44"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:28:46", "not_valid_before": "2021-05-05 03:28:46"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040851", "end": "2021-05-05 03:29:00.737417", "rc": 0, "start": "2021-05-05 03:29:00.696566", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_principal.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmp_19esxv5/tests/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_principal.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice sysinit.target dbus-broker.service systemd-journald.socket network.target basic.target syslog.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "principal": "HTTP/www.example.com@EXAMPLE.COM"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_principal.yml:13 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_principal.yml:33 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185404.540108, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f1e388a6b9a29dd1ec79865e01d0ad9d781bea80", "ctime": 1620185404.537108, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132616, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185404.537108, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1472, "uid": 0, "version": "712186184", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185404.4831078, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3873514aa11638303fe627133a1efec08a84834d", "ctime": 1620185404.537108, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185404.537108, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1410597425", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.267500", "end": "2021-05-05 03:30:17.787284", "rc": 0, "start": "2021-05-05 03:30:17.519784", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"AB:5D:B8:F7:82:3C:6B:69:4E:09:70:36:0A:AF:D2:06:66:52:DD:F9\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"60:ED:78:F9:8D:E3:55:06:7A:50:B4:29:2D:69:0E:22:BF:B8:95:81\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"2C:C8:76:E6:BB:24:80:E9:D7:4E:2C:B2:F2:AE:8A:A0:2E:27:9E:C6:AF:CB:1B:CF:FB:B3:77:B8:FA:49:04:62:F5:9E:12:C1:C3:D0:7E:9A:BB:21:B0:45:9D:61:A0:DC:6B:DB:11:24:01:97:39:7C:54:35:04:C1:92:75:E2:35:3D:B6:81:CD:41:52:47:55:DF:E0:96:74:59:51:74:8C:B4:97:6E:F1:DB:9F:A6:D1:E0:D0:4F:FD:78:02:37:CC:BD:03:C3:FF:8B:93:16:E8:CA:3A:14:C5:E6:64:FA:06:DC:50:17:06:EC:A1:D7:1A:2C:B7:A7:2E:20:E5:4F:06:DE:BD:E4:97:58:7B:FA:73:4C:B2:92:77:18:F4:18:2B:42:69:32:0F:5B:09:D4:36:26:15:F0:DB:29:D2:8E:05:68:66:43:2B:91:2F:AC:39:A2:0C:CF:97:0A:56:FF:86:A6:32:C6:F5:97:46:F3:FA:EC:56:61:47:5B:8D:0F:25:24:39:2D:69:DE:56:D0:A1:1E:62:E0:9D:FF:A6:FF:94:B5:C9:01:57:2E:09:18:59:13:2D:68:2D:9F:42:FA:5D:37:D5:3E:13:9C:FD:97:E4:1C:47:BE:B1:0B:9B:90:A0:67:E0:1A:3A:84:17:93:B8:9C:D5:CF:D2:B4:36:33:35\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:30:03\",\n \"not_valid_before\": \"2021-05-05 03:30:04\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"AB:5D:B8:F7:82:3C:6B:69:4E:09:70:36:0A:AF:D2:06:66:52:DD:F9\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"60:ED:78:F9:8D:E3:55:06:7A:50:B4:29:2D:69:0E:22:BF:B8:95:81\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"2C:C8:76:E6:BB:24:80:E9:D7:4E:2C:B2:F2:AE:8A:A0:2E:27:9E:C6:AF:CB:1B:CF:FB:B3:77:B8:FA:49:04:62:F5:9E:12:C1:C3:D0:7E:9A:BB:21:B0:45:9D:61:A0:DC:6B:DB:11:24:01:97:39:7C:54:35:04:C1:92:75:E2:35:3D:B6:81:CD:41:52:47:55:DF:E0:96:74:59:51:74:8C:B4:97:6E:F1:DB:9F:A6:D1:E0:D0:4F:FD:78:02:37:CC:BD:03:C3:FF:8B:93:16:E8:CA:3A:14:C5:E6:64:FA:06:DC:50:17:06:EC:A1:D7:1A:2C:B7:A7:2E:20:E5:4F:06:DE:BD:E4:97:58:7B:FA:73:4C:B2:92:77:18:F4:18:2B:42:69:32:0F:5B:09:D4:36:26:15:F0:DB:29:D2:8E:05:68:66:43:2B:91:2F:AC:39:A2:0C:CF:97:0A:56:FF:86:A6:32:C6:F5:97:46:F3:FA:EC:56:61:47:5B:8D:0F:25:24:39:2D:69:DE:56:D0:A1:1E:62:E0:9D:FF:A6:FF:94:B5:C9:01:57:2E:09:18:59:13:2D:68:2D:9F:42:FA:5D:37:D5:3E:13:9C:FD:97:E4:1C:47:BE:B1:0B:9B:90:A0:67:E0:1A:3A:84:17:93:B8:9C:D5:CF:D2:B4:36:33:35\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:30:03\",", " \"not_valid_before\": \"2021-05-05 03:30:04\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "60:ED:78:F9:8D:E3:55:06:7A:50:B4:29:2D:69:0E:22:BF:B8:95:81"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM"}]}, "subjectKeyIdentifier": {"critical": false, "value": "AB:5D:B8:F7:82:3C:6B:69:4E:09:70:36:0A:AF:D2:06:66:52:DD:F9"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "2C:C8:76:E6:BB:24:80:E9:D7:4E:2C:B2:F2:AE:8A:A0:2E:27:9E:C6:AF:CB:1B:CF:FB:B3:77:B8:FA:49:04:62:F5:9E:12:C1:C3:D0:7E:9A:BB:21:B0:45:9D:61:A0:DC:6B:DB:11:24:01:97:39:7C:54:35:04:C1:92:75:E2:35:3D:B6:81:CD:41:52:47:55:DF:E0:96:74:59:51:74:8C:B4:97:6E:F1:DB:9F:A6:D1:E0:D0:4F:FD:78:02:37:CC:BD:03:C3:FF:8B:93:16:E8:CA:3A:14:C5:E6:64:FA:06:DC:50:17:06:EC:A1:D7:1A:2C:B7:A7:2E:20:E5:4F:06:DE:BD:E4:97:58:7B:FA:73:4C:B2:92:77:18:F4:18:2B:42:69:32:0F:5B:09:D4:36:26:15:F0:DB:29:D2:8E:05:68:66:43:2B:91:2F:AC:39:A2:0C:CF:97:0A:56:FF:86:A6:32:C6:F5:97:46:F3:FA:EC:56:61:47:5B:8D:0F:25:24:39:2D:69:DE:56:D0:A1:1E:62:E0:9D:FF:A6:FF:94:B5:C9:01:57:2E:09:18:59:13:2D:68:2D:9F:42:FA:5D:37:D5:3E:13:9C:FD:97:E4:1C:47:BE:B1:0B:9B:90:A0:67:E0:1A:3A:84:17:93:B8:9C:D5:CF:D2:B4:36:33:35"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:30:03", "not_valid_before": "2021-05-05 03:30:04"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039274", "end": "2021-05-05 03:30:18.518877", "rc": 0, "start": "2021-05-05 03:30:18.479603", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_principal.yml:40 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestamp": "Wed 2021-05-05 03:30:03 UTC", "ActiveEnterTimestampMonotonic": "59229260", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "sysinit.target systemd-journald.socket dbus.socket network.target syslog.target system.slice basic.target dbus-broker.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Wed 2021-05-05 03:30:03 UTC", "AssertTimestampMonotonic": "59216326", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "566452000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2021-05-05 03:30:03 UTC", "ConditionTimestampMonotonic": "59216325", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6842", "ExecMainStartTimestamp": "Wed 2021-05-05 03:30:03 UTC", "ExecMainStartTimestampMonotonic": "59217369", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Wed 2021-05-05 03:30:03 UTC] ; stop_time=[n/a] ; pid=6842 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Wed 2021-05-05 03:30:03 UTC] ; stop_time=[n/a] ; pid=6842 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2021-05-05 03:30:03 UTC", "InactiveExitTimestampMonotonic": "59217773", "InvocationID": "feffc9fc812c4585b3a7b83432c73842", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6842", "MemoryAccounting": "yes", "MemoryCurrent": "2121728", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2021-05-05 03:30:03 UTC", "StateChangeTimestampMonotonic": "59229260", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 failed: [/cache/fedora-32.qcow2] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc"}, "msg": "Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM'"} TASK [assert...] *************************************************************** task path: /tmp/tmp_19esxv5/tests/tests_principal.yml:59 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=38 changed=8 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_provider.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_provider.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice network.target syslog.target sysinit.target dbus-broker.service systemd-journald.socket dbus.socket basic.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "certmonger"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_provider.yml:13 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_provider.yml:27 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185508.1470962, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1e59869ee00239fd9783d8e279a7783b16d19336", "ctime": 1620185508.1440961, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132624, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185508.1440961, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "3700712408", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185508.1000962, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "926cd3f80e1ebe9404b38f2bdcc23b59f61babb0", "ctime": 1620185508.1440961, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132504, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185508.1440961, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "1007658028", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.187728", "end": "2021-05-05 03:32:00.951818", "rc": 0, "start": "2021-05-05 03:32:00.764090", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"EC:2A:C5:A1:87:3A:01:F2:09:DA:D3:8F:D9:27:83:9F:8E:F6:F1:71\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"DE:95:79:A5:E2:92:7C:21:C5:A0:E5:94:A8:62:69:0B:4C:C7:71:C6\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"B9:9E:51:79:5C:D8:1D:31:B6:7A:C4:24:69:29:BA:10:53:34:B8:A6:E8:A4:6B:25:E3:8C:6D:7A:73:91:FC:A8:5D:CB:B9:05:BE:E5:32:DD:3F:2C:26:A5:16:46:D3:54:EA:EE:F4:AC:86:42:43:D1:4D:B0:43:F9:03:E5:6B:7D:4A:7E:E2:EA:2A:42:D3:1E:84:86:33:2B:50:23:E3:F8:BF:E6:F3:4B:C1:0C:9F:D8:1B:A7:67:19:9C:1D:60:9F:02:E3:74:B4:13:18:F6:B6:66:2F:B4:84:C9:64:DA:EF:35:9F:28:6C:12:2B:C9:A2:92:3C:24:C2:9A:50:88:41:5B:71:D2:85:6E:52:C2:22:E4:B4:FC:B2:9C:6B:58:A9:8A:66:C7:52:6A:18:6E:A2:FC:8A:AE:19:37:23:BA:43:22:08:67:83:9A:B0:E5:1D:CD:98:3C:EB:F1:4D:B3:49:AB:CA:66:5C:F2:36:92:C3:72:AC:6D:AD:1B:F2:3B:4E:84:45:DE:46:90:77:90:0C:CB:BB:EF:8F:0D:25:EB:80:2E:6C:F8:30:40:23:71:80:71:70:37:EF:C0:74:4E:B0:6B:6B:64:8E:50:6F:F5:04:EC:B6:B4:AE:AE:04:A8:BB:E4:B0:61:39:F7:F5:47:EB:13:4F:CC:9F:4B:59:65:32\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:31:47\",\n \"not_valid_before\": \"2021-05-05 03:31:48\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"EC:2A:C5:A1:87:3A:01:F2:09:DA:D3:8F:D9:27:83:9F:8E:F6:F1:71\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"DE:95:79:A5:E2:92:7C:21:C5:A0:E5:94:A8:62:69:0B:4C:C7:71:C6\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"B9:9E:51:79:5C:D8:1D:31:B6:7A:C4:24:69:29:BA:10:53:34:B8:A6:E8:A4:6B:25:E3:8C:6D:7A:73:91:FC:A8:5D:CB:B9:05:BE:E5:32:DD:3F:2C:26:A5:16:46:D3:54:EA:EE:F4:AC:86:42:43:D1:4D:B0:43:F9:03:E5:6B:7D:4A:7E:E2:EA:2A:42:D3:1E:84:86:33:2B:50:23:E3:F8:BF:E6:F3:4B:C1:0C:9F:D8:1B:A7:67:19:9C:1D:60:9F:02:E3:74:B4:13:18:F6:B6:66:2F:B4:84:C9:64:DA:EF:35:9F:28:6C:12:2B:C9:A2:92:3C:24:C2:9A:50:88:41:5B:71:D2:85:6E:52:C2:22:E4:B4:FC:B2:9C:6B:58:A9:8A:66:C7:52:6A:18:6E:A2:FC:8A:AE:19:37:23:BA:43:22:08:67:83:9A:B0:E5:1D:CD:98:3C:EB:F1:4D:B3:49:AB:CA:66:5C:F2:36:92:C3:72:AC:6D:AD:1B:F2:3B:4E:84:45:DE:46:90:77:90:0C:CB:BB:EF:8F:0D:25:EB:80:2E:6C:F8:30:40:23:71:80:71:70:37:EF:C0:74:4E:B0:6B:6B:64:8E:50:6F:F5:04:EC:B6:B4:AE:AE:04:A8:BB:E4:B0:61:39:F7:F5:47:EB:13:4F:CC:9F:4B:59:65:32\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:31:47\",", " \"not_valid_before\": \"2021-05-05 03:31:48\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "DE:95:79:A5:E2:92:7C:21:C5:A0:E5:94:A8:62:69:0B:4C:C7:71:C6"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "EC:2A:C5:A1:87:3A:01:F2:09:DA:D3:8F:D9:27:83:9F:8E:F6:F1:71"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "B9:9E:51:79:5C:D8:1D:31:B6:7A:C4:24:69:29:BA:10:53:34:B8:A6:E8:A4:6B:25:E3:8C:6D:7A:73:91:FC:A8:5D:CB:B9:05:BE:E5:32:DD:3F:2C:26:A5:16:46:D3:54:EA:EE:F4:AC:86:42:43:D1:4D:B0:43:F9:03:E5:6B:7D:4A:7E:E2:EA:2A:42:D3:1E:84:86:33:2B:50:23:E3:F8:BF:E6:F3:4B:C1:0C:9F:D8:1B:A7:67:19:9C:1D:60:9F:02:E3:74:B4:13:18:F6:B6:66:2F:B4:84:C9:64:DA:EF:35:9F:28:6C:12:2B:C9:A2:92:3C:24:C2:9A:50:88:41:5B:71:D2:85:6E:52:C2:22:E4:B4:FC:B2:9C:6B:58:A9:8A:66:C7:52:6A:18:6E:A2:FC:8A:AE:19:37:23:BA:43:22:08:67:83:9A:B0:E5:1D:CD:98:3C:EB:F1:4D:B3:49:AB:CA:66:5C:F2:36:92:C3:72:AC:6D:AD:1B:F2:3B:4E:84:45:DE:46:90:77:90:0C:CB:BB:EF:8F:0D:25:EB:80:2E:6C:F8:30:40:23:71:80:71:70:37:EF:C0:74:4E:B0:6B:6B:64:8E:50:6F:F5:04:EC:B6:B4:AE:AE:04:A8:BB:E4:B0:61:39:F7:F5:47:EB:13:4F:CC:9F:4B:59:65:32"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:31:47", "not_valid_before": "2021-05-05 03:31:48"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039797", "end": "2021-05-05 03:32:01.662477", "rc": 0, "start": "2021-05-05 03:32:01.622680", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_run_hooks.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_run_hooks.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target network.target sysinit.target syslog.target dbus-broker.service systemd-journald.socket system.slice dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n"}, "msg": "Certificate requested (new). Pre/Post run hooks updated."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_run_hooks.yml:17 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_run_hooks.yml:31 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185580.5686345, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ab995eb63163585af738ffa8a55048230df67a02", "ctime": 1620185580.5656345, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132637, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185580.5656345, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "3198108500", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185580.5176346, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c50d3e4fcac109452e6d545a8444aadf0a55aa3b", "ctime": 1620185580.5656345, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185580.5656345, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "82639860", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.208672", "end": "2021-05-05 03:33:13.729576", "rc": 0, "start": "2021-05-05 03:33:13.520904", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"D4:0D:AF:66:56:27:47:1E:DD:78:33:9B:C9:29:1F:3F:D1:79:9B:72\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"92:84:51:0F:85:FB:26:56:77:D6:3C:51:38:28:84:BB:06:3B:36:BB\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"8F:92:34:7F:70:CD:8A:A0:7D:2C:95:21:2A:A7:35:A5:EB:1A:60:76:EE:97:3A:B3:AE:25:96:8A:A6:13:BE:C0:45:CC:69:C8:DE:9B:D3:63:63:11:C3:C6:68:09:F6:A8:A6:2A:25:97:18:6F:2B:D2:7A:9C:B7:5F:B8:C2:25:8B:5F:94:89:60:CE:38:94:01:68:94:8F:83:BE:C0:BB:55:A9:94:4E:E6:1B:AC:62:EB:DA:FD:53:DA:15:7F:E3:4B:C8:5D:8F:62:A9:20:20:A4:59:05:DE:4E:0E:3C:CC:67:1E:F4:11:00:C3:3F:48:91:8E:11:45:C2:C7:8E:F6:33:FB:EC:38:A0:1C:4A:A4:3E:FE:09:59:C5:07:B9:D8:83:B7:DB:61:DE:25:BA:B0:DE:0E:7B:C5:EA:06:A8:71:A2:6B:1B:92:63:F3:61:66:4D:B4:82:91:70:D4:10:23:AE:2E:91:A2:9E:38:0B:AE:C2:C8:F1:CD:B7:E8:77:BA:F2:95:EB:53:C5:5A:78:77:06:EF:CC:B3:57:7C:26:89:90:FA:23:F7:C8:C3:26:43:79:9E:1A:90:53:49:CA:C3:C1:82:C9:2B:9D:FA:18:82:98:1E:0C:5C:21:A0:9E:30:3F:4F:C4:BE:18:78:6E:60:B8:AF:A9:CF:5D:12:95:1E:9C\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:32:59\",\n \"not_valid_before\": \"2021-05-05 03:33:00\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"D4:0D:AF:66:56:27:47:1E:DD:78:33:9B:C9:29:1F:3F:D1:79:9B:72\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"92:84:51:0F:85:FB:26:56:77:D6:3C:51:38:28:84:BB:06:3B:36:BB\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"8F:92:34:7F:70:CD:8A:A0:7D:2C:95:21:2A:A7:35:A5:EB:1A:60:76:EE:97:3A:B3:AE:25:96:8A:A6:13:BE:C0:45:CC:69:C8:DE:9B:D3:63:63:11:C3:C6:68:09:F6:A8:A6:2A:25:97:18:6F:2B:D2:7A:9C:B7:5F:B8:C2:25:8B:5F:94:89:60:CE:38:94:01:68:94:8F:83:BE:C0:BB:55:A9:94:4E:E6:1B:AC:62:EB:DA:FD:53:DA:15:7F:E3:4B:C8:5D:8F:62:A9:20:20:A4:59:05:DE:4E:0E:3C:CC:67:1E:F4:11:00:C3:3F:48:91:8E:11:45:C2:C7:8E:F6:33:FB:EC:38:A0:1C:4A:A4:3E:FE:09:59:C5:07:B9:D8:83:B7:DB:61:DE:25:BA:B0:DE:0E:7B:C5:EA:06:A8:71:A2:6B:1B:92:63:F3:61:66:4D:B4:82:91:70:D4:10:23:AE:2E:91:A2:9E:38:0B:AE:C2:C8:F1:CD:B7:E8:77:BA:F2:95:EB:53:C5:5A:78:77:06:EF:CC:B3:57:7C:26:89:90:FA:23:F7:C8:C3:26:43:79:9E:1A:90:53:49:CA:C3:C1:82:C9:2B:9D:FA:18:82:98:1E:0C:5C:21:A0:9E:30:3F:4F:C4:BE:18:78:6E:60:B8:AF:A9:CF:5D:12:95:1E:9C\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:32:59\",", " \"not_valid_before\": \"2021-05-05 03:33:00\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "92:84:51:0F:85:FB:26:56:77:D6:3C:51:38:28:84:BB:06:3B:36:BB"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "D4:0D:AF:66:56:27:47:1E:DD:78:33:9B:C9:29:1F:3F:D1:79:9B:72"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "8F:92:34:7F:70:CD:8A:A0:7D:2C:95:21:2A:A7:35:A5:EB:1A:60:76:EE:97:3A:B3:AE:25:96:8A:A6:13:BE:C0:45:CC:69:C8:DE:9B:D3:63:63:11:C3:C6:68:09:F6:A8:A6:2A:25:97:18:6F:2B:D2:7A:9C:B7:5F:B8:C2:25:8B:5F:94:89:60:CE:38:94:01:68:94:8F:83:BE:C0:BB:55:A9:94:4E:E6:1B:AC:62:EB:DA:FD:53:DA:15:7F:E3:4B:C8:5D:8F:62:A9:20:20:A4:59:05:DE:4E:0E:3C:CC:67:1E:F4:11:00:C3:3F:48:91:8E:11:45:C2:C7:8E:F6:33:FB:EC:38:A0:1C:4A:A4:3E:FE:09:59:C5:07:B9:D8:83:B7:DB:61:DE:25:BA:B0:DE:0E:7B:C5:EA:06:A8:71:A2:6B:1B:92:63:F3:61:66:4D:B4:82:91:70:D4:10:23:AE:2E:91:A2:9E:38:0B:AE:C2:C8:F1:CD:B7:E8:77:BA:F2:95:EB:53:C5:5A:78:77:06:EF:CC:B3:57:7C:26:89:90:FA:23:F7:C8:C3:26:43:79:9E:1A:90:53:49:CA:C3:C1:82:C9:2B:9D:FA:18:82:98:1E:0C:5C:21:A0:9E:30:3F:4F:C4:BE:18:78:6E:60:B8:AF:A9:CF:5D:12:95:1E:9C"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:32:59", "not_valid_before": "2021-05-05 03:33:00"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038213", "end": "2021-05-05 03:33:14.470860", "rc": 0, "start": "2021-05-05 03:33:14.432647", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmp_19esxv5/tests/tests_run_hooks.yml:39 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185580.5686345, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ab995eb63163585af738ffa8a55048230df67a02", "ctime": 1620185580.5656345, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132637, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185580.5656345, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "3198108500", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmp_19esxv5/tests/tests_run_hooks.yml:43 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185580.5636346, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1620185580.5636346, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132636, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1620185580.5636346, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "762840789", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmp_19esxv5/tests/tests_run_hooks.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185580.5996346, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1620185580.5996346, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132638, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1620185580.5996346, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "2607584606", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Assert file created before cert] ***************************************** task path: /tmp/tmp_19esxv5/tests/tests_run_hooks.yml:51 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Assert file created after cert] ****************************************** task path: /tmp/tmp_19esxv5/tests/tests_run_hooks.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=35 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_subject.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_subject.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service syslog.target system.slice network.target dbus.socket basic.target sysinit.target systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_subject.yml:19 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_subject.yml:48 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185658.194968, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d25e48f36212228ddced7aaf641f287005a5474a", "ctime": 1620185658.191968, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132616, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185658.191968, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1424, "uid": 0, "version": "85531362", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185658.1499681, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a4ea42c1fb08ed73aeed602390251b19a9228070", "ctime": 1620185658.191968, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185658.191968, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2714327681", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.190173", "end": "2021-05-05 03:34:30.795608", "rc": 0, "start": "2021-05-05 03:34:30.605435", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"countryName\",\n \"oid\": \"2.5.4.6\",\n \"value\": \"US\"\n },\n {\n \"name\": \"stateOrProvinceName\",\n \"oid\": \"2.5.4.8\",\n \"value\": \"NC\"\n },\n {\n \"name\": \"localityName\",\n \"oid\": \"2.5.4.7\",\n \"value\": \"Raleigh\"\n },\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"Red Hat\"\n },\n {\n \"name\": \"organizationalUnitName\",\n \"oid\": \"2.5.4.11\",\n \"value\": \"Linux\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"Some other common name\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"50:55:96:F5:BB:B0:9F:6D:9E:70:AD:7F:6F:BF:83:79:8E:03:0D:F3\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"E8:37:FA:F4:3C:6D:D6:1F:88:13:28:A3:34:46:71:FE:02:84:BE:FC\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"24:6D:46:46:62:5A:7B:48:56:20:1A:42:3A:72:5D:DD:AE:81:6E:01:A7:87:CC:8C:29:F8:9A:22:A8:16:D1:06:3E:D9:0F:99:D3:11:92:DD:47:F7:75:46:5B:14:48:F8:B9:D6:2C:1A:D9:6B:48:71:83:A8:FF:C1:BC:54:AC:97:EC:EC:17:F5:F9:02:FD:16:C4:08:C8:64:31:05:6E:79:B5:23:A1:39:6F:6C:CC:0C:65:51:0C:D5:F3:9F:81:B8:F6:F9:22:62:39:51:E0:F4:27:50:1E:8E:BE:F5:3A:10:B1:58:94:2D:BC:AD:D8:E1:1C:8F:E3:7A:52:CE:8F:70:95:7E:E0:30:AA:E8:12:C5:22:40:BE:49:AF:D9:94:71:99:E3:F4:CD:55:FA:7A:B8:C3:14:D2:E6:CD:41:C8:4E:A4:9C:5E:25:AB:7D:29:78:CE:F1:14:69:F6:5E:9B:72:73:02:F4:D0:13:E1:6D:10:51:73:54:6C:D8:BA:82:F0:4D:6A:69:55:35:38:0C:18:96:45:59:7F:BD:FA:1A:D2:78:D1:07:62:EC:7B:28:88:83:E5:40:29:A6:16:95:DE:F1:DB:E2:EC:EC:06:EC:2D:31:16:47:A6:EE:3E:15:50:C8:7F:FB:8D:F1:AA:51:AE:1B:D7:66:85:17:4C:56:3C\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:34:17\",\n \"not_valid_before\": \"2021-05-05 03:34:18\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"countryName\",", " \"oid\": \"2.5.4.6\",", " \"value\": \"US\"", " },", " {", " \"name\": \"stateOrProvinceName\",", " \"oid\": \"2.5.4.8\",", " \"value\": \"NC\"", " },", " {", " \"name\": \"localityName\",", " \"oid\": \"2.5.4.7\",", " \"value\": \"Raleigh\"", " },", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"Red Hat\"", " },", " {", " \"name\": \"organizationalUnitName\",", " \"oid\": \"2.5.4.11\",", " \"value\": \"Linux\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"Some other common name\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"50:55:96:F5:BB:B0:9F:6D:9E:70:AD:7F:6F:BF:83:79:8E:03:0D:F3\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"E8:37:FA:F4:3C:6D:D6:1F:88:13:28:A3:34:46:71:FE:02:84:BE:FC\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"24:6D:46:46:62:5A:7B:48:56:20:1A:42:3A:72:5D:DD:AE:81:6E:01:A7:87:CC:8C:29:F8:9A:22:A8:16:D1:06:3E:D9:0F:99:D3:11:92:DD:47:F7:75:46:5B:14:48:F8:B9:D6:2C:1A:D9:6B:48:71:83:A8:FF:C1:BC:54:AC:97:EC:EC:17:F5:F9:02:FD:16:C4:08:C8:64:31:05:6E:79:B5:23:A1:39:6F:6C:CC:0C:65:51:0C:D5:F3:9F:81:B8:F6:F9:22:62:39:51:E0:F4:27:50:1E:8E:BE:F5:3A:10:B1:58:94:2D:BC:AD:D8:E1:1C:8F:E3:7A:52:CE:8F:70:95:7E:E0:30:AA:E8:12:C5:22:40:BE:49:AF:D9:94:71:99:E3:F4:CD:55:FA:7A:B8:C3:14:D2:E6:CD:41:C8:4E:A4:9C:5E:25:AB:7D:29:78:CE:F1:14:69:F6:5E:9B:72:73:02:F4:D0:13:E1:6D:10:51:73:54:6C:D8:BA:82:F0:4D:6A:69:55:35:38:0C:18:96:45:59:7F:BD:FA:1A:D2:78:D1:07:62:EC:7B:28:88:83:E5:40:29:A6:16:95:DE:F1:DB:E2:EC:EC:06:EC:2D:31:16:47:A6:EE:3E:15:50:C8:7F:FB:8D:F1:AA:51:AE:1B:D7:66:85:17:4C:56:3C\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:34:17\",", " \"not_valid_before\": \"2021-05-05 03:34:18\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "E8:37:FA:F4:3C:6D:D6:1F:88:13:28:A3:34:46:71:FE:02:84:BE:FC"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "50:55:96:F5:BB:B0:9F:6D:9E:70:AD:7F:6F:BF:83:79:8E:03:0D:F3"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "24:6D:46:46:62:5A:7B:48:56:20:1A:42:3A:72:5D:DD:AE:81:6E:01:A7:87:CC:8C:29:F8:9A:22:A8:16:D1:06:3E:D9:0F:99:D3:11:92:DD:47:F7:75:46:5B:14:48:F8:B9:D6:2C:1A:D9:6B:48:71:83:A8:FF:C1:BC:54:AC:97:EC:EC:17:F5:F9:02:FD:16:C4:08:C8:64:31:05:6E:79:B5:23:A1:39:6F:6C:CC:0C:65:51:0C:D5:F3:9F:81:B8:F6:F9:22:62:39:51:E0:F4:27:50:1E:8E:BE:F5:3A:10:B1:58:94:2D:BC:AD:D8:E1:1C:8F:E3:7A:52:CE:8F:70:95:7E:E0:30:AA:E8:12:C5:22:40:BE:49:AF:D9:94:71:99:E3:F4:CD:55:FA:7A:B8:C3:14:D2:E6:CD:41:C8:4E:A4:9C:5E:25:AB:7D:29:78:CE:F1:14:69:F6:5E:9B:72:73:02:F4:D0:13:E1:6D:10:51:73:54:6C:D8:BA:82:F0:4D:6A:69:55:35:38:0C:18:96:45:59:7F:BD:FA:1A:D2:78:D1:07:62:EC:7B:28:88:83:E5:40:29:A6:16:95:DE:F1:DB:E2:EC:EC:06:EC:2D:31:16:47:A6:EE:3E:15:50:C8:7F:FB:8D:F1:AA:51:AE:1B:D7:66:85:17:4C:56:3C"}, "subject": [{"name": "countryName", "oid": "2.5.4.6", "value": "US"}, {"name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC"}, {"name": "localityName", "oid": "2.5.4.7", "value": "Raleigh"}, {"name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat"}, {"name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux"}, {"name": "commonName", "oid": "2.5.4.3", "value": "Some other common name"}], "validity": {"not_valid_after": "2022-05-05 03:34:17", "not_valid_before": "2021-05-05 03:34:18"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038393", "end": "2021-05-05 03:34:31.487247", "rc": 0, "start": "2021-05-05 03:34:31.448854", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_subject_complex.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmp_19esxv5/tests/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_subject_complex.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target syslog.target systemd-journald.socket basic.target system.slice network.target dbus.socket dbus-broker.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_subject_complex.yml:16 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp_19esxv5/tests/tests_subject_complex.yml:36 included: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185753.8152578, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d19d71b8de915abb2eb7c94c102d08cbdbd9d248", "ctime": 1620185753.813258, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132624, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185753.813258, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1391, "uid": 0, "version": "4288612277", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620185753.770258, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6903c5952599b7e90ddb67b8616640e3ac129376", "ctime": 1620185753.813258, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132504, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620185753.813258, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3693788794", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:52 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:70 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.188972", "end": "2021-05-05 03:36:06.775634", "rc": 0, "start": "2021-05-05 03:36:06.586662", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"emailAddress\",\n \"oid\": \"1.2.840.113549.1.9.1\",\n \"value\": \"admin@example.com\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"# \\\\\\\\Every\\\"thing+that,ne;edsing\\\\0 \"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"21:6B:B4:1D:8D:5E:0B:B6:CA:21:FA:34:15:53:0D:6F:C9:7E:E2:C5\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"0A:FC:9D:0A:F2:1E:BC:C5:2E:F8:5F:ED:E7:BA:1D:1A:8B:FB:3B:B5\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"BA:09:B6:77:D1:CA:D5:85:5C:91:95:3E:7D:97:09:3D:7C:3C:5A:0A:A4:05:0D:32:28:D7:B5:32:48:0F:C8:D6:D3:D9:49:4C:B0:61:E9:86:7B:18:FA:6B:F9:16:52:A6:1F:01:36:01:C2:25:A7:0C:56:8C:11:05:9D:71:A3:B9:3D:6E:BF:C8:EF:C8:08:65:36:A8:CA:C9:7F:F4:61:76:D2:BA:D1:1F:B5:E5:00:AD:FE:41:01:97:6D:B8:3D:B2:ED:E6:5A:75:AB:BE:A6:0E:3E:52:30:D4:98:A0:96:78:2C:4B:14:BD:DB:25:EA:CD:0C:9F:C9:C4:B3:C2:EC:A4:5F:60:B0:3A:03:F1:F9:88:17:4D:4B:5F:8E:B9:CD:0C:FE:78:54:7C:D5:47:57:EC:B4:B9:93:2E:A9:3F:FA:E9:19:7E:A3:E0:0B:65:E3:EC:8E:BB:7E:10:2E:EE:2E:C1:67:E0:C6:AB:C3:47:29:EA:DA:3C:6E:4F:59:F5:3D:68:5F:46:E8:5E:AF:E5:5F:05:F1:27:AD:C0:AC:DD:EB:97:CC:C2:6E:40:0C:95:B6:BA:73:7A:8A:57:D6:5F:1F:9F:45:01:BB:DF:25:18:4A:EB:D8:DB:2A:B2:2A:1A:31:90:5A:36:B0:9D:21:C3:D6:14:B3:D5:32:9F:BD:D9:24:3A\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:35:53\",\n \"not_valid_before\": \"2021-05-05 03:35:53\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"emailAddress\",", " \"oid\": \"1.2.840.113549.1.9.1\",", " \"value\": \"admin@example.com\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"# \\\\\\\\Every\\\"thing+that,ne;edsing\\\\0 \"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"21:6B:B4:1D:8D:5E:0B:B6:CA:21:FA:34:15:53:0D:6F:C9:7E:E2:C5\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"0A:FC:9D:0A:F2:1E:BC:C5:2E:F8:5F:ED:E7:BA:1D:1A:8B:FB:3B:B5\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"BA:09:B6:77:D1:CA:D5:85:5C:91:95:3E:7D:97:09:3D:7C:3C:5A:0A:A4:05:0D:32:28:D7:B5:32:48:0F:C8:D6:D3:D9:49:4C:B0:61:E9:86:7B:18:FA:6B:F9:16:52:A6:1F:01:36:01:C2:25:A7:0C:56:8C:11:05:9D:71:A3:B9:3D:6E:BF:C8:EF:C8:08:65:36:A8:CA:C9:7F:F4:61:76:D2:BA:D1:1F:B5:E5:00:AD:FE:41:01:97:6D:B8:3D:B2:ED:E6:5A:75:AB:BE:A6:0E:3E:52:30:D4:98:A0:96:78:2C:4B:14:BD:DB:25:EA:CD:0C:9F:C9:C4:B3:C2:EC:A4:5F:60:B0:3A:03:F1:F9:88:17:4D:4B:5F:8E:B9:CD:0C:FE:78:54:7C:D5:47:57:EC:B4:B9:93:2E:A9:3F:FA:E9:19:7E:A3:E0:0B:65:E3:EC:8E:BB:7E:10:2E:EE:2E:C1:67:E0:C6:AB:C3:47:29:EA:DA:3C:6E:4F:59:F5:3D:68:5F:46:E8:5E:AF:E5:5F:05:F1:27:AD:C0:AC:DD:EB:97:CC:C2:6E:40:0C:95:B6:BA:73:7A:8A:57:D6:5F:1F:9F:45:01:BB:DF:25:18:4A:EB:D8:DB:2A:B2:2A:1A:31:90:5A:36:B0:9D:21:C3:D6:14:B3:D5:32:9F:BD:D9:24:3A\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:35:53\",", " \"not_valid_before\": \"2021-05-05 03:35:53\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "0A:FC:9D:0A:F2:1E:BC:C5:2E:F8:5F:ED:E7:BA:1D:1A:8B:FB:3B:B5"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "21:6B:B4:1D:8D:5E:0B:B6:CA:21:FA:34:15:53:0D:6F:C9:7E:E2:C5"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "BA:09:B6:77:D1:CA:D5:85:5C:91:95:3E:7D:97:09:3D:7C:3C:5A:0A:A4:05:0D:32:28:D7:B5:32:48:0F:C8:D6:D3:D9:49:4C:B0:61:E9:86:7B:18:FA:6B:F9:16:52:A6:1F:01:36:01:C2:25:A7:0C:56:8C:11:05:9D:71:A3:B9:3D:6E:BF:C8:EF:C8:08:65:36:A8:CA:C9:7F:F4:61:76:D2:BA:D1:1F:B5:E5:00:AD:FE:41:01:97:6D:B8:3D:B2:ED:E6:5A:75:AB:BE:A6:0E:3E:52:30:D4:98:A0:96:78:2C:4B:14:BD:DB:25:EA:CD:0C:9F:C9:C4:B3:C2:EC:A4:5F:60:B0:3A:03:F1:F9:88:17:4D:4B:5F:8E:B9:CD:0C:FE:78:54:7C:D5:47:57:EC:B4:B9:93:2E:A9:3F:FA:E9:19:7E:A3:E0:0B:65:E3:EC:8E:BB:7E:10:2E:EE:2E:C1:67:E0:C6:AB:C3:47:29:EA:DA:3C:6E:4F:59:F5:3D:68:5F:46:E8:5E:AF:E5:5F:05:F1:27:AD:C0:AC:DD:EB:97:CC:C2:6E:40:0C:95:B6:BA:73:7A:8A:57:D6:5F:1F:9F:45:01:BB:DF:25:18:4A:EB:D8:DB:2A:B2:2A:1A:31:90:5A:36:B0:9D:21:C3:D6:14:B3:D5:32:9F:BD:D9:24:3A"}, "subject": [{"name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com"}, {"name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 "}], "validity": {"not_valid_after": "2022-05-05 03:35:53", "not_valid_before": "2021-05-05 03:35:53"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:79 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:88 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:104 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:117 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042060", "end": "2021-05-05 03:36:07.519091", "rc": 0, "start": "2021-05-05 03:36:07.477031", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp_19esxv5/tests/tasks/assert_certificate_parameters.yml:142 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp_19esxv5/tests; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp_19esxv5/tests/tests_wrong_provider.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmp_19esxv5/tests/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp_19esxv5/tests/tests_wrong_provider.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmp_19esxv5/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmp_19esxv5/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:17 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:34 skipping: [/cache/fedora-32.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:45 skipping: [/cache/fedora-32.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmp_19esxv5/tasks/main.yml:71 skipping: [/cache/fedora-32.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmp_19esxv5/tasks/main.yml:100 skipping: [/cache/fedora-32.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmp_19esxv5/tasks/main.yml:112 failed: [/cache/fedora-32.qcow2] (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "fake-provider"}, "msg": "Chosen provider 'fake-provider' is not available."} TASK [assert...] *************************************************************** task path: /tmp/tmp_19esxv5/tests/tests_wrong_provider.yml:22 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=5 changed=1 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_basic_ipa.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 statically imported: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_basic_ipa.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__is_beaker_env": false}, "changed": false} TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml:6 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml:12 ok: [/cache/fedora-32.qcow2] => {"after": "6c7f433135795d3ebec2ce26d6ca398301792588", "before": "6c7f433135795d3ebec2ce26d6ca398301792588", "changed": false, "remote_url_changed": false} TASK [Create role symlinks] **************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml:21 changed: [/cache/fedora-32.qcow2] => (item=ipaserver) => {"ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmp9ljpszrp/tests/certificate/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0} changed: [/cache/fedora-32.qcow2] => (item=ipaclient) => {"ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmp9ljpszrp/tests/certificate/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0} TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml:33 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Set hostname] ************************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml:38 changed: [/cache/fedora-32.qcow2] => {"ansible_facts": {"ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local"}, "changed": true, "name": "ipaserver.test.local"} TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml:42 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64"]} TASK [include_role : ipaserver] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/setup_ipa.yml:50 TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 ok: [/cache/fedora-32.qcow2] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml) => {"ansible_facts": {"ipaserver_packages": ["freeipa-server", "python3-libselinux"], "ipaserver_packages_adtrust": ["freeipa-server-trust-ad"], "ipaserver_packages_dns": ["freeipa-server-dns"], "ipaserver_packages_firewalld": ["firewalld"]}, "ansible_included_var_files": ["/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml"], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml"} TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:12 included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/fedora-32.qcow2 TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: pkgconf-1.6.3-3.fc32.x86_64", "Installed: perl-Time-Local-2:1.300-2.fc32.noarch", "Installed: cyrus-sasl-plain-2.1.27-4.fc32.x86_64", "Installed: bea-stax-api-1.2.0-20.fc32.noarch", "Installed: perl-IO-Socket-SSL-2.068-1.fc32.noarch", "Installed: pkgconf-m4-1.6.3-3.fc32.noarch", "Installed: pkgconf-pkg-config-1.6.3-3.fc32.x86_64", "Installed: perl-Scalar-List-Utils-3:1.54-440.fc32.x86_64", "Installed: python3-jwcrypto-0.6.0-7.fc32.noarch", "Installed: python3-kdcproxy-0.4.2-3.fc32.noarch", "Installed: jackson-annotations-2.10.5-1.fc32.noarch", "Installed: python3-argcomplete-1.10.0-4.fc32.noarch", "Installed: 389-ds-base-1.4.3.22-1.fc32.x86_64", "Installed: jackson-core-2.10.5-1.fc32.noarch", "Installed: jackson-databind-2.10.5.1-1.fc32.noarch", "Installed: 389-ds-base-libs-1.4.3.22-1.fc32.x86_64", "Installed: jackson-jaxrs-json-provider-2.10.5-1.fc32.noarch", "Installed: jackson-jaxrs-providers-2.10.5-1.fc32.noarch", "Installed: openldap-clients-2.4.47-5.fc32.x86_64", "Installed: perl-IO-Socket-IP-0.39-441.fc32.noarch", "Installed: jackson-module-jaxb-annotations-2.10.5-1.fc32.noarch", "Installed: python3-asn1crypto-1.3.0-2.fc32.noarch", "Installed: jakarta-activation-1.2.1-5.fc32.noarch", "Installed: glassfish-fastinfoset-1.2.15-2.fc32.noarch", "Installed: authselect-1.2.1-1.fc32.x86_64", "Installed: python3-atomicwrites-1.3.0-7.fc32.noarch", "Installed: authselect-libs-1.2.1-1.fc32.x86_64", "Installed: python3-augeas-0.5.0-19.fc32.noarch", "Installed: java-1.8.0-openjdk-headless-1:1.8.0.292.b10-0.fc32.x86_64", "Installed: python3-ecdsa-0.15-1.fc32.noarch", "Installed: perl-URI-1.76-6.fc32.noarch", "Installed: httpcomponents-client-4.5.10-2.fc32.noarch", "Installed: xml-commons-apis-1.4.01-29.fc32.noarch", "Installed: libwbclient-2:4.12.14-0.fc32.x86_64", "Installed: httpcomponents-core-4.4.12-2.fc32.noarch", "Installed: glassfish-jaxb-api-2.2.12-14.fc32.noarch", "Installed: python3-yubico-1.3.3-1.fc32.noarch", "Installed: copy-jdk-configs-3.7-5.fc32.noarch", "Installed: glassfish-jaxb-core-2.2.11-16.fc32.noarch", "Installed: resteasy-atom-provider-3.0.26-6.fc32.noarch", "Installed: resteasy-client-3.0.26-6.fc32.noarch", "Installed: resteasy-core-3.0.26-6.fc32.noarch", "Installed: resteasy-jackson2-provider-3.0.26-6.fc32.noarch", "Installed: tomcat-1:9.0.39-2.fc32.noarch", "Installed: resteasy-jaxb-provider-3.0.26-6.fc32.noarch", "Installed: tomcat-el-3.0-api-1:9.0.39-2.fc32.noarch", "Installed: tomcat-jsp-2.3-api-1:9.0.39-2.fc32.noarch", "Installed: apache-commons-cli-1.4-8.fc32.noarch", "Installed: tomcat-lib-1:9.0.39-2.fc32.noarch", "Installed: python3-pki-10.10.5-5.fc32.noarch", "Installed: python3-pluggy-0.13.1-1.fc32.noarch", "Installed: tomcat-servlet-4.0-api-1:9.0.39-2.fc32.noarch", "Installed: tomcatjss-7.6.1-1.fc32.noarch", "Installed: apache-commons-collections-3.2.2-16.fc32.noarch", "Installed: apache-commons-daemon-1.2.2-2.fc32.x86_64", "Installed: autofs-1:5.1.6-11.fc32.x86_64", "Installed: libipa_hbac-2.4.0-1.fc32.x86_64", "Installed: perl-Unicode-Normalize-1.26-440.fc32.x86_64", "Installed: rpcbind-1.2.5-5.rc1.fc32.1.x86_64", "Installed: perl-Exporter-5.74-2.fc32.noarch", "Installed: apache-commons-io-1:2.6-8.fc32.noarch", "Installed: javapackages-filesystem-5.3.0-9.fc32.noarch", "Installed: perl-Archive-Tar-2.38-1.fc32.noarch", "Installed: python3-py-1.10.0-1.fc32.noarch", "Installed: javapackages-tools-5.3.0-9.fc32.noarch", "Installed: libxslt-1.1.34-4.fc32.x86_64", "Installed: python3-psutil-5.6.7-1.fc32.x86_64", "Installed: perl-Compress-Raw-Bzip2-2.093-2.fc32.x86_64", "Installed: avahi-libs-0.7-24.fc32.x86_64", "Installed: ecj-1:4.16-4.fc32.noarch", "Installed: samba-client-libs-2:4.12.14-0.fc32.x86_64", "Installed: samba-common-2:4.12.14-0.fc32.noarch", "Installed: samba-common-libs-2:4.12.14-0.fc32.x86_64", "Installed: apache-commons-lang-2.6-27.fc32.noarch", "Installed: perl-Compress-Raw-Lzma-2.093-4.fc32.x86_64", "Installed: python3-pycryptodomex-3.9.8-1.fc32.x86_64", "Installed: libjpeg-turbo-2.0.4-3.fc32.x86_64", "Installed: apache-commons-logging-1.2-20.fc32.noarch", "Installed: perl-Compress-Raw-Zlib-2.093-2.fc32.x86_64", "Installed: perl-Net-SSLeay-1.88-5.fc32.x86_64", "Installed: libkadm5-1.18.2-29.fc32.x86_64", "Installed: apache-commons-net-3.6-8.fc32.noarch", "Installed: perl-DB_File-1.855-1.fc32.x86_64", "Installed: perl-Data-Dumper-2.174-444.fc32.x86_64", "Installed: xmlstreambuffer-1.5.4-11.fc32.noarch", "Installed: jboss-annotations-1.2-api-1.0.2-2.fc32.noarch", "Installed: python3-pyasn1-0.4.8-1.fc32.noarch", "Installed: python3-pyasn1-modules-0.4.8-1.fc32.noarch", "Installed: words-3.0-35.fc32.noarch", "Installed: python3-dns-1.16.0-10.fc32.noarch", "Installed: perl-Digest-1.19-1.fc32.noarch", "Installed: perl-Digest-MD5-2.58-1.fc32.x86_64", "Installed: lua-posix-33.3.1-16.fc32.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-10.fc32.noarch", "Installed: perl-Encode-4:3.08-458.fc32.x86_64", "Installed: cups-libs-1:2.3.3op2-4.fc32.x86_64", "Installed: perl-Errno-1.30-461.fc32.x86_64", "Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: jboss-logging-3.4.1-2.fc32.noarch", "Installed: jboss-logging-tools-2.2.0-2.fc32.noarch", "Installed: perl-File-Path-2.17-1.fc32.noarch", "Installed: libev-4.31-2.fc32.x86_64", "Installed: protobuf-c-1.3.2-2.fc32.x86_64", "Installed: js-jquery-3.5.0-2.fc32.noarch", "Installed: perl-Algorithm-Diff-1.1903-15.fc32.noarch", "Installed: perl-Getopt-Long-1:2.52-1.fc32.noarch", "Installed: openssl-perl-1:1.1.1k-1.fc32.x86_64", "Installed: perl-Term-ANSIColor-5.01-2.fc32.noarch", "Installed: perl-Term-Cap-1.17-440.fc32.noarch", "Installed: jss-4.8.1-1.fc32.x86_64", "Installed: perl-IO-1.40-461.fc32.x86_64", "Installed: perl-IO-Zlib-1:1.10-461.fc32.noarch", "Installed: augeas-libs-1.12.0-3.fc32.x86_64", "Installed: apr-1.7.0-3.fc32.x86_64", "Installed: jdeparser-2.0.3-2.fc32.noarch", "Installed: python3-pytest-4.6.11-1.fc32.noarch", "Installed: tzdata-java-2021a-1.fc32.noarch", "Installed: apr-util-1.6.1-12.fc32.x86_64", "Installed: apr-util-bdb-1.6.1-12.fc32.x86_64", "Installed: fontawesome-fonts-4.7.0-8.fc32.noarch", "Installed: libverto-libev-0.3.0-9.fc32.x86_64", "Installed: perl-File-Temp-1:0.230.900-440.fc32.noarch", "Installed: apr-util-openssl-1.6.1-12.fc32.x86_64", "Installed: fedora-logos-httpd-30.0.2-4.fc32.noarch", "Installed: slf4j-1.7.30-2.fc32.noarch", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64", "Installed: slf4j-jdk14-1.7.30-2.fc32.noarch", "Installed: perl-MIME-Base64-3.15-440.fc32.x86_64", "Installed: perl-Mozilla-CA-20200520-1.fc32.noarch", "Installed: perl-constant-1.33-441.fc32.noarch", "Installed: python3-mod_wsgi-4.6.8-2.fc32.x86_64", "Installed: perl-PathTools-3.78-442.fc32.x86_64", "Installed: pki-acme-10.10.5-5.fc32.noarch", "Installed: pki-base-10.10.5-5.fc32.noarch", "Installed: pki-base-java-10.10.5-5.fc32.noarch", "Installed: nss-tools-3.63.0-1.fc32.x86_64", "Installed: pki-ca-10.10.5-5.fc32.noarch", "Installed: python-systemd-doc-234-12.fc32.x86_64", "Installed: lua-5.3.5-8.fc32.x86_64", "Installed: pki-kra-10.10.5-5.fc32.noarch", "Installed: pki-server-10.10.5-5.fc32.noarch", "Installed: pki-symkey-10.10.5-5.fc32.x86_64", "Installed: python3-more-itertools-7.2.0-4.fc32.noarch", "Installed: perl-Pod-Usage-4:2.01-1.fc32.noarch", "Installed: pki-tools-10.10.5-5.fc32.x86_64", "Installed: python3-pyparsing-2.4.7-1.fc32.noarch", "Installed: relaxngDatatype-2011.1-12.fc32.noarch", "Installed: stax-ex-1.7.7-12.fc32.noarch", "Installed: slapi-nis-0.56.5-2.fc32.x86_64", "Installed: glassfish-jaxb-runtime-2.2.11-16.fc32.noarch", "Installed: perl-Socket-4:2.031-1.fc32.x86_64", "Installed: python3-systemd-234-12.fc32.x86_64", "Installed: gssproxy-0.8.2-8.fc32.x86_64", "Installed: glassfish-jaxb-txw2-2.2.11-16.fc32.noarch", "Installed: publicsuffix-list-20190417-3.fc32.noarch", "Installed: libicu-65.1-2.fc32.x86_64", "Installed: httpd-2.4.46-1.fc32.x86_64", "Installed: mod_auth_gssapi-1.6.1-8.fc32.x86_64", "Installed: httpd-filesystem-2.4.46-1.fc32.noarch", "Installed: python3-ipaclient-4.9.3-1.fc32.noarch", "Installed: httpd-tools-2.4.46-1.fc32.x86_64", "Installed: python3-ipalib-4.9.3-1.fc32.noarch", "Installed: python3-ipaserver-4.9.3-1.fc32.noarch", "Installed: bind-libs-32:9.11.28-1.fc32.x86_64", "Installed: bind-libs-lite-32:9.11.28-1.fc32.x86_64", "Installed: bind-license-32:9.11.28-1.fc32.noarch", "Installed: perl-parent-1:0.238-1.fc32.noarch", "Installed: perl-podlators-1:4.14-2.fc32.noarch", "Installed: python3-gssapi-1.6.1-5.fc32.x86_64", "Installed: bind-utils-32:9.11.28-1.fc32.x86_64", "Installed: mod_lookup_identity-1.0.0-11.fc32.x86_64", "Installed: python3-netaddr-0.7.19-21.fc32.noarch", "Installed: python3-netifaces-0.10.6-10.fc32.x86_64", "Installed: krb5-pkinit-1.18.2-29.fc32.x86_64", "Installed: krb5-server-1.18.2-29.fc32.x86_64", "Installed: perl-interpreter-4:5.30.3-461.fc32.x86_64", "Installed: krb5-workstation-1.18.2-29.fc32.x86_64", "Installed: perl-libnet-3.13-1.fc32.noarch", "Installed: jna-5.4.0-2.fc32.x86_64", "Installed: perl-libs-4:5.30.3-461.fc32.x86_64", "Installed: perl-threads-1:2.22-442.fc32.x86_64", "Installed: perl-threads-shared-1.60-441.fc32.x86_64", "Installed: perl-macros-4:5.30.3-461.fc32.noarch", "Installed: nfs-utils-1:2.5.3-1.fc32.x86_64", "Installed: lksctp-tools-1.0.18-4.fc32.x86_64", "Installed: keyutils-1.6.1-1.fc32.x86_64", "Installed: softhsm-2.6.1-3.fc32.x86_64", "Installed: python3-ldap-3.3.1-1.fc32.x86_64", "Installed: python3-sss-2.4.0-1.fc32.x86_64", "Installed: python3-sss-murmur-2.4.0-1.fc32.x86_64", "Installed: python3-sssdconfig-2.4.0-1.fc32.noarch", "Installed: python3-lib389-1.4.3.22-1.fc32.noarch", "Installed: freeipa-client-4.9.3-1.fc32.x86_64", "Installed: freeipa-client-common-4.9.3-1.fc32.noarch", "Installed: freeipa-common-4.9.3-1.fc32.noarch", "Installed: python3-libipa_hbac-2.4.0-1.fc32.x86_64", "Installed: policycoreutils-python-utils-3.0-2.fc32.noarch", "Installed: freeipa-healthcheck-core-0.8-2.fc32.noarch", "Installed: perl-Pod-Escapes-1:1.07-440.fc32.noarch", "Installed: freeipa-selinux-4.9.3-1.fc32.noarch", "Installed: freeipa-server-4.9.3-1.fc32.x86_64", "Installed: freeipa-server-common-4.9.3-1.fc32.noarch", "Installed: python3-custodia-0.6.0-11.fc32.noarch", "Installed: python3-nss-1.0.1-18.fc32.x86_64", "Installed: perl-Pod-Perldoc-3.28.01-443.fc32.noarch", "Installed: istack-commons-runtime-2.21-12.fc32.noarch", "Installed: perl-Pod-Simple-1:3.40-2.fc32.noarch", "Installed: web-assets-filesystem-5-11.fc32.noarch", "Installed: python3-lxml-4.4.1-5.fc32.x86_64", "Installed: apache-commons-lang3-3.11-1.fc32.noarch", "Installed: python3-pyusb-1.0.2-6.fc32.noarch", "Installed: xsom-20140514-3.fc32.noarch", "Installed: freetype-2.10.4-1.fc32.x86_64", "Installed: python3-decorator-4.4.0-6.fc32.noarch", "Installed: mod_http2-1.15.14-1.fc32.x86_64", "Installed: mod_session-2.4.46-1.fc32.x86_64", "Installed: mod_ssl-1:2.4.46-1.fc32.x86_64", "Installed: perl-Text-Diff-1.45-8.fc32.noarch", "Installed: python3-argparse-manpage-1.5-1.fc32.noarch", "Installed: python3-qrcode-core-6.1-5.fc32.noarch", "Installed: custodia-0.6.0-11.fc32.noarch", "Installed: oddjob-0.34.6-1.fc32.x86_64", "Installed: oddjob-mkhomedir-0.34.6-1.fc32.x86_64", "Installed: sscg-2.6.2-1.fc32.x86_64", "Installed: perl-Storable-1:3.15-443.fc32.x86_64", "Installed: quota-1:4.05-10.fc32.x86_64", "Installed: ldapjdk-4.22.0-1.fc32.noarch", "Installed: perl-HTTP-Tiny-0.076-440.fc32.noarch", "Installed: quota-nls-1:4.05-10.fc32.noarch", "Installed: libpkgconf-1.6.3-3.fc32.x86_64", "Installed: perl-Text-ParseWords-3.30-440.fc32.noarch", "Installed: xerces-j2-2.12.0-4.fc32.noarch", "Installed: sssd-common-pac-2.4.0-1.fc32.x86_64", "Installed: sssd-dbus-2.4.0-1.fc32.x86_64", "Installed: sssd-ipa-2.4.0-1.fc32.x86_64", "Installed: sssd-krb5-common-2.4.0-1.fc32.x86_64", "Installed: fstrm-0.5.0-2.fc32.x86_64", "Installed: apache-commons-codec-1.13-2.fc32.noarch", "Installed: python3-wcwidth-0.2.4-1.fc32.noarch", "Installed: sssd-tools-2.4.0-1.fc32.x86_64", "Installed: bash-completion-1:2.8-8.fc32.noarch", "Installed: libtomcrypt-1.18.2-6.fc32.x86_64", "Installed: mailcap-2.1.48-7.fc32.noarch", "Installed: perl-Carp-1.50-440.fc32.noarch", "Installed: perl-Text-Tabs+Wrap-2013.0523-440.fc32.noarch", "Installed: python3-packaging-20.1-2.fc32.noarch", "Installed: velocity-1.7-27.fc32.noarch", "Installed: xml-commons-resolver-1.2-29.fc32.noarch", "Installed: libtommath-1.1.0-2.fc32.x86_64", "Installed: libpng-2:1.6.37-3.fc32.x86_64", "Installed: perl-IO-Compress-2.093-2.fc32.noarch", "Installed: perl-IO-Compress-Lzma-2.093-2.fc32.noarch", "Installed: tomcat-native-1.2.23-1.fc32.x86_64", "Installed: logrotate-3.15.1-3.fc32.x86_64", "Installed: cyrus-sasl-gssapi-2.1.27-4.fc32.x86_64", "Installed: xalan-j2-2.7.2-2.fc32.noarch", "Installed: cyrus-sasl-md5-2.1.27-4.fc32.x86_64", "Installed: open-sans-fonts-1.10-12.fc32.noarch"]} TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: bind-pkcs11-libs-32:9.11.28-1.fc32.x86_64", "Installed: bind-pkcs11-utils-32:9.11.28-1.fc32.x86_64", "Installed: mariadb-connector-c-3.1.12-1.fc32.x86_64", "Installed: mariadb-connector-c-config-3.1.12-1.fc32.noarch", "Installed: opendnssec-2.1.7-2.fc32.x86_64", "Installed: sqlite-3.34.0-1.fc32.x86_64", "Installed: bind-32:9.11.28-1.fc32.x86_64", "Installed: python3-bind-32:9.11.28-1.fc32.noarch", "Installed: ldns-1.7.0-29.fc32.x86_64", "Installed: bind-dnssec-doc-32:9.11.28-1.fc32.noarch", "Installed: bind-dnssec-utils-32:9.11.28-1.fc32.x86_64", "Installed: bind-dyndb-ldap-11.3-4.fc32.x86_64", "Installed: opencryptoki-3.13.0-1.fc32.x86_64", "Installed: opencryptoki-icsftok-3.13.0-1.fc32.x86_64", "Installed: opencryptoki-libs-3.13.0-1.fc32.x86_64", "Installed: bind-pkcs11-32:9.11.28-1.fc32.x86_64", "Installed: freeipa-server-dns-4.9.3-1.fc32.noarch"]} TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-gobject-base-3.36.1-1.fc32.x86_64", "Installed: python3-slip-0.6.4-19.fc32.noarch", "Installed: ipset-7.6-1.fc32.x86_64", "Installed: python3-slip-dbus-0.6.4-19.fc32.noarch", "Installed: gobject-introspection-1.64.1-1.fc32.x86_64", "Installed: ipset-libs-7.6-1.fc32.x86_64", "Installed: python3-firewall-0.8.6-1.fc32.noarch", "Installed: nftables-1:0.9.3-4.fc32.x86_64", "Installed: python3-nftables-1:0.9.3-4.fc32.x86_64", "Installed: iptables-nft-1.8.4-9.fc32.x86_64", "Installed: libnftnl-1.1.5-2.fc32.x86_64", "Installed: firewalld-0.8.6-1.fc32.noarch", "Installed: firewalld-filesystem-0.8.6-1.fc32.noarch"]} TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 changed: [/cache/fedora-32.qcow2] => {"changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "polkit.service dbus.socket basic.target system.slice dbus-broker.service sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target multi-user.target network-pre.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "nftables.service ip6tables.service ebtables.service iptables.service shutdown.target ipset.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "dbus-org.fedoraproject.FirewallD1.service firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 ok: [/cache/fedora-32.qcow2] => {"_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 758999999, "idstart": 758800000, "ipa_python_version": 40903, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false} TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:137 changed: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true} TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:144 ok: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:152 changed: [/cache/fedora-32.qcow2] => {"_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": ["10.0.2.15", "fec0::5054:ff:fe12:3456"], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": ["10.0.2.3"], "ip_addresses": ["10.0.2.15", "fec0::5054:ff:fe12:3456"], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL"} TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 changed: [/cache/fedora-32.qcow2] => {"changed": true, "csr_generated": false} TASK [ipaserver : Copy /root/ipa.csr to "/cache/fedora-32.qcow2-ipa.csr"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:306 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:353 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:381 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:396 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:413 TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 ok: [/cache/fedora-32.qcow2] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => {"ansible_facts": {"ipaclient_packages": ["ipa-client", "python3-libselinux"]}, "ansible_included_var_files": ["/tmp/freeipa-repo/roles/ipaclient/vars/default.yml"], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml"} TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:12 included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/fedora-32.qcow2 TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install - Set ipaclient_servers] ***************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Install - Set ipaclient_servers from cluster inventory] ****************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false} TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 ok: [/cache/fedora-32.qcow2] => {"basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40903, "kdc": "ipaserver.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": ["ipaserver.test.local"], "sssd": true} TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 ok: [/cache/fedora-32.qcow2] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 ok: [/cache/fedora-32.qcow2] => {"changed": false} TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 ok: [/cache/fedora-32.qcow2] => {"ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true} TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 skipping: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 skipping: [/cache/fedora-32.qcow2] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 skipping: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 skipping: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:188 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:193 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:215 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:220 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:223 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:235 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:244 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:266 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 changed: [/cache/fedora-32.qcow2] => {"ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL"} TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:288 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 changed: [/cache/fedora-32.qcow2] => {"ca_enabled_ra": true, "changed": true} TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:329 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:343 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:349 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:367 skipping: [/cache/fedora-32.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:373 ok: [/cache/fedora-32.qcow2] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:16 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 changed: [/cache/fedora-32.qcow2] => {"changed": true} TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:435 ok: [/cache/fedora-32.qcow2] => {"changed": false, "path": "/root/.ipa_cache", "state": "absent"} TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:441 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.255674", "end": "2021-05-05 03:43:08.225763", "rc": 0, "start": "2021-05-05 03:43:07.970089", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:455 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.258242", "end": "2021-05-05 03:43:08.845492", "rc": 0, "start": "2021-05-05 03:43:08.587250", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 ok: [/cache/fedora-32.qcow2] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent"} ok: [/cache/fedora-32.qcow2] => (item=/etc/ipa/.tmp_pkcs12_http) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent"} ok: [/cache/fedora-32.qcow2] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent"} TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:16 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY [Issue IPA signed certificate] ******************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_basic_ipa.yml:8 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestamp": "Wed 2021-05-05 03:41:25 UTC", "ActiveEnterTimestampMonotonic": "258653901", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket syslog.target dbus-broker.service sysinit.target dbus.socket system.slice network.target basic.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Wed 2021-05-05 03:41:25 UTC", "AssertTimestampMonotonic": "258642194", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "30905089000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2021-05-05 03:41:25 UTC", "ConditionTimestampMonotonic": "258642193", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "19381", "ExecMainStartTimestamp": "Wed 2021-05-05 03:41:25 UTC", "ExecMainStartTimestampMonotonic": "258643431", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2021-05-05 03:41:25 UTC", "InactiveExitTimestampMonotonic": "258643851", "InvocationID": "9a377fd4691b409d99bf373a6c982cda", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "19381", "MemoryAccounting": "yes", "MemoryCurrent": "2797568", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2021-05-05 03:43:04 UTC", "StateChangeTimestampMonotonic": "358404673", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_basic_ipa.yml:21 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_basic_ipa.yml:51 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186200.481989, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8db5e9bf0f3bc7860c6b7e61b72ac45a058708fc", "ctime": 1620186200.478989, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 162102, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186200.478989, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "1798124717", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186198.661989, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6cdbfef6383fdc8ed9f2aba1b690d7bd337792fa", "ctime": 1620186200.478989, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 162101, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186200.478989, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2962528328", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.194198", "end": "2021-05-05 03:43:33.284320", "rc": 0, "start": "2021-05-05 03:43:33.090122", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"TEST.LOCAL\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"ipaserver.test.local\"\n }\n ],\n \"extensions\": {\n \"authorityKeyIdentifier\": {\n \"value\": \"8C:34:19:62:A4:8B:0C:15:CD:F4:37:98:9A:45:94:82:E6:18:3B:BF\",\n \"critical\": false\n },\n \"authorityInfoAccess\": {\n \"value\": [\n {\n \"method\": \"OCSP\",\n \"location\": \"http://ipa-ca.test.local/ca/ocsp\"\n }\n ],\n \"critical\": false\n },\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\",\n \"data_encipherment\"\n ],\n \"critical\": true\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"cRLDistributionPoints\": {\n \"value\": [\n {\n \"full_name\": [\n \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"\n ],\n \"crl_issuer\": [\n {\n \"organizationName\": \"ipaca\",\n \"commonName\": \"Certificate Authority\"\n }\n ]\n }\n ],\n \"critical\": false\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"AC:F1:EC:34:72:E3:E6:28:27:9F:FD:5B:15:7A:C5:3C:52:47:AC:51\",\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"ipaserver.test.local\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"57:8E:9D:BC:8C:FA:DC:B9:F8:1B:25:69:3C:B1:40:4A:D9:8D:3F:42:B6:25:A9:B4:89:BA:37:03:F6:08:5B:97:D4:81:88:96:62:4C:EF:EB:58:77:EF:5B:CC:FE:B3:C6:64:9D:FB:6E:5D:7E:08:6C:77:48:DE:1D:B3:76:F8:63:E3:F4:B2:11:31:DA:79:BE:84:39:08:D8:B1:DF:5A:8F:9B:78:42:47:A1:7F:15:C8:18:8F:AF:5A:E9:FA:03:B9:FC:61:F8:66:33:48:C6:58:AB:62:9D:3B:00:4C:DD:CD:E4:10:04:05:11:3F:23:2A:24:D3:BC:4F:FE:5C:E6:B2:FA:E8:56:F8:BD:F1:24:BA:C9:0B:62:25:F3:7F:03:B9:52:3C:12:AC:4F:D1:48:9E:CE:9F:B9:FF:7D:AB:62:B5:42:52:86:C2:34:5B:E1:B8:9E:06:C2:1A:7C:55:5F:02:1D:ED:B3:13:70:21:BD:6C:5F:C0:95:47:CC:91:43:EC:33:ED:04:D3:DE:04:CA:50:F0:11:18:C7:85:4F:74:2C:DC:F7:19:5F:0C:66:CB:74:9A:82:95:8A:35:38:E2:D2:CC:9E:6A:DF:4E:D1:97:88:75:17:89:85:6E:06:19:6F:78:F6:20:56:72:2F:32:E1:41:3D:5A:CB:DB:AC:D1:14:43:A0:4B:54:AE:DB:EC:18:DA:2E:47:73:B2:6F:65:6B:6F:39:8F:F9:9E:9D:BF:D3:F0:F1:FC:47:B0:3A:47:9C:58:34:B1:6F:89:F4:54:63:8B:BB:88:6E:F8:80:3A:D2:71:51:4B:EF:79:A0:1C:58:BA:6D:55:02:BB:2F:4A:27:F2:B7:88:81:A6:C1:1E:08:1F:77:71:1C:E9:0D:4E:22:65:FB:A0:CA:51:7A:EF:8E:51:8F:95:73:B6:05:54:6B:78:72:CA:95:BA:F4:BC:BB:98:E4:8C:FF:06:CA:F2:87:A8:39:AD:2C:D4:30:5E:17:E1:53:EA:E4:C9:EA:17:C5\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2023-05-06 03:43:19\",\n \"not_valid_before\": \"2021-05-05 03:43:19\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"TEST.LOCAL\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"ipaserver.test.local\"", " }", " ],", " \"extensions\": {", " \"authorityKeyIdentifier\": {", " \"value\": \"8C:34:19:62:A4:8B:0C:15:CD:F4:37:98:9A:45:94:82:E6:18:3B:BF\",", " \"critical\": false", " },", " \"authorityInfoAccess\": {", " \"value\": [", " {", " \"method\": \"OCSP\",", " \"location\": \"http://ipa-ca.test.local/ca/ocsp\"", " }", " ],", " \"critical\": false", " },", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\",", " \"data_encipherment\"", " ],", " \"critical\": true", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"cRLDistributionPoints\": {", " \"value\": [", " {", " \"full_name\": [", " \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"", " ],", " \"crl_issuer\": [", " {", " \"organizationName\": \"ipaca\",", " \"commonName\": \"Certificate Authority\"", " }", " ]", " }", " ],", " \"critical\": false", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"AC:F1:EC:34:72:E3:E6:28:27:9F:FD:5B:15:7A:C5:3C:52:47:AC:51\",", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"ipaserver.test.local\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"57:8E:9D:BC:8C:FA:DC:B9:F8:1B:25:69:3C:B1:40:4A:D9:8D:3F:42:B6:25:A9:B4:89:BA:37:03:F6:08:5B:97:D4:81:88:96:62:4C:EF:EB:58:77:EF:5B:CC:FE:B3:C6:64:9D:FB:6E:5D:7E:08:6C:77:48:DE:1D:B3:76:F8:63:E3:F4:B2:11:31:DA:79:BE:84:39:08:D8:B1:DF:5A:8F:9B:78:42:47:A1:7F:15:C8:18:8F:AF:5A:E9:FA:03:B9:FC:61:F8:66:33:48:C6:58:AB:62:9D:3B:00:4C:DD:CD:E4:10:04:05:11:3F:23:2A:24:D3:BC:4F:FE:5C:E6:B2:FA:E8:56:F8:BD:F1:24:BA:C9:0B:62:25:F3:7F:03:B9:52:3C:12:AC:4F:D1:48:9E:CE:9F:B9:FF:7D:AB:62:B5:42:52:86:C2:34:5B:E1:B8:9E:06:C2:1A:7C:55:5F:02:1D:ED:B3:13:70:21:BD:6C:5F:C0:95:47:CC:91:43:EC:33:ED:04:D3:DE:04:CA:50:F0:11:18:C7:85:4F:74:2C:DC:F7:19:5F:0C:66:CB:74:9A:82:95:8A:35:38:E2:D2:CC:9E:6A:DF:4E:D1:97:88:75:17:89:85:6E:06:19:6F:78:F6:20:56:72:2F:32:E1:41:3D:5A:CB:DB:AC:D1:14:43:A0:4B:54:AE:DB:EC:18:DA:2E:47:73:B2:6F:65:6B:6F:39:8F:F9:9E:9D:BF:D3:F0:F1:FC:47:B0:3A:47:9C:58:34:B1:6F:89:F4:54:63:8B:BB:88:6E:F8:80:3A:D2:71:51:4B:EF:79:A0:1C:58:BA:6D:55:02:BB:2F:4A:27:F2:B7:88:81:A6:C1:1E:08:1F:77:71:1C:E9:0D:4E:22:65:FB:A0:CA:51:7A:EF:8E:51:8F:95:73:B6:05:54:6B:78:72:CA:95:BA:F4:BC:BB:98:E4:8C:FF:06:CA:F2:87:A8:39:AD:2C:D4:30:5E:17:E1:53:EA:E4:C9:EA:17:C5\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2023-05-06 03:43:19\",", " \"not_valid_before\": \"2021-05-05 03:43:19\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityInfoAccess": {"critical": false, "value": [{"location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP"}]}, "authorityKeyIdentifier": {"critical": false, "value": "8C:34:19:62:A4:8B:0C:15:CD:F4:37:98:9A:45:94:82:E6:18:3B:BF"}, "cRLDistributionPoints": {"critical": false, "value": [{"crl_issuer": [{"commonName": "Certificate Authority", "organizationName": "ipaca"}], "full_name": ["http://ipa-ca.test.local/ipa/crl/MasterCRL.bin"]}]}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": true, "value": ["digital_signature", "content_commitment", "key_encipherment", "data_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "ipaserver.test.local"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}]}, "subjectKeyIdentifier": {"critical": false, "value": "AC:F1:EC:34:72:E3:E6:28:27:9F:FD:5B:15:7A:C5:3C:52:47:AC:51"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "57:8E:9D:BC:8C:FA:DC:B9:F8:1B:25:69:3C:B1:40:4A:D9:8D:3F:42:B6:25:A9:B4:89:BA:37:03:F6:08:5B:97:D4:81:88:96:62:4C:EF:EB:58:77:EF:5B:CC:FE:B3:C6:64:9D:FB:6E:5D:7E:08:6C:77:48:DE:1D:B3:76:F8:63:E3:F4:B2:11:31:DA:79:BE:84:39:08:D8:B1:DF:5A:8F:9B:78:42:47:A1:7F:15:C8:18:8F:AF:5A:E9:FA:03:B9:FC:61:F8:66:33:48:C6:58:AB:62:9D:3B:00:4C:DD:CD:E4:10:04:05:11:3F:23:2A:24:D3:BC:4F:FE:5C:E6:B2:FA:E8:56:F8:BD:F1:24:BA:C9:0B:62:25:F3:7F:03:B9:52:3C:12:AC:4F:D1:48:9E:CE:9F:B9:FF:7D:AB:62:B5:42:52:86:C2:34:5B:E1:B8:9E:06:C2:1A:7C:55:5F:02:1D:ED:B3:13:70:21:BD:6C:5F:C0:95:47:CC:91:43:EC:33:ED:04:D3:DE:04:CA:50:F0:11:18:C7:85:4F:74:2C:DC:F7:19:5F:0C:66:CB:74:9A:82:95:8A:35:38:E2:D2:CC:9E:6A:DF:4E:D1:97:88:75:17:89:85:6E:06:19:6F:78:F6:20:56:72:2F:32:E1:41:3D:5A:CB:DB:AC:D1:14:43:A0:4B:54:AE:DB:EC:18:DA:2E:47:73:B2:6F:65:6B:6F:39:8F:F9:9E:9D:BF:D3:F0:F1:FC:47:B0:3A:47:9C:58:34:B1:6F:89:F4:54:63:8B:BB:88:6E:F8:80:3A:D2:71:51:4B:EF:79:A0:1C:58:BA:6D:55:02:BB:2F:4A:27:F2:B7:88:81:A6:C1:1E:08:1F:77:71:1C:E9:0D:4E:22:65:FB:A0:CA:51:7A:EF:8E:51:8F:95:73:B6:05:54:6B:78:72:CA:95:BA:F4:BC:BB:98:E4:8C:FF:06:CA:F2:87:A8:39:AD:2C:D4:30:5E:17:E1:53:EA:E4:C9:EA:17:C5"}, "subject": [{"name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL"}, {"name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local"}], "validity": {"not_valid_after": "2023-05-06 03:43:19", "not_valid_before": "2021-05-05 03:43:19"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.051307", "end": "2021-05-05 03:43:33.848582", "rc": 0, "start": "2021-05-05 03:43:33.797275", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=76 changed=32 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_basic_self_signed.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_basic_self_signed.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target systemd-journald.socket system.slice dbus-broker.service network.target sysinit.target basic.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_basic_self_signed.yml:13 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_basic_self_signed.yml:27 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186281.261104, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6b833fb1f11b9305a449b969d5ad495a079a5f77", "ctime": 1620186281.258104, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132624, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186281.258104, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "1972727956", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186281.216104, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b25216d6fc4d58f293026edfbeda74e44762d31d", "ctime": 1620186281.258104, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132504, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186281.258104, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1700, "uid": 0, "version": "4118555338", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.198405", "end": "2021-05-05 03:44:54.428768", "rc": 0, "start": "2021-05-05 03:44:54.230363", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"63:12:1A:8D:78:7C:94:F9:E9:1A:D4:75:09:B4:76:44:65:E7:62:15\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"E5:D7:21:5B:67:B7:8F:E2:BA:40:8B:05:33:09:48:B7:E3:41:9F:5F\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"32:56:DD:9E:BB:23:BB:17:2F:A4:B6:87:C2:0C:1B:F4:E2:37:FC:C6:62:98:35:32:83:E1:D3:23:A5:C6:CD:67:29:24:0F:13:EF:19:8C:B6:60:C5:18:A7:FD:79:4E:BA:99:A4:E6:01:A1:87:74:F3:9F:58:CC:58:7B:F1:26:6C:E3:F8:44:3C:43:73:93:A5:5D:85:52:A6:07:ED:7B:D5:F6:44:38:13:36:5F:8C:47:32:8D:65:D0:33:38:C0:A7:E3:B4:E8:7A:7F:3E:9F:BD:8B:82:AF:90:F1:9A:64:72:45:41:27:D3:F1:DC:DD:B5:15:60:4E:6E:09:D7:FD:F6:DA:AC:A9:39:21:74:52:5B:CD:84:C3:B4:2C:34:D7:FD:22:74:A2:5B:1F:F3:6B:60:E6:CA:E2:B4:C2:09:39:56:3F:FB:FA:A2:57:9D:02:7B:6D:21:D7:F3:71:E7:BB:26:DD:C7:F3:C6:12:C4:9C:D0:68:4C:5F:00:CA:83:C9:BA:77:93:8F:BF:DB:54:A8:69:73:62:E0:EE:23:C3:F5:3E:13:9B:36:AD:5E:CD:0D:E3:93:FE:16:CC:8A:62:01:B6:32:91:1C:E3:FB:89:E8:E0:A6:93:C1:16:56:0A:5C:E1:E3:AD:2D:5A:11:E0:67:82:A1:C1:3F:11:CF:6E:D0:D0\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:44:40\",\n \"not_valid_before\": \"2021-05-05 03:44:41\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"63:12:1A:8D:78:7C:94:F9:E9:1A:D4:75:09:B4:76:44:65:E7:62:15\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"E5:D7:21:5B:67:B7:8F:E2:BA:40:8B:05:33:09:48:B7:E3:41:9F:5F\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"32:56:DD:9E:BB:23:BB:17:2F:A4:B6:87:C2:0C:1B:F4:E2:37:FC:C6:62:98:35:32:83:E1:D3:23:A5:C6:CD:67:29:24:0F:13:EF:19:8C:B6:60:C5:18:A7:FD:79:4E:BA:99:A4:E6:01:A1:87:74:F3:9F:58:CC:58:7B:F1:26:6C:E3:F8:44:3C:43:73:93:A5:5D:85:52:A6:07:ED:7B:D5:F6:44:38:13:36:5F:8C:47:32:8D:65:D0:33:38:C0:A7:E3:B4:E8:7A:7F:3E:9F:BD:8B:82:AF:90:F1:9A:64:72:45:41:27:D3:F1:DC:DD:B5:15:60:4E:6E:09:D7:FD:F6:DA:AC:A9:39:21:74:52:5B:CD:84:C3:B4:2C:34:D7:FD:22:74:A2:5B:1F:F3:6B:60:E6:CA:E2:B4:C2:09:39:56:3F:FB:FA:A2:57:9D:02:7B:6D:21:D7:F3:71:E7:BB:26:DD:C7:F3:C6:12:C4:9C:D0:68:4C:5F:00:CA:83:C9:BA:77:93:8F:BF:DB:54:A8:69:73:62:E0:EE:23:C3:F5:3E:13:9B:36:AD:5E:CD:0D:E3:93:FE:16:CC:8A:62:01:B6:32:91:1C:E3:FB:89:E8:E0:A6:93:C1:16:56:0A:5C:E1:E3:AD:2D:5A:11:E0:67:82:A1:C1:3F:11:CF:6E:D0:D0\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:44:40\",", " \"not_valid_before\": \"2021-05-05 03:44:41\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "E5:D7:21:5B:67:B7:8F:E2:BA:40:8B:05:33:09:48:B7:E3:41:9F:5F"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "63:12:1A:8D:78:7C:94:F9:E9:1A:D4:75:09:B4:76:44:65:E7:62:15"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "32:56:DD:9E:BB:23:BB:17:2F:A4:B6:87:C2:0C:1B:F4:E2:37:FC:C6:62:98:35:32:83:E1:D3:23:A5:C6:CD:67:29:24:0F:13:EF:19:8C:B6:60:C5:18:A7:FD:79:4E:BA:99:A4:E6:01:A1:87:74:F3:9F:58:CC:58:7B:F1:26:6C:E3:F8:44:3C:43:73:93:A5:5D:85:52:A6:07:ED:7B:D5:F6:44:38:13:36:5F:8C:47:32:8D:65:D0:33:38:C0:A7:E3:B4:E8:7A:7F:3E:9F:BD:8B:82:AF:90:F1:9A:64:72:45:41:27:D3:F1:DC:DD:B5:15:60:4E:6E:09:D7:FD:F6:DA:AC:A9:39:21:74:52:5B:CD:84:C3:B4:2C:34:D7:FD:22:74:A2:5B:1F:F3:6B:60:E6:CA:E2:B4:C2:09:39:56:3F:FB:FA:A2:57:9D:02:7B:6D:21:D7:F3:71:E7:BB:26:DD:C7:F3:C6:12:C4:9C:D0:68:4C:5F:00:CA:83:C9:BA:77:93:8F:BF:DB:54:A8:69:73:62:E0:EE:23:C3:F5:3E:13:9B:36:AD:5E:CD:0D:E3:93:FE:16:CC:8A:62:01:B6:32:91:1C:E3:FB:89:E8:E0:A6:93:C1:16:56:0A:5C:E1:E3:AD:2D:5A:11:E0:67:82:A1:C1:3F:11:CF:6E:D0:D0"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:44:40", "not_valid_before": "2021-05-05 03:44:41"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043911", "end": "2021-05-05 03:44:55.146600", "rc": 0, "start": "2021-05-05 03:44:55.102689", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_default.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_default.yml:3 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=4 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_dns_ip_email.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_dns_ip_email.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice systemd-journald.socket dbus-broker.service basic.target network.target sysinit.target dbus.socket syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "My Certificate with SAN", "dns": ["sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com"], "email": ["sysadmin@example.com", "support@example.com"], "ip": ["192.0.2.12", "198.51.100.65", "2001:db8::2:1"], "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_dns_ip_email.yml:24 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_dns_ip_email.yml:54 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186414.369044, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "54e6cc5eaaaeca757b154fd069da1c9dbe13afb5", "ctime": 1620186414.366044, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132624, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186414.366044, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1501, "uid": 0, "version": "421116990", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186414.321044, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "db352699effb7cf58bfd35018326768cf10abd85", "ctime": 1620186414.366044, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132504, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186414.366044, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2351736886", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.193427", "end": "2021-05-05 03:47:07.073418", "rc": 0, "start": "2021-05-05 03:47:06.879991", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"My Certificate with SAN\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"sub1.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"sub2.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"sub3.example.com\"\n },\n {\n \"name\": \"email\",\n \"value\": \"sysadmin@example.com\"\n },\n {\n \"name\": \"email\",\n \"value\": \"support@example.com\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"192.0.2.12\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"198.51.100.65\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"2001:db8::2:1\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"64:63:52:48:D1:45:72:0A:E4:97:1D:32:2E:88:61:45:45:72:B8:64\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"06:36:1E:FC:B4:76:09:75:2A:3B:88:1E:47:2C:AD:E9:84:58:89:6D\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"1E:D7:C0:F5:01:0F:40:A5:8C:9D:4A:4D:0F:1C:9E:E4:6D:50:0C:FF:A8:13:08:23:8E:44:E1:88:49:6B:7B:F7:6A:29:8C:47:9B:B5:90:3A:CA:9F:4E:E6:D6:AD:40:BF:6A:80:35:6C:C9:F2:E8:7F:0E:DA:5F:DE:F6:80:94:EB:A6:8B:4C:08:CA:C4:61:7C:8E:71:25:34:85:80:BA:CD:EC:D2:14:E6:A8:BC:BF:60:BF:40:50:0D:76:D7:11:F5:F6:2C:6E:AD:CB:D4:74:C2:95:BA:D5:75:7B:D7:A4:9D:40:96:9B:84:B5:8F:57:71:40:C1:36:F1:05:1B:F3:53:B1:45:F0:7B:00:55:A7:4D:4A:C1:34:85:72:31:80:9F:3E:D4:A2:E4:25:AA:FD:72:86:5F:88:D1:D4:C8:BE:41:CA:68:22:44:C9:F5:7A:D2:D2:E8:0A:D1:0B:B5:3C:08:0A:08:17:9D:A3:30:97:E1:CE:23:60:1D:92:83:E3:9E:C0:CE:B9:71:86:00:FE:A8:5A:E1:97:34:2D:BF:26:FE:4C:02:55:AE:07:00:E0:F4:92:87:48:A4:7E:D7:F8:75:5B:67:3D:7B:54:8A:66:7B:44:4E:F8:B9:3B:42:8D:A3:C8:09:BE:0F:4B:E8:49:2C:67:AF:19:3A:3B:E4:A7:8F\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:46:53\",\n \"not_valid_before\": \"2021-05-05 03:46:54\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"My Certificate with SAN\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"sub1.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"sub2.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"sub3.example.com\"", " },", " {", " \"name\": \"email\",", " \"value\": \"sysadmin@example.com\"", " },", " {", " \"name\": \"email\",", " \"value\": \"support@example.com\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"192.0.2.12\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"198.51.100.65\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"2001:db8::2:1\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"64:63:52:48:D1:45:72:0A:E4:97:1D:32:2E:88:61:45:45:72:B8:64\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"06:36:1E:FC:B4:76:09:75:2A:3B:88:1E:47:2C:AD:E9:84:58:89:6D\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"1E:D7:C0:F5:01:0F:40:A5:8C:9D:4A:4D:0F:1C:9E:E4:6D:50:0C:FF:A8:13:08:23:8E:44:E1:88:49:6B:7B:F7:6A:29:8C:47:9B:B5:90:3A:CA:9F:4E:E6:D6:AD:40:BF:6A:80:35:6C:C9:F2:E8:7F:0E:DA:5F:DE:F6:80:94:EB:A6:8B:4C:08:CA:C4:61:7C:8E:71:25:34:85:80:BA:CD:EC:D2:14:E6:A8:BC:BF:60:BF:40:50:0D:76:D7:11:F5:F6:2C:6E:AD:CB:D4:74:C2:95:BA:D5:75:7B:D7:A4:9D:40:96:9B:84:B5:8F:57:71:40:C1:36:F1:05:1B:F3:53:B1:45:F0:7B:00:55:A7:4D:4A:C1:34:85:72:31:80:9F:3E:D4:A2:E4:25:AA:FD:72:86:5F:88:D1:D4:C8:BE:41:CA:68:22:44:C9:F5:7A:D2:D2:E8:0A:D1:0B:B5:3C:08:0A:08:17:9D:A3:30:97:E1:CE:23:60:1D:92:83:E3:9E:C0:CE:B9:71:86:00:FE:A8:5A:E1:97:34:2D:BF:26:FE:4C:02:55:AE:07:00:E0:F4:92:87:48:A4:7E:D7:F8:75:5B:67:3D:7B:54:8A:66:7B:44:4E:F8:B9:3B:42:8D:A3:C8:09:BE:0F:4B:E8:49:2C:67:AF:19:3A:3B:E4:A7:8F\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:46:53\",", " \"not_valid_before\": \"2021-05-05 03:46:54\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "06:36:1E:FC:B4:76:09:75:2A:3B:88:1E:47:2C:AD:E9:84:58:89:6D"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "sub1.example.com"}, {"name": "DNS", "value": "www.example.com"}, {"name": "DNS", "value": "sub2.example.com"}, {"name": "DNS", "value": "sub3.example.com"}, {"name": "email", "value": "sysadmin@example.com"}, {"name": "email", "value": "support@example.com"}, {"name": "IP Address", "value": "192.0.2.12"}, {"name": "IP Address", "value": "198.51.100.65"}, {"name": "IP Address", "value": "2001:db8::2:1"}]}, "subjectKeyIdentifier": {"critical": false, "value": "64:63:52:48:D1:45:72:0A:E4:97:1D:32:2E:88:61:45:45:72:B8:64"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "1E:D7:C0:F5:01:0F:40:A5:8C:9D:4A:4D:0F:1C:9E:E4:6D:50:0C:FF:A8:13:08:23:8E:44:E1:88:49:6B:7B:F7:6A:29:8C:47:9B:B5:90:3A:CA:9F:4E:E6:D6:AD:40:BF:6A:80:35:6C:C9:F2:E8:7F:0E:DA:5F:DE:F6:80:94:EB:A6:8B:4C:08:CA:C4:61:7C:8E:71:25:34:85:80:BA:CD:EC:D2:14:E6:A8:BC:BF:60:BF:40:50:0D:76:D7:11:F5:F6:2C:6E:AD:CB:D4:74:C2:95:BA:D5:75:7B:D7:A4:9D:40:96:9B:84:B5:8F:57:71:40:C1:36:F1:05:1B:F3:53:B1:45:F0:7B:00:55:A7:4D:4A:C1:34:85:72:31:80:9F:3E:D4:A2:E4:25:AA:FD:72:86:5F:88:D1:D4:C8:BE:41:CA:68:22:44:C9:F5:7A:D2:D2:E8:0A:D1:0B:B5:3C:08:0A:08:17:9D:A3:30:97:E1:CE:23:60:1D:92:83:E3:9E:C0:CE:B9:71:86:00:FE:A8:5A:E1:97:34:2D:BF:26:FE:4C:02:55:AE:07:00:E0:F4:92:87:48:A4:7E:D7:F8:75:5B:67:3D:7B:54:8A:66:7B:44:4E:F8:B9:3B:42:8D:A3:C8:09:BE:0F:4B:E8:49:2C:67:AF:19:3A:3B:E4:A7:8F"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN"}], "validity": {"not_valid_after": "2022-05-05 03:46:53", "not_valid_before": "2021-05-05 03:46:54"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.048781", "end": "2021-05-05 03:47:07.806079", "rc": 0, "start": "2021-05-05 03:47:07.757298", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_fs_attrs.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_fs_attrs.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_fs_attrs.yml:5 changed: [/cache/fedora-32.qcow2] => {"changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040} TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_fs_attrs.yml:9 changed: [/cache/fedora-32.qcow2] => {"changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false} META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_fs_attrs.yml:13 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target basic.target systemd-journald.socket dbus.socket sysinit.target dbus-broker.service system.slice network.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert", "owner": "ftp"}, "msg": "Certificate requested (new). File attributes updated."} changed: [/cache/fedora-32.qcow2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040}, "msg": "Certificate requested (new). File attributes updated."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_fs_attrs.yml:31 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_fs_attrs.yml:58 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186506.2174911, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "72587f9cd3b74b8c45fb2d81b461e9337c17705b", "ctime": 1620186506.3254912, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 132543, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186506.215491, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 14, "version": "3466623057", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186506.172491, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0ea05ef84030c5fafe2a63f8e4085a3f834ef3b5", "ctime": 1620186506.326491, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 132429, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186506.215491, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "2319216212", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.212153", "end": "2021-05-05 03:48:40.039233", "rc": 0, "start": "2021-05-05 03:48:39.827080", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"41:7A:DD:3C:3E:3A:D5:27:C1:F8:77:B6:AB:C2:EF:8C:2A:7E:11:A3\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"46:F0:94:26:1C:B0:FB:1E:EB:DF:F6:C4:03:BB:89:F1:85:0D:07:4E\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"66:CB:18:FB:38:F7:15:A0:D1:9F:37:8A:2D:85:B9:B8:98:E9:D3:06:F9:7E:3E:7F:77:F0:E5:DC:57:7F:B3:96:ED:22:38:AA:31:4E:CA:D1:8C:9D:00:0C:45:50:F8:E0:48:F7:1C:B3:F5:CC:C7:08:5D:73:2B:70:FC:83:50:F8:13:DE:AD:AB:01:19:9A:A6:4D:27:63:9C:6B:CD:40:E9:30:5B:FA:FA:29:A1:42:2E:6C:15:D3:80:B2:4F:9A:F1:73:7B:A4:C3:CE:FC:91:EB:D0:86:86:4B:1F:60:05:89:25:20:C4:28:1D:E5:E4:3C:A6:4E:9A:75:74:14:46:FA:01:3E:6F:51:34:86:E1:FE:12:6E:7D:4B:B8:DD:06:A2:BF:DE:BD:F4:22:7B:7D:CC:A0:6E:09:5A:5E:36:E9:DE:C0:10:CE:D8:8F:F9:1F:DD:7D:50:31:DF:C4:40:5D:73:77:44:7B:49:1B:15:6E:29:E5:09:3E:2B:77:EB:99:FE:A8:16:42:A2:CC:17:C8:99:32:21:F8:15:19:55:8E:8B:3E:A1:AA:21:E6:FB:B8:44:2B:B2:F9:C4:AD:F0:66:5B:1C:4F:95:90:B9:E8:68:99:27:32:55:36:8D:20:34:F0:A7:69:AA:A6:41:DF:75:46:A6:4A:06:D8:AC:5B:DA:FC\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:48:25\",\n \"not_valid_before\": \"2021-05-05 03:48:26\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"41:7A:DD:3C:3E:3A:D5:27:C1:F8:77:B6:AB:C2:EF:8C:2A:7E:11:A3\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"46:F0:94:26:1C:B0:FB:1E:EB:DF:F6:C4:03:BB:89:F1:85:0D:07:4E\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"66:CB:18:FB:38:F7:15:A0:D1:9F:37:8A:2D:85:B9:B8:98:E9:D3:06:F9:7E:3E:7F:77:F0:E5:DC:57:7F:B3:96:ED:22:38:AA:31:4E:CA:D1:8C:9D:00:0C:45:50:F8:E0:48:F7:1C:B3:F5:CC:C7:08:5D:73:2B:70:FC:83:50:F8:13:DE:AD:AB:01:19:9A:A6:4D:27:63:9C:6B:CD:40:E9:30:5B:FA:FA:29:A1:42:2E:6C:15:D3:80:B2:4F:9A:F1:73:7B:A4:C3:CE:FC:91:EB:D0:86:86:4B:1F:60:05:89:25:20:C4:28:1D:E5:E4:3C:A6:4E:9A:75:74:14:46:FA:01:3E:6F:51:34:86:E1:FE:12:6E:7D:4B:B8:DD:06:A2:BF:DE:BD:F4:22:7B:7D:CC:A0:6E:09:5A:5E:36:E9:DE:C0:10:CE:D8:8F:F9:1F:DD:7D:50:31:DF:C4:40:5D:73:77:44:7B:49:1B:15:6E:29:E5:09:3E:2B:77:EB:99:FE:A8:16:42:A2:CC:17:C8:99:32:21:F8:15:19:55:8E:8B:3E:A1:AA:21:E6:FB:B8:44:2B:B2:F9:C4:AD:F0:66:5B:1C:4F:95:90:B9:E8:68:99:27:32:55:36:8D:20:34:F0:A7:69:AA:A6:41:DF:75:46:A6:4A:06:D8:AC:5B:DA:FC\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:48:25\",", " \"not_valid_before\": \"2021-05-05 03:48:26\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "46:F0:94:26:1C:B0:FB:1E:EB:DF:F6:C4:03:BB:89:F1:85:0D:07:4E"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "41:7A:DD:3C:3E:3A:D5:27:C1:F8:77:B6:AB:C2:EF:8C:2A:7E:11:A3"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "66:CB:18:FB:38:F7:15:A0:D1:9F:37:8A:2D:85:B9:B8:98:E9:D3:06:F9:7E:3E:7F:77:F0:E5:DC:57:7F:B3:96:ED:22:38:AA:31:4E:CA:D1:8C:9D:00:0C:45:50:F8:E0:48:F7:1C:B3:F5:CC:C7:08:5D:73:2B:70:FC:83:50:F8:13:DE:AD:AB:01:19:9A:A6:4D:27:63:9C:6B:CD:40:E9:30:5B:FA:FA:29:A1:42:2E:6C:15:D3:80:B2:4F:9A:F1:73:7B:A4:C3:CE:FC:91:EB:D0:86:86:4B:1F:60:05:89:25:20:C4:28:1D:E5:E4:3C:A6:4E:9A:75:74:14:46:FA:01:3E:6F:51:34:86:E1:FE:12:6E:7D:4B:B8:DD:06:A2:BF:DE:BD:F4:22:7B:7D:CC:A0:6E:09:5A:5E:36:E9:DE:C0:10:CE:D8:8F:F9:1F:DD:7D:50:31:DF:C4:40:5D:73:77:44:7B:49:1B:15:6E:29:E5:09:3E:2B:77:EB:99:FE:A8:16:42:A2:CC:17:C8:99:32:21:F8:15:19:55:8E:8B:3E:A1:AA:21:E6:FB:B8:44:2B:B2:F9:C4:AD:F0:66:5B:1C:4F:95:90:B9:E8:68:99:27:32:55:36:8D:20:34:F0:A7:69:AA:A6:41:DF:75:46:A6:4A:06:D8:AC:5B:DA:FC"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:48:25", "not_valid_before": "2021-05-05 03:48:26"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044175", "end": "2021-05-05 03:48:40.743156", "rc": 0, "start": "2021-05-05 03:48:40.698981", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186507.2254913, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "529750006954ee31cd1bb6095ea4209a8a88faba", "ctime": 1620186507.336491, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 132545, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186507.2234912, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 1040, "version": "3909004099", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186507.1814911, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6f0c5102fea482ad06eb658b307a9330c2da43e1", "ctime": 1620186507.336491, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 132544, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186507.2234912, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 1040, "version": "2909589242", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt"], "delta": "0:00:00.264675", "end": "2021-05-05 03:48:46.927272", "rc": 0, "start": "2021-05-05 03:48:46.662597", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"F2:0B:63:0D:71:58:D7:C5:83:28:25:B6:15:4B:EA:1E:9B:A9:5B:78\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"46:F0:94:26:1C:B0:FB:1E:EB:DF:F6:C4:03:BB:89:F1:85:0D:07:4E\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"AF:54:D9:E7:29:6E:E7:70:F9:64:CA:57:B0:95:97:0C:FF:DB:0D:4A:0D:1B:7C:78:E2:DA:52:0A:89:13:0A:F0:F4:DC:96:CD:D9:B4:60:EB:BA:D6:87:5B:2D:CB:3B:0B:17:28:CF:46:45:02:1E:62:59:95:89:B3:BB:49:41:9D:09:3F:BA:FD:D9:CA:BB:4B:C2:4D:F5:48:D9:E5:DD:EF:76:C2:75:40:1A:7B:09:A4:5C:DB:B8:A7:1E:D4:13:28:88:6C:1A:1F:62:68:C7:F9:9F:A4:4F:F8:FF:E2:D3:71:38:AF:BD:74:9F:8B:1C:3C:BF:B5:E4:59:C3:D3:F9:70:73:C1:8D:DC:7E:4D:FD:31:8C:82:5A:05:16:C4:34:B8:67:EC:9B:09:60:A7:48:A1:F9:E5:1A:DB:B3:04:4E:34:6C:BA:1E:FC:3B:68:25:35:84:0F:BC:6D:D4:44:B5:F9:95:FF:9D:B0:36:35:56:41:DF:EC:94:AB:B0:20:B9:F2:32:85:18:F8:47:BA:5E:8D:9B:08:DA:C1:EA:DE:E7:D9:C5:9A:CC:06:FB:67:43:14:FC:43:90:5C:49:0F:E1:51:FD:0F:20:A1:81:99:47:C5:25:EC:85:05:AA:10:10:5B:CB:CC:9C:6C:92:1C:07:C4:23:93:56:7D:3D:E8:55:65\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:48:25\",\n \"not_valid_before\": \"2021-05-05 03:48:27\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"F2:0B:63:0D:71:58:D7:C5:83:28:25:B6:15:4B:EA:1E:9B:A9:5B:78\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"46:F0:94:26:1C:B0:FB:1E:EB:DF:F6:C4:03:BB:89:F1:85:0D:07:4E\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"AF:54:D9:E7:29:6E:E7:70:F9:64:CA:57:B0:95:97:0C:FF:DB:0D:4A:0D:1B:7C:78:E2:DA:52:0A:89:13:0A:F0:F4:DC:96:CD:D9:B4:60:EB:BA:D6:87:5B:2D:CB:3B:0B:17:28:CF:46:45:02:1E:62:59:95:89:B3:BB:49:41:9D:09:3F:BA:FD:D9:CA:BB:4B:C2:4D:F5:48:D9:E5:DD:EF:76:C2:75:40:1A:7B:09:A4:5C:DB:B8:A7:1E:D4:13:28:88:6C:1A:1F:62:68:C7:F9:9F:A4:4F:F8:FF:E2:D3:71:38:AF:BD:74:9F:8B:1C:3C:BF:B5:E4:59:C3:D3:F9:70:73:C1:8D:DC:7E:4D:FD:31:8C:82:5A:05:16:C4:34:B8:67:EC:9B:09:60:A7:48:A1:F9:E5:1A:DB:B3:04:4E:34:6C:BA:1E:FC:3B:68:25:35:84:0F:BC:6D:D4:44:B5:F9:95:FF:9D:B0:36:35:56:41:DF:EC:94:AB:B0:20:B9:F2:32:85:18:F8:47:BA:5E:8D:9B:08:DA:C1:EA:DE:E7:D9:C5:9A:CC:06:FB:67:43:14:FC:43:90:5C:49:0F:E1:51:FD:0F:20:A1:81:99:47:C5:25:EC:85:05:AA:10:10:5B:CB:CC:9C:6C:92:1C:07:C4:23:93:56:7D:3D:E8:55:65\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:48:25\",", " \"not_valid_before\": \"2021-05-05 03:48:27\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "46:F0:94:26:1C:B0:FB:1E:EB:DF:F6:C4:03:BB:89:F1:85:0D:07:4E"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "F2:0B:63:0D:71:58:D7:C5:83:28:25:B6:15:4B:EA:1E:9B:A9:5B:78"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "AF:54:D9:E7:29:6E:E7:70:F9:64:CA:57:B0:95:97:0C:FF:DB:0D:4A:0D:1B:7C:78:E2:DA:52:0A:89:13:0A:F0:F4:DC:96:CD:D9:B4:60:EB:BA:D6:87:5B:2D:CB:3B:0B:17:28:CF:46:45:02:1E:62:59:95:89:B3:BB:49:41:9D:09:3F:BA:FD:D9:CA:BB:4B:C2:4D:F5:48:D9:E5:DD:EF:76:C2:75:40:1A:7B:09:A4:5C:DB:B8:A7:1E:D4:13:28:88:6C:1A:1F:62:68:C7:F9:9F:A4:4F:F8:FF:E2:D3:71:38:AF:BD:74:9F:8B:1C:3C:BF:B5:E4:59:C3:D3:F9:70:73:C1:8D:DC:7E:4D:FD:31:8C:82:5A:05:16:C4:34:B8:67:EC:9B:09:60:A7:48:A1:F9:E5:1A:DB:B3:04:4E:34:6C:BA:1E:FC:3B:68:25:35:84:0F:BC:6D:D4:44:B5:F9:95:FF:9D:B0:36:35:56:41:DF:EC:94:AB:B0:20:B9:F2:32:85:18:F8:47:BA:5E:8D:9B:08:DA:C1:EA:DE:E7:D9:C5:9A:CC:06:FB:67:43:14:FC:43:90:5C:49:0F:E1:51:FD:0F:20:A1:81:99:47:C5:25:EC:85:05:AA:10:10:5B:CB:CC:9C:6C:92:1C:07:C4:23:93:56:7D:3D:E8:55:65"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:48:25", "not_valid_before": "2021-05-05 03:48:27"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040755", "end": "2021-05-05 03:48:47.613735", "rc": 0, "start": "2021-05-05 03:48:47.572980", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=53 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_include_vars_from_parent.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_include_vars_from_parent.yml:1 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_include_vars_from_parent.yml:3 changed: [/cache/fedora-32.qcow2] => (item=Fedora-32) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp9ljpszrp/tests/certificate/roles/caller/vars/Fedora-32.yml", "gid": 0, "group": "root", "item": "Fedora-32", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1620186543.0306702-143210-261829883855956/source", "state": "file", "uid": 0} changed: [/cache/fedora-32.qcow2] => (item=Fedora_32) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp9ljpszrp/tests/certificate/roles/caller/vars/Fedora_32.yml", "gid": 0, "group": "root", "item": "Fedora_32", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1620186543.6670015-143210-36114211551725/source", "state": "file", "uid": 0} changed: [/cache/fedora-32.qcow2] => (item=Fedora) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp9ljpszrp/tests/certificate/roles/caller/vars/Fedora.yml", "gid": 0, "group": "root", "item": "Fedora", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1620186544.0177014-143210-122365673167218/source", "state": "file", "uid": 0} changed: [/cache/fedora-32.qcow2] => (item=RedHat) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp9ljpszrp/tests/certificate/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1620186544.3595498-143210-107125155048337/source", "state": "file", "uid": 0} TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/roles/caller/tasks/main.yml:4 TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 TASK [caller : assert] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/roles/caller/tasks/main.yml:7 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=6 changed=2 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_key_size.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_key_size.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target syslog.target basic.target sysinit.target dbus-broker.service system.slice systemd-journald.socket dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_key_size.yml:14 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_key_size.yml:29 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186652.6645818, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5d3c72792d3653c92e231452075d3333635a0353", "ctime": 1620186652.6625817, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132624, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186652.6625817, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1655, "uid": 0, "version": "1418440883", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186652.6035817, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "93156686f7a501b0f28891675b583d7d03a8ad3e", "ctime": 1620186652.6625817, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132504, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186652.6625817, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3268, "uid": 0, "version": "2426816601", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.195215", "end": "2021-05-05 03:51:05.847118", "rc": 0, "start": "2021-05-05 03:51:05.651903", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"22:2C:0C:88:E4:E4:CE:BE:40:BE:C4:67:29:98:39:03:EA:7E:A0:89\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"03:2B:52:0A:8E:1C:97:75:A4:6B:A6:6A:36:59:C9:39:1B:DF:3E:F8\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"3D:96:A4:F2:88:F8:BD:E6:6D:CA:8A:53:14:0F:1F:CD:C0:FB:D5:63:FE:37:67:99:C1:E6:73:61:51:6A:B5:4E:BE:EB:A1:8E:7C:A9:28:34:1F:4D:EA:81:21:BE:A4:88:31:1E:42:59:E5:DE:E3:CE:5C:95:2A:38:1B:90:49:97:1C:09:B7:B5:45:22:B9:CA:E7:19:6D:FB:7A:21:51:74:DE:65:2C:9C:BF:08:C9:6D:C6:BA:E1:78:7E:47:7E:5B:F5:70:34:2D:34:B6:EA:C3:70:F2:C8:A2:66:47:92:99:3A:21:F0:44:3D:1E:9E:3C:5F:07:7D:BA:CE:A9:1C:8A:4E:D3:B4:24:BF:69:A3:B0:53:95:41:2B:EE:DD:CD:AF:A0:E2:45:6D:BD:7D:B4:5D:55:3C:49:D0:B2:71:9B:5D:84:13:02:78:75:5A:84:9C:83:E7:DE:E6:BF:ED:CB:CF:78:34:BB:19:A3:F1:08:59:01:99:B5:E2:1B:44:D9:83:E2:EE:54:CD:71:63:25:BA:C0:7F:E5:71:1A:D2:35:AC:74:6C:8F:A4:44:E2:86:B1:20:C7:58:23:5D:C8:3F:B1:80:F9:70:EA:30:0C:8D:E6:0B:35:B7:EF:70:03:D3:3D:2C:B7:82:AA:B9:2F:62:70:4D:52:11:75:ED:AE:27:EC\"\n },\n \"key_size\": 4096,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:50:50\",\n \"not_valid_before\": \"2021-05-05 03:50:52\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"22:2C:0C:88:E4:E4:CE:BE:40:BE:C4:67:29:98:39:03:EA:7E:A0:89\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"03:2B:52:0A:8E:1C:97:75:A4:6B:A6:6A:36:59:C9:39:1B:DF:3E:F8\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"3D:96:A4:F2:88:F8:BD:E6:6D:CA:8A:53:14:0F:1F:CD:C0:FB:D5:63:FE:37:67:99:C1:E6:73:61:51:6A:B5:4E:BE:EB:A1:8E:7C:A9:28:34:1F:4D:EA:81:21:BE:A4:88:31:1E:42:59:E5:DE:E3:CE:5C:95:2A:38:1B:90:49:97:1C:09:B7:B5:45:22:B9:CA:E7:19:6D:FB:7A:21:51:74:DE:65:2C:9C:BF:08:C9:6D:C6:BA:E1:78:7E:47:7E:5B:F5:70:34:2D:34:B6:EA:C3:70:F2:C8:A2:66:47:92:99:3A:21:F0:44:3D:1E:9E:3C:5F:07:7D:BA:CE:A9:1C:8A:4E:D3:B4:24:BF:69:A3:B0:53:95:41:2B:EE:DD:CD:AF:A0:E2:45:6D:BD:7D:B4:5D:55:3C:49:D0:B2:71:9B:5D:84:13:02:78:75:5A:84:9C:83:E7:DE:E6:BF:ED:CB:CF:78:34:BB:19:A3:F1:08:59:01:99:B5:E2:1B:44:D9:83:E2:EE:54:CD:71:63:25:BA:C0:7F:E5:71:1A:D2:35:AC:74:6C:8F:A4:44:E2:86:B1:20:C7:58:23:5D:C8:3F:B1:80:F9:70:EA:30:0C:8D:E6:0B:35:B7:EF:70:03:D3:3D:2C:B7:82:AA:B9:2F:62:70:4D:52:11:75:ED:AE:27:EC\"", " },", " \"key_size\": 4096,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:50:50\",", " \"not_valid_before\": \"2021-05-05 03:50:52\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "03:2B:52:0A:8E:1C:97:75:A4:6B:A6:6A:36:59:C9:39:1B:DF:3E:F8"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "22:2C:0C:88:E4:E4:CE:BE:40:BE:C4:67:29:98:39:03:EA:7E:A0:89"}}, "key_size": 4096, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "3D:96:A4:F2:88:F8:BD:E6:6D:CA:8A:53:14:0F:1F:CD:C0:FB:D5:63:FE:37:67:99:C1:E6:73:61:51:6A:B5:4E:BE:EB:A1:8E:7C:A9:28:34:1F:4D:EA:81:21:BE:A4:88:31:1E:42:59:E5:DE:E3:CE:5C:95:2A:38:1B:90:49:97:1C:09:B7:B5:45:22:B9:CA:E7:19:6D:FB:7A:21:51:74:DE:65:2C:9C:BF:08:C9:6D:C6:BA:E1:78:7E:47:7E:5B:F5:70:34:2D:34:B6:EA:C3:70:F2:C8:A2:66:47:92:99:3A:21:F0:44:3D:1E:9E:3C:5F:07:7D:BA:CE:A9:1C:8A:4E:D3:B4:24:BF:69:A3:B0:53:95:41:2B:EE:DD:CD:AF:A0:E2:45:6D:BD:7D:B4:5D:55:3C:49:D0:B2:71:9B:5D:84:13:02:78:75:5A:84:9C:83:E7:DE:E6:BF:ED:CB:CF:78:34:BB:19:A3:F1:08:59:01:99:B5:E2:1B:44:D9:83:E2:EE:54:CD:71:63:25:BA:C0:7F:E5:71:1A:D2:35:AC:74:6C:8F:A4:44:E2:86:B1:20:C7:58:23:5D:C8:3F:B1:80:F9:70:EA:30:0C:8D:E6:0B:35:B7:EF:70:03:D3:3D:2C:B7:82:AA:B9:2F:62:70:4D:52:11:75:ED:AE:27:EC"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:50:50", "not_valid_before": "2021-05-05 03:50:52"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038249", "end": "2021-05-05 03:51:06.558418", "rc": 0, "start": "2021-05-05 03:51:06.520169", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_key_usage_and_extended_key_usage.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_key_usage_and_extended_key_usage.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus.socket system.slice syslog.target dbus-broker.service sysinit.target systemd-journald.socket basic.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "extended_key_usage": ["id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5"], "key_usage": ["digitalSignature", "nonRepudiation", "keyEncipherment"], "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_key_usage_and_extended_key_usage.yml:22 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_key_usage_and_extended_key_usage.yml:49 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186726.9449987, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "cd8d0b808760edb075b4f26b565e89d4808ea168", "ctime": 1620186726.9419987, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132616, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186726.9419987, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1338, "uid": 0, "version": "4133018001", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186726.8999987, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3edc9e5d8621893ab2e18fea6a2a042b7e5a3771", "ctime": 1620186726.9419987, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186726.9419987, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2584853251", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.196689", "end": "2021-05-05 03:52:19.734187", "rc": 0, "start": "2021-05-05 03:52:19.537498", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n },\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-ipsecTunnel\",\n \"oid\": \"1.3.6.1.5.5.7.3.6\"\n },\n {\n \"name\": null,\n \"oid\": \"1.3.6.1.5.2.3.5\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"35:AD:A7:01:1B:FD:69:E4:DB:C4:95:13:A6:44:82:C3:14:82:A7:65\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"B2:74:88:84:D9:E9:52:7F:E1:F4:A9:16:03:75:51:C0:AC:F8:1F:8F\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"B9:54:AC:D0:AA:A8:D3:23:F8:90:1A:CA:2B:B3:93:CA:E9:6F:AB:BE:43:03:B9:CB:82:1D:C8:38:5D:EE:55:D6:AF:95:0B:5A:70:55:6C:A1:D5:93:78:CC:9C:8C:E0:EB:1E:7A:B2:98:FA:09:39:2C:01:41:DA:D7:E6:9D:F0:9C:65:B9:CB:BF:D4:4E:04:22:B1:28:81:B9:B6:67:50:68:09:AB:17:2D:F4:69:50:E6:35:EE:12:A4:D7:17:F5:21:F0:92:3C:1A:AF:3F:78:D5:6D:D4:7A:19:AE:B8:9D:8B:17:64:C3:9D:67:3B:81:BA:4B:0F:43:0B:27:61:07:6F:F0:D8:3F:10:4B:E3:A3:EE:2E:6F:F7:7A:F9:60:C2:F5:5C:CA:D4:F8:59:C2:58:57:28:12:FF:E9:48:21:87:2A:9C:15:11:69:57:46:6A:D6:9F:F1:9A:90:09:C1:FB:E4:6C:09:C2:7E:45:49:B7:B1:93:96:8D:AD:0D:1C:B7:5D:5D:4F:C3:38:03:9F:22:CC:5E:CF:C3:CE:73:D8:DD:67:BD:D1:27:B9:BA:2A:D1:46:92:6D:D3:5A:E0:20:26:0A:D2:FB:98:44:78:47:1D:52:A4:6F:72:BE:8E:01:A1:38:14:D1:67:FF:DC:39:39:07:6E:F4:9C:4A:AB:6D:23:BA\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:52:06\",\n \"not_valid_before\": \"2021-05-05 03:52:06\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " },", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-ipsecTunnel\",", " \"oid\": \"1.3.6.1.5.5.7.3.6\"", " },", " {", " \"name\": null,", " \"oid\": \"1.3.6.1.5.2.3.5\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"35:AD:A7:01:1B:FD:69:E4:DB:C4:95:13:A6:44:82:C3:14:82:A7:65\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"B2:74:88:84:D9:E9:52:7F:E1:F4:A9:16:03:75:51:C0:AC:F8:1F:8F\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"B9:54:AC:D0:AA:A8:D3:23:F8:90:1A:CA:2B:B3:93:CA:E9:6F:AB:BE:43:03:B9:CB:82:1D:C8:38:5D:EE:55:D6:AF:95:0B:5A:70:55:6C:A1:D5:93:78:CC:9C:8C:E0:EB:1E:7A:B2:98:FA:09:39:2C:01:41:DA:D7:E6:9D:F0:9C:65:B9:CB:BF:D4:4E:04:22:B1:28:81:B9:B6:67:50:68:09:AB:17:2D:F4:69:50:E6:35:EE:12:A4:D7:17:F5:21:F0:92:3C:1A:AF:3F:78:D5:6D:D4:7A:19:AE:B8:9D:8B:17:64:C3:9D:67:3B:81:BA:4B:0F:43:0B:27:61:07:6F:F0:D8:3F:10:4B:E3:A3:EE:2E:6F:F7:7A:F9:60:C2:F5:5C:CA:D4:F8:59:C2:58:57:28:12:FF:E9:48:21:87:2A:9C:15:11:69:57:46:6A:D6:9F:F1:9A:90:09:C1:FB:E4:6C:09:C2:7E:45:49:B7:B1:93:96:8D:AD:0D:1C:B7:5D:5D:4F:C3:38:03:9F:22:CC:5E:CF:C3:CE:73:D8:DD:67:BD:D1:27:B9:BA:2A:D1:46:92:6D:D3:5A:E0:20:26:0A:D2:FB:98:44:78:47:1D:52:A4:6F:72:BE:8E:01:A1:38:14:D1:67:FF:DC:39:39:07:6E:F4:9C:4A:AB:6D:23:BA\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:52:06\",", " \"not_valid_before\": \"2021-05-05 03:52:06\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "B2:74:88:84:D9:E9:52:7F:E1:F4:A9:16:03:75:51:C0:AC:F8:1F:8F"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}, {"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6"}, {"name": null, "oid": "1.3.6.1.5.2.3.5"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "content_commitment", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "35:AD:A7:01:1B:FD:69:E4:DB:C4:95:13:A6:44:82:C3:14:82:A7:65"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "B9:54:AC:D0:AA:A8:D3:23:F8:90:1A:CA:2B:B3:93:CA:E9:6F:AB:BE:43:03:B9:CB:82:1D:C8:38:5D:EE:55:D6:AF:95:0B:5A:70:55:6C:A1:D5:93:78:CC:9C:8C:E0:EB:1E:7A:B2:98:FA:09:39:2C:01:41:DA:D7:E6:9D:F0:9C:65:B9:CB:BF:D4:4E:04:22:B1:28:81:B9:B6:67:50:68:09:AB:17:2D:F4:69:50:E6:35:EE:12:A4:D7:17:F5:21:F0:92:3C:1A:AF:3F:78:D5:6D:D4:7A:19:AE:B8:9D:8B:17:64:C3:9D:67:3B:81:BA:4B:0F:43:0B:27:61:07:6F:F0:D8:3F:10:4B:E3:A3:EE:2E:6F:F7:7A:F9:60:C2:F5:5C:CA:D4:F8:59:C2:58:57:28:12:FF:E9:48:21:87:2A:9C:15:11:69:57:46:6A:D6:9F:F1:9A:90:09:C1:FB:E4:6C:09:C2:7E:45:49:B7:B1:93:96:8D:AD:0D:1C:B7:5D:5D:4F:C3:38:03:9F:22:CC:5E:CF:C3:CE:73:D8:DD:67:BD:D1:27:B9:BA:2A:D1:46:92:6D:D3:5A:E0:20:26:0A:D2:FB:98:44:78:47:1D:52:A4:6F:72:BE:8E:01:A1:38:14:D1:67:FF:DC:39:39:07:6E:F4:9C:4A:AB:6D:23:BA"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:52:06", "not_valid_before": "2021-05-05 03:52:06"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041194", "end": "2021-05-05 03:52:20.422935", "rc": 0, "start": "2021-05-05 03:52:20.381741", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_many_self_signed.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_many_self_signed.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice syslog.target dbus.socket dbus-broker.service systemd-journald.socket network.target basic.target sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-32.qcow2] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.org", "name": "other-cert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-32.qcow2] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.net", "name": "another-cert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_many_self_signed.yml:18 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_many_self_signed.yml:50 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186809.355604, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bfb87de7764de1f59decccbb2a84c1df26aad4e8", "ctime": 1620186809.352604, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132662, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186809.352604, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "3921219051", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186809.309604, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7a7cbbee9f5f8ef7bbb3f63e0cdf1e0b2587bd6b", "ctime": 1620186809.352604, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132661, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186809.352604, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4148193970", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.195665", "end": "2021-05-05 03:53:44.431235", "rc": 0, "start": "2021-05-05 03:53:44.235570", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"89:6F:1D:2E:F1:1A:F3:C5:76:12:8B:32:38:FE:36:56:E7:7D:9E:EA\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"9E:1F:EB:83:0B:BC:F8:83:AE:D8:77:0D:3E:56:3D:C4:0A:D4:96:8A:61:B3:E5:7A:78:26:99:3A:0D:04:09:83:2F:7A:A4:45:72:AF:F3:D4:95:50:62:9A:62:2B:2A:90:D3:14:14:3F:D3:C4:86:A5:0B:42:E8:6B:47:EA:38:D5:65:77:3A:39:D6:60:EE:D1:56:4B:DA:01:D2:BA:59:35:08:CA:5C:1C:63:96:EF:7C:8D:A7:C9:50:E0:5C:9D:97:F0:4D:14:49:49:78:32:1E:01:AA:CB:87:2C:90:68:5C:3E:D1:B6:4E:88:DD:A2:6F:08:02:9C:FF:23:EB:94:5F:17:64:D6:78:55:B4:6A:E1:5B:01:F2:3A:ED:E0:E2:F8:02:78:9D:86:81:0B:DA:07:19:8D:9A:A4:7A:1C:36:94:33:5D:AB:6B:31:1F:90:AB:BB:B5:7F:32:4E:A5:3F:35:72:0E:87:FA:32:05:E2:45:8C:A6:A7:E7:0E:34:14:C6:B4:59:DD:BD:35:DA:D0:96:A3:B5:FD:D4:C1:E9:F5:E4:73:5C:5A:22:EC:46:7C:B8:44:D6:68:71:D9:26:73:D4:A0:3C:9C:63:83:AD:91:3C:E0:1A:9C:1B:79:39:2A:01:7C:AC:23:6E:6A:FB:0B:F9:42:58:77:5D:55:5A:AC:50\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:53:28\",\n \"not_valid_before\": \"2021-05-05 03:53:29\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"89:6F:1D:2E:F1:1A:F3:C5:76:12:8B:32:38:FE:36:56:E7:7D:9E:EA\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"9E:1F:EB:83:0B:BC:F8:83:AE:D8:77:0D:3E:56:3D:C4:0A:D4:96:8A:61:B3:E5:7A:78:26:99:3A:0D:04:09:83:2F:7A:A4:45:72:AF:F3:D4:95:50:62:9A:62:2B:2A:90:D3:14:14:3F:D3:C4:86:A5:0B:42:E8:6B:47:EA:38:D5:65:77:3A:39:D6:60:EE:D1:56:4B:DA:01:D2:BA:59:35:08:CA:5C:1C:63:96:EF:7C:8D:A7:C9:50:E0:5C:9D:97:F0:4D:14:49:49:78:32:1E:01:AA:CB:87:2C:90:68:5C:3E:D1:B6:4E:88:DD:A2:6F:08:02:9C:FF:23:EB:94:5F:17:64:D6:78:55:B4:6A:E1:5B:01:F2:3A:ED:E0:E2:F8:02:78:9D:86:81:0B:DA:07:19:8D:9A:A4:7A:1C:36:94:33:5D:AB:6B:31:1F:90:AB:BB:B5:7F:32:4E:A5:3F:35:72:0E:87:FA:32:05:E2:45:8C:A6:A7:E7:0E:34:14:C6:B4:59:DD:BD:35:DA:D0:96:A3:B5:FD:D4:C1:E9:F5:E4:73:5C:5A:22:EC:46:7C:B8:44:D6:68:71:D9:26:73:D4:A0:3C:9C:63:83:AD:91:3C:E0:1A:9C:1B:79:39:2A:01:7C:AC:23:6E:6A:FB:0B:F9:42:58:77:5D:55:5A:AC:50\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:53:28\",", " \"not_valid_before\": \"2021-05-05 03:53:29\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "89:6F:1D:2E:F1:1A:F3:C5:76:12:8B:32:38:FE:36:56:E7:7D:9E:EA"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "9E:1F:EB:83:0B:BC:F8:83:AE:D8:77:0D:3E:56:3D:C4:0A:D4:96:8A:61:B3:E5:7A:78:26:99:3A:0D:04:09:83:2F:7A:A4:45:72:AF:F3:D4:95:50:62:9A:62:2B:2A:90:D3:14:14:3F:D3:C4:86:A5:0B:42:E8:6B:47:EA:38:D5:65:77:3A:39:D6:60:EE:D1:56:4B:DA:01:D2:BA:59:35:08:CA:5C:1C:63:96:EF:7C:8D:A7:C9:50:E0:5C:9D:97:F0:4D:14:49:49:78:32:1E:01:AA:CB:87:2C:90:68:5C:3E:D1:B6:4E:88:DD:A2:6F:08:02:9C:FF:23:EB:94:5F:17:64:D6:78:55:B4:6A:E1:5B:01:F2:3A:ED:E0:E2:F8:02:78:9D:86:81:0B:DA:07:19:8D:9A:A4:7A:1C:36:94:33:5D:AB:6B:31:1F:90:AB:BB:B5:7F:32:4E:A5:3F:35:72:0E:87:FA:32:05:E2:45:8C:A6:A7:E7:0E:34:14:C6:B4:59:DD:BD:35:DA:D0:96:A3:B5:FD:D4:C1:E9:F5:E4:73:5C:5A:22:EC:46:7C:B8:44:D6:68:71:D9:26:73:D4:A0:3C:9C:63:83:AD:91:3C:E0:1A:9C:1B:79:39:2A:01:7C:AC:23:6E:6A:FB:0B:F9:42:58:77:5D:55:5A:AC:50"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:53:28", "not_valid_before": "2021-05-05 03:53:29"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041092", "end": "2021-05-05 03:53:45.131679", "rc": 0, "start": "2021-05-05 03:53:45.090587", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186810.161604, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9ed02693d3b2a3cd45b5f54b41511a5939c15c69", "ctime": 1620186810.1596038, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132664, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186810.1596038, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "306986059", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186810.1166039, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a8f1eccbd8199e67852075a54796f08c62e91e90", "ctime": 1620186810.1596038, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132663, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186810.1596038, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "2627891912", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt"], "delta": "0:00:00.239731", "end": "2021-05-05 03:53:51.202485", "rc": 0, "start": "2021-05-05 03:53:50.962754", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.org\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.org\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"C6:8B:31:F1:C1:60:EF:E1:5D:28:AB:2F:07:4E:19:2C:2F:5D:4E:84\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"28:01:E1:82:08:14:4A:DF:78:F8:C3:DD:9C:C4:BF:F3:C3:47:89:9E:3B:1A:79:3F:B8:83:03:72:70:C2:B1:08:08:37:1E:98:19:38:69:B9:A7:7E:3B:77:10:B0:F0:A8:D4:48:D0:03:73:A8:BB:6A:D0:A7:08:F1:C8:77:02:87:A0:AC:71:8C:88:9B:5D:62:72:F1:91:1D:C0:28:C5:31:C3:F0:BA:D5:BB:EE:48:CB:B5:25:7A:27:55:C0:CD:E7:D2:50:A8:D5:71:6D:F9:C7:F8:D3:1B:0B:E3:72:E0:2E:19:C9:89:6F:CF:10:19:C7:8A:88:BC:9C:17:CF:5B:0F:AD:A0:85:48:D3:3C:37:94:0E:C4:03:AB:92:A2:73:CE:EA:93:A8:E0:85:C8:5C:05:03:E2:A2:C9:4D:C4:C4:F7:5F:44:D3:6A:8D:9A:27:74:0F:B0:13:4A:D8:C6:3B:49:07:FC:D4:BE:10:4A:85:6B:AA:F7:C9:97:70:ED:BE:14:70:15:26:59:A2:29:34:D4:83:BD:1B:9D:7D:A9:07:19:A2:C1:C0:57:26:D0:7E:62:CA:C8:01:80:41:65:0E:9F:C7:27:28:FA:EA:0C:94:A5:89:CF:D3:B8:13:81:23:41:98:13:01:B8:16:40:AC:DB:42:A1:CA:45:8B:B9:76:5D\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:53:28\",\n \"not_valid_before\": \"2021-05-05 03:53:30\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.org\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.org\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"C6:8B:31:F1:C1:60:EF:E1:5D:28:AB:2F:07:4E:19:2C:2F:5D:4E:84\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"28:01:E1:82:08:14:4A:DF:78:F8:C3:DD:9C:C4:BF:F3:C3:47:89:9E:3B:1A:79:3F:B8:83:03:72:70:C2:B1:08:08:37:1E:98:19:38:69:B9:A7:7E:3B:77:10:B0:F0:A8:D4:48:D0:03:73:A8:BB:6A:D0:A7:08:F1:C8:77:02:87:A0:AC:71:8C:88:9B:5D:62:72:F1:91:1D:C0:28:C5:31:C3:F0:BA:D5:BB:EE:48:CB:B5:25:7A:27:55:C0:CD:E7:D2:50:A8:D5:71:6D:F9:C7:F8:D3:1B:0B:E3:72:E0:2E:19:C9:89:6F:CF:10:19:C7:8A:88:BC:9C:17:CF:5B:0F:AD:A0:85:48:D3:3C:37:94:0E:C4:03:AB:92:A2:73:CE:EA:93:A8:E0:85:C8:5C:05:03:E2:A2:C9:4D:C4:C4:F7:5F:44:D3:6A:8D:9A:27:74:0F:B0:13:4A:D8:C6:3B:49:07:FC:D4:BE:10:4A:85:6B:AA:F7:C9:97:70:ED:BE:14:70:15:26:59:A2:29:34:D4:83:BD:1B:9D:7D:A9:07:19:A2:C1:C0:57:26:D0:7E:62:CA:C8:01:80:41:65:0E:9F:C7:27:28:FA:EA:0C:94:A5:89:CF:D3:B8:13:81:23:41:98:13:01:B8:16:40:AC:DB:42:A1:CA:45:8B:B9:76:5D\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:53:28\",", " \"not_valid_before\": \"2021-05-05 03:53:30\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.org"}]}, "subjectKeyIdentifier": {"critical": false, "value": "C6:8B:31:F1:C1:60:EF:E1:5D:28:AB:2F:07:4E:19:2C:2F:5D:4E:84"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "28:01:E1:82:08:14:4A:DF:78:F8:C3:DD:9C:C4:BF:F3:C3:47:89:9E:3B:1A:79:3F:B8:83:03:72:70:C2:B1:08:08:37:1E:98:19:38:69:B9:A7:7E:3B:77:10:B0:F0:A8:D4:48:D0:03:73:A8:BB:6A:D0:A7:08:F1:C8:77:02:87:A0:AC:71:8C:88:9B:5D:62:72:F1:91:1D:C0:28:C5:31:C3:F0:BA:D5:BB:EE:48:CB:B5:25:7A:27:55:C0:CD:E7:D2:50:A8:D5:71:6D:F9:C7:F8:D3:1B:0B:E3:72:E0:2E:19:C9:89:6F:CF:10:19:C7:8A:88:BC:9C:17:CF:5B:0F:AD:A0:85:48:D3:3C:37:94:0E:C4:03:AB:92:A2:73:CE:EA:93:A8:E0:85:C8:5C:05:03:E2:A2:C9:4D:C4:C4:F7:5F:44:D3:6A:8D:9A:27:74:0F:B0:13:4A:D8:C6:3B:49:07:FC:D4:BE:10:4A:85:6B:AA:F7:C9:97:70:ED:BE:14:70:15:26:59:A2:29:34:D4:83:BD:1B:9D:7D:A9:07:19:A2:C1:C0:57:26:D0:7E:62:CA:C8:01:80:41:65:0E:9F:C7:27:28:FA:EA:0C:94:A5:89:CF:D3:B8:13:81:23:41:98:13:01:B8:16:40:AC:DB:42:A1:CA:45:8B:B9:76:5D"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.org"}], "validity": {"not_valid_after": "2022-05-05 03:53:28", "not_valid_before": "2021-05-05 03:53:30"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043856", "end": "2021-05-05 03:53:51.923559", "rc": 0, "start": "2021-05-05 03:53:51.879703", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186811.1886039, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9e447d45eac647489578cee64bfc9238165f578d", "ctime": 1620186811.1856039, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132666, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186811.1856039, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "1275513032", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186811.1426039, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "899440fc1dfb35d11d6be318bc287fff1d58cb67", "ctime": 1620186811.1856039, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132665, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186811.1856039, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "961244474", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt"], "delta": "0:00:00.204890", "end": "2021-05-05 03:53:57.985870", "rc": 0, "start": "2021-05-05 03:53:57.780980", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.net\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.net\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"C8:D8:B6:BA:F8:54:80:89:44:45:38:3B:88:F8:B3:4E:74:37:6C:E3\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"A8:89:A8:85:FF:D3:86:5C:BF:D3:B0:13:9E:A6:0E:0F:48:FE:CC:E0:CE:51:E1:22:7B:52:22:F1:85:E2:CE:85:F6:C0:D2:4E:85:0A:33:6A:33:9D:A5:99:57:57:14:3D:81:0C:6D:02:EA:25:6B:CB:FA:BD:07:16:B4:74:AD:35:A5:AF:C2:E9:C7:05:27:90:B4:DA:34:2C:D7:75:32:55:D7:67:49:CA:2B:3B:22:5A:DD:C1:BD:99:F0:16:BB:3F:F4:40:5F:04:8B:BE:D4:A6:C9:EA:09:81:3E:3D:2D:49:27:BF:AE:44:DE:A7:23:8D:13:A5:2C:C1:64:FD:10:F0:EC:0D:FD:24:66:81:9A:F0:D1:94:FC:34:DB:E2:18:3B:2B:2C:76:ED:3D:67:ED:50:A3:AA:4C:40:D3:D8:10:CC:6F:6E:C4:45:58:5A:5E:03:57:6A:CF:DA:82:64:3E:59:C5:45:36:72:BB:9A:F6:F8:26:96:0C:69:AD:C1:70:D2:06:17:B6:65:13:C4:0E:73:3E:83:BD:3E:03:5C:33:57:5F:AC:52:17:C2:74:CE:4A:E0:28:6E:F8:0A:48:95:CC:1F:BE:03:22:D9:46:FD:2C:44:F8:E5:6A:99:B7:BD:8F:75:01:2A:A8:7D:00:6F:25:8A:BF:C3:23:01:35:E4:A9\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:53:28\",\n \"not_valid_before\": \"2021-05-05 03:53:31\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.net\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.net\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"C8:D8:B6:BA:F8:54:80:89:44:45:38:3B:88:F8:B3:4E:74:37:6C:E3\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"A8:89:A8:85:FF:D3:86:5C:BF:D3:B0:13:9E:A6:0E:0F:48:FE:CC:E0:CE:51:E1:22:7B:52:22:F1:85:E2:CE:85:F6:C0:D2:4E:85:0A:33:6A:33:9D:A5:99:57:57:14:3D:81:0C:6D:02:EA:25:6B:CB:FA:BD:07:16:B4:74:AD:35:A5:AF:C2:E9:C7:05:27:90:B4:DA:34:2C:D7:75:32:55:D7:67:49:CA:2B:3B:22:5A:DD:C1:BD:99:F0:16:BB:3F:F4:40:5F:04:8B:BE:D4:A6:C9:EA:09:81:3E:3D:2D:49:27:BF:AE:44:DE:A7:23:8D:13:A5:2C:C1:64:FD:10:F0:EC:0D:FD:24:66:81:9A:F0:D1:94:FC:34:DB:E2:18:3B:2B:2C:76:ED:3D:67:ED:50:A3:AA:4C:40:D3:D8:10:CC:6F:6E:C4:45:58:5A:5E:03:57:6A:CF:DA:82:64:3E:59:C5:45:36:72:BB:9A:F6:F8:26:96:0C:69:AD:C1:70:D2:06:17:B6:65:13:C4:0E:73:3E:83:BD:3E:03:5C:33:57:5F:AC:52:17:C2:74:CE:4A:E0:28:6E:F8:0A:48:95:CC:1F:BE:03:22:D9:46:FD:2C:44:F8:E5:6A:99:B7:BD:8F:75:01:2A:A8:7D:00:6F:25:8A:BF:C3:23:01:35:E4:A9\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:53:28\",", " \"not_valid_before\": \"2021-05-05 03:53:31\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "B4:04:35:38:F7:09:7A:AA:78:95:B0:D5:39:92:46:D3:7A:86:55:7D"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.net"}]}, "subjectKeyIdentifier": {"critical": false, "value": "C8:D8:B6:BA:F8:54:80:89:44:45:38:3B:88:F8:B3:4E:74:37:6C:E3"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "A8:89:A8:85:FF:D3:86:5C:BF:D3:B0:13:9E:A6:0E:0F:48:FE:CC:E0:CE:51:E1:22:7B:52:22:F1:85:E2:CE:85:F6:C0:D2:4E:85:0A:33:6A:33:9D:A5:99:57:57:14:3D:81:0C:6D:02:EA:25:6B:CB:FA:BD:07:16:B4:74:AD:35:A5:AF:C2:E9:C7:05:27:90:B4:DA:34:2C:D7:75:32:55:D7:67:49:CA:2B:3B:22:5A:DD:C1:BD:99:F0:16:BB:3F:F4:40:5F:04:8B:BE:D4:A6:C9:EA:09:81:3E:3D:2D:49:27:BF:AE:44:DE:A7:23:8D:13:A5:2C:C1:64:FD:10:F0:EC:0D:FD:24:66:81:9A:F0:D1:94:FC:34:DB:E2:18:3B:2B:2C:76:ED:3D:67:ED:50:A3:AA:4C:40:D3:D8:10:CC:6F:6E:C4:45:58:5A:5E:03:57:6A:CF:DA:82:64:3E:59:C5:45:36:72:BB:9A:F6:F8:26:96:0C:69:AD:C1:70:D2:06:17:B6:65:13:C4:0E:73:3E:83:BD:3E:03:5C:33:57:5F:AC:52:17:C2:74:CE:4A:E0:28:6E:F8:0A:48:95:CC:1F:BE:03:22:D9:46:FD:2C:44:F8:E5:6A:99:B7:BD:8F:75:01:2A:A8:7D:00:6F:25:8A:BF:C3:23:01:35:E4:A9"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.net"}], "validity": {"not_valid_after": "2022-05-05 03:53:28", "not_valid_before": "2021-05-05 03:53:31"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043474", "end": "2021-05-05 03:53:58.690100", "rc": 0, "start": "2021-05-05 03:53:58.646626", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=70 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_no_auto_renew.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_no_auto_renew.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target system.slice basic.target network.target dbus-broker.service systemd-journald.socket dbus.socket sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => {"ansible_loop_var": "item", "changed": true, "item": {"auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} changed: [/cache/fedora-32.qcow2] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "defaultcert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_no_auto_renew.yml:17 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_no_auto_renew.yml:42 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186903.479621, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a736977ce7b0188a738a6dc8e035fb6435821cbe", "ctime": 1620186903.476621, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132616, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186903.476621, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "1735399986", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186903.4286208, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6995c39bb8680c165498d2ecbcc447128b9e2737", "ctime": 1620186903.476621, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186903.476621, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "593818710", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.191827", "end": "2021-05-05 03:55:16.798043", "rc": 0, "start": "2021-05-05 03:55:16.606216", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"2A:11:12:67:24:CD:06:FB:76:15:3B:88:46:1F:C7:01:CA:07:2B:59\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"24:F1:A7:69:1B:DA:8A:67:21:97:1A:F9:FB:B0:CC:C6:B2:31:0C:CD\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"A9:6D:82:49:52:5E:62:F4:F0:A7:0A:C5:BF:A4:CA:B5:C3:A8:33:AB:75:AE:FF:BA:36:85:A5:9B:CD:08:97:85:71:33:0D:55:AE:8B:08:C9:2B:E5:41:7B:C8:DC:67:DB:0D:76:35:6B:39:D5:2C:08:95:47:D0:18:94:7C:3A:DC:48:BF:00:40:A1:97:20:0F:B0:E0:DE:E3:B5:63:DE:5F:31:1B:11:47:0A:FE:12:CF:03:5A:2C:78:A7:EB:50:B6:61:92:15:97:A4:72:5F:72:07:21:03:85:02:30:6F:51:F3:93:59:C0:C2:3D:B1:A3:BE:75:2B:BB:88:2F:4B:3C:F3:45:4F:92:3F:68:34:3E:8C:B6:75:74:33:FF:3D:FF:4A:23:8D:6E:CD:A6:12:8C:CF:41:27:4A:C2:25:C9:8A:80:CA:CD:0D:5B:3F:3C:92:C0:57:B3:0B:9E:9D:37:3D:9D:F3:EB:48:53:6D:03:FE:75:45:A3:78:4A:69:FE:9E:AF:2A:DC:30:39:6E:BE:78:39:13:DD:E7:54:AB:C6:EA:76:DD:5A:82:BB:1A:33:F9:D3:18:94:13:A7:5A:77:DD:FE:F0:D9:E7:0F:80:45:CE:AC:29:44:14:59:0A:87:00:06:DD:08:FE:46:27:59:CD:8B:B0:70:17:67:86:AB:01\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:55:02\",\n \"not_valid_before\": \"2021-05-05 03:55:03\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"2A:11:12:67:24:CD:06:FB:76:15:3B:88:46:1F:C7:01:CA:07:2B:59\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"24:F1:A7:69:1B:DA:8A:67:21:97:1A:F9:FB:B0:CC:C6:B2:31:0C:CD\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"A9:6D:82:49:52:5E:62:F4:F0:A7:0A:C5:BF:A4:CA:B5:C3:A8:33:AB:75:AE:FF:BA:36:85:A5:9B:CD:08:97:85:71:33:0D:55:AE:8B:08:C9:2B:E5:41:7B:C8:DC:67:DB:0D:76:35:6B:39:D5:2C:08:95:47:D0:18:94:7C:3A:DC:48:BF:00:40:A1:97:20:0F:B0:E0:DE:E3:B5:63:DE:5F:31:1B:11:47:0A:FE:12:CF:03:5A:2C:78:A7:EB:50:B6:61:92:15:97:A4:72:5F:72:07:21:03:85:02:30:6F:51:F3:93:59:C0:C2:3D:B1:A3:BE:75:2B:BB:88:2F:4B:3C:F3:45:4F:92:3F:68:34:3E:8C:B6:75:74:33:FF:3D:FF:4A:23:8D:6E:CD:A6:12:8C:CF:41:27:4A:C2:25:C9:8A:80:CA:CD:0D:5B:3F:3C:92:C0:57:B3:0B:9E:9D:37:3D:9D:F3:EB:48:53:6D:03:FE:75:45:A3:78:4A:69:FE:9E:AF:2A:DC:30:39:6E:BE:78:39:13:DD:E7:54:AB:C6:EA:76:DD:5A:82:BB:1A:33:F9:D3:18:94:13:A7:5A:77:DD:FE:F0:D9:E7:0F:80:45:CE:AC:29:44:14:59:0A:87:00:06:DD:08:FE:46:27:59:CD:8B:B0:70:17:67:86:AB:01\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:55:02\",", " \"not_valid_before\": \"2021-05-05 03:55:03\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "24:F1:A7:69:1B:DA:8A:67:21:97:1A:F9:FB:B0:CC:C6:B2:31:0C:CD"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "2A:11:12:67:24:CD:06:FB:76:15:3B:88:46:1F:C7:01:CA:07:2B:59"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "A9:6D:82:49:52:5E:62:F4:F0:A7:0A:C5:BF:A4:CA:B5:C3:A8:33:AB:75:AE:FF:BA:36:85:A5:9B:CD:08:97:85:71:33:0D:55:AE:8B:08:C9:2B:E5:41:7B:C8:DC:67:DB:0D:76:35:6B:39:D5:2C:08:95:47:D0:18:94:7C:3A:DC:48:BF:00:40:A1:97:20:0F:B0:E0:DE:E3:B5:63:DE:5F:31:1B:11:47:0A:FE:12:CF:03:5A:2C:78:A7:EB:50:B6:61:92:15:97:A4:72:5F:72:07:21:03:85:02:30:6F:51:F3:93:59:C0:C2:3D:B1:A3:BE:75:2B:BB:88:2F:4B:3C:F3:45:4F:92:3F:68:34:3E:8C:B6:75:74:33:FF:3D:FF:4A:23:8D:6E:CD:A6:12:8C:CF:41:27:4A:C2:25:C9:8A:80:CA:CD:0D:5B:3F:3C:92:C0:57:B3:0B:9E:9D:37:3D:9D:F3:EB:48:53:6D:03:FE:75:45:A3:78:4A:69:FE:9E:AF:2A:DC:30:39:6E:BE:78:39:13:DD:E7:54:AB:C6:EA:76:DD:5A:82:BB:1A:33:F9:D3:18:94:13:A7:5A:77:DD:FE:F0:D9:E7:0F:80:45:CE:AC:29:44:14:59:0A:87:00:06:DD:08:FE:46:27:59:CD:8B:B0:70:17:67:86:AB:01"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:55:02", "not_valid_before": "2021-05-05 03:55:03"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039098", "end": "2021-05-05 03:55:17.470926", "rc": 0, "start": "2021-05-05 03:55:17.431828", "stderr": "", "stderr_lines": [], "stdout": "no", "stdout_lines": ["no"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)\n", "stdout_lines": ["Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.8/site-packages (21.1.1)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)\nRequirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.8/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (3.4.7)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.8/site-packages (from certreader>=0.1.1) (5.4.1)", "Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.8/site-packages (from cryptography->certreader>=0.1.1) (1.14.5)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.8/site-packages (from cffi>=1.12->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186904.1416209, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6014612d81b0e1bd52fa02acbc543901be6dead5", "ctime": 1620186904.1386209, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132618, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186904.1386209, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "2196220724", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620186904.0956209, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f21e4915c333abd140c5c66fb6211066f3a2faa5", "ctime": 1620186904.1386209, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132617, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620186904.1386209, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2729648005", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt"], "delta": "0:00:00.191808", "end": "2021-05-05 03:55:23.306004", "rc": 0, "start": "2021-05-05 03:55:23.114196", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"D1:63:92:FB:3B:09:34:05:47:7C:2B:C7:11:7F:C0:21:AD:26:E9:28\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"24:F1:A7:69:1B:DA:8A:67:21:97:1A:F9:FB:B0:CC:C6:B2:31:0C:CD\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"AB:2B:15:79:48:DD:0B:94:F2:5E:08:A5:72:04:4B:E0:E8:A6:36:80:18:BF:AC:3D:9C:F1:BE:5E:AD:7B:77:8C:A6:86:47:99:DB:45:77:B1:13:71:47:F5:FC:D2:FB:7D:D6:E7:DC:D8:65:15:41:8E:B9:18:3D:80:CF:D7:DD:2F:9B:D5:E2:E7:54:F3:A8:C4:D1:72:D4:4A:FC:CE:5F:39:F5:A2:E1:92:93:53:C3:3C:05:89:67:3D:A5:00:81:F6:CD:30:64:EB:21:E3:2D:39:6D:71:23:F7:6C:C9:6F:0C:13:20:56:8D:68:0B:54:1F:4B:88:F9:41:4B:CE:68:92:9D:36:88:47:FA:80:A1:9E:26:A7:B2:18:BA:6F:AD:24:71:3F:F1:AA:D9:06:CF:51:FD:32:67:F3:62:1E:4E:41:0F:51:7E:FD:54:61:60:FB:32:B0:B6:6C:56:0F:86:F2:7F:C5:A2:65:7B:DC:87:43:73:14:90:BE:B5:E3:FB:A8:AF:96:8E:82:A8:DA:05:03:FE:4E:4B:D5:B7:1E:5C:FF:77:8A:17:24:33:E9:2A:8D:FA:46:7E:22:FF:E4:92:18:FC:4A:39:79:8C:2A:48:05:EA:E9:DB:60:51:76:AE:FB:A5:13:8F:E6:BA:BC:AE:03:EC:EE:1E:37:76:BB:EC:A2\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:55:02\",\n \"not_valid_before\": \"2021-05-05 03:55:04\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"D1:63:92:FB:3B:09:34:05:47:7C:2B:C7:11:7F:C0:21:AD:26:E9:28\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"24:F1:A7:69:1B:DA:8A:67:21:97:1A:F9:FB:B0:CC:C6:B2:31:0C:CD\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"AB:2B:15:79:48:DD:0B:94:F2:5E:08:A5:72:04:4B:E0:E8:A6:36:80:18:BF:AC:3D:9C:F1:BE:5E:AD:7B:77:8C:A6:86:47:99:DB:45:77:B1:13:71:47:F5:FC:D2:FB:7D:D6:E7:DC:D8:65:15:41:8E:B9:18:3D:80:CF:D7:DD:2F:9B:D5:E2:E7:54:F3:A8:C4:D1:72:D4:4A:FC:CE:5F:39:F5:A2:E1:92:93:53:C3:3C:05:89:67:3D:A5:00:81:F6:CD:30:64:EB:21:E3:2D:39:6D:71:23:F7:6C:C9:6F:0C:13:20:56:8D:68:0B:54:1F:4B:88:F9:41:4B:CE:68:92:9D:36:88:47:FA:80:A1:9E:26:A7:B2:18:BA:6F:AD:24:71:3F:F1:AA:D9:06:CF:51:FD:32:67:F3:62:1E:4E:41:0F:51:7E:FD:54:61:60:FB:32:B0:B6:6C:56:0F:86:F2:7F:C5:A2:65:7B:DC:87:43:73:14:90:BE:B5:E3:FB:A8:AF:96:8E:82:A8:DA:05:03:FE:4E:4B:D5:B7:1E:5C:FF:77:8A:17:24:33:E9:2A:8D:FA:46:7E:22:FF:E4:92:18:FC:4A:39:79:8C:2A:48:05:EA:E9:DB:60:51:76:AE:FB:A5:13:8F:E6:BA:BC:AE:03:EC:EE:1E:37:76:BB:EC:A2\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:55:02\",", " \"not_valid_before\": \"2021-05-05 03:55:04\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "24:F1:A7:69:1B:DA:8A:67:21:97:1A:F9:FB:B0:CC:C6:B2:31:0C:CD"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "D1:63:92:FB:3B:09:34:05:47:7C:2B:C7:11:7F:C0:21:AD:26:E9:28"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "AB:2B:15:79:48:DD:0B:94:F2:5E:08:A5:72:04:4B:E0:E8:A6:36:80:18:BF:AC:3D:9C:F1:BE:5E:AD:7B:77:8C:A6:86:47:99:DB:45:77:B1:13:71:47:F5:FC:D2:FB:7D:D6:E7:DC:D8:65:15:41:8E:B9:18:3D:80:CF:D7:DD:2F:9B:D5:E2:E7:54:F3:A8:C4:D1:72:D4:4A:FC:CE:5F:39:F5:A2:E1:92:93:53:C3:3C:05:89:67:3D:A5:00:81:F6:CD:30:64:EB:21:E3:2D:39:6D:71:23:F7:6C:C9:6F:0C:13:20:56:8D:68:0B:54:1F:4B:88:F9:41:4B:CE:68:92:9D:36:88:47:FA:80:A1:9E:26:A7:B2:18:BA:6F:AD:24:71:3F:F1:AA:D9:06:CF:51:FD:32:67:F3:62:1E:4E:41:0F:51:7E:FD:54:61:60:FB:32:B0:B6:6C:56:0F:86:F2:7F:C5:A2:65:7B:DC:87:43:73:14:90:BE:B5:E3:FB:A8:AF:96:8E:82:A8:DA:05:03:FE:4E:4B:D5:B7:1E:5C:FF:77:8A:17:24:33:E9:2A:8D:FA:46:7E:22:FF:E4:92:18:FC:4A:39:79:8C:2A:48:05:EA:E9:DB:60:51:76:AE:FB:A5:13:8F:E6:BA:BC:AE:03:EC:EE:1E:37:76:BB:EC:A2"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:55:02", "not_valid_before": "2021-05-05 03:55:04"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038788", "end": "2021-05-05 03:55:23.997525", "rc": 0, "start": "2021-05-05 03:55:23.958737", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=50 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_not_wait_for_cert.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_not_wait_for_cert.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target network.target syslog.target systemd-journald.socket system.slice sysinit.target dbus.socket dbus-broker.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_not_wait_for_cert.yml:14 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_not_wait_for_cert.yml:28 ok: [/cache/fedora-32.qcow2] => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => {"ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": {"key_path": "/etc/pki/tls/private/mycert.key", "path": "/etc/pki/tls/certs/mycert.crt", "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "subject_alt_name": [{"name": "DNS", "value": "www.example.com"}]}, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1310, "state": "file", "uid": 0} TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_not_wait_for_cert.yml:34 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187002.0589373, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3090e40f84e7b9ecc601f98d4bea093eedfc4490", "ctime": 1620187002.0569372, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132609, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187002.0569372, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "1211417801", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187002.0149372, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e4adedbf4ea3e34706d12273988a005a9f421d48", "ctime": 1620187002.0569372, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132459, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187002.0569372, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2573791636", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.190178", "end": "2021-05-05 03:56:54.986129", "rc": 0, "start": "2021-05-05 03:56:54.795951", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"69:CC:88:00:AA:DF:AA:68:B0:85:7B:64:DA:A5:C3:A2:FA:4B:46:51\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"23:1B:78:B7:3C:FF:0A:99:43:E3:58:94:7C:56:32:D2:7E:86:A7:B3\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"5D:4A:29:55:21:BB:EC:8D:13:DB:47:D1:2D:6C:AA:6F:CF:7F:9C:72:7B:F5:52:E9:87:9E:1C:8C:C2:76:D9:9C:05:EB:07:80:FB:53:27:37:8D:91:72:83:36:B8:12:27:4C:B8:BC:E8:80:40:AB:2C:1D:26:A6:F1:92:3F:23:C4:07:85:3F:D4:3C:AA:F9:B9:C7:4F:CC:33:4F:07:98:DA:94:12:9E:25:B6:62:B2:57:34:13:F7:E0:F7:42:38:36:56:62:BC:7B:D4:F1:BF:19:00:52:E2:3B:D6:89:BD:07:45:04:E3:1B:D8:3F:8C:48:94:ED:74:80:73:7F:ED:E3:77:08:88:37:4B:41:0E:9D:10:CE:5B:95:18:8E:16:3E:90:36:2D:7B:70:53:60:77:32:FC:91:E6:91:8F:7F:E5:88:55:CE:F2:D7:FE:16:29:B2:F6:21:34:2F:5D:4F:A4:06:5D:BA:C2:28:33:3F:DB:57:3D:E6:64:D8:75:DB:98:85:2A:28:B5:0F:FC:55:91:7C:F5:24:BE:68:E2:47:CE:6F:E1:6F:0D:81:2F:1F:59:BD:B4:54:45:CC:97:D1:99:AB:CD:DD:66:9B:BF:56:5B:B0:C5:B1:37:A8:AA:C0:2F:B1:B3:D2:C0:0F:3B:CB:09:55:2C:6C:D6:BC:AE:5E:C7\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:56:41\",\n \"not_valid_before\": \"2021-05-05 03:56:42\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"69:CC:88:00:AA:DF:AA:68:B0:85:7B:64:DA:A5:C3:A2:FA:4B:46:51\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"23:1B:78:B7:3C:FF:0A:99:43:E3:58:94:7C:56:32:D2:7E:86:A7:B3\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"5D:4A:29:55:21:BB:EC:8D:13:DB:47:D1:2D:6C:AA:6F:CF:7F:9C:72:7B:F5:52:E9:87:9E:1C:8C:C2:76:D9:9C:05:EB:07:80:FB:53:27:37:8D:91:72:83:36:B8:12:27:4C:B8:BC:E8:80:40:AB:2C:1D:26:A6:F1:92:3F:23:C4:07:85:3F:D4:3C:AA:F9:B9:C7:4F:CC:33:4F:07:98:DA:94:12:9E:25:B6:62:B2:57:34:13:F7:E0:F7:42:38:36:56:62:BC:7B:D4:F1:BF:19:00:52:E2:3B:D6:89:BD:07:45:04:E3:1B:D8:3F:8C:48:94:ED:74:80:73:7F:ED:E3:77:08:88:37:4B:41:0E:9D:10:CE:5B:95:18:8E:16:3E:90:36:2D:7B:70:53:60:77:32:FC:91:E6:91:8F:7F:E5:88:55:CE:F2:D7:FE:16:29:B2:F6:21:34:2F:5D:4F:A4:06:5D:BA:C2:28:33:3F:DB:57:3D:E6:64:D8:75:DB:98:85:2A:28:B5:0F:FC:55:91:7C:F5:24:BE:68:E2:47:CE:6F:E1:6F:0D:81:2F:1F:59:BD:B4:54:45:CC:97:D1:99:AB:CD:DD:66:9B:BF:56:5B:B0:C5:B1:37:A8:AA:C0:2F:B1:B3:D2:C0:0F:3B:CB:09:55:2C:6C:D6:BC:AE:5E:C7\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:56:41\",", " \"not_valid_before\": \"2021-05-05 03:56:42\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "23:1B:78:B7:3C:FF:0A:99:43:E3:58:94:7C:56:32:D2:7E:86:A7:B3"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "69:CC:88:00:AA:DF:AA:68:B0:85:7B:64:DA:A5:C3:A2:FA:4B:46:51"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "5D:4A:29:55:21:BB:EC:8D:13:DB:47:D1:2D:6C:AA:6F:CF:7F:9C:72:7B:F5:52:E9:87:9E:1C:8C:C2:76:D9:9C:05:EB:07:80:FB:53:27:37:8D:91:72:83:36:B8:12:27:4C:B8:BC:E8:80:40:AB:2C:1D:26:A6:F1:92:3F:23:C4:07:85:3F:D4:3C:AA:F9:B9:C7:4F:CC:33:4F:07:98:DA:94:12:9E:25:B6:62:B2:57:34:13:F7:E0:F7:42:38:36:56:62:BC:7B:D4:F1:BF:19:00:52:E2:3B:D6:89:BD:07:45:04:E3:1B:D8:3F:8C:48:94:ED:74:80:73:7F:ED:E3:77:08:88:37:4B:41:0E:9D:10:CE:5B:95:18:8E:16:3E:90:36:2D:7B:70:53:60:77:32:FC:91:E6:91:8F:7F:E5:88:55:CE:F2:D7:FE:16:29:B2:F6:21:34:2F:5D:4F:A4:06:5D:BA:C2:28:33:3F:DB:57:3D:E6:64:D8:75:DB:98:85:2A:28:B5:0F:FC:55:91:7C:F5:24:BE:68:E2:47:CE:6F:E1:6F:0D:81:2F:1F:59:BD:B4:54:45:CC:97:D1:99:AB:CD:DD:66:9B:BF:56:5B:B0:C5:B1:37:A8:AA:C0:2F:B1:B3:D2:C0:0F:3B:CB:09:55:2C:6C:D6:BC:AE:5E:C7"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:56:41", "not_valid_before": "2021-05-05 03:56:42"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038305", "end": "2021-05-05 03:56:55.679999", "rc": 0, "start": "2021-05-05 03:56:55.641694", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_principal.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_principal.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice network.target syslog.target sysinit.target systemd-journald.socket basic.target dbus-broker.service dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "principal": "HTTP/www.example.com@EXAMPLE.COM"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_principal.yml:13 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_principal.yml:33 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187076.118266, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b56a49ff3bad9abf416f0603d3c79256536786a4", "ctime": 1620187076.115266, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132554, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187076.115266, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1472, "uid": 0, "version": "780705855", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187076.0712662, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3695b626494564f7322309e9a8c6698a08d06eb8", "ctime": 1620187076.115266, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132553, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187076.115266, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3288185793", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.193436", "end": "2021-05-05 03:58:08.941468", "rc": 0, "start": "2021-05-05 03:58:08.748032", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"B6:B4:47:36:38:BF:DA:AA:F6:CD:28:38:50:10:68:EA:E4:AD:BF:3B\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"6A:C2:E7:DE:12:F3:21:1A:C3:74:EF:F0:0B:60:7B:B9:75:0F:2F:96\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"01:CC:61:AF:51:80:ED:1D:21:C9:D9:52:AF:E9:87:07:55:0D:AE:AB:C6:68:60:A9:C9:F6:CB:C9:08:56:35:AA:D7:6E:F0:CC:ED:FC:B0:49:5F:3B:68:3B:44:67:F2:AF:39:E7:4E:91:1B:92:66:CD:69:CE:15:8D:AE:8E:F2:79:00:85:6D:4E:8C:31:86:54:13:E8:AD:26:50:AB:B9:17:9A:51:CD:9A:3E:BD:9E:80:F9:A8:FF:22:9B:02:CF:A8:D2:BF:0B:0C:8A:40:BA:B6:0C:1F:C6:FD:AE:D0:08:78:3F:08:7F:79:51:A9:41:B2:B9:50:17:66:DD:05:4A:3B:0D:2E:33:10:3C:E1:D1:D7:11:10:97:52:A0:C8:81:90:B4:BC:0A:FD:1A:A9:7C:8A:BF:35:D8:EB:4E:09:16:3F:EE:FC:5B:DD:AC:A9:04:4C:3E:A7:2E:C1:FF:64:01:12:2C:30:59:9E:75:AA:B6:C0:C5:5D:96:3A:B1:00:EF:90:D4:B7:35:CE:47:EA:84:3D:6C:2D:2F:E0:2E:35:1A:62:13:BF:E9:4B:80:47:8E:5C:E5:FB:11:21:6D:4D:AE:1D:4A:9A:90:85:AD:EF:CA:34:09:3A:13:69:4C:93:85:27:37:84:29:83:36:7D:20:61:FA:88:C6:2B:39:44:D1:DD\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:57:55\",\n \"not_valid_before\": \"2021-05-05 03:57:56\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"B6:B4:47:36:38:BF:DA:AA:F6:CD:28:38:50:10:68:EA:E4:AD:BF:3B\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"6A:C2:E7:DE:12:F3:21:1A:C3:74:EF:F0:0B:60:7B:B9:75:0F:2F:96\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"01:CC:61:AF:51:80:ED:1D:21:C9:D9:52:AF:E9:87:07:55:0D:AE:AB:C6:68:60:A9:C9:F6:CB:C9:08:56:35:AA:D7:6E:F0:CC:ED:FC:B0:49:5F:3B:68:3B:44:67:F2:AF:39:E7:4E:91:1B:92:66:CD:69:CE:15:8D:AE:8E:F2:79:00:85:6D:4E:8C:31:86:54:13:E8:AD:26:50:AB:B9:17:9A:51:CD:9A:3E:BD:9E:80:F9:A8:FF:22:9B:02:CF:A8:D2:BF:0B:0C:8A:40:BA:B6:0C:1F:C6:FD:AE:D0:08:78:3F:08:7F:79:51:A9:41:B2:B9:50:17:66:DD:05:4A:3B:0D:2E:33:10:3C:E1:D1:D7:11:10:97:52:A0:C8:81:90:B4:BC:0A:FD:1A:A9:7C:8A:BF:35:D8:EB:4E:09:16:3F:EE:FC:5B:DD:AC:A9:04:4C:3E:A7:2E:C1:FF:64:01:12:2C:30:59:9E:75:AA:B6:C0:C5:5D:96:3A:B1:00:EF:90:D4:B7:35:CE:47:EA:84:3D:6C:2D:2F:E0:2E:35:1A:62:13:BF:E9:4B:80:47:8E:5C:E5:FB:11:21:6D:4D:AE:1D:4A:9A:90:85:AD:EF:CA:34:09:3A:13:69:4C:93:85:27:37:84:29:83:36:7D:20:61:FA:88:C6:2B:39:44:D1:DD\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:57:55\",", " \"not_valid_before\": \"2021-05-05 03:57:56\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "6A:C2:E7:DE:12:F3:21:1A:C3:74:EF:F0:0B:60:7B:B9:75:0F:2F:96"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM"}]}, "subjectKeyIdentifier": {"critical": false, "value": "B6:B4:47:36:38:BF:DA:AA:F6:CD:28:38:50:10:68:EA:E4:AD:BF:3B"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "01:CC:61:AF:51:80:ED:1D:21:C9:D9:52:AF:E9:87:07:55:0D:AE:AB:C6:68:60:A9:C9:F6:CB:C9:08:56:35:AA:D7:6E:F0:CC:ED:FC:B0:49:5F:3B:68:3B:44:67:F2:AF:39:E7:4E:91:1B:92:66:CD:69:CE:15:8D:AE:8E:F2:79:00:85:6D:4E:8C:31:86:54:13:E8:AD:26:50:AB:B9:17:9A:51:CD:9A:3E:BD:9E:80:F9:A8:FF:22:9B:02:CF:A8:D2:BF:0B:0C:8A:40:BA:B6:0C:1F:C6:FD:AE:D0:08:78:3F:08:7F:79:51:A9:41:B2:B9:50:17:66:DD:05:4A:3B:0D:2E:33:10:3C:E1:D1:D7:11:10:97:52:A0:C8:81:90:B4:BC:0A:FD:1A:A9:7C:8A:BF:35:D8:EB:4E:09:16:3F:EE:FC:5B:DD:AC:A9:04:4C:3E:A7:2E:C1:FF:64:01:12:2C:30:59:9E:75:AA:B6:C0:C5:5D:96:3A:B1:00:EF:90:D4:B7:35:CE:47:EA:84:3D:6C:2D:2F:E0:2E:35:1A:62:13:BF:E9:4B:80:47:8E:5C:E5:FB:11:21:6D:4D:AE:1D:4A:9A:90:85:AD:EF:CA:34:09:3A:13:69:4C:93:85:27:37:84:29:83:36:7D:20:61:FA:88:C6:2B:39:44:D1:DD"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:57:55", "not_valid_before": "2021-05-05 03:57:56"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042707", "end": "2021-05-05 03:58:09.655965", "rc": 0, "start": "2021-05-05 03:58:09.613258", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_principal.yml:40 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 ok: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestamp": "Wed 2021-05-05 03:57:55 UTC", "ActiveEnterTimestampMonotonic": "56786189", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket dbus.socket syslog.target dbus-broker.service sysinit.target basic.target network.target system.slice", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Wed 2021-05-05 03:57:55 UTC", "AssertTimestampMonotonic": "56776305", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "389564000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2021-05-05 03:57:55 UTC", "ConditionTimestampMonotonic": "56776305", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "7024", "ExecMainStartTimestamp": "Wed 2021-05-05 03:57:55 UTC", "ExecMainStartTimestampMonotonic": "56777327", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Wed 2021-05-05 03:57:55 UTC] ; stop_time=[n/a] ; pid=7024 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Wed 2021-05-05 03:57:55 UTC] ; stop_time=[n/a] ; pid=7024 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2021-05-05 03:57:55 UTC", "InactiveExitTimestampMonotonic": "56777676", "InvocationID": "0ba306dbaf4646db8087c4ec68a6a6a5", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "7024", "MemoryAccounting": "yes", "MemoryCurrent": "2125824", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2021-05-05 03:57:55 UTC", "StateChangeTimestampMonotonic": "56786189", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 failed: [/cache/fedora-32.qcow2] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc"}, "msg": "Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM'"} TASK [assert...] *************************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_principal.yml:59 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=38 changed=8 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_provider.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_provider.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service system.slice systemd-journald.socket network.target dbus.socket basic.target syslog.target sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "certmonger"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_provider.yml:13 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_provider.yml:27 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187161.873014, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a8dd70ab106bbe7e08b71387fe813bd1987c385c", "ctime": 1620187161.8710139, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132616, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187161.8710139, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "2273418119", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187161.8290138, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "87621ce498c0ce45c8a2c4ec10e6f725dd299190", "ctime": 1620187161.8710139, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132475, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187161.8710139, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "20907626", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.188074", "end": "2021-05-05 03:59:34.731142", "rc": 0, "start": "2021-05-05 03:59:34.543068", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"C5:5B:E5:05:0F:61:E2:96:B3:91:E1:8D:AB:51:9D:53:32:4A:B9:F1\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"68:5B:DA:DB:3B:3D:1B:77:7B:A8:0F:21:76:9C:03:E5:30:F2:24:F8\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"C8:31:6B:86:32:F4:08:5A:C9:59:31:10:3C:C8:3A:E5:7F:52:87:FE:32:65:76:E8:AE:C4:E7:09:F4:CD:4E:95:F7:A4:3D:49:CA:4C:5A:84:8D:DD:2E:DC:6B:66:DF:37:A1:96:24:67:B8:74:09:C3:FB:4F:85:DE:AA:00:B0:55:E1:50:38:E6:13:9B:A5:09:FA:0C:3A:0B:15:6F:4F:9C:4F:B9:1C:B4:4C:9E:F3:47:34:48:95:89:41:D4:0E:BF:6F:8D:30:97:26:4F:DB:93:67:47:98:31:E0:E0:BD:80:9E:97:B5:DE:0B:C2:7B:E1:18:7D:2D:FC:36:D0:87:57:DF:6D:93:76:B4:02:68:14:5C:60:0B:59:9D:70:48:88:1D:69:BA:92:9E:FE:B2:7D:65:89:0A:C8:48:7B:E5:2C:64:7D:BE:B0:A7:11:82:AA:4B:8F:AD:36:69:1D:DF:90:D5:57:FB:C0:07:07:A3:8F:F7:8D:C1:B6:82:CF:16:F8:78:C3:D2:AE:47:41:75:51:93:FE:CC:A0:6F:97:6A:DE:13:55:95:E9:C8:4D:C2:4A:35:35:C9:3E:B5:81:73:67:21:4A:7A:56:89:2D:15:AE:CC:0C:9B:8D:25:45:87:BA:3A:F7:61:4B:76:07:38:24:AB:47:9E:C8:C9:18:1B:BF\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 03:59:21\",\n \"not_valid_before\": \"2021-05-05 03:59:21\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"C5:5B:E5:05:0F:61:E2:96:B3:91:E1:8D:AB:51:9D:53:32:4A:B9:F1\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"68:5B:DA:DB:3B:3D:1B:77:7B:A8:0F:21:76:9C:03:E5:30:F2:24:F8\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"C8:31:6B:86:32:F4:08:5A:C9:59:31:10:3C:C8:3A:E5:7F:52:87:FE:32:65:76:E8:AE:C4:E7:09:F4:CD:4E:95:F7:A4:3D:49:CA:4C:5A:84:8D:DD:2E:DC:6B:66:DF:37:A1:96:24:67:B8:74:09:C3:FB:4F:85:DE:AA:00:B0:55:E1:50:38:E6:13:9B:A5:09:FA:0C:3A:0B:15:6F:4F:9C:4F:B9:1C:B4:4C:9E:F3:47:34:48:95:89:41:D4:0E:BF:6F:8D:30:97:26:4F:DB:93:67:47:98:31:E0:E0:BD:80:9E:97:B5:DE:0B:C2:7B:E1:18:7D:2D:FC:36:D0:87:57:DF:6D:93:76:B4:02:68:14:5C:60:0B:59:9D:70:48:88:1D:69:BA:92:9E:FE:B2:7D:65:89:0A:C8:48:7B:E5:2C:64:7D:BE:B0:A7:11:82:AA:4B:8F:AD:36:69:1D:DF:90:D5:57:FB:C0:07:07:A3:8F:F7:8D:C1:B6:82:CF:16:F8:78:C3:D2:AE:47:41:75:51:93:FE:CC:A0:6F:97:6A:DE:13:55:95:E9:C8:4D:C2:4A:35:35:C9:3E:B5:81:73:67:21:4A:7A:56:89:2D:15:AE:CC:0C:9B:8D:25:45:87:BA:3A:F7:61:4B:76:07:38:24:AB:47:9E:C8:C9:18:1B:BF\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 03:59:21\",", " \"not_valid_before\": \"2021-05-05 03:59:21\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "68:5B:DA:DB:3B:3D:1B:77:7B:A8:0F:21:76:9C:03:E5:30:F2:24:F8"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "C5:5B:E5:05:0F:61:E2:96:B3:91:E1:8D:AB:51:9D:53:32:4A:B9:F1"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "C8:31:6B:86:32:F4:08:5A:C9:59:31:10:3C:C8:3A:E5:7F:52:87:FE:32:65:76:E8:AE:C4:E7:09:F4:CD:4E:95:F7:A4:3D:49:CA:4C:5A:84:8D:DD:2E:DC:6B:66:DF:37:A1:96:24:67:B8:74:09:C3:FB:4F:85:DE:AA:00:B0:55:E1:50:38:E6:13:9B:A5:09:FA:0C:3A:0B:15:6F:4F:9C:4F:B9:1C:B4:4C:9E:F3:47:34:48:95:89:41:D4:0E:BF:6F:8D:30:97:26:4F:DB:93:67:47:98:31:E0:E0:BD:80:9E:97:B5:DE:0B:C2:7B:E1:18:7D:2D:FC:36:D0:87:57:DF:6D:93:76:B4:02:68:14:5C:60:0B:59:9D:70:48:88:1D:69:BA:92:9E:FE:B2:7D:65:89:0A:C8:48:7B:E5:2C:64:7D:BE:B0:A7:11:82:AA:4B:8F:AD:36:69:1D:DF:90:D5:57:FB:C0:07:07:A3:8F:F7:8D:C1:B6:82:CF:16:F8:78:C3:D2:AE:47:41:75:51:93:FE:CC:A0:6F:97:6A:DE:13:55:95:E9:C8:4D:C2:4A:35:35:C9:3E:B5:81:73:67:21:4A:7A:56:89:2D:15:AE:CC:0C:9B:8D:25:45:87:BA:3A:F7:61:4B:76:07:38:24:AB:47:9E:C8:C9:18:1B:BF"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 03:59:21", "not_valid_before": "2021-05-05 03:59:21"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037883", "end": "2021-05-05 03:59:35.396520", "rc": 0, "start": "2021-05-05 03:59:35.358637", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target network.target basic.target system.slice dbus-broker.service dbus.socket sysinit.target systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n"}, "msg": "Certificate requested (new). Pre/Post run hooks updated."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml:17 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml:31 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187238.459779, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "31dc5955c49dd649400b8312d1ee0a4393c02bda", "ctime": 1620187238.4577792, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132625, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187238.4577792, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "4213351572", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187238.409779, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5d29f984a887e46e28ad9a4dc07a2953e589e8ef", "ctime": 1620187238.4577792, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132504, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187238.4577792, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3828490191", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.189587", "end": "2021-05-05 04:00:51.286326", "rc": 0, "start": "2021-05-05 04:00:51.096739", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"96:53:60:1B:66:E4:22:23:3B:34:B9:30:55:12:4F:55:90:96:8B:96\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"46:DD:D9:E4:52:92:9B:B8:BC:72:0E:0C:0E:FA:B4:D3:BE:70:CB:68\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"34:26:D1:4B:99:9C:CA:46:2F:64:9B:E3:E5:26:DE:46:0C:C5:51:21:AC:9A:13:86:2C:4C:F5:6D:C0:B2:02:5F:38:83:0F:4D:E4:F6:63:30:7D:E1:73:2D:35:11:EB:F9:AC:55:1C:9D:A8:A1:0E:71:63:82:2C:23:6E:D9:08:7A:61:22:FC:97:B2:2B:43:92:21:47:5E:C3:15:69:05:82:0F:2A:AE:AF:1B:F8:10:72:2A:EE:F1:7D:18:09:66:FA:B1:4C:36:32:63:2C:37:20:80:BC:1D:8C:77:17:81:47:27:F8:F3:42:34:60:C0:66:9C:BF:34:A9:F6:1F:A2:B4:F5:F9:F3:AC:83:1A:27:09:B6:1C:03:DA:2E:CF:78:5F:9F:09:D5:F2:EF:DA:AD:AB:04:11:1C:70:95:83:80:E9:30:B1:ED:95:FD:BD:05:26:EB:F4:78:EA:F3:F6:4A:CA:EA:38:94:D8:13:60:F1:37:56:17:45:6F:28:47:B3:2E:16:CF:35:D4:AD:F3:EB:6E:62:83:0E:45:DA:70:68:1C:C5:1F:DB:F6:98:3F:47:AC:22:2E:29:39:A7:FC:A3:0C:86:2C:16:F5:8E:95:C0:64:CB:1B:D3:10:A5:DB:7C:9B:CE:E6:13:D5:39:9E:AF:9D:87:5D:7F:88:23:EC:B6:6B\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 04:00:37\",\n \"not_valid_before\": \"2021-05-05 04:00:38\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"96:53:60:1B:66:E4:22:23:3B:34:B9:30:55:12:4F:55:90:96:8B:96\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"46:DD:D9:E4:52:92:9B:B8:BC:72:0E:0C:0E:FA:B4:D3:BE:70:CB:68\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"34:26:D1:4B:99:9C:CA:46:2F:64:9B:E3:E5:26:DE:46:0C:C5:51:21:AC:9A:13:86:2C:4C:F5:6D:C0:B2:02:5F:38:83:0F:4D:E4:F6:63:30:7D:E1:73:2D:35:11:EB:F9:AC:55:1C:9D:A8:A1:0E:71:63:82:2C:23:6E:D9:08:7A:61:22:FC:97:B2:2B:43:92:21:47:5E:C3:15:69:05:82:0F:2A:AE:AF:1B:F8:10:72:2A:EE:F1:7D:18:09:66:FA:B1:4C:36:32:63:2C:37:20:80:BC:1D:8C:77:17:81:47:27:F8:F3:42:34:60:C0:66:9C:BF:34:A9:F6:1F:A2:B4:F5:F9:F3:AC:83:1A:27:09:B6:1C:03:DA:2E:CF:78:5F:9F:09:D5:F2:EF:DA:AD:AB:04:11:1C:70:95:83:80:E9:30:B1:ED:95:FD:BD:05:26:EB:F4:78:EA:F3:F6:4A:CA:EA:38:94:D8:13:60:F1:37:56:17:45:6F:28:47:B3:2E:16:CF:35:D4:AD:F3:EB:6E:62:83:0E:45:DA:70:68:1C:C5:1F:DB:F6:98:3F:47:AC:22:2E:29:39:A7:FC:A3:0C:86:2C:16:F5:8E:95:C0:64:CB:1B:D3:10:A5:DB:7C:9B:CE:E6:13:D5:39:9E:AF:9D:87:5D:7F:88:23:EC:B6:6B\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 04:00:37\",", " \"not_valid_before\": \"2021-05-05 04:00:38\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "46:DD:D9:E4:52:92:9B:B8:BC:72:0E:0C:0E:FA:B4:D3:BE:70:CB:68"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "96:53:60:1B:66:E4:22:23:3B:34:B9:30:55:12:4F:55:90:96:8B:96"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "34:26:D1:4B:99:9C:CA:46:2F:64:9B:E3:E5:26:DE:46:0C:C5:51:21:AC:9A:13:86:2C:4C:F5:6D:C0:B2:02:5F:38:83:0F:4D:E4:F6:63:30:7D:E1:73:2D:35:11:EB:F9:AC:55:1C:9D:A8:A1:0E:71:63:82:2C:23:6E:D9:08:7A:61:22:FC:97:B2:2B:43:92:21:47:5E:C3:15:69:05:82:0F:2A:AE:AF:1B:F8:10:72:2A:EE:F1:7D:18:09:66:FA:B1:4C:36:32:63:2C:37:20:80:BC:1D:8C:77:17:81:47:27:F8:F3:42:34:60:C0:66:9C:BF:34:A9:F6:1F:A2:B4:F5:F9:F3:AC:83:1A:27:09:B6:1C:03:DA:2E:CF:78:5F:9F:09:D5:F2:EF:DA:AD:AB:04:11:1C:70:95:83:80:E9:30:B1:ED:95:FD:BD:05:26:EB:F4:78:EA:F3:F6:4A:CA:EA:38:94:D8:13:60:F1:37:56:17:45:6F:28:47:B3:2E:16:CF:35:D4:AD:F3:EB:6E:62:83:0E:45:DA:70:68:1C:C5:1F:DB:F6:98:3F:47:AC:22:2E:29:39:A7:FC:A3:0C:86:2C:16:F5:8E:95:C0:64:CB:1B:D3:10:A5:DB:7C:9B:CE:E6:13:D5:39:9E:AF:9D:87:5D:7F:88:23:EC:B6:6B"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2022-05-05 04:00:37", "not_valid_before": "2021-05-05 04:00:38"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039180", "end": "2021-05-05 04:00:51.964329", "rc": 0, "start": "2021-05-05 04:00:51.925149", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml:39 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187238.459779, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "31dc5955c49dd649400b8312d1ee0a4393c02bda", "ctime": 1620187238.4577792, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132625, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187238.4577792, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "4213351572", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml:43 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187238.455779, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1620187238.455779, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132624, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1620187238.455779, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "4004914315", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml:47 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187238.4907792, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1620187238.4907792, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132626, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1620187238.4907792, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "3077583817", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Assert file created before cert] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml:51 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Assert file created after cert] ****************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_run_hooks.yml:58 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=35 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_subject.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_subject.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target systemd-journald.socket network.target dbus-broker.service system.slice dbus.socket basic.target syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_subject.yml:19 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_subject.yml:48 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187320.158833, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c66244059966dcabaf92946c8aac7049bb9868b1", "ctime": 1620187320.155833, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132621, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187320.155833, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1428, "uid": 0, "version": "887388406", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187320.1098332, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7ba566d2f69dbe9148247d5f2ab304f77ea2c3e8", "ctime": 1620187320.155833, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132499, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187320.155833, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "994321536", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.224625", "end": "2021-05-05 04:02:13.630362", "rc": 0, "start": "2021-05-05 04:02:13.405737", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"countryName\",\n \"oid\": \"2.5.4.6\",\n \"value\": \"US\"\n },\n {\n \"name\": \"stateOrProvinceName\",\n \"oid\": \"2.5.4.8\",\n \"value\": \"NC\"\n },\n {\n \"name\": \"localityName\",\n \"oid\": \"2.5.4.7\",\n \"value\": \"Raleigh\"\n },\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"Red Hat\"\n },\n {\n \"name\": \"organizationalUnitName\",\n \"oid\": \"2.5.4.11\",\n \"value\": \"Linux\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"Some other common name\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"74:C9:A3:F3:E1:7C:7F:F1:05:65:7A:3E:F6:E9:3C:91:C9:E4:EB:4B\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"A9:B0:FA:EE:12:0B:22:78:67:12:CA:64:D0:68:DE:CB:59:31:76:97\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"5B:00:F5:77:EF:1F:D4:BD:F3:08:94:24:4B:34:9B:B5:B5:94:AB:81:82:1F:D4:42:76:F1:3B:D5:2B:87:45:91:E7:51:E2:5C:9B:B1:44:E4:41:E8:3F:2B:70:E1:72:DB:00:30:3D:D0:7F:7D:1B:40:13:15:DB:EE:1A:20:96:65:B4:91:07:FD:33:2C:1A:C4:76:8F:52:6E:0D:43:B2:8E:9D:89:BB:B3:FE:97:52:43:F9:23:F4:64:19:CE:E3:08:F3:5A:EF:8C:E7:82:55:07:69:5D:9D:0A:A1:9C:C9:BE:B4:39:58:7E:61:FB:43:75:EB:4C:06:A9:1B:CC:8D:01:AA:A8:1B:42:10:C4:D2:7A:FD:21:49:B6:C6:8E:BD:02:19:0E:A4:36:2B:09:EE:A1:42:41:9B:36:94:0C:B6:A1:C9:B5:61:A1:BE:3A:AC:2F:E5:3A:08:58:96:0E:61:8E:83:2B:27:7F:35:FC:ED:9B:99:F8:4A:4E:48:E8:8D:23:05:32:F3:50:C2:EC:69:07:AF:53:C7:0A:4E:4D:F7:53:EA:D0:98:1D:1D:AA:1C:65:03:12:38:A7:15:51:8B:F0:85:1C:4A:F4:37:68:D0:25:69:84:4E:44:2E:AC:50:76:AB:35:BF:6E:74:D9:E8:EF:B3:D0:08:19:37:99:A5:9B\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 04:01:59\",\n \"not_valid_before\": \"2021-05-05 04:02:00\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"countryName\",", " \"oid\": \"2.5.4.6\",", " \"value\": \"US\"", " },", " {", " \"name\": \"stateOrProvinceName\",", " \"oid\": \"2.5.4.8\",", " \"value\": \"NC\"", " },", " {", " \"name\": \"localityName\",", " \"oid\": \"2.5.4.7\",", " \"value\": \"Raleigh\"", " },", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"Red Hat\"", " },", " {", " \"name\": \"organizationalUnitName\",", " \"oid\": \"2.5.4.11\",", " \"value\": \"Linux\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"Some other common name\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"74:C9:A3:F3:E1:7C:7F:F1:05:65:7A:3E:F6:E9:3C:91:C9:E4:EB:4B\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"A9:B0:FA:EE:12:0B:22:78:67:12:CA:64:D0:68:DE:CB:59:31:76:97\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"5B:00:F5:77:EF:1F:D4:BD:F3:08:94:24:4B:34:9B:B5:B5:94:AB:81:82:1F:D4:42:76:F1:3B:D5:2B:87:45:91:E7:51:E2:5C:9B:B1:44:E4:41:E8:3F:2B:70:E1:72:DB:00:30:3D:D0:7F:7D:1B:40:13:15:DB:EE:1A:20:96:65:B4:91:07:FD:33:2C:1A:C4:76:8F:52:6E:0D:43:B2:8E:9D:89:BB:B3:FE:97:52:43:F9:23:F4:64:19:CE:E3:08:F3:5A:EF:8C:E7:82:55:07:69:5D:9D:0A:A1:9C:C9:BE:B4:39:58:7E:61:FB:43:75:EB:4C:06:A9:1B:CC:8D:01:AA:A8:1B:42:10:C4:D2:7A:FD:21:49:B6:C6:8E:BD:02:19:0E:A4:36:2B:09:EE:A1:42:41:9B:36:94:0C:B6:A1:C9:B5:61:A1:BE:3A:AC:2F:E5:3A:08:58:96:0E:61:8E:83:2B:27:7F:35:FC:ED:9B:99:F8:4A:4E:48:E8:8D:23:05:32:F3:50:C2:EC:69:07:AF:53:C7:0A:4E:4D:F7:53:EA:D0:98:1D:1D:AA:1C:65:03:12:38:A7:15:51:8B:F0:85:1C:4A:F4:37:68:D0:25:69:84:4E:44:2E:AC:50:76:AB:35:BF:6E:74:D9:E8:EF:B3:D0:08:19:37:99:A5:9B\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 04:01:59\",", " \"not_valid_before\": \"2021-05-05 04:02:00\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "A9:B0:FA:EE:12:0B:22:78:67:12:CA:64:D0:68:DE:CB:59:31:76:97"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "74:C9:A3:F3:E1:7C:7F:F1:05:65:7A:3E:F6:E9:3C:91:C9:E4:EB:4B"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "5B:00:F5:77:EF:1F:D4:BD:F3:08:94:24:4B:34:9B:B5:B5:94:AB:81:82:1F:D4:42:76:F1:3B:D5:2B:87:45:91:E7:51:E2:5C:9B:B1:44:E4:41:E8:3F:2B:70:E1:72:DB:00:30:3D:D0:7F:7D:1B:40:13:15:DB:EE:1A:20:96:65:B4:91:07:FD:33:2C:1A:C4:76:8F:52:6E:0D:43:B2:8E:9D:89:BB:B3:FE:97:52:43:F9:23:F4:64:19:CE:E3:08:F3:5A:EF:8C:E7:82:55:07:69:5D:9D:0A:A1:9C:C9:BE:B4:39:58:7E:61:FB:43:75:EB:4C:06:A9:1B:CC:8D:01:AA:A8:1B:42:10:C4:D2:7A:FD:21:49:B6:C6:8E:BD:02:19:0E:A4:36:2B:09:EE:A1:42:41:9B:36:94:0C:B6:A1:C9:B5:61:A1:BE:3A:AC:2F:E5:3A:08:58:96:0E:61:8E:83:2B:27:7F:35:FC:ED:9B:99:F8:4A:4E:48:E8:8D:23:05:32:F3:50:C2:EC:69:07:AF:53:C7:0A:4E:4D:F7:53:EA:D0:98:1D:1D:AA:1C:65:03:12:38:A7:15:51:8B:F0:85:1C:4A:F4:37:68:D0:25:69:84:4E:44:2E:AC:50:76:AB:35:BF:6E:74:D9:E8:EF:B3:D0:08:19:37:99:A5:9B"}, "subject": [{"name": "countryName", "oid": "2.5.4.6", "value": "US"}, {"name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC"}, {"name": "localityName", "oid": "2.5.4.7", "value": "Raleigh"}, {"name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat"}, {"name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux"}, {"name": "commonName", "oid": "2.5.4.3", "value": "Some other common name"}], "validity": {"not_valid_after": "2022-05-05 04:01:59", "not_valid_before": "2021-05-05 04:02:00"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040629", "end": "2021-05-05 04:02:14.367183", "rc": 0, "start": "2021-05-05 04:02:14.326554", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_subject_complex.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_subject_complex.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: certmonger-0.79.13-1.fc32.x86_64", "Installed: nss-softokn-freebl-3.63.0-1.fc32.x86_64", "Installed: nss-sysinit-3.63.0-1.fc32.x86_64", "Installed: nss-util-3.63.0-1.fc32.x86_64", "Installed: nspr-4.30.0-1.fc32.x86_64", "Installed: nss-3.63.0-1.fc32.x86_64", "Installed: nss-softokn-3.63.0-1.fc32.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc32.x86_64"]} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 changed: [/cache/fedora-32.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target syslog.target systemd-journald.socket dbus.socket network.target system.slice dbus-broker.service sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15576", "LimitNPROCSoft": "15576", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15576", "LimitSIGPENDINGSoft": "15576", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4672", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 changed: [/cache/fedora-32.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_subject_complex.yml:16 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_subject_complex.yml:36 included: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-32.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:6 ok: [/cache/fedora-32.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:11 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip"], "name": ["pip"], "requirements": null, "state": "latest", "stderr": "", "stderr_lines": [], "stdout": "Collecting pip\n Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)\nInstalling collected packages: pip\n Found existing installation: pip 19.3.1\n Uninstalling pip-19.3.1:\n Successfully uninstalled pip-19.3.1\nSuccessfully installed pip-21.1.1\n", "stdout_lines": ["Collecting pip", " Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)", "Installing collected packages: pip", " Found existing installation: pip 19.3.1", " Uninstalling pip-19.3.1:", " Successfully uninstalled pip-19.3.1", "Successfully installed pip-21.1.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Install certreader] ****************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:18 changed: [/cache/fedora-32.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "", "stderr_lines": [], "stdout": "Collecting certreader>=0.1.1\n Downloading certreader-0.1.1.tar.gz (4.4 kB)\nCollecting cryptography\n Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)\nCollecting pyasn1\n Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)\nCollecting pyyaml\n Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)\nCollecting cffi>=1.12\n Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)\nCollecting pycparser\n Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)\nUsing legacy 'setup.py install' for certreader, since package 'wheel' is not installed.\nInstalling collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading certreader-0.1.1.tar.gz (4.4 kB)", "Collecting cryptography", " Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)", "Collecting pyasn1", " Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)", "Collecting pyyaml", " Downloading PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl (662 kB)", "Collecting cffi>=1.12", " Downloading cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl (411 kB)", "Collecting pycparser", " Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)", "Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed.", "Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.5 cryptography-3.4.7 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.4.1"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:24 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187398.3686867, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "68f6cce857ca69a21d344570608372fc23bded81", "ctime": 1620187398.3666868, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132583, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187398.3666868, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1391, "uid": 0, "version": "79125832", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:29 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:35 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:45 ok: [/cache/fedora-32.qcow2] => {"changed": false, "stat": {"atime": 1620187398.3236868, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "55df88881f08dabe67122e9dfc685c6acc7ebfc9", "ctime": 1620187398.3666868, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 132582, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1620187398.3666868, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1783307734", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:50 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:56 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:66 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.204297", "end": "2021-05-05 04:03:31.577231", "rc": 0, "start": "2021-05-05 04:03:31.372934", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"emailAddress\",\n \"oid\": \"1.2.840.113549.1.9.1\",\n \"value\": \"admin@example.com\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"# \\\\\\\\Every\\\"thing+that,ne;edsing\\\\0 \"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"1F:65:0B:A9:FD:4E:78:9F:7D:5F:39:E8:84:0B:E4:01:62:80:6A:2B\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"1F:48:CF:3A:BE:A0:83:FA:81:E2:BD:6A:61:85:AD:0C:7C:B9:3F:82\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"1B:02:F1:6C:03:84:70:3F:7B:3D:5E:FE:85:43:09:23:64:8B:25:CE:8E:6A:28:66:4B:D1:F1:72:93:0A:D2:C8:7C:5A:E1:4B:C7:73:5D:C3:8A:AB:D8:B9:88:5C:8C:5B:29:AE:F6:7D:C1:69:A1:30:11:72:AD:73:06:21:D4:7E:4D:02:8C:67:7B:2B:FB:26:19:53:62:3E:7E:F5:8F:9E:D0:55:3C:C3:89:52:45:6C:CF:06:2E:8A:81:39:19:9E:C5:C9:05:73:66:84:E8:B0:48:83:97:00:31:8D:47:6A:47:93:B0:46:C2:AA:20:94:E6:C6:73:C9:E1:1D:EA:7A:6C:9C:52:A0:62:BF:F7:11:7B:F9:47:C5:DA:C8:5E:71:DC:F4:DA:93:D6:F7:A0:19:62:ED:2E:67:03:A9:A1:95:20:63:AC:52:8F:F7:C6:D4:24:FB:10:B3:0B:65:CB:78:2E:76:4B:73:3B:EB:A1:C2:8F:17:5C:E2:47:05:05:FF:36:D1:23:5B:9E:5E:43:00:14:16:E1:84:14:BD:81:3F:98:D6:21:97:23:68:5B:B3:32:C1:14:B5:98:53:33:EC:24:8F:2A:95:42:38:18:B2:C5:08:41:B8:67:6B:C1:0C:A3:FE:A2:FD:BE:79:97:15:93:DB:5A:21:BB:8D:9A:5E\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-05-05 04:03:17\",\n \"not_valid_before\": \"2021-05-05 04:03:18\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"emailAddress\",", " \"oid\": \"1.2.840.113549.1.9.1\",", " \"value\": \"admin@example.com\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"# \\\\\\\\Every\\\"thing+that,ne;edsing\\\\0 \"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"1F:65:0B:A9:FD:4E:78:9F:7D:5F:39:E8:84:0B:E4:01:62:80:6A:2B\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"1F:48:CF:3A:BE:A0:83:FA:81:E2:BD:6A:61:85:AD:0C:7C:B9:3F:82\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"1B:02:F1:6C:03:84:70:3F:7B:3D:5E:FE:85:43:09:23:64:8B:25:CE:8E:6A:28:66:4B:D1:F1:72:93:0A:D2:C8:7C:5A:E1:4B:C7:73:5D:C3:8A:AB:D8:B9:88:5C:8C:5B:29:AE:F6:7D:C1:69:A1:30:11:72:AD:73:06:21:D4:7E:4D:02:8C:67:7B:2B:FB:26:19:53:62:3E:7E:F5:8F:9E:D0:55:3C:C3:89:52:45:6C:CF:06:2E:8A:81:39:19:9E:C5:C9:05:73:66:84:E8:B0:48:83:97:00:31:8D:47:6A:47:93:B0:46:C2:AA:20:94:E6:C6:73:C9:E1:1D:EA:7A:6C:9C:52:A0:62:BF:F7:11:7B:F9:47:C5:DA:C8:5E:71:DC:F4:DA:93:D6:F7:A0:19:62:ED:2E:67:03:A9:A1:95:20:63:AC:52:8F:F7:C6:D4:24:FB:10:B3:0B:65:CB:78:2E:76:4B:73:3B:EB:A1:C2:8F:17:5C:E2:47:05:05:FF:36:D1:23:5B:9E:5E:43:00:14:16:E1:84:14:BD:81:3F:98:D6:21:97:23:68:5B:B3:32:C1:14:B5:98:53:33:EC:24:8F:2A:95:42:38:18:B2:C5:08:41:B8:67:6B:C1:0C:A3:FE:A2:FD:BE:79:97:15:93:DB:5A:21:BB:8D:9A:5E\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-05-05 04:03:17\",", " \"not_valid_before\": \"2021-05-05 04:03:18\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:71 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "1F:48:CF:3A:BE:A0:83:FA:81:E2:BD:6A:61:85:AD:0C:7C:B9:3F:82"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "1F:65:0B:A9:FD:4E:78:9F:7D:5F:39:E8:84:0B:E4:01:62:80:6A:2B"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "1B:02:F1:6C:03:84:70:3F:7B:3D:5E:FE:85:43:09:23:64:8B:25:CE:8E:6A:28:66:4B:D1:F1:72:93:0A:D2:C8:7C:5A:E1:4B:C7:73:5D:C3:8A:AB:D8:B9:88:5C:8C:5B:29:AE:F6:7D:C1:69:A1:30:11:72:AD:73:06:21:D4:7E:4D:02:8C:67:7B:2B:FB:26:19:53:62:3E:7E:F5:8F:9E:D0:55:3C:C3:89:52:45:6C:CF:06:2E:8A:81:39:19:9E:C5:C9:05:73:66:84:E8:B0:48:83:97:00:31:8D:47:6A:47:93:B0:46:C2:AA:20:94:E6:C6:73:C9:E1:1D:EA:7A:6C:9C:52:A0:62:BF:F7:11:7B:F9:47:C5:DA:C8:5E:71:DC:F4:DA:93:D6:F7:A0:19:62:ED:2E:67:03:A9:A1:95:20:63:AC:52:8F:F7:C6:D4:24:FB:10:B3:0B:65:CB:78:2E:76:4B:73:3B:EB:A1:C2:8F:17:5C:E2:47:05:05:FF:36:D1:23:5B:9E:5E:43:00:14:16:E1:84:14:BD:81:3F:98:D6:21:97:23:68:5B:B3:32:C1:14:B5:98:53:33:EC:24:8F:2A:95:42:38:18:B2:C5:08:41:B8:67:6B:C1:0C:A3:FE:A2:FD:BE:79:97:15:93:DB:5A:21:BB:8D:9A:5E"}, "subject": [{"name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com"}, {"name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 "}], "validity": {"not_valid_after": "2022-05-05 04:03:17", "not_valid_before": "2021-05-05 04:03:18"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:75 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:83 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:91 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:98 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:110 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:124 ok: [/cache/fedora-32.qcow2] => {"changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041815", "end": "2021-05-05 04:03:32.281236", "rc": 0, "start": "2021-05-05 04:03:32.239421", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tasks/assert_certificate_parameters.yml:133 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=30 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmp9ljpszrp/tests/certificate; TEST_SUBJECTS=/cache/fedora-32.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-89-8a36249-fedora-32-4en2a0wf/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmpua4of2gc:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmp_19esxv5/_setup.yml /tmp/tmp9ljpszrp/tests/certificate/tests_wrong_provider.yml ansible-playbook 2.9.18 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.9 (default, Apr 6 2021, 00:00:00) [GCC 10.2.1 20201125 (Red Hat 10.2.1-9)] Using /etc/ansible/ansible.cfg as config file Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmp_19esxv5/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmp_19esxv5/_setup.yml:5 ok: [/cache/fedora-32.qcow2] => { "groups": { "all": [ "/cache/fedora-32.qcow2" ], "localhost": [ "/cache/fedora-32.qcow2" ], "subjects": [ "/cache/fedora-32.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmp_19esxv5/_setup.yml:7 skipping: [/cache/fedora-32.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmp9ljpszrp/tests/certificate/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp9ljpszrp/tests/certificate/tests_wrong_provider.yml:2 ok: [/cache/fedora-32.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ok: [/cache/fedora-32.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml"], "changed": false} TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 changed: [/cache/fedora-32.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-pyasn1-0.4.8-1.fc32.noarch"]} TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 skipping: [/cache/fedora-32.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 skipping: [/cache/fedora-32.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 skipping: [/cache/fedora-32.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 skipping: [/cache/fedora-32.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpua4of2gc/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 failed: [/cache/fedora-32.qcow2] (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "fake-provider"}, "msg": "Chosen provider 'fake-provider' is not available."} TASK [assert...] *************************************************************** task path: /tmp/tmp9ljpszrp/tests/certificate/tests_wrong_provider.yml:22 ok: [/cache/fedora-32.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-32.qcow2 : ok=5 changed=1 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0