Formatting '/cache/rhel-x.qcow2.snap', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=10737418240 backing_file=/cache/rhel-x.qcow2 backing_fmt=qcow2 lazy_refcounts=off refcount_bits=16 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: rhel-x_setup.yml ***************************************************** 2 plays in /cache/rhel-x_setup.yml PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /cache/rhel-x_setup.yml:6 Monday 09 May 2022 16:52:39 +0000 (0:00:00.010) 0:00:00.010 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-x.qcow2.snap] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-x.qcow2.snap] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY [Set up host for test playbooks] ****************************************** TASK [Gathering Facts] ********************************************************* task path: /cache/rhel-x_setup.yml:20 Monday 09 May 2022 16:52:40 +0000 (0:00:01.246) 0:00:01.256 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Create EPEL 9 repo] ****************************************************** task path: /cache/rhel-x_setup.yml:24 Monday 09 May 2022 16:52:41 +0000 (0:00:01.072) 0:00:02.328 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [Create yum cache] ******************************************************** task path: /cache/rhel-x_setup.yml:34 Monday 09 May 2022 16:52:41 +0000 (0:00:00.019) 0:00:02.348 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [Create dnf cache] ******************************************************** task path: /cache/rhel-x_setup.yml:40 Monday 09 May 2022 16:52:41 +0000 (0:00:00.015) 0:00:02.363 ************ changed: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [Disable EPEL 7] ********************************************************** task path: /cache/rhel-x_setup.yml:46 Monday 09 May 2022 16:52:44 +0000 (0:00:03.092) 0:00:05.455 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [Disable EPEL 8] ********************************************************** task path: /cache/rhel-x_setup.yml:54 Monday 09 May 2022 16:52:44 +0000 (0:00:00.017) 0:00:05.473 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=3 changed=2 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 Monday 09 May 2022 16:52:44 +0000 (0:00:00.023) 0:00:05.496 ************ =============================================================================== Create dnf cache -------------------------------------------------------- 3.09s /cache/rhel-x_setup.yml:40 ---------------------------------------------------- set up internal repositories -------------------------------------------- 1.25s /cache/rhel-x_setup.yml:6 ----------------------------------------------------- Gathering Facts --------------------------------------------------------- 1.07s /cache/rhel-x_setup.yml:20 ---------------------------------------------------- Disable EPEL 8 ---------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:54 ---------------------------------------------------- Create EPEL 9 repo ------------------------------------------------------ 0.02s /cache/rhel-x_setup.yml:24 ---------------------------------------------------- Disable EPEL 7 ---------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:46 ---------------------------------------------------- Create yum cache -------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:34 ---------------------------------------------------- PLAYBOOK: setup-snapshot.yml *************************************************** 1 plays in /tmp/tmpvsyllm8f/tests/setup-snapshot.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:1 Monday 09 May 2022 16:52:44 +0000 (0:00:00.008) 0:00:05.504 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Set platform/version specific variables] ********************************* task path: /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:3 Monday 09 May 2022 16:52:45 +0000 (0:00:00.962) 0:00:06.467 ************ TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 16:52:45 +0000 (0:00:00.025) 0:00:06.493 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 16:52:46 +0000 (0:00:00.493) 0:00:06.986 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } META: role_complete for /cache/rhel-x.qcow2.snap TASK [Install test packages] *************************************************** task path: /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:9 Monday 09 May 2022 16:52:46 +0000 (0:00:00.040) 0:00:07.027 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-6.el9.noarch", "Installed: python3-pycparser-2.20-6.el9.noarch", "Installed: python3-cffi-1.14.5-5.el9.x86_64", "Installed: python3-cryptography-36.0.1-2.el9.x86_64", "Installed: python3-ply-3.11-14.el9.noarch" ] } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=6 changed=3 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 Monday 09 May 2022 16:52:48 +0000 (0:00:01.906) 0:00:08.934 ************ =============================================================================== Create dnf cache -------------------------------------------------------- 3.09s /cache/rhel-x_setup.yml:40 ---------------------------------------------------- Install test packages --------------------------------------------------- 1.91s /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:9 ----------------------------------- set up internal repositories -------------------------------------------- 1.25s /cache/rhel-x_setup.yml:6 ----------------------------------------------------- Gathering Facts --------------------------------------------------------- 1.07s /cache/rhel-x_setup.yml:20 ---------------------------------------------------- Gathering Facts --------------------------------------------------------- 0.96s /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:1 ----------------------------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.49s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Set platform/version specific variables --------------------------------- 0.03s /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:3 ----------------------------------- Disable EPEL 8 ---------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:54 ---------------------------------------------------- Create EPEL 9 repo ------------------------------------------------------ 0.02s /cache/rhel-x_setup.yml:24 ---------------------------------------------------- Disable EPEL 7 ---------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:46 ---------------------------------------------------- Create yum cache -------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:34 ---------------------------------------------------- PLAYBOOK: rhel-x_post_setup.yml ************************************************ 1 plays in /cache/rhel-x_post_setup.yml PLAY [Post setup - these happen last] ****************************************** META: ran handlers TASK [force sync of filesystems - ensure setup changes are made to snapshot] *** task path: /cache/rhel-x_post_setup.yml:5 Monday 09 May 2022 16:52:48 +0000 (0:00:00.013) 0:00:08.947 ************ changed: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [shutdown guest] ********************************************************** task path: /cache/rhel-x_post_setup.yml:8 Monday 09 May 2022 16:52:48 +0000 (0:00:00.353) 0:00:09.301 ************ changed: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=8 changed=5 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 Monday 09 May 2022 16:52:48 +0000 (0:00:00.481) 0:00:09.782 ************ =============================================================================== Create dnf cache -------------------------------------------------------- 3.09s /cache/rhel-x_setup.yml:40 ---------------------------------------------------- Install test packages --------------------------------------------------- 1.91s /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:9 ----------------------------------- set up internal repositories -------------------------------------------- 1.25s /cache/rhel-x_setup.yml:6 ----------------------------------------------------- Gathering Facts --------------------------------------------------------- 1.07s /cache/rhel-x_setup.yml:20 ---------------------------------------------------- Gathering Facts --------------------------------------------------------- 0.96s /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:1 ----------------------------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.49s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 shutdown guest ---------------------------------------------------------- 0.48s /cache/rhel-x_post_setup.yml:8 ------------------------------------------------ force sync of filesystems - ensure setup changes are made to snapshot --- 0.35s /cache/rhel-x_post_setup.yml:5 ------------------------------------------------ linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Set platform/version specific variables --------------------------------- 0.03s /tmp/tmpvsyllm8f/tests/setup-snapshot.yml:3 ----------------------------------- Disable EPEL 8 ---------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:54 ---------------------------------------------------- Create EPEL 9 repo ------------------------------------------------------ 0.02s /cache/rhel-x_setup.yml:24 ---------------------------------------------------- Disable EPEL 7 ---------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:46 ---------------------------------------------------- Create yum cache -------------------------------------------------------- 0.02s /cache/rhel-x_setup.yml:34 ---------------------------------------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file statically imported: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmpvsyllm8f/tests/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_basic_ipa.yml:2 Monday 09 May 2022 16:53:34 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml:2 Monday 09 May 2022 16:53:36 +0000 (0:00:01.184) 0:00:01.194 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml:6 Monday 09 May 2022 16:53:36 +0000 (0:00:00.071) 0:00:01.266 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml:12 Monday 09 May 2022 16:53:36 +0000 (0:00:00.020) 0:00:01.286 ************ ok: [/cache/rhel-x.qcow2.snap -> 127.0.0.1] => { "after": "ba3fe74b60bcfcc8140e32ed33d06bb3dd14b112", "before": "ba3fe74b60bcfcc8140e32ed33d06bb3dd14b112", "changed": false, "remote_url_changed": false } TASK [Create role symlinks] **************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml:21 Monday 09 May 2022 16:53:36 +0000 (0:00:00.711) 0:00:01.998 ************ changed: [/cache/rhel-x.qcow2.snap -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpvsyllm8f/tests/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpvsyllm8f/tests/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml:33 Monday 09 May 2022 16:53:37 +0000 (0:00:00.481) 0:00:02.479 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Set hostname] ************************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml:38 Monday 09 May 2022 16:53:38 +0000 (0:00:01.271) 0:00:03.751 ************ changed: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml:42 Monday 09 May 2022 16:53:39 +0000 (0:00:00.801) 0:00:04.553 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [Include ipaserver role] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/setup_ipa.yml:50 Monday 09 May 2022 16:53:40 +0000 (0:00:01.518) 0:00:06.071 ************ TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Monday 09 May 2022 16:53:41 +0000 (0:00:00.046) 0:00:06.118 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/default.yml) => { "ansible_facts": { "ipaserver_packages": [ "ipa-server", "python3-libselinux" ], "ipaserver_packages_adtrust": [ "freeipa-server-trust-ad" ], "ipaserver_packages_dns": [ "ipa-server-dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/default.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:19 Monday 09 May 2022 16:53:41 +0000 (0:00:00.038) 0:00:06.157 ************ included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/rhel-x.qcow2.snap TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 Monday 09 May 2022 16:53:41 +0000 (0:00:00.078) 0:00:06.235 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: perl-IO-1.43-479.el9.x86_64", "Installed: perl-IO-Compress-2.102-4.el9.noarch", "Installed: perl-IO-Compress-Lzma-2.101-4.el9.noarch", "Installed: jakarta-activation-1.2.2-5.el9.noarch", "Installed: jakarta-annotations-1.3.5-12.el9.noarch", "Installed: perl-IO-Socket-IP-0.41-5.el9.noarch", "Installed: perl-IO-Socket-SSL-2.073-1.el9.noarch", "Installed: perl-IO-Zlib-1:1.11-4.el9.noarch", "Installed: perl-IPC-Open3-1.21-479.el9.noarch", "Installed: java-11-openjdk-1:11.0.15.0.8-0.1.ea.el9.x86_64", "Installed: java-11-openjdk-devel-1:11.0.15.0.8-0.1.ea.el9.x86_64", "Installed: java-11-openjdk-headless-1:11.0.15.0.8-0.1.ea.el9.x86_64", "Installed: perl-MIME-Base64-3.16-4.el9.x86_64", "Installed: java-17-openjdk-headless-1:17.0.3.0.7-1.el9.x86_64", "Installed: javapackages-filesystem-6.0.0-3.el9.noarch", "Installed: javapackages-tools-6.0.0-3.el9.noarch", "Installed: jaxb-api-2.3.3-5.el9.noarch", "Installed: jbigkit-libs-2.1-23.el9.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-16.el9.noarch", "Installed: jboss-logging-3.4.1-9.el9.noarch", "Installed: jboss-logging-tools-2.2.1-7.el9.noarch", "Installed: perl-Mozilla-CA-20200520-6.el9.noarch", "Installed: perl-NDBM_File-1.15-479.el9.x86_64", "Installed: jdeparser-2.0.3-12.el9.noarch", "Installed: perl-Net-SSLeay-1.92-1.el9.x86_64", "Installed: graphite2-1.3.14-9.el9.x86_64", "Installed: perl-POSIX-1.94-479.el9.x86_64", "Installed: perl-PathTools-3.78-461.el9.x86_64", "Installed: perl-Pod-Escapes-1:1.07-460.el9.noarch", "Installed: perl-Pod-Perldoc-3.28.01-461.el9.noarch", "Installed: perl-Pod-Simple-1:3.42-4.el9.noarch", "Installed: perl-Pod-Usage-4:2.01-4.el9.noarch", "Installed: perl-Scalar-List-Utils-4:1.56-461.el9.x86_64", "Installed: harfbuzz-2.7.4-5.el9.x86_64", "Installed: perl-SelectSaver-1.02-479.el9.noarch", "Installed: perl-Socket-4:2.031-4.el9.x86_64", "Installed: perl-Storable-1:3.21-460.el9.x86_64", "Installed: perl-Symbol-1.08-479.el9.noarch", "Installed: perl-Term-ANSIColor-5.01-461.el9.noarch", "Installed: perl-Term-Cap-1.17-460.el9.noarch", "Installed: perl-Term-ReadLine-1.17-479.el9.noarch", "Installed: perl-Text-Diff-1.45-13.el9.noarch", "Installed: perl-Text-ParseWords-3.30-460.el9.noarch", "Installed: perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch", "Installed: perl-Tie-4.6-479.el9.noarch", "Installed: perl-Time-Local-2:1.300-7.el9.noarch", "Installed: perl-URI-5.09-3.el9.noarch", "Installed: perl-base-2.27-479.el9.noarch", "Installed: perl-constant-1.33-461.el9.noarch", "Installed: perl-debugger-1.56-479.el9.noarch", "Installed: perl-if-0.60.800-479.el9.noarch", "Installed: perl-interpreter-4:5.32.1-479.el9.x86_64", "Installed: krb5-pkinit-1.19.1-17.el9.x86_64", "Installed: krb5-server-1.19.1-17.el9.x86_64", "Installed: perl-libnet-3.13-4.el9.noarch", "Installed: krb5-workstation-1.19.1-17.el9.x86_64", "Installed: perl-libs-4:5.32.1-479.el9.x86_64", "Installed: langpacks-core-font-en-3.0-16.el9.noarch", "Installed: perl-meta-notation-5.32.1-479.el9.noarch", "Installed: perl-mro-1.23-479.el9.x86_64", "Installed: perl-overload-1.31-479.el9.noarch", "Installed: perl-overloading-0.02-479.el9.noarch", "Installed: perl-parent-1:0.238-460.el9.noarch", "Installed: perl-podlators-1:4.14-460.el9.noarch", "Installed: perl-sigtrap-1.09-479.el9.noarch", "Installed: perl-subs-1.03-479.el9.noarch", "Installed: perl-threads-1:2.25-460.el9.x86_64", "Installed: perl-threads-shared-1.61-460.el9.x86_64", "Installed: perl-vars-1.05-479.el9.noarch", "Installed: pipewire-0.3.47-2.el9.x86_64", "Installed: pipewire-alsa-0.3.47-2.el9.x86_64", "Installed: pipewire-jack-audio-connection-kit-0.3.47-2.el9.x86_64", "Installed: pipewire-libs-0.3.47-2.el9.x86_64", "Installed: pipewire-pulseaudio-0.3.47-2.el9.x86_64", "Installed: pixman-0.40.0-5.el9.x86_64", "Installed: pki-acme-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-base-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-ca-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-jackson-annotations-2.11.4-6.el9.noarch", "Installed: pki-jackson-core-2.11.4-6.el9.noarch", "Installed: pki-jackson-databind-2.11.4-6.el9.noarch", "Installed: pki-jackson-jaxrs-json-provider-2.11.4-7.el9.noarch", "Installed: pki-jackson-jaxrs-providers-2.11.4-7.el9.noarch", "Installed: pki-jackson-module-jaxb-annotations-2.11.4-8.el9.noarch", "Installed: pki-java-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-kra-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-resteasy-client-3.0.26-15.el9.noarch", "Installed: pki-resteasy-core-3.0.26-15.el9.noarch", "Installed: pki-resteasy-jackson2-provider-3.0.26-15.el9.noarch", "Installed: pki-server-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-servlet-4.0-api-1:9.0.50-1.el9.noarch", "Installed: pki-servlet-engine-1:9.0.50-1.el9.noarch", "Installed: pki-tools-11.2.0-0.2.beta1.el9.x86_64", "Installed: libipa_hbac-2.6.2-2.el9.x86_64", "Installed: libkadm5-1.19.1-17.el9.x86_64", "Installed: libpciaccess-0.16-6.el9.x86_64", "Installed: libpkgconf-1.7.3-9.el9.x86_64", "Installed: poppler-21.01.0-12.el9.x86_64", "Installed: poppler-data-0.4.9-9.el9.noarch", "Installed: poppler-glib-21.01.0-12.el9.x86_64", "Installed: libsss_autofs-2.6.2-2.el9.x86_64", "Installed: publicsuffix-list-20210518-3.el9.noarch", "Installed: pulseaudio-libs-15.0-2.el9.x86_64", "Installed: pulseaudio-utils-15.0-2.el9.x86_64", "Installed: python3-argcomplete-1.12.0-5.el9.noarch", "Installed: python3-augeas-0.5.0-25.el9.noarch", "Installed: lcms2-2.12-3.el9.x86_64", "Installed: ldapjdk-5.2.0-0.2.beta1.el9.noarch", "Installed: libX11-1.7.0-7.el9.x86_64", "Installed: libX11-common-1.7.0-7.el9.noarch", "Installed: libwbclient-4.15.5-105.el9_0.x86_64", "Installed: libX11-xcb-1.7.0-7.el9.x86_64", "Installed: python3-gssapi-1.6.9-5.el9.x86_64", "Installed: libXau-1.0.9-8.el9.x86_64", "Installed: python3-ipaclient-4.9.8-8.el9.noarch", "Installed: python3-ipalib-4.9.8-8.el9.noarch", "Installed: python3-ipaserver-4.9.8-8.el9.noarch", "Installed: lksctp-tools-1.0.19-1.el9.x86_64", "Installed: libXcomposite-0.4.5-7.el9.x86_64", "Installed: libXcursor-1.2.0-7.el9.x86_64", "Installed: python3-jwcrypto-0.8-4.el9.noarch", "Installed: python3-kdcproxy-1.0.0-7.el9.noarch", "Installed: libXdamage-1.1.5-7.el9.x86_64", "Installed: python3-ldap-3.3.1-8.el9.x86_64", "Installed: python3-lib389-2.0.14-1.el9.noarch", "Installed: libXext-1.3.4-8.el9.x86_64", "Installed: libXfixes-5.0.3-16.el9.x86_64", "Installed: mailcap-2.1.49-5.el9.noarch", "Installed: libXft-2.3.3-8.el9.x86_64", "Installed: libXi-1.7.10-8.el9.x86_64", "Installed: python3-lxml-4.6.5-2.el9.x86_64", "Installed: libXinerama-1.1.4-10.el9.x86_64", "Installed: python3-mod_wsgi-4.7.1-10.el9.x86_64", "Installed: python3-netaddr-0.8.0-5.el9.noarch", "Installed: python3-pki-11.2.0-0.2.beta1.el9.noarch", "Installed: libXrandr-1.5.2-8.el9.x86_64", "Installed: libXrender-0.9.10-16.el9.x86_64", "Installed: python3-psutil-5.8.0-12.el9.x86_64", "Installed: python3-pyasn1-modules-0.4.8-6.el9.noarch", "Installed: libXtst-1.2.3-16.el9.x86_64", "Installed: libXv-1.0.11-16.el9.x86_64", "Installed: python3-pyusb-1.0.2-13.el9.noarch", "Installed: libXxf86vm-1.1.4-18.el9.x86_64", "Installed: openldap-clients-2.4.59-5.el9.x86_64", "Installed: python3-qrcode-core-6.1-12.el9.noarch", "Installed: openldap-compat-2.4.59-5.el9.x86_64", "Installed: libasyncns-0.8-22.el9.x86_64", "Installed: 389-ds-base-2.0.14-1.el9.x86_64", "Installed: 389-ds-base-libs-2.0.14-1.el9.x86_64", "Installed: python3-yubico-1.3.3-7.el9.noarch", "Installed: pkgconf-1.7.3-9.el9.x86_64", "Installed: pkgconf-m4-1.7.3-9.el9.noarch", "Installed: pkgconf-pkg-config-1.7.3-9.el9.x86_64", "Installed: libcanberra-0.30-26.el9.x86_64", "Installed: libcanberra-gtk3-0.30-26.el9.x86_64", "Installed: python3-dns-2.1.0-6.el9.noarch", "Installed: adwaita-cursor-theme-40.1.1-3.el9.noarch", "Installed: adwaita-icon-theme-40.1.1-3.el9.noarch", "Installed: alsa-lib-1.2.6.1-3.el9.x86_64", "Installed: python3-libipa_hbac-2.6.2-2.el9.x86_64", "Installed: libdatrie-0.2.13-4.el9.x86_64", "Installed: libdb-utils-5.3.28-53.el9.x86_64", "Installed: libdrm-2.4.108-1.el9.x86_64", "Installed: python3-sss-2.6.2-2.el9.x86_64", "Installed: python3-sss-murmur-2.6.2-2.el9.x86_64", "Installed: python3-sssdconfig-2.6.2-2.el9.noarch", "Installed: libepoxy-1.5.5-4.el9.x86_64", "Installed: ant-1.10.9-7.el9.noarch", "Installed: libexif-0.6.22-6.el9.x86_64", "Installed: ant-lib-1.10.9-7.el9.noarch", "Installed: samba-client-libs-4.15.5-105.el9_0.x86_64", "Installed: samba-common-4.15.5-105.el9_0.noarch", "Installed: apache-commons-cli-1.4-16.el9.noarch", "Installed: apache-commons-codec-1.15-6.el9.noarch", "Installed: apache-commons-io-1:2.8.0-7.el9.noarch", "Installed: apache-commons-lang3-3.12.0-5.el9.noarch", "Installed: apache-commons-logging-1.2-29.el9.noarch", "Installed: apache-commons-net-3.6-14.el9.noarch", "Installed: libfontenc-1.1.3-17.el9.x86_64", "Installed: samba-common-libs-4.15.5-105.el9_0.x86_64", "Installed: apr-1.7.0-11.el9.x86_64", "Installed: apr-util-1.6.1-20.el9.x86_64", "Installed: apr-util-bdb-1.6.1-20.el9.x86_64", "Installed: apr-util-openssl-1.6.1-20.el9.x86_64", "Installed: libgexiv2-0.12.3-1.el9.x86_64", "Installed: libglvnd-1:1.3.4-1.el9.x86_64", "Installed: at-spi2-atk-2.38.0-4.el9.x86_64", "Installed: libglvnd-egl-1:1.3.4-1.el9.x86_64", "Installed: at-spi2-core-2.40.3-1.el9.x86_64", "Installed: libglvnd-glx-1:1.3.4-1.el9.x86_64", "Installed: atk-2.36.0-5.el9.x86_64", "Installed: sssd-common-pac-2.6.2-2.el9.x86_64", "Installed: sssd-dbus-2.6.2-2.el9.x86_64", "Installed: sssd-ipa-2.6.2-2.el9.x86_64", "Installed: sssd-krb5-common-2.6.2-2.el9.x86_64", "Installed: libgsf-1.14.47-5.el9.x86_64", "Installed: sssd-tools-2.6.2-2.el9.x86_64", "Installed: augeas-libs-1.13.0-2.el9.x86_64", "Installed: libgxps-0.3.2-3.el9.x86_64", "Installed: redhat-logos-httpd-90.4-1.el9.noarch", "Installed: redhat-logos-ipa-90.4-1.el9.noarch", "Installed: avahi-glib-0.8-12.el9.x86_64", "Installed: libiptcdata-1.0.5-9.el9.x86_64", "Installed: words-3.0-39.el9.noarch", "Installed: bind-libs-32:9.16.23-3.el9.x86_64", "Installed: bind-license-32:9.16.23-3.el9.noarch", "Installed: bind-utils-32:9.16.23-3.el9.x86_64", "Installed: libldac-2.0.2.3-10.el9.x86_64", "Installed: rtkit-0.11-28.el9.x86_64", "Installed: libnotify-0.7.9-8.el9.x86_64", "Installed: libnsl2-2.0.0-1.el9.x86_64", "Installed: libogg-2:1.3.4-6.el9.x86_64", "Installed: libosinfo-1.9.0-5.el9.x86_64", "Installed: cairo-1.17.4-7.el9.x86_64", "Installed: cairo-gobject-1.17.4-7.el9.x86_64", "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: slapi-nis-0.56.7-4.el9.x86_64", "Installed: slf4j-1.7.30-12.el9.noarch", "Installed: slf4j-jdk14-1.7.30-12.el9.noarch", "Installed: softhsm-2.6.1-7.el9.2.x86_64", "Installed: sound-theme-freedesktop-0.8-17.el9.noarch", "Installed: colord-libs-1.4.5-4.el9.x86_64", "Installed: copy-jdk-configs-4.0-3.el9.noarch", "Installed: cyrus-sasl-md5-2.1.27-20.el9.x86_64", "Installed: dconf-0.40.0-6.el9.x86_64", "Installed: librsvg2-2.50.7-1.el9.x86_64", "Installed: libsbc-1.4-9.el9.x86_64", "Installed: libsndfile-1.0.31-7.el9.x86_64", "Installed: libthai-0.1.28-8.el9.x86_64", "Installed: libtheora-1:1.1.1-31.el9.x86_64", "Installed: libtiff-4.2.0-3.el9.x86_64", "Installed: exempi-2.6.0-0.2.20211007gite23c213.el9.x86_64", "Installed: exiv2-0.27.5-2.el9.x86_64", "Installed: libtool-ltdl-2.4.6-45.el9.x86_64", "Installed: exiv2-libs-0.27.5-2.el9.x86_64", "Installed: libtracker-sparql-3.1.2-2.el9.x86_64", "Installed: fdk-aac-free-2.0.0-8.el9.x86_64", "Installed: libuv-1:1.42.0-1.el9.x86_64", "Installed: libvisual-1:0.4.0-34.el9.x86_64", "Installed: libvorbis-1:1.3.7-5.el9.x86_64", "Installed: flac-libs-1.3.3-10.el9.x86_64", "Installed: flatpak-1.12.7-1.el9.x86_64", "Installed: libwayland-client-1.19.0-4.el9.x86_64", "Installed: flatpak-selinux-1.12.7-1.el9.noarch", "Installed: flatpak-session-helper-1.12.7-1.el9.x86_64", "Installed: libwayland-cursor-1.19.0-4.el9.x86_64", "Installed: libwayland-egl-1.19.0-4.el9.x86_64", "Installed: libwayland-server-1.19.0-4.el9.x86_64", "Installed: libwebp-1.2.0-3.el9.x86_64", "Installed: fontawesome-fonts-1:4.7.0-13.el9.noarch", "Installed: fontconfig-2.14.0-1.el9.x86_64", "Installed: libxcb-1.13.1-9.el9.x86_64", "Installed: libxkbcommon-1.0.3-4.el9.x86_64", "Installed: fribidi-1.0.10-6.el9.2.x86_64", "Installed: libxshmfence-1.3-10.el9.x86_64", "Installed: libxslt-1.1.34-9.el9.x86_64", "Installed: fstrm-0.6.1-3.el9.x86_64", "Installed: llvm-libs-13.0.1-1.el9.x86_64", "Installed: gdk-pixbuf2-modules-2.42.6-2.el9.x86_64", "Installed: geoclue2-2.5.7-5.el9.x86_64", "Installed: low-memory-monitor-2.1-4.el9.x86_64", "Installed: lua-5.4.2-4.el9.x86_64", "Installed: lua-posix-35.0-8.el9.x86_64", "Installed: giflib-5.2.1-9.el9.x86_64", "Installed: tomcatjss-8.2.0-0.2.beta1.el9.noarch", "Installed: mesa-libEGL-21.3.4-2.el9.x86_64", "Installed: totem-pl-parser-3.26.6-2.el9.x86_64", "Installed: mesa-libGL-21.3.4-2.el9.x86_64", "Installed: tracker-3.1.2-2.el9.x86_64", "Installed: tracker-miners-3.1.2-1.el9.x86_64", "Installed: ttmkfdir-3.0.9-65.el9.x86_64", "Installed: mesa-libgbm-21.3.4-2.el9.x86_64", "Installed: gnome-desktop3-40.4-1.el9.x86_64", "Installed: mesa-libglapi-21.3.4-2.el9.x86_64", "Installed: mesa-vulkan-drivers-21.3.4-2.el9.x86_64", "Installed: tzdata-java-2022a-1.el9.noarch", "Installed: mkfontscale-1.2.1-3.el9.x86_64", "Installed: mod_auth_gssapi-1.6.3-7.el9.x86_64", "Installed: mod_http2-1.15.19-2.el9.x86_64", "Installed: mod_lookup_identity-1.0.0-15.el9.x86_64", "Installed: mod_lua-2.4.51-8.el9.x86_64", "Installed: upower-0.99.13-2.el9.x86_64", "Installed: mod_session-2.4.51-8.el9.x86_64", "Installed: mod_ssl-1:2.4.51-8.el9.x86_64", "Installed: vulkan-loader-1.3.204.0-2.el9.x86_64", "Installed: webrtc-audio-processing-0.3.1-8.el9.x86_64", "Installed: wireplumber-0.4.8-1.el9.x86_64", "Installed: wireplumber-libs-0.4.8-1.el9.x86_64", "Installed: xdg-dbus-proxy-0.1.3-1.el9.x86_64", "Installed: xdg-desktop-portal-1.12.4-1.el9.x86_64", "Installed: xdg-desktop-portal-gtk-1.12.0-2.el9.x86_64", "Installed: xkeyboard-config-2.33-2.el9.noarch", "Installed: graphene-1.10.6-2.el9.x86_64", "Installed: xml-common-0.6.3-58.el9.noarch", "Installed: gsm-1.0.19-6.el9.x86_64", "Installed: gstreamer1-1.18.4-4.el9.x86_64", "Installed: nss-tools-3.71.0-7.el9.x86_64", "Installed: gstreamer1-plugins-base-1.18.4-5.el9.x86_64", "Installed: xorg-x11-fonts-Type1-7.5-33.el9.noarch", "Installed: gtk-update-icon-cache-3.24.31-2.el9.x86_64", "Installed: gtk3-3.24.31-2.el9.x86_64", "Installed: open-sans-fonts-1.10-16.el9.noarch", "Installed: ModemManager-glib-1.18.2-3.el9.x86_64", "Installed: openjpeg2-2.4.0-6.el9.x86_64", "Installed: hicolor-icon-theme-0.17-12.el9.noarch", "Installed: openssl-perl-1:3.0.1-20.el9_0.x86_64", "Installed: opus-1.3.1-10.el9.x86_64", "Installed: httpcomponents-client-4.5.13-2.el9.noarch", "Installed: httpcomponents-core-4.4.13-6.el9.noarch", "Installed: httpd-2.4.51-8.el9.x86_64", "Installed: orc-0.4.31-6.el9.x86_64", "Installed: httpd-filesystem-2.4.51-8.el9.noarch", "Installed: autofs-1:5.1.7-27.el9.x86_64", "Installed: httpd-tools-2.4.51-8.el9.x86_64", "Installed: avahi-libs-0.8-12.el9.x86_64", "Installed: bash-completion-1:2.11-4.el9.noarch", "Installed: bluez-libs-5.56-8.el9.x86_64", "Installed: osinfo-db-20211216-1.el9.noarch", "Installed: osinfo-db-tools-1.9.0-3.el9.x86_64", "Installed: ostree-libs-2022.3-2.el9.x86_64", "Installed: chkconfig-1.20-2.el9.x86_64", "Installed: p11-kit-server-0.24.1-2.el9.x86_64", "Installed: pango-1.48.7-2.el9.x86_64", "Installed: cups-libs-1:2.3.3op2-13.el9.x86_64", "Installed: cyrus-sasl-gssapi-2.1.27-20.el9.x86_64", "Installed: cyrus-sasl-plain-2.1.27-20.el9.x86_64", "Installed: dejavu-sans-fonts-2.37-18.el9.noarch", "Installed: freetype-2.10.4-6.el9.x86_64", "Installed: fuse-2.9.9-15.el9.x86_64", "Installed: fuse-common-3.10.2-5.el9.x86_64", "Installed: perl-Algorithm-Diff-1.2010-4.el9.noarch", "Installed: perl-Archive-Tar-2.38-6.el9.noarch", "Installed: perl-AutoLoader-5.74-479.el9.noarch", "Installed: perl-B-1.80-479.el9.x86_64", "Installed: perl-Carp-1.50-460.el9.noarch", "Installed: perl-Class-Struct-0.66-479.el9.noarch", "Installed: perl-Compress-Raw-Bzip2-2.101-5.el9.x86_64", "Installed: perl-Compress-Raw-Lzma-2.101-3.el9.x86_64", "Installed: perl-Compress-Raw-Zlib-2.101-5.el9.x86_64", "Installed: perl-DB_File-1.855-4.el9.x86_64", "Installed: perl-Data-Dumper-2.174-462.el9.x86_64", "Installed: perl-Devel-Peek-1.28-479.el9.x86_64", "Installed: perl-Digest-1.19-4.el9.noarch", "Installed: perl-Digest-MD5-2.58-4.el9.x86_64", "Installed: perl-Encode-4:3.08-462.el9.x86_64", "Installed: perl-Errno-1.30-479.el9.x86_64", "Installed: perl-Exporter-5.74-461.el9.noarch", "Installed: idm-jss-5.2.0-0.3.beta2.el9.x86_64", "Installed: perl-Fcntl-1.13-479.el9.x86_64", "Installed: perl-File-Basename-2.85-479.el9.noarch", "Installed: perl-File-Find-1.37-479.el9.noarch", "Installed: perl-File-Path-2.18-4.el9.noarch", "Installed: ipa-client-4.9.8-8.el9.x86_64", "Installed: ipa-client-common-4.9.8-8.el9.noarch", "Installed: perl-File-Temp-1:0.231.100-4.el9.noarch", "Installed: ipa-common-4.9.8-8.el9.noarch", "Installed: perl-File-stat-1.09-479.el9.noarch", "Installed: ipa-healthcheck-core-0.9-3.el9.noarch", "Installed: ipa-selinux-4.9.8-8.el9.noarch", "Installed: ipa-server-4.9.8-8.el9.x86_64", "Installed: ipa-server-common-4.9.8-8.el9.noarch", "Installed: perl-FileHandle-2.03-479.el9.noarch", "Installed: perl-Getopt-Long-1:2.52-4.el9.noarch", "Installed: perl-Getopt-Std-1.12-479.el9.noarch", "Installed: perl-HTTP-Tiny-0.076-460.el9.noarch", "Installed: iso-codes-4.6.0-3.el9.noarch" ] } TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 Monday 09 May 2022 16:54:30 +0000 (0:00:49.865) 0:00:56.101 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: opendnssec-2.1.8-4.el9.x86_64", "Installed: ldns-1.7.1-10.el9.x86_64", "Installed: python3-bind-32:9.16.23-3.el9.noarch", "Installed: opencryptoki-3.17.0-5.el9_0.x86_64", "Installed: opencryptoki-icsftok-3.17.0-5.el9_0.x86_64", "Installed: opencryptoki-libs-3.17.0-5.el9_0.x86_64", "Installed: sqlite-3.34.1-5.el9.x86_64", "Installed: bind-32:9.16.23-3.el9.x86_64", "Installed: bind-dnssec-doc-32:9.16.23-3.el9.noarch", "Installed: bind-dnssec-utils-32:9.16.23-3.el9.x86_64", "Installed: bind-dyndb-ldap-11.9-7.el9.x86_64", "Installed: ipa-server-dns-4.9.8-8.el9.noarch" ] } TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Monday 09 May 2022 16:54:34 +0000 (0:00:03.990) 0:01:00.091 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 Monday 09 May 2022 16:54:35 +0000 (0:00:00.032) 0:01:00.123 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: ipset-7.11-6.el9.x86_64", "Installed: libcap-ng-python3-0.8.2-7.el9.x86_64", "Installed: ipset-libs-7.11-6.el9.x86_64", "Installed: nftables-1:0.9.8-12.el9.x86_64", "Installed: libnftnl-1.1.9-4.el9.x86_64", "Installed: iptables-nft-1.8.7-28.el9.x86_64", "Installed: python3-firewall-1.0.0-4.el9.noarch", "Installed: firewalld-1.0.0-4.el9.noarch", "Installed: firewalld-filesystem-1.0.0-4.el9.noarch", "Installed: python3-nftables-1:0.9.8-12.el9.x86_64" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Monday 09 May 2022 16:54:37 +0000 (0:00:02.287) 0:01:02.411 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "polkit.service dbus-broker.service basic.target system.slice dbus.socket sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target multi-user.target network-pre.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "ebtables.service shutdown.target ipset.service nftables.service iptables.service ip6tables.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [ipaserver : Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 Monday 09 May 2022 16:54:38 +0000 (0:00:01.069) 0:01:03.481 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Monday 09 May 2022 16:54:38 +0000 (0:00:00.034) 0:01:03.515 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 Monday 09 May 2022 16:54:38 +0000 (0:00:00.033) 0:01:03.548 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 Monday 09 May 2022 16:54:38 +0000 (0:00:00.032) 0:01:03.581 ************ ok: [/cache/rhel-x.qcow2.snap] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 150199999, "idstart": 150000000, "ipa_python_version": 40908, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:138 Monday 09 May 2022 16:54:39 +0000 (0:00:01.348) 0:01:04.929 ************ changed: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:145 Monday 09 May 2022 16:54:41 +0000 (0:00:01.203) 0:01:06.133 ************ ok: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:153 Monday 09 May 2022 16:54:41 +0000 (0:00:00.025) 0:01:06.158 ************ changed: [/cache/rhel-x.qcow2.snap] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": [ "10.0.2.3" ], "ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:197 Monday 09 May 2022 16:54:43 +0000 (0:00:02.229) 0:01:08.388 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:204 Monday 09 May 2022 16:54:53 +0000 (0:00:10.581) 0:01:18.969 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:233 Monday 09 May 2022 16:55:10 +0000 (0:00:16.667) 0:01:35.636 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:260 Monday 09 May 2022 16:55:16 +0000 (0:00:06.013) 0:01:41.650 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:266 Monday 09 May 2022 16:55:21 +0000 (0:00:04.728) 0:01:46.378 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "/cache/rhel-x.qcow2.snap-ipa.csr"] **** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:307 Monday 09 May 2022 16:58:03 +0000 (0:02:41.795) 0:04:28.173 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:316 Monday 09 May 2022 16:58:03 +0000 (0:00:00.036) 0:04:28.210 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:322 Monday 09 May 2022 16:58:05 +0000 (0:00:02.768) 0:04:30.979 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:354 Monday 09 May 2022 17:00:32 +0000 (0:02:26.863) 0:06:57.843 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:365 Monday 09 May 2022 17:00:32 +0000 (0:00:00.035) 0:06:57.879 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:382 Monday 09 May 2022 17:00:40 +0000 (0:00:07.952) 0:07:05.831 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:397 Monday 09 May 2022 17:00:40 +0000 (0:00:00.047) 0:07:05.879 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:414 Monday 09 May 2022 17:00:43 +0000 (0:00:02.426) 0:07:08.305 ************ TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Monday 09 May 2022 17:00:43 +0000 (0:00:00.057) 0:07:08.363 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => { "ansible_facts": { "ipaclient_packages": [ "ipa-client", "python3-libselinux" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:19 Monday 09 May 2022 17:00:43 +0000 (0:00:00.094) 0:07:08.457 ************ included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/rhel-x.qcow2.snap TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 Monday 09 May 2022 17:00:43 +0000 (0:00:00.069) 0:07:08.526 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [ipaclient : Install - Set ipaclient_servers] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 Monday 09 May 2022 17:00:44 +0000 (0:00:01.096) 0:07:09.623 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 Monday 09 May 2022 17:00:44 +0000 (0:00:00.037) 0:07:09.661 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 Monday 09 May 2022 17:00:44 +0000 (0:00:00.039) 0:07:09.700 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 Monday 09 May 2022 17:00:44 +0000 (0:00:00.040) 0:07:09.741 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 Monday 09 May 2022 17:00:44 +0000 (0:00:00.040) 0:07:09.782 ************ ok: [/cache/rhel-x.qcow2.snap] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40908, "kdc": "ipaserver.test.local", "nosssd_files": {}, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 Monday 09 May 2022 17:00:45 +0000 (0:00:01.007) 0:07:10.789 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 Monday 09 May 2022 17:00:46 +0000 (0:00:00.486) 0:07:11.276 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 Monday 09 May 2022 17:00:47 +0000 (0:00:00.996) 0:07:12.273 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 Monday 09 May 2022 17:00:47 +0000 (0:00:00.039) 0:07:12.312 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 Monday 09 May 2022 17:00:47 +0000 (0:00:00.037) 0:07:12.350 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 Monday 09 May 2022 17:00:48 +0000 (0:00:01.732) 0:07:14.082 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 Monday 09 May 2022 17:00:49 +0000 (0:00:00.041) 0:07:14.124 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 Monday 09 May 2022 17:00:49 +0000 (0:00:00.044) 0:07:14.169 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Monday 09 May 2022 17:00:49 +0000 (0:00:00.039) 0:07:14.208 ************ skipping: [/cache/rhel-x.qcow2.snap] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 Monday 09 May 2022 17:00:49 +0000 (0:00:00.039) 0:07:14.248 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 Monday 09 May 2022 17:00:49 +0000 (0:00:00.038) 0:07:14.287 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 Monday 09 May 2022 17:00:49 +0000 (0:00:00.038) 0:07:14.325 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 Monday 09 May 2022 17:00:49 +0000 (0:00:00.041) 0:07:14.367 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 Monday 09 May 2022 17:00:49 +0000 (0:00:00.041) 0:07:14.408 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:192 Monday 09 May 2022 17:00:49 +0000 (0:00:00.041) 0:07:14.449 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:197 Monday 09 May 2022 17:00:49 +0000 (0:00:00.039) 0:07:14.489 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : krb5 configuration not correct] ****************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:219 Monday 09 May 2022 17:00:49 +0000 (0:00:00.039) 0:07:14.529 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : IPA test failed] ********************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:225 Monday 09 May 2022 17:00:49 +0000 (0:00:00.041) 0:07:14.570 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : ca.crt file is missing] ************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:229 Monday 09 May 2022 17:00:49 +0000 (0:00:00.040) 0:07:14.610 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:242 Monday 09 May 2022 17:00:49 +0000 (0:00:00.040) 0:07:14.650 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:251 Monday 09 May 2022 17:00:49 +0000 (0:00:00.039) 0:07:14.690 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:273 Monday 09 May 2022 17:00:50 +0000 (0:00:00.977) 0:07:15.668 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:287 Monday 09 May 2022 17:00:50 +0000 (0:00:00.039) 0:07:15.708 ************ changed: [/cache/rhel-x.qcow2.snap] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:295 Monday 09 May 2022 17:00:52 +0000 (0:00:02.255) 0:07:17.963 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:305 Monday 09 May 2022 17:00:52 +0000 (0:00:00.040) 0:07:18.004 ************ changed: [/cache/rhel-x.qcow2.snap] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 Monday 09 May 2022 17:00:56 +0000 (0:00:03.843) 0:07:21.847 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:345 Monday 09 May 2022 17:00:57 +0000 (0:00:00.986) 0:07:22.834 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:351 Monday 09 May 2022 17:00:58 +0000 (0:00:00.916) 0:07:23.751 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:357 Monday 09 May 2022 17:00:58 +0000 (0:00:00.041) 0:07:23.793 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:375 Monday 09 May 2022 17:00:59 +0000 (0:00:01.154) 0:07:24.947 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:381 Monday 09 May 2022 17:00:59 +0000 (0:00:00.042) 0:07:24.990 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:23 Monday 09 May 2022 17:01:00 +0000 (0:00:00.484) 0:07:25.474 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/rhel-x.qcow2.snap TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:429 Monday 09 May 2022 17:01:00 +0000 (0:00:00.041) 0:07:25.515 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:436 Monday 09 May 2022 17:01:04 +0000 (0:00:04.367) 0:07:29.882 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:442 Monday 09 May 2022 17:01:05 +0000 (0:00:00.452) 0:07:30.335 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.246246", "end": "2022-05-09 13:01:06.246838", "rc": 0, "start": "2022-05-09 13:01:06.000592" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:456 Monday 09 May 2022 17:01:06 +0000 (0:00:00.834) 0:07:31.169 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.216456", "end": "2022-05-09 13:01:06.913025", "rc": 0, "start": "2022-05-09 13:01:06.696569" } STDOUT: success TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:472 Monday 09 May 2022 17:01:06 +0000 (0:00:00.665) 0:07:31.835 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [/cache/rhel-x.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [/cache/rhel-x.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:23 Monday 09 May 2022 17:01:07 +0000 (0:00:01.267) 0:07:33.102 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Issue IPA signed certificates] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_basic_ipa.yml:10 Monday 09 May 2022 17:01:08 +0000 (0:00:00.046) 0:07:33.148 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:01:08 +0000 (0:00:00.909) 0:07:34.057 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:01:08 +0000 (0:00:00.021) 0:07:34.079 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:01:09 +0000 (0:00:00.579) 0:07:34.659 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:01:09 +0000 (0:00:00.036) 0:07:34.695 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:01:10 +0000 (0:00:00.973) 0:07:35.669 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:01:11 +0000 (0:00:00.955) 0:07:36.624 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:01:11 +0000 (0:00:00.467) 0:07:37.091 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:01:12 +0000 (0:00:00.473) 0:07:37.565 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-05-09 12:57:10 EDT", "ActiveEnterTimestampMonotonic": "226467337", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket basic.target network.target syslog.target sysinit.target dbus-broker.service system.slice dbus.socket", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-05-09 12:57:10 EDT", "AssertTimestampMonotonic": "226455626", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "38122053000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-05-09 12:57:10 EDT", "ConditionTimestampMonotonic": "226455624", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "20938", "ExecMainStartTimestamp": "Mon 2022-05-09 12:57:10 EDT", "ExecMainStartTimestampMonotonic": "226457249", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-05-09 12:57:10 EDT", "InactiveExitTimestampMonotonic": "226457555", "InvocationID": "94f5bbb5074f4ab79f1c30499afd2b06", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "20938", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "7172096", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-05-09 13:01:03 EDT", "StateChangeTimestampMonotonic": "459200822", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:01:13 +0000 (0:00:00.605) 0:07:38.170 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificates] ***************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_basic_ipa.yml:30 Monday 09 May 2022 17:01:18 +0000 (0:00:05.016) 0:07:43.186 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_basic_ipa.yml:89 Monday 09 May 2022 17:01:18 +0000 (0:00:00.896) 0:07:44.082 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_basic_ipa.crt', 'key_path': '/etc/pki/tls/private/mycert_basic_ipa.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/groupcert.crt', 'key_path': '/etc/pki/tls/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:01:19 +0000 (0:00:00.043) 0:07:44.126 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:01:19 +0000 (0:00:00.017) 0:07:44.144 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:01:20 +0000 (0:00:00.986) 0:07:45.131 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:01:25 +0000 (0:00:05.233) 0:07:50.365 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.4 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 19.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 13.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 27.4 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 47.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:01:28 +0000 (0:00:03.129) 0:07:53.494 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115676.2106438, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8fb7b28fdda5ebb1646d93b9d00fc46737f19833", "ctime": 1652115676.2076437, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9297409, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115676.2076437, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_basic_ipa.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "2889308146", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:01:28 +0000 (0:00:00.568) 0:07:54.062 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:01:28 +0000 (0:00:00.022) 0:07:54.085 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:01:29 +0000 (0:00:00.035) 0:07:54.121 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:01:29 +0000 (0:00:00.031) 0:07:54.152 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115674.1586437, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7870f7e54321ee7af7117ef21f9dcd175662ea75", "ctime": 1652115676.2076437, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 24732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115676.2076437, "nlink": 1, "path": "/etc/pki/tls/private/mycert_basic_ipa.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3963432496", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:01:29 +0000 (0:00:00.451) 0:07:54.604 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:01:29 +0000 (0:00:00.021) 0:07:54.625 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:01:29 +0000 (0:00:00.035) 0:07:54.661 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_basic_ipa.crt" ], "delta": "0:00:00.202131", "end": "2022-05-09 13:01:30.388271", "rc": 0, "start": "2022-05-09 13:01:30.186140" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "6E:64:C6:BD:D3:5F:F2:04:94:11:56:74:7A:67:88:B9:32:AA:7F:29", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "6E:50:14:73:42:69:DC:94:AB:3F:F5:4F:B5:55:1E:BA:AE:82:64:A2", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "82:79:A9:30:DA:15:A3:E4:BF:AF:23:E6:3F:87:4D:89:64:12:85:1B:8C:D6:36:82:40:0F:31:2C:2F:0C:8E:82:82:45:26:58:19:17:EC:2D:1F:05:30:7C:F8:E5:A9:F7:F5:56:A5:EF:9C:A3:B9:69:66:24:76:DF:CF:33:5F:14:01:ED:79:95:D3:8C:40:84:34:CD:43:BE:8C:99:6C:49:28:40:5D:B5:16:91:21:23:41:01:36:01:7F:77:A0:A6:D2:8A:0E:78:2C:26:8C:80:47:3C:44:0C:B6:8D:54:E8:47:91:DF:13:B8:31:62:EC:D9:B7:A8:7A:E2:96:65:77:28:E9:28:71:E0:24:FF:F8:03:99:72:4C:CF:94:F8:EC:0F:17:EC:D7:14:BB:F1:19:9D:42:6D:25:66:0F:33:56:FF:4A:D9:C9:C5:FC:1D:8A:5C:0C:E0:04:BB:A7:45:C8:D0:33:7E:23:80:BE:4E:A9:5B:49:BF:0F:4A:3E:F1:AA:20:94:5B:2D:8A:98:5B:21:86:FA:4D:AF:E3:D4:10:45:E7:CC:76:3F:6E:60:75:BA:E0:68:B2:8B:8D:3D:0C:B2:CB:96:C9:0E:F0:BE:79:D7:09:95:88:C2:E1:35:F8:8C:4A:E7:52:82:9D:96:08:46:88:D7:FC:BA:E6:32:AB:90:EC:01:6A:EB:04:A6:60:4E:87:78:A4:90:00:8B:26:81:5E:64:97:BC:BC:56:3B:F4:B5:04:B1:CC:0E:9C:D2:91:5D:97:B2:CE:A5:34:16:57:29:89:70:A3:58:AC:4D:A0:76:37:60:DD:67:47:BA:07:60:38:38:3B:41:8D:E0:C9:24:AA:31:64:FD:06:ED:76:53:5B:27:E0:B0:B2:BE:23:39:C5:E9:0B:84:73:3D:71:03:4C:09:53:02:5A:1B:2F:E2:6E:B7:82:00:53:08:E8:69:DC:24:6F:E1:E5:27:BB:31:9B:DF:25:B3:A1:C2:C7:51:F3:80:44:67:FD:36:BC" }, "key_size": 2048, "validity": { "not_valid_after": "2024-05-09 17:01:15", "not_valid_before": "2022-05-09 17:01:15" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:01:30 +0000 (0:00:00.653) 0:07:55.314 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "6E:64:C6:BD:D3:5F:F2:04:94:11:56:74:7A:67:88:B9:32:AA:7F:29" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "6E:50:14:73:42:69:DC:94:AB:3F:F5:4F:B5:55:1E:BA:AE:82:64:A2" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "82:79:A9:30:DA:15:A3:E4:BF:AF:23:E6:3F:87:4D:89:64:12:85:1B:8C:D6:36:82:40:0F:31:2C:2F:0C:8E:82:82:45:26:58:19:17:EC:2D:1F:05:30:7C:F8:E5:A9:F7:F5:56:A5:EF:9C:A3:B9:69:66:24:76:DF:CF:33:5F:14:01:ED:79:95:D3:8C:40:84:34:CD:43:BE:8C:99:6C:49:28:40:5D:B5:16:91:21:23:41:01:36:01:7F:77:A0:A6:D2:8A:0E:78:2C:26:8C:80:47:3C:44:0C:B6:8D:54:E8:47:91:DF:13:B8:31:62:EC:D9:B7:A8:7A:E2:96:65:77:28:E9:28:71:E0:24:FF:F8:03:99:72:4C:CF:94:F8:EC:0F:17:EC:D7:14:BB:F1:19:9D:42:6D:25:66:0F:33:56:FF:4A:D9:C9:C5:FC:1D:8A:5C:0C:E0:04:BB:A7:45:C8:D0:33:7E:23:80:BE:4E:A9:5B:49:BF:0F:4A:3E:F1:AA:20:94:5B:2D:8A:98:5B:21:86:FA:4D:AF:E3:D4:10:45:E7:CC:76:3F:6E:60:75:BA:E0:68:B2:8B:8D:3D:0C:B2:CB:96:C9:0E:F0:BE:79:D7:09:95:88:C2:E1:35:F8:8C:4A:E7:52:82:9D:96:08:46:88:D7:FC:BA:E6:32:AB:90:EC:01:6A:EB:04:A6:60:4E:87:78:A4:90:00:8B:26:81:5E:64:97:BC:BC:56:3B:F4:B5:04:B1:CC:0E:9C:D2:91:5D:97:B2:CE:A5:34:16:57:29:89:70:A3:58:AC:4D:A0:76:37:60:DD:67:47:BA:07:60:38:38:3B:41:8D:E0:C9:24:AA:31:64:FD:06:ED:76:53:5B:27:E0:B0:B2:BE:23:39:C5:E9:0B:84:73:3D:71:03:4C:09:53:02:5A:1B:2F:E2:6E:B7:82:00:53:08:E8:69:DC:24:6F:E1:E5:27:BB:31:9B:DF:25:B3:A1:C2:C7:51:F3:80:44:67:FD:36:BC" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-05-09 17:01:15", "not_valid_before": "2022-05-09 17:01:15" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:01:30 +0000 (0:00:00.033) 0:07:55.348 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:01:30 +0000 (0:00:00.032) 0:07:55.380 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:01:30 +0000 (0:00:00.020) 0:07:55.401 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:01:30 +0000 (0:00:00.031) 0:07:55.433 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:01:30 +0000 (0:00:00.033) 0:07:55.466 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:01:30 +0000 (0:00:00.032) 0:07:55.499 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_basic_ipa.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.045263", "end": "2022-05-09 13:01:31.042900", "rc": 0, "start": "2022-05-09 13:01:30.997637" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:01:30 +0000 (0:00:00.463) 0:07:55.963 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:01:30 +0000 (0:00:00.032) 0:07:55.996 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:01:30 +0000 (0:00:00.015) 0:07:56.011 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:01:31 +0000 (0:00:00.964) 0:07:56.976 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:01:32 +0000 (0:00:01.103) 0:07:58.079 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:01:33 +0000 (0:00:00.973) 0:07:59.052 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115678.0686438, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f974c1ab217e3bba458cf0ca218b588e319b2744", "ctime": 1652115678.234644, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 9297412, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652115678.0656438, "nlink": 1, "path": "/etc/pki/tls/certs/groupcert.crt", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "3058109961", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:01:34 +0000 (0:00:00.452) 0:07:59.505 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:01:34 +0000 (0:00:00.022) 0:07:59.528 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:01:34 +0000 (0:00:00.039) 0:07:59.568 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:01:34 +0000 (0:00:00.035) 0:07:59.603 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115677.2366438, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f0e4d3417b369cb16427001ba7f3a636a3ce2363", "ctime": 1652115678.234644, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 24733, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652115678.0656438, "nlink": 1, "path": "/etc/pki/tls/private/groupcert.key", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "144470384", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:01:34 +0000 (0:00:00.445) 0:08:00.048 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:01:34 +0000 (0:00:00.025) 0:08:00.074 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:01:35 +0000 (0:00:00.037) 0:08:00.112 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/groupcert.crt" ], "delta": "0:00:00.195301", "end": "2022-05-09 13:01:35.836296", "rc": 0, "start": "2022-05-09 13:01:35.640995" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "6E:64:C6:BD:D3:5F:F2:04:94:11:56:74:7A:67:88:B9:32:AA:7F:29", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "32:7C:22:63:77:77:70:44:A3:A6:7E:09:FE:C2:00:0E:57:48:3F:DB", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "BB:5B:3F:0B:20:3C:81:9D:92:71:F0:29:DA:C3:CD:5F:C8:CB:6F:90:03:EF:BD:BC:58:9C:AE:44:A3:D7:A3:B1:00:AA:33:17:D8:5F:58:00:22:D4:03:7E:F7:60:E5:2C:58:A1:63:E8:8D:DA:4C:E3:61:7A:D9:7C:CB:54:70:8C:1F:D9:5D:13:76:91:8F:69:BB:1F:20:BB:55:2E:AE:D3:AD:4C:FD:F4:FA:60:82:41:DA:48:32:24:1A:76:0D:95:CF:91:C4:D1:8F:EA:E1:FD:28:61:B6:A7:0D:B5:18:8E:CF:57:53:11:13:2B:B5:17:42:DB:EB:51:60:D0:B1:C2:D0:C6:F9:1A:DD:3F:D0:59:42:C0:34:00:2C:6B:62:09:68:61:84:A7:D4:99:03:D2:97:59:9A:A6:92:4D:9A:AF:F8:5E:B8:2C:67:5D:01:4A:3F:B0:4C:17:0E:5B:60:6E:F1:45:64:7A:E1:41:E5:BA:D0:BA:95:F8:C2:F2:D7:29:3D:01:C0:65:E3:9A:0B:83:7A:06:3F:60:D1:DB:A9:0B:C4:39:4F:DF:06:7E:1C:14:57:C6:80:F6:4F:0E:B2:3E:B5:0B:BB:C3:3D:2C:0B:E4:83:4B:75:6A:89:DD:56:7F:D5:63:8E:68:BC:D0:44:89:6F:60:F0:76:C0:B8:21:4A:FD:5A:79:30:17:32:6C:5C:F8:D4:A5:90:4B:07:98:84:59:43:B6:65:F7:B8:08:7F:AF:9E:D5:EA:DC:2E:2D:34:3A:D8:F1:F7:22:4E:D6:AD:61:93:34:89:DD:25:EE:9A:C7:6A:6C:7B:EE:F1:92:85:04:A4:13:73:0A:09:95:2E:10:1E:7B:AD:17:93:77:15:86:57:BB:17:B6:F3:60:D2:3B:CC:4C:89:C5:8F:59:42:6B:B5:17:4A:B7:9C:55:D5:54:CB:17:0C:9C:18:AE:2B:CE:87:D6:57:85:BC:90:B0:A3:8B:FB:5D:26:9B:D0:B5:B9:48:18:AF:75:38:2B:BA" }, "key_size": 2048, "validity": { "not_valid_after": "2024-05-09 17:01:17", "not_valid_before": "2022-05-09 17:01:17" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:01:35 +0000 (0:00:00.648) 0:08:00.761 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "6E:64:C6:BD:D3:5F:F2:04:94:11:56:74:7A:67:88:B9:32:AA:7F:29" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "32:7C:22:63:77:77:70:44:A3:A6:7E:09:FE:C2:00:0E:57:48:3F:DB" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "BB:5B:3F:0B:20:3C:81:9D:92:71:F0:29:DA:C3:CD:5F:C8:CB:6F:90:03:EF:BD:BC:58:9C:AE:44:A3:D7:A3:B1:00:AA:33:17:D8:5F:58:00:22:D4:03:7E:F7:60:E5:2C:58:A1:63:E8:8D:DA:4C:E3:61:7A:D9:7C:CB:54:70:8C:1F:D9:5D:13:76:91:8F:69:BB:1F:20:BB:55:2E:AE:D3:AD:4C:FD:F4:FA:60:82:41:DA:48:32:24:1A:76:0D:95:CF:91:C4:D1:8F:EA:E1:FD:28:61:B6:A7:0D:B5:18:8E:CF:57:53:11:13:2B:B5:17:42:DB:EB:51:60:D0:B1:C2:D0:C6:F9:1A:DD:3F:D0:59:42:C0:34:00:2C:6B:62:09:68:61:84:A7:D4:99:03:D2:97:59:9A:A6:92:4D:9A:AF:F8:5E:B8:2C:67:5D:01:4A:3F:B0:4C:17:0E:5B:60:6E:F1:45:64:7A:E1:41:E5:BA:D0:BA:95:F8:C2:F2:D7:29:3D:01:C0:65:E3:9A:0B:83:7A:06:3F:60:D1:DB:A9:0B:C4:39:4F:DF:06:7E:1C:14:57:C6:80:F6:4F:0E:B2:3E:B5:0B:BB:C3:3D:2C:0B:E4:83:4B:75:6A:89:DD:56:7F:D5:63:8E:68:BC:D0:44:89:6F:60:F0:76:C0:B8:21:4A:FD:5A:79:30:17:32:6C:5C:F8:D4:A5:90:4B:07:98:84:59:43:B6:65:F7:B8:08:7F:AF:9E:D5:EA:DC:2E:2D:34:3A:D8:F1:F7:22:4E:D6:AD:61:93:34:89:DD:25:EE:9A:C7:6A:6C:7B:EE:F1:92:85:04:A4:13:73:0A:09:95:2E:10:1E:7B:AD:17:93:77:15:86:57:BB:17:B6:F3:60:D2:3B:CC:4C:89:C5:8F:59:42:6B:B5:17:4A:B7:9C:55:D5:54:CB:17:0C:9C:18:AE:2B:CE:87:D6:57:85:BC:90:B0:A3:8B:FB:5D:26:9B:D0:B5:B9:48:18:AF:75:38:2B:BA" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-05-09 17:01:17", "not_valid_before": "2022-05-09 17:01:17" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:01:35 +0000 (0:00:00.032) 0:08:00.793 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:01:35 +0000 (0:00:00.032) 0:08:00.826 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:01:35 +0000 (0:00:00.021) 0:08:00.847 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:01:35 +0000 (0:00:00.032) 0:08:00.879 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:01:35 +0000 (0:00:00.033) 0:08:00.913 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:01:35 +0000 (0:00:00.035) 0:08:00.949 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/groupcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047366", "end": "2022-05-09 13:01:36.506271", "rc": 0, "start": "2022-05-09 13:01:36.458905" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:01:36 +0000 (0:00:00.480) 0:08:01.429 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=98 changed=32 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 Monday 09 May 2022 17:01:36 +0000 (0:00:00.038) 0:08:01.468 ************ =============================================================================== ipaserver : Install - Setup CA ---------------------------------------- 161.80s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:266 ----------------------- ipaserver : Install - Setup HTTP -------------------------------------- 146.86s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:322 ----------------------- ipaserver : Install - Ensure that IPA server packages are installed ---- 49.87s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 ------------------------- ipaserver : Install - Setup DS ----------------------------------------- 16.67s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:204 ----------------------- ipaserver : Install - Setup NTP ---------------------------------------- 10.58s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:197 ----------------------- ipaserver : Install - Setup DNS ----------------------------------------- 7.95s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:365 ----------------------- ipaserver : Install - Setup KRB ----------------------------------------- 6.01s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:233 ----------------------- Install the package, force upgrade -------------------------------------- 5.23s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 5.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 ipaserver : Install - Setup custodia ------------------------------------ 4.73s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:260 ----------------------- ipaserver : Install - Enable IPA ---------------------------------------- 4.37s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:429 ----------------------- ipaserver : Install - Ensure that IPA server packages for dns are installed --- 3.99s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 ------------------------ ipaclient : Install - Create IPA NSS database --------------------------- 3.84s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:305 ----------------------- Install certreader ------------------------------------------------------ 3.13s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- ipaserver : Install - Setup otpd ---------------------------------------- 2.77s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:316 ----------------------- ipaserver : Install - Set DS password ----------------------------------- 2.43s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:397 ----------------------- ipaserver : Install - Ensure that firewall packages installed ----------- 2.29s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 ------------------------ ipaclient : Install - IPA API calls for remaining enrollment parts ------ 2.26s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:287 ----------------------- ipaserver : Install - Server preparation -------------------------------- 2.23s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:153 ----------------------- ipaclient : Install - Test if IPA client has working krb5.keytab -------- 1.73s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 ------------------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_basic_self_signed.yml:2 Monday 09 May 2022 17:01:51 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:01:52 +0000 (0:00:01.153) 0:00:01.163 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:01:52 +0000 (0:00:00.020) 0:00:01.184 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:01:53 +0000 (0:00:00.498) 0:00:01.682 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:01:53 +0000 (0:00:00.045) 0:00:01.727 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:01:54 +0000 (0:00:01.276) 0:00:03.004 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:01:56 +0000 (0:00:02.067) 0:00:05.072 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:01:57 +0000 (0:00:00.522) 0:00:05.594 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:01:57 +0000 (0:00:00.423) 0:00:06.018 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket system.slice basic.target dbus.socket sysinit.target dbus-broker.service syslog.target network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:01:58 +0000 (0:00:01.009) 0:00:07.027 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_basic_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_basic_self_signed" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_basic_self_signed.yml:13 Monday 09 May 2022 17:01:59 +0000 (0:00:01.144) 0:00:08.172 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_basic_self_signed.yml:27 Monday 09 May 2022 17:02:00 +0000 (0:00:00.788) 0:00:08.961 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_basic_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_basic_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:02:00 +0000 (0:00:00.034) 0:00:08.995 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:02:00 +0000 (0:00:00.017) 0:00:09.013 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:02:01 +0000 (0:00:00.832) 0:00:09.845 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:02:06 +0000 (0:00:05.094) 0:00:14.940 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.9 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 28.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 28.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 28.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 37.6 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:02:09 +0000 (0:00:03.189) 0:00:18.129 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115718.97261, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fe46cbf272a799deab780539ae931ce58b710fd4", "ctime": 1652115718.9706101, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115718.9706101, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_basic_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "4025380382", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:02:10 +0000 (0:00:00.473) 0:00:18.602 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:02:10 +0000 (0:00:00.020) 0:00:18.623 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:02:10 +0000 (0:00:00.035) 0:00:18.658 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:02:10 +0000 (0:00:00.033) 0:00:18.691 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115718.91261, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1f37c043146c6c765cc19d13f91eaf1ea2664506", "ctime": 1652115718.9706101, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115718.9706101, "nlink": 1, "path": "/etc/pki/tls/private/mycert_basic_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "3568166113", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:02:10 +0000 (0:00:00.338) 0:00:19.030 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:02:10 +0000 (0:00:00.020) 0:00:19.050 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:02:10 +0000 (0:00:00.035) 0:00:19.086 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_basic_self_signed.crt" ], "delta": "0:00:00.196201", "end": "2022-05-09 13:02:10.727201", "rc": 0, "start": "2022-05-09 13:02:10.531000" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "8B:A3:0D:4B:76:90:40:4F:02:31:29:AD:08:2B:1B:97:2F:ED:F7:05", "critical": false }, "authorityKeyIdentifier": { "value": "AA:20:24:46:57:27:D9:1B:72:09:AE:6B:62:10:29:BF:BD:B8:E0:81", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3F:14:EB:03:35:5D:06:F7:F1:83:DB:D5:49:B3:DF:F4:B8:D7:54:77:4F:EF:3A:5A:16:5C:C3:C9:95:FE:4B:4E:C9:FC:71:DD:C4:61:DD:0C:07:3A:A4:84:BB:A9:F0:40:C4:5C:20:C5:3D:D0:29:47:D0:C2:2D:4A:5C:AC:0F:45:59:58:5C:33:75:AE:29:5A:56:5A:0C:4E:AD:5D:20:72:71:17:63:27:4B:15:8B:77:2D:BE:35:0A:A4:C2:B4:1A:7E:01:84:63:54:97:C2:1C:4F:C3:15:03:7A:E9:E9:0E:B7:99:DB:AE:8D:03:AD:1C:C0:44:51:DA:25:84:20:5A:B8:9D:08:36:0E:8A:8F:D8:9D:4A:96:0E:CF:48:43:FC:32:87:CA:0F:0D:D4:CA:03:C9:84:4D:F6:06:3B:C5:D7:EA:44:88:88:AD:6A:F2:38:6E:E0:6F:07:CB:95:60:F7:43:0A:96:77:E3:2A:18:0D:5A:26:CB:86:20:6F:D5:38:84:C7:19:4B:69:68:3D:C4:43:CF:17:95:0F:63:90:CF:D9:82:9C:38:F0:A2:DB:FC:33:7A:AB:E9:4C:1E:7B:2E:D5:34:36:1C:6C:BC:9C:1B:0C:09:F0:F9:00:A2:3D:EC:81:03:AA:69:1A:E2:F4:54:0A:E1:64:4E:32:CE:01:8E" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:01:58", "not_valid_before": "2022-05-09 17:01:58" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:02:11 +0000 (0:00:00.659) 0:00:19.745 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "AA:20:24:46:57:27:D9:1B:72:09:AE:6B:62:10:29:BF:BD:B8:E0:81" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "8B:A3:0D:4B:76:90:40:4F:02:31:29:AD:08:2B:1B:97:2F:ED:F7:05" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3F:14:EB:03:35:5D:06:F7:F1:83:DB:D5:49:B3:DF:F4:B8:D7:54:77:4F:EF:3A:5A:16:5C:C3:C9:95:FE:4B:4E:C9:FC:71:DD:C4:61:DD:0C:07:3A:A4:84:BB:A9:F0:40:C4:5C:20:C5:3D:D0:29:47:D0:C2:2D:4A:5C:AC:0F:45:59:58:5C:33:75:AE:29:5A:56:5A:0C:4E:AD:5D:20:72:71:17:63:27:4B:15:8B:77:2D:BE:35:0A:A4:C2:B4:1A:7E:01:84:63:54:97:C2:1C:4F:C3:15:03:7A:E9:E9:0E:B7:99:DB:AE:8D:03:AD:1C:C0:44:51:DA:25:84:20:5A:B8:9D:08:36:0E:8A:8F:D8:9D:4A:96:0E:CF:48:43:FC:32:87:CA:0F:0D:D4:CA:03:C9:84:4D:F6:06:3B:C5:D7:EA:44:88:88:AD:6A:F2:38:6E:E0:6F:07:CB:95:60:F7:43:0A:96:77:E3:2A:18:0D:5A:26:CB:86:20:6F:D5:38:84:C7:19:4B:69:68:3D:C4:43:CF:17:95:0F:63:90:CF:D9:82:9C:38:F0:A2:DB:FC:33:7A:AB:E9:4C:1E:7B:2E:D5:34:36:1C:6C:BC:9C:1B:0C:09:F0:F9:00:A2:3D:EC:81:03:AA:69:1A:E2:F4:54:0A:E1:64:4E:32:CE:01:8E" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:01:58", "not_valid_before": "2022-05-09 17:01:58" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:02:11 +0000 (0:00:00.033) 0:00:19.779 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:02:11 +0000 (0:00:00.039) 0:00:19.818 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:02:11 +0000 (0:00:00.026) 0:00:19.845 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:02:11 +0000 (0:00:00.036) 0:00:19.882 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:02:11 +0000 (0:00:00.033) 0:00:19.916 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:02:11 +0000 (0:00:00.033) 0:00:19.949 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_basic_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038695", "end": "2022-05-09 13:02:11.308067", "rc": 0, "start": "2022-05-09 13:02:11.269372" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:02:11 +0000 (0:00:00.373) 0:00:20.323 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:02:11 +0000 (0:00:00.038) 0:00:20.362 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.09s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.19s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.07s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.28s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmpvsyllm8f/tests/tests_basic_self_signed.yml:2 -------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 1.14s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure provider service is running ----- 1.01s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Ensure python3 is installed --------------------------------------------- 0.83s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmpvsyllm8f/tests/tests_basic_self_signed.yml:13 ------------------------- Parse certificate ------------------------------------------------------- 0.66s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.50s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.47s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.42s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve auto-renew flag ------------------------------------------------ 0.37s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.34s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Set platform/version specific variables --- 0.05s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key size --------------------------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmpvsyllm8f/tests/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:02:27 +0000 (0:00:00.012) 0:00:00.012 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:02:27 +0000 (0:00:00.016) 0:00:00.029 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:02:28 +0000 (0:00:00.830) 0:00:00.860 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:02:28 +0000 (0:00:00.032) 0:00:00.892 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:02:29 +0000 (0:00:01.324) 0:00:02.216 ************ TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:02:29 +0000 (0:00:00.028) 0:00:02.245 ************ TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:02:29 +0000 (0:00:00.025) 0:00:02.271 ************ TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:02:29 +0000 (0:00:00.024) 0:00:02.296 ************ TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:02:29 +0000 (0:00:00.024) 0:00:02.320 ************ META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=3 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 09 May 2022 17:02:29 +0000 (0:00:00.017) 0:00:02.338 ************ =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.32s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.83s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Set platform/version specific variables --- 0.03s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 linux-system-roles.certificate : Ensure provider packages are installed --- 0.03s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.03s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - linux-system-roles.certificate : Ensure provider service is running ----- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Set version specific variables --------- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_dns_ip_email.yml:2 Monday 09 May 2022 17:02:43 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:02:45 +0000 (0:00:01.091) 0:00:01.101 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:02:45 +0000 (0:00:00.019) 0:00:01.121 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:02:45 +0000 (0:00:00.484) 0:00:01.605 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:02:45 +0000 (0:00:00.034) 0:00:01.639 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:02:46 +0000 (0:00:01.249) 0:00:02.889 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:02:48 +0000 (0:00:02.042) 0:00:04.932 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:02:49 +0000 (0:00:00.498) 0:00:05.430 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:02:49 +0000 (0:00:00.389) 0:00:05.819 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket network.target basic.target syslog.target sysinit.target system.slice dbus-broker.service dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:02:50 +0000 (0:00:00.977) 0:00:06.796 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_dns_ip_email', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "My Certificate with SAN", "dns": [ "sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com" ], "email": [ "sysadmin@example.com", "support@example.com" ], "ip": [ "192.0.2.12", "198.51.100.65", "2001:db8::2:1" ], "name": "mycert_dns_ip_email" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_dns_ip_email.yml:24 Monday 09 May 2022 17:02:51 +0000 (0:00:01.038) 0:00:07.835 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_dns_ip_email.yml:54 Monday 09 May 2022 17:02:52 +0000 (0:00:00.785) 0:00:08.620 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_dns_ip_email.crt', 'key_path': '/etc/pki/tls/private/mycert_dns_ip_email.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'My Certificate with SAN'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'sub1.example.com'}, {'name': 'DNS', 'value': 'www.example.com'}, {'name': 'DNS', 'value': 'sub2.example.com'}, {'name': 'DNS', 'value': 'sub3.example.com'}, {'name': 'email', 'value': 'sysadmin@example.com'}, {'name': 'email', 'value': 'support@example.com'}, {'name': 'IP Address', 'value': '192.0.2.12'}, {'name': 'IP Address', 'value': '198.51.100.65'}, {'name': 'IP Address', 'value': '2001:db8::2:1'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:02:52 +0000 (0:00:00.034) 0:00:08.655 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:02:52 +0000 (0:00:00.015) 0:00:08.670 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:02:53 +0000 (0:00:00.829) 0:00:09.500 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:02:58 +0000 (0:00:05.218) 0:00:14.718 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 9.1 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 27.7 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 27.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 27.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 32.2 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:03:01 +0000 (0:00:03.253) 0:00:17.972 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115770.7128534, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "75cbf3f7a3f7ffae82d7ebc588223008d1856d62", "ctime": 1652115770.7108536, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115770.7108536, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_dns_ip_email.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1484, "uid": 0, "version": "74465740", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:03:02 +0000 (0:00:00.471) 0:00:18.443 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:03:02 +0000 (0:00:00.020) 0:00:18.464 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:03:02 +0000 (0:00:00.035) 0:00:18.499 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:03:02 +0000 (0:00:00.031) 0:00:18.531 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115770.6508534, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7f2525eb1bb29305879bc97648bca7eec67aba08", "ctime": 1652115770.7108536, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115770.7108536, "nlink": 1, "path": "/etc/pki/tls/private/mycert_dns_ip_email.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2570312810", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:03:02 +0000 (0:00:00.391) 0:00:18.923 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:03:02 +0000 (0:00:00.021) 0:00:18.944 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:03:02 +0000 (0:00:00.035) 0:00:18.980 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_dns_ip_email.crt" ], "delta": "0:00:00.198522", "end": "2022-05-09 13:03:02.630456", "rc": 0, "start": "2022-05-09 13:03:02.431934" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "33:B0:C3:91:5E:7A:9B:89:9F:76:CA:80:9F:69:C3:5F:48:E8:A2:2E", "critical": false }, "authorityKeyIdentifier": { "value": "8F:99:2F:0D:BA:12:88:8E:DD:D3:11:A1:E3:0D:BF:21:B8:8D:64:F3", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "65:D2:99:BE:9F:79:98:97:1B:3A:BA:B4:D0:5B:D8:25:D4:A6:E1:D8:4B:BB:8E:21:7F:63:EB:92:6B:46:D1:68:85:09:03:6A:47:B1:AD:9C:E3:C4:6F:12:A8:8C:7D:A5:70:94:A2:AE:C0:AA:B1:0C:B6:A8:55:B7:15:DB:77:0E:8E:BC:C0:CA:8A:E6:9F:B2:23:30:7B:50:DE:99:AD:31:02:E2:E8:9C:A2:AA:73:49:A8:8C:AB:C9:C3:F7:A4:C1:A7:1B:81:E8:F7:81:2B:C1:A9:30:B8:91:69:17:1E:AA:B6:ED:2B:3B:4F:28:5C:AA:E6:DA:7E:10:CC:B9:BB:BF:5C:83:B5:71:AB:51:3D:EF:84:92:84:60:F7:DF:3E:0C:CF:57:5D:13:EA:6A:2F:10:AC:C1:9F:93:E2:72:E2:45:31:AA:B7:14:84:C3:BE:96:A2:60:CD:08:1B:5B:D9:68:08:DB:B0:84:82:62:A8:84:0C:89:B3:04:98:05:9D:B7:62:23:26:AA:02:BB:13:11:BC:6A:1B:E4:DB:5D:A4:5C:5B:A2:F3:E2:96:D8:82:61:CF:33:6E:EA:FB:C6:FD:A7:7A:DF:07:38:7F:EA:73:65:1C:C2:72:2D:A9:27:64:D6:2E:1B:C1:BF:3A:EF:64:CE:73:72:A8:E6:67:14:D6:DD" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:02:49", "not_valid_before": "2022-05-09 17:02:50" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:03:03 +0000 (0:00:00.673) 0:00:19.654 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "8F:99:2F:0D:BA:12:88:8E:DD:D3:11:A1:E3:0D:BF:21:B8:8D:64:F3" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "33:B0:C3:91:5E:7A:9B:89:9F:76:CA:80:9F:69:C3:5F:48:E8:A2:2E" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "65:D2:99:BE:9F:79:98:97:1B:3A:BA:B4:D0:5B:D8:25:D4:A6:E1:D8:4B:BB:8E:21:7F:63:EB:92:6B:46:D1:68:85:09:03:6A:47:B1:AD:9C:E3:C4:6F:12:A8:8C:7D:A5:70:94:A2:AE:C0:AA:B1:0C:B6:A8:55:B7:15:DB:77:0E:8E:BC:C0:CA:8A:E6:9F:B2:23:30:7B:50:DE:99:AD:31:02:E2:E8:9C:A2:AA:73:49:A8:8C:AB:C9:C3:F7:A4:C1:A7:1B:81:E8:F7:81:2B:C1:A9:30:B8:91:69:17:1E:AA:B6:ED:2B:3B:4F:28:5C:AA:E6:DA:7E:10:CC:B9:BB:BF:5C:83:B5:71:AB:51:3D:EF:84:92:84:60:F7:DF:3E:0C:CF:57:5D:13:EA:6A:2F:10:AC:C1:9F:93:E2:72:E2:45:31:AA:B7:14:84:C3:BE:96:A2:60:CD:08:1B:5B:D9:68:08:DB:B0:84:82:62:A8:84:0C:89:B3:04:98:05:9D:B7:62:23:26:AA:02:BB:13:11:BC:6A:1B:E4:DB:5D:A4:5C:5B:A2:F3:E2:96:D8:82:61:CF:33:6E:EA:FB:C6:FD:A7:7A:DF:07:38:7F:EA:73:65:1C:C2:72:2D:A9:27:64:D6:2E:1B:C1:BF:3A:EF:64:CE:73:72:A8:E6:67:14:D6:DD" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "validity": { "not_valid_after": "2023-05-09 17:02:49", "not_valid_before": "2022-05-09 17:02:50" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:03:03 +0000 (0:00:00.034) 0:00:19.688 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:03:03 +0000 (0:00:00.036) 0:00:19.724 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:03:03 +0000 (0:00:00.024) 0:00:19.749 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:03:03 +0000 (0:00:00.037) 0:00:19.786 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:03:03 +0000 (0:00:00.036) 0:00:19.823 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:03:03 +0000 (0:00:00.067) 0:00:19.890 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_dns_ip_email.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039738", "end": "2022-05-09 13:03:03.258877", "rc": 0, "start": "2022-05-09 13:03:03.219139" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:03:04 +0000 (0:00:00.399) 0:00:20.289 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:03:04 +0000 (0:00:00.041) 0:00:20.330 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.22s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.25s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.25s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.09s /tmp/tmpvsyllm8f/tests/tests_dns_ip_email.yml:2 ------------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 1.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure provider service is running ----- 0.98s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Ensure python3 is installed --------------------------------------------- 0.83s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmpvsyllm8f/tests/tests_dns_ip_email.yml:24 ------------------------------ Parse certificate ------------------------------------------------------- 0.67s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.50s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.48s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.47s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Verify certificate Extended Key Usage ----------------------------------- 0.07s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 ------------ Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key size --------------------------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 ------------ Verify certificate Key Usage -------------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:2 Monday 09 May 2022 17:03:19 +0000 (0:00:00.008) 0:00:00.008 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:5 Monday 09 May 2022 17:03:21 +0000 (0:00:01.495) 0:00:01.504 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:9 Monday 09 May 2022 17:03:21 +0000 (0:00:00.600) 0:00:02.105 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:13 Monday 09 May 2022 17:03:22 +0000 (0:00:00.499) 0:00:02.604 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:03:23 +0000 (0:00:00.777) 0:00:03.382 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:03:23 +0000 (0:00:00.021) 0:00:03.403 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:03:23 +0000 (0:00:00.504) 0:00:03.907 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:03:23 +0000 (0:00:00.037) 0:00:03.944 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:03:25 +0000 (0:00:01.335) 0:00:05.280 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:03:27 +0000 (0:00:02.146) 0:00:07.426 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:03:27 +0000 (0:00:00.515) 0:00:07.941 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:03:28 +0000 (0:00:00.407) 0:00:08.348 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target sysinit.target dbus.socket network.target systemd-journald.socket system.slice dbus-broker.service syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:03:29 +0000 (0:00:01.051) 0:00:09.400 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:31 Monday 09 May 2022 17:03:31 +0000 (0:00:01.915) 0:00:11.315 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:60 Monday 09 May 2022 17:03:32 +0000 (0:00:00.814) 0:00:12.130 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_fs_attrs.crt', 'key_path': '/etc/pki/tls/private/mycert_fs_attrs.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'}) included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:03:32 +0000 (0:00:00.040) 0:00:12.170 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:03:32 +0000 (0:00:00.015) 0:00:12.185 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:03:33 +0000 (0:00:00.940) 0:00:13.125 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:03:38 +0000 (0:00:05.259) 0:00:18.385 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.2 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 2.9 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 4.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 27.5 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:03:41 +0000 (0:00:03.663) 0:00:22.049 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115809.6947937, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "127cc421dbbb3ca582c426122ee861a977986a09", "ctime": 1652115809.7717936, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 8388826, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652115809.6927936, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "701161414", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:03:42 +0000 (0:00:00.522) 0:00:22.572 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:03:42 +0000 (0:00:00.021) 0:00:22.593 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:03:42 +0000 (0:00:00.036) 0:00:22.630 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:03:42 +0000 (0:00:00.032) 0:00:22.662 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115809.6307936, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3764ae9860492fe04982d2443889486a89f2e04e", "ctime": 1652115809.7727938, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 14823, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652115809.6927936, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 14, "version": "1405976620", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:03:42 +0000 (0:00:00.357) 0:00:23.020 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:03:42 +0000 (0:00:00.022) 0:00:23.042 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:03:42 +0000 (0:00:00.038) 0:00:23.081 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_fs_attrs.crt" ], "delta": "0:00:00.206811", "end": "2022-05-09 13:03:43.022925", "rc": 0, "start": "2022-05-09 13:03:42.816114" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "51:0B:CD:1A:D4:8E:0A:47:82:20:20:68:92:07:07:04:12:2A:A5:2F", "critical": false }, "authorityKeyIdentifier": { "value": "CD:A6:6C:A6:CF:DC:DF:57:6C:73:1E:F7:05:C4:DD:A9:3E:33:0E:4C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "64:43:84:0C:3C:4F:C4:11:7E:DF:1E:22:4F:2E:80:44:4B:81:05:6D:B0:01:DA:92:56:63:9A:16:61:D5:7F:F2:49:FA:29:47:EC:21:64:44:DF:76:8D:B3:AA:77:85:3B:BC:AC:1B:63:B3:02:05:D9:78:35:93:7D:17:DA:AA:45:E4:48:54:83:17:03:B8:AF:8A:B8:D4:39:93:DC:68:56:B4:DA:E6:62:2E:94:49:D1:80:AD:77:0F:3E:69:77:B6:77:4E:1F:F6:97:40:DE:E8:1D:90:14:CD:44:44:83:B3:90:27:CF:93:FB:18:F5:75:91:D9:2B:2D:7D:24:A8:61:43:B1:7B:A6:DA:26:EB:66:8E:EC:40:CB:8A:C3:60:EA:1B:89:73:7E:BD:DD:42:A3:D7:D1:6D:71:21:8B:EE:11:00:14:DF:61:81:1D:C4:C6:F6:E8:D7:C9:24:C8:5D:C2:56:E0:77:E9:C7:8A:D0:C8:DA:72:89:04:D7:83:C8:6B:A7:3D:8F:FC:8E:D2:CF:AB:A3:71:7C:82:B6:E1:0A:03:98:D8:62:9E:07:A1:89:08:44:B5:44:ED:A9:54:07:C2:FC:E6:0F:79:5B:E6:E8:E4:78:E5:D2:3E:2D:4D:BE:9C:E4:7D:30:8B:DF:06:0E:85:80:93:13:ED:FF:78:79:60" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:03:28", "not_valid_before": "2022-05-09 17:03:29" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:03:43 +0000 (0:00:00.722) 0:00:23.803 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "CD:A6:6C:A6:CF:DC:DF:57:6C:73:1E:F7:05:C4:DD:A9:3E:33:0E:4C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "51:0B:CD:1A:D4:8E:0A:47:82:20:20:68:92:07:07:04:12:2A:A5:2F" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "64:43:84:0C:3C:4F:C4:11:7E:DF:1E:22:4F:2E:80:44:4B:81:05:6D:B0:01:DA:92:56:63:9A:16:61:D5:7F:F2:49:FA:29:47:EC:21:64:44:DF:76:8D:B3:AA:77:85:3B:BC:AC:1B:63:B3:02:05:D9:78:35:93:7D:17:DA:AA:45:E4:48:54:83:17:03:B8:AF:8A:B8:D4:39:93:DC:68:56:B4:DA:E6:62:2E:94:49:D1:80:AD:77:0F:3E:69:77:B6:77:4E:1F:F6:97:40:DE:E8:1D:90:14:CD:44:44:83:B3:90:27:CF:93:FB:18:F5:75:91:D9:2B:2D:7D:24:A8:61:43:B1:7B:A6:DA:26:EB:66:8E:EC:40:CB:8A:C3:60:EA:1B:89:73:7E:BD:DD:42:A3:D7:D1:6D:71:21:8B:EE:11:00:14:DF:61:81:1D:C4:C6:F6:E8:D7:C9:24:C8:5D:C2:56:E0:77:E9:C7:8A:D0:C8:DA:72:89:04:D7:83:C8:6B:A7:3D:8F:FC:8E:D2:CF:AB:A3:71:7C:82:B6:E1:0A:03:98:D8:62:9E:07:A1:89:08:44:B5:44:ED:A9:54:07:C2:FC:E6:0F:79:5B:E6:E8:E4:78:E5:D2:3E:2D:4D:BE:9C:E4:7D:30:8B:DF:06:0E:85:80:93:13:ED:FF:78:79:60" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:03:28", "not_valid_before": "2022-05-09 17:03:29" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:03:43 +0000 (0:00:00.032) 0:00:23.836 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:03:43 +0000 (0:00:00.039) 0:00:23.875 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:03:43 +0000 (0:00:00.020) 0:00:23.896 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:03:43 +0000 (0:00:00.034) 0:00:23.930 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:03:43 +0000 (0:00:00.034) 0:00:23.964 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:03:43 +0000 (0:00:00.032) 0:00:23.997 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039146", "end": "2022-05-09 13:03:43.595463", "rc": 0, "start": "2022-05-09 13:03:43.556317" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:03:44 +0000 (0:00:00.374) 0:00:24.372 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:03:44 +0000 (0:00:00.031) 0:00:24.403 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:03:44 +0000 (0:00:00.014) 0:00:24.418 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:03:45 +0000 (0:00:00.830) 0:00:25.248 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:03:46 +0000 (0:00:01.113) 0:00:26.362 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:03:47 +0000 (0:00:00.918) 0:00:27.280 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115810.4477937, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7da05ccca5a39369b490baacd019aba098f07c56", "ctime": 1652115810.4887936, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 8402598, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652115810.4457936, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "742682886", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:03:47 +0000 (0:00:00.361) 0:00:27.642 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:03:47 +0000 (0:00:00.021) 0:00:27.663 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:03:47 +0000 (0:00:00.036) 0:00:27.700 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:03:47 +0000 (0:00:00.033) 0:00:27.733 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115810.3877935, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "97cb446e1c7196049702a8d5efa691177122aa97", "ctime": 1652115810.4887936, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 17321, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652115810.4457936, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "380046314", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:03:47 +0000 (0:00:00.370) 0:00:28.104 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:03:48 +0000 (0:00:00.021) 0:00:28.126 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:03:48 +0000 (0:00:00.035) 0:00:28.161 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.205988", "end": "2022-05-09 13:03:47.947099", "rc": 0, "start": "2022-05-09 13:03:47.741111" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "86:02:4B:CF:8C:96:B7:11:6D:F7:69:53:04:7A:68:BC:24:99:66:A1", "critical": false }, "authorityKeyIdentifier": { "value": "CD:A6:6C:A6:CF:DC:DF:57:6C:73:1E:F7:05:C4:DD:A9:3E:33:0E:4C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "08:1F:6C:BA:D5:E7:0D:FC:BE:B5:95:93:D3:12:D1:6E:F9:B1:6B:00:90:E0:F2:12:47:99:0A:23:11:39:C9:70:98:17:79:05:8E:67:BB:94:2B:B9:48:10:E6:C4:1A:BB:72:23:C7:B0:ED:14:D1:E5:2E:31:3A:FB:9C:2A:9A:3C:8E:FB:7F:1F:A6:D8:EE:3E:C7:6F:EA:8B:5F:CA:7E:D7:52:25:9F:7A:8D:E2:68:B1:F8:37:C6:C4:CA:B6:CC:C6:9A:0A:96:28:1F:81:4E:EC:60:A2:2D:4E:E6:E3:C5:34:5F:73:62:1A:42:C2:89:0C:6A:A6:4B:F2:E5:DA:C9:6C:E2:BC:FF:F1:B8:91:D7:6E:8C:1D:A6:CD:10:EA:DF:87:FA:0D:07:2D:07:B2:02:FF:4E:EE:91:F5:6D:06:6B:64:5F:03:0D:88:61:F7:34:95:E3:C2:A0:03:96:52:57:A3:F2:FF:D7:83:E6:22:3C:D6:90:0C:06:DF:3C:8E:98:33:58:62:F0:49:35:8E:B8:88:50:55:1B:86:CD:CD:23:8C:3E:9E:5D:20:EC:D8:50:B7:98:AC:AB:51:B5:6D:A0:2B:0E:AA:7B:08:2A:F1:37:0D:6A:C5:5E:35:2B:59:CA:35:F8:21:3B:F1:6D:DF:42:29:36:93:DC:8A:3A:3B:87:F7" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:03:28", "not_valid_before": "2022-05-09 17:03:30" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:03:48 +0000 (0:00:00.568) 0:00:28.730 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "CD:A6:6C:A6:CF:DC:DF:57:6C:73:1E:F7:05:C4:DD:A9:3E:33:0E:4C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "86:02:4B:CF:8C:96:B7:11:6D:F7:69:53:04:7A:68:BC:24:99:66:A1" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "08:1F:6C:BA:D5:E7:0D:FC:BE:B5:95:93:D3:12:D1:6E:F9:B1:6B:00:90:E0:F2:12:47:99:0A:23:11:39:C9:70:98:17:79:05:8E:67:BB:94:2B:B9:48:10:E6:C4:1A:BB:72:23:C7:B0:ED:14:D1:E5:2E:31:3A:FB:9C:2A:9A:3C:8E:FB:7F:1F:A6:D8:EE:3E:C7:6F:EA:8B:5F:CA:7E:D7:52:25:9F:7A:8D:E2:68:B1:F8:37:C6:C4:CA:B6:CC:C6:9A:0A:96:28:1F:81:4E:EC:60:A2:2D:4E:E6:E3:C5:34:5F:73:62:1A:42:C2:89:0C:6A:A6:4B:F2:E5:DA:C9:6C:E2:BC:FF:F1:B8:91:D7:6E:8C:1D:A6:CD:10:EA:DF:87:FA:0D:07:2D:07:B2:02:FF:4E:EE:91:F5:6D:06:6B:64:5F:03:0D:88:61:F7:34:95:E3:C2:A0:03:96:52:57:A3:F2:FF:D7:83:E6:22:3C:D6:90:0C:06:DF:3C:8E:98:33:58:62:F0:49:35:8E:B8:88:50:55:1B:86:CD:CD:23:8C:3E:9E:5D:20:EC:D8:50:B7:98:AC:AB:51:B5:6D:A0:2B:0E:AA:7B:08:2A:F1:37:0D:6A:C5:5E:35:2B:59:CA:35:F8:21:3B:F1:6D:DF:42:29:36:93:DC:8A:3A:3B:87:F7" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:03:28", "not_valid_before": "2022-05-09 17:03:30" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:03:48 +0000 (0:00:00.032) 0:00:28.762 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:03:48 +0000 (0:00:00.034) 0:00:28.797 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:03:48 +0000 (0:00:00.022) 0:00:28.819 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:03:48 +0000 (0:00:00.030) 0:00:28.849 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:03:48 +0000 (0:00:00.030) 0:00:28.880 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:03:48 +0000 (0:00:00.031) 0:00:28.911 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038146", "end": "2022-05-09 13:03:48.524374", "rc": 0, "start": "2022-05-09 13:03:48.486228" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:03:49 +0000 (0:00:00.395) 0:00:29.307 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=55 changed=9 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:03:49 +0000 (0:00:00.039) 0:00:29.347 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.26s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.66s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.15s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate requests ------------ 1.92s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 1.50s /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:2 ----------------------------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.34s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Install the package, force upgrade -------------------------------------- 1.11s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.05s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Ensure python3 is installed --------------------------------------------- 0.94s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Install certreader ------------------------------------------------------ 0.92s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 0.83s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.81s /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:31 ---------------------------------- Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:13 ---------------------------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- Ensure user exists ------------------------------------------------------ 0.60s /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:5 ----------------------------------- Parse certificate ------------------------------------------------------- 0.57s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.50s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Ensure group "somegroup" exists ----------------------------------------- 0.50s /tmp/tmpvsyllm8f/tests/tests_fs_attrs.yml:9 ----------------------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmpvsyllm8f/tests/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_include_vars_from_parent.yml:1 Monday 09 May 2022 17:04:03 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmpvsyllm8f/tests/tests_include_vars_from_parent.yml:3 Monday 09 May 2022 17:04:04 +0000 (0:00:01.157) 0:00:01.166 ************ changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat-9.1) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpvsyllm8f/tests/roles/caller/vars/RedHat-9.1.yml", "gid": 0, "group": "root", "item": "RedHat-9.1", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652115844.5083296-191809-175688053927479/source", "state": "file", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat-9) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpvsyllm8f/tests/roles/caller/vars/RedHat-9.yml", "gid": 0, "group": "root", "item": "RedHat-9", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652115845.0423868-191809-35367455162345/source", "state": "file", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat_9.1) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpvsyllm8f/tests/roles/caller/vars/RedHat_9.1.yml", "gid": 0, "group": "root", "item": "RedHat_9.1", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652115845.3705645-191809-234160603477550/source", "state": "file", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat_9) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpvsyllm8f/tests/roles/caller/vars/RedHat_9.yml", "gid": 0, "group": "root", "item": "RedHat_9", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652115845.6936588-191809-16506807378013/source", "state": "file", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpvsyllm8f/tests/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652115846.0186296-191809-49550026918910/source", "state": "file", "uid": 0 } TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmpvsyllm8f/tests/roles/caller/tasks/main.yml:4 Monday 09 May 2022 17:04:06 +0000 (0:00:01.890) 0:00:03.056 ************ TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:04:06 +0000 (0:00:00.033) 0:00:03.089 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:04:06 +0000 (0:00:00.021) 0:00:03.111 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:04:06 +0000 (0:00:00.504) 0:00:03.616 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:04:06 +0000 (0:00:00.035) 0:00:03.651 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:04:08 +0000 (0:00:01.247) 0:00:04.899 ************ TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:04:08 +0000 (0:00:00.017) 0:00:04.916 ************ TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:04:08 +0000 (0:00:00.015) 0:00:04.932 ************ TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:04:08 +0000 (0:00:00.015) 0:00:04.948 ************ TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:04:08 +0000 (0:00:00.015) 0:00:04.963 ************ META: role_complete for /cache/rhel-x.qcow2.snap TASK [caller : assert] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/roles/caller/tasks/main.yml:7 Monday 09 May 2022 17:04:08 +0000 (0:00:00.017) 0:00:04.981 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=6 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 09 May 2022 17:04:08 +0000 (0:00:00.026) 0:00:05.007 ************ =============================================================================== create var file in caller that can override the one in called role ------ 1.89s /tmp/tmpvsyllm8f/tests/tests_include_vars_from_parent.yml:3 ------------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.25s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpvsyllm8f/tests/tests_include_vars_from_parent.yml:1 ------------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.50s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 include_role : {{ roletoinclude }} -------------------------------------- 0.03s /tmp/tmpvsyllm8f/tests/roles/caller/tasks/main.yml:4 -------------------------- caller : assert --------------------------------------------------------- 0.03s /tmp/tmpvsyllm8f/tests/roles/caller/tasks/main.yml:7 -------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- linux-system-roles.certificate : Ensure certificate requests ------------ 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure provider packages are installed --- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure provider service is running ----- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_key_size.yml:2 Monday 09 May 2022 17:04:22 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:04:23 +0000 (0:00:01.123) 0:00:01.133 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:04:23 +0000 (0:00:00.018) 0:00:01.152 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:04:23 +0000 (0:00:00.484) 0:00:01.637 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:04:24 +0000 (0:00:00.035) 0:00:01.672 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:04:25 +0000 (0:00:01.295) 0:00:02.967 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:04:27 +0000 (0:00:02.079) 0:00:05.047 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:04:27 +0000 (0:00:00.503) 0:00:05.551 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:04:28 +0000 (0:00:00.380) 0:00:05.932 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket system.slice sysinit.target syslog.target systemd-journald.socket network.target basic.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:04:29 +0000 (0:00:00.953) 0:00:06.885 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_key_size', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert_key_size" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_key_size.yml:14 Monday 09 May 2022 17:04:33 +0000 (0:00:04.286) 0:00:11.171 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_key_size.yml:29 Monday 09 May 2022 17:04:34 +0000 (0:00:00.776) 0:00:11.947 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_size.crt', 'key_path': '/etc/pki/tls/private/mycert_key_size.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_size': 4096}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:04:34 +0000 (0:00:00.035) 0:00:11.982 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:04:34 +0000 (0:00:00.017) 0:00:12.000 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:04:35 +0000 (0:00:00.819) 0:00:12.820 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:04:40 +0000 (0:00:05.102) 0:00:17.922 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.4 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 27.3 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 29.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 30.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 34.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:04:43 +0000 (0:00:03.086) 0:00:21.009 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115872.730869, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2d3a1098aa2a0517d0f9d91a347910f7587ac66f", "ctime": 1652115872.728869, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8887197, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115872.728869, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_size.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1639, "uid": 0, "version": "1895936333", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:04:43 +0000 (0:00:00.505) 0:00:21.515 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:04:43 +0000 (0:00:00.021) 0:00:21.537 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:04:43 +0000 (0:00:00.039) 0:00:21.576 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:04:43 +0000 (0:00:00.033) 0:00:21.610 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115872.658869, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9e10f4c239b943c992c546c3039157c187346272", "ctime": 1652115872.728869, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17336, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115872.728869, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_size.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "3901877085", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:04:44 +0000 (0:00:00.353) 0:00:21.963 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:04:44 +0000 (0:00:00.020) 0:00:21.984 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:04:44 +0000 (0:00:00.036) 0:00:22.021 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_size.crt" ], "delta": "0:00:00.200022", "end": "2022-05-09 13:04:44.430314", "rc": 0, "start": "2022-05-09 13:04:44.230292" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "6A:70:AE:2F:29:F0:02:F2:63:12:EB:A9:49:70:6F:1E:A7:A3:8E:0A", "critical": false }, "authorityKeyIdentifier": { "value": "8D:CB:55:86:21:93:DE:47:39:53:3F:E4:00:BB:3F:EA:E5:D4:A8:0C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2A:FA:B6:C1:0E:F8:BD:03:92:CD:19:4E:4D:F8:85:15:0D:51:A9:D8:CE:BF:B3:16:6B:44:31:CA:9B:BF:0F:BE:5D:79:F7:89:C6:B8:FF:9B:03:AC:DD:C2:87:D9:7C:D3:78:CC:2B:0D:BB:18:93:C4:CC:B6:22:48:90:A7:40:B7:60:03:54:6E:AD:4D:59:FA:37:A1:99:7F:3F:6F:03:44:38:1C:91:D8:C9:23:C8:F3:C8:28:22:6A:DE:47:7E:CE:E4:28:9D:42:BF:C1:5E:AE:FB:6B:17:DF:8A:2F:8B:EF:5F:68:BB:02:4B:29:72:5F:C3:54:C2:07:28:52:8C:AC:E9:29:70:8A:D0:1E:38:0E:5B:39:C6:EA:71:FC:EE:A1:A0:31:9E:89:63:7F:5E:96:82:7B:8F:C9:E5:6C:6C:A3:EF:0E:63:9D:61:26:8B:45:4F:16:CA:AF:1F:CC:37:6B:C7:FC:60:03:41:CC:32:A4:4F:42:C1:B1:CB:FD:CD:B2:02:72:F8:A8:BF:B9:94:D1:06:F0:6D:40:F8:69:29:4D:97:C1:90:97:89:05:E2:F3:4B:F8:D2:D2:01:B8:3B:84:E2:77:A2:D9:23:52:F6:F0:5F:47:36:19:04:E0:34:D7:07:DC:D8:00:0C:FC:61:BB:F2:F4:E3:5D:50:38:2A:15" }, "key_size": 4096, "validity": { "not_valid_after": "2023-05-09 17:04:28", "not_valid_before": "2022-05-09 17:04:32" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:04:45 +0000 (0:00:00.680) 0:00:22.701 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "8D:CB:55:86:21:93:DE:47:39:53:3F:E4:00:BB:3F:EA:E5:D4:A8:0C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "6A:70:AE:2F:29:F0:02:F2:63:12:EB:A9:49:70:6F:1E:A7:A3:8E:0A" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2A:FA:B6:C1:0E:F8:BD:03:92:CD:19:4E:4D:F8:85:15:0D:51:A9:D8:CE:BF:B3:16:6B:44:31:CA:9B:BF:0F:BE:5D:79:F7:89:C6:B8:FF:9B:03:AC:DD:C2:87:D9:7C:D3:78:CC:2B:0D:BB:18:93:C4:CC:B6:22:48:90:A7:40:B7:60:03:54:6E:AD:4D:59:FA:37:A1:99:7F:3F:6F:03:44:38:1C:91:D8:C9:23:C8:F3:C8:28:22:6A:DE:47:7E:CE:E4:28:9D:42:BF:C1:5E:AE:FB:6B:17:DF:8A:2F:8B:EF:5F:68:BB:02:4B:29:72:5F:C3:54:C2:07:28:52:8C:AC:E9:29:70:8A:D0:1E:38:0E:5B:39:C6:EA:71:FC:EE:A1:A0:31:9E:89:63:7F:5E:96:82:7B:8F:C9:E5:6C:6C:A3:EF:0E:63:9D:61:26:8B:45:4F:16:CA:AF:1F:CC:37:6B:C7:FC:60:03:41:CC:32:A4:4F:42:C1:B1:CB:FD:CD:B2:02:72:F8:A8:BF:B9:94:D1:06:F0:6D:40:F8:69:29:4D:97:C1:90:97:89:05:E2:F3:4B:F8:D2:D2:01:B8:3B:84:E2:77:A2:D9:23:52:F6:F0:5F:47:36:19:04:E0:34:D7:07:DC:D8:00:0C:FC:61:BB:F2:F4:E3:5D:50:38:2A:15" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:04:28", "not_valid_before": "2022-05-09 17:04:32" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:04:45 +0000 (0:00:00.030) 0:00:22.732 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:04:45 +0000 (0:00:00.032) 0:00:22.765 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:04:45 +0000 (0:00:00.020) 0:00:22.785 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:04:45 +0000 (0:00:00.031) 0:00:22.817 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:04:45 +0000 (0:00:00.032) 0:00:22.849 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:04:45 +0000 (0:00:00.037) 0:00:22.887 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_size.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.036951", "end": "2022-05-09 13:04:45.011128", "rc": 0, "start": "2022-05-09 13:04:44.974177" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:04:45 +0000 (0:00:00.394) 0:00:23.281 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:04:45 +0000 (0:00:00.040) 0:00:23.322 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.10s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 4.29s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Install certreader ------------------------------------------------------ 3.09s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.08s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.30s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmpvsyllm8f/tests/tests_key_size.yml:2 ----------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.95s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Ensure python3 is installed --------------------------------------------- 0.82s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpvsyllm8f/tests/tests_key_size.yml:14 ---------------------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.50s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.48s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.38s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve key file stats ------------------------------------------------- 0.35s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 ------------ Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 ------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_key_usage_and_extended_key_usage.yml:2 Monday 09 May 2022 17:05:01 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:05:02 +0000 (0:00:01.173) 0:00:01.183 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:05:02 +0000 (0:00:00.019) 0:00:01.203 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:05:02 +0000 (0:00:00.513) 0:00:01.716 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:05:03 +0000 (0:00:00.035) 0:00:01.751 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:05:04 +0000 (0:00:01.310) 0:00:03.062 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:05:06 +0000 (0:00:02.010) 0:00:05.073 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:05:06 +0000 (0:00:00.512) 0:00:05.585 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:05:07 +0000 (0:00:00.370) 0:00:05.956 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice dbus.socket syslog.target network.target dbus-broker.service basic.target systemd-journald.socket sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:05:08 +0000 (0:00:01.001) 0:00:06.958 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_key_usage_and_extended_key_usage', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "extended_key_usage": [ "id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5" ], "key_usage": [ "digitalSignature", "nonRepudiation", "keyEncipherment" ], "name": "mycert_key_usage_and_extended_key_usage" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_key_usage_and_extended_key_usage.yml:22 Monday 09 May 2022 17:05:09 +0000 (0:00:00.976) 0:00:07.935 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_key_usage_and_extended_key_usage.yml:50 Monday 09 May 2022 17:05:10 +0000 (0:00:00.815) 0:00:08.750 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt', 'key_path': '/etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment'], 'extended_key_usage': [{'name': 'id-kp-clientAuth', 'oid': '1.3.6.1.5.5.7.3.2'}, {'name': 'id-kp-serverAuth', 'oid': '1.3.6.1.5.5.7.3.1'}, {'name': 'id-kp-ipsecTunnel', 'oid': '1.3.6.1.5.5.7.3.6'}, {'name': None, 'oid': '1.3.6.1.5.2.3.5'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:05:10 +0000 (0:00:00.035) 0:00:08.785 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:05:10 +0000 (0:00:00.016) 0:00:08.802 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:05:10 +0000 (0:00:00.944) 0:00:09.746 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:05:16 +0000 (0:00:05.374) 0:00:15.121 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.4 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 27.2 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 33.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 11.4 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 56.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:05:19 +0000 (0:00:03.466) 0:00:18.588 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115909.057584, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5357c2654f09c0a9029e7fa71be20184caab0f91", "ctime": 1652115909.055584, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115909.055584, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1318, "uid": 0, "version": "2198059792", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:05:20 +0000 (0:00:00.499) 0:00:19.088 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:05:20 +0000 (0:00:00.023) 0:00:19.111 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:05:20 +0000 (0:00:00.045) 0:00:19.156 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:05:20 +0000 (0:00:00.035) 0:00:19.192 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115908.998584, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9bfc62c3a42bb0941b6ce7755b4930107891b4a0", "ctime": 1652115909.055584, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115909.055584, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "177492419", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:05:20 +0000 (0:00:00.370) 0:00:19.563 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:05:20 +0000 (0:00:00.022) 0:00:19.585 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:05:20 +0000 (0:00:00.042) 0:00:19.628 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt" ], "delta": "0:00:00.197057", "end": "2022-05-09 13:05:21.510296", "rc": 0, "start": "2022-05-09 13:05:21.313239" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "A8:F4:C7:D3:2B:7F:29:0D:3B:C7:1F:53:D2:F1:B9:43:72:55:40:7A", "critical": false }, "authorityKeyIdentifier": { "value": "1B:F5:08:D1:06:B7:13:9B:A0:5B:BC:D4:98:8E:A0:CC:2D:AD:EC:3E", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "82:43:49:70:11:C9:32:F7:60:98:1F:A1:2B:B4:ED:40:57:46:B0:B1:8B:F4:03:DC:30:49:E0:84:DC:01:3D:4A:6F:FD:59:25:01:D5:4A:4D:D4:E2:95:B3:D4:A0:57:F1:55:80:1E:1D:DC:2B:B9:85:9E:BC:A7:18:23:95:BF:7A:3C:E4:0A:3C:82:59:1C:3C:9D:12:34:B2:51:95:13:52:3C:B8:17:B6:A3:34:4A:E9:12:9F:E0:72:56:BB:65:26:C4:F8:3B:85:27:9A:83:C2:D9:E2:4E:59:7E:7F:81:BF:9A:4B:6B:BB:79:C8:D2:86:44:55:AC:A3:6C:05:15:A8:83:2B:69:71:3C:EC:81:7E:AD:60:B3:6F:79:65:FF:68:6C:31:3C:BB:FF:C4:A8:B8:60:81:15:16:D4:01:49:8F:B2:C6:31:7F:7F:6F:00:6E:B1:57:8F:5C:6A:BA:15:1A:D9:06:2A:CE:6E:88:A0:15:1E:12:3D:4E:2F:2B:B6:A2:1A:8E:A8:C9:02:37:9E:ED:82:2D:49:8F:7E:8D:15:62:B3:D0:41:FE:0A:DC:E6:18:C7:2E:E3:69:45:55:64:D9:B1:E6:05:74:9A:06:DE:51:CE:06:3C:64:AC:A6:24:7B:49:9B:6C:13:56:5B:08:D7:84:8C:A9:6D:2C:8C:55:47" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:05:08", "not_valid_before": "2022-05-09 17:05:09" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:05:21 +0000 (0:00:00.680) 0:00:20.308 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "1B:F5:08:D1:06:B7:13:9B:A0:5B:BC:D4:98:8E:A0:CC:2D:AD:EC:3E" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "content_commitment", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A8:F4:C7:D3:2B:7F:29:0D:3B:C7:1F:53:D2:F1:B9:43:72:55:40:7A" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "82:43:49:70:11:C9:32:F7:60:98:1F:A1:2B:B4:ED:40:57:46:B0:B1:8B:F4:03:DC:30:49:E0:84:DC:01:3D:4A:6F:FD:59:25:01:D5:4A:4D:D4:E2:95:B3:D4:A0:57:F1:55:80:1E:1D:DC:2B:B9:85:9E:BC:A7:18:23:95:BF:7A:3C:E4:0A:3C:82:59:1C:3C:9D:12:34:B2:51:95:13:52:3C:B8:17:B6:A3:34:4A:E9:12:9F:E0:72:56:BB:65:26:C4:F8:3B:85:27:9A:83:C2:D9:E2:4E:59:7E:7F:81:BF:9A:4B:6B:BB:79:C8:D2:86:44:55:AC:A3:6C:05:15:A8:83:2B:69:71:3C:EC:81:7E:AD:60:B3:6F:79:65:FF:68:6C:31:3C:BB:FF:C4:A8:B8:60:81:15:16:D4:01:49:8F:B2:C6:31:7F:7F:6F:00:6E:B1:57:8F:5C:6A:BA:15:1A:D9:06:2A:CE:6E:88:A0:15:1E:12:3D:4E:2F:2B:B6:A2:1A:8E:A8:C9:02:37:9E:ED:82:2D:49:8F:7E:8D:15:62:B3:D0:41:FE:0A:DC:E6:18:C7:2E:E3:69:45:55:64:D9:B1:E6:05:74:9A:06:DE:51:CE:06:3C:64:AC:A6:24:7B:49:9B:6C:13:56:5B:08:D7:84:8C:A9:6D:2C:8C:55:47" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:05:08", "not_valid_before": "2022-05-09 17:05:09" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:05:21 +0000 (0:00:00.033) 0:00:20.342 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:05:21 +0000 (0:00:00.037) 0:00:20.379 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:05:21 +0000 (0:00:00.022) 0:00:20.402 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:05:21 +0000 (0:00:00.035) 0:00:20.437 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:05:21 +0000 (0:00:00.033) 0:00:20.470 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:05:21 +0000 (0:00:00.094) 0:00:20.564 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038930", "end": "2022-05-09 13:05:22.154916", "rc": 0, "start": "2022-05-09 13:05:22.115986" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:05:22 +0000 (0:00:00.386) 0:00:20.951 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:05:22 +0000 (0:00:00.039) 0:00:20.990 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.37s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.47s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.01s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.31s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.17s /tmp/tmpvsyllm8f/tests/tests_key_usage_and_extended_key_usage.yml:2 ----------- linux-system-roles.certificate : Ensure provider service is running ----- 1.00s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.98s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Ensure python3 is installed --------------------------------------------- 0.94s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.82s /tmp/tmpvsyllm8f/tests/tests_key_usage_and_extended_key_usage.yml:22 ---------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.51s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.51s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.37s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate Extended Key Usage ----------------------------------- 0.09s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 ------------ Verify certificate file owner and group --------------------------------- 0.05s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmpvsyllm8f/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_many_self_signed.yml:2 Monday 09 May 2022 17:05:37 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:05:39 +0000 (0:00:01.159) 0:00:01.169 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:05:39 +0000 (0:00:00.019) 0:00:01.189 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:05:39 +0000 (0:00:00.530) 0:00:01.719 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:05:39 +0000 (0:00:00.036) 0:00:01.755 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:05:41 +0000 (0:00:01.376) 0:00:03.132 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:05:43 +0000 (0:00:02.216) 0:00:05.349 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:05:43 +0000 (0:00:00.529) 0:00:05.878 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:05:44 +0000 (0:00:00.408) 0:00:06.286 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target systemd-journald.socket dbus.socket network.target dbus-broker.service sysinit.target system.slice basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:05:45 +0000 (0:00:01.007) 0:00:07.294 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_many_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_many_self_signed" } } MSG: Certificate requested (new). changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_many_self_signed.yml:18 Monday 09 May 2022 17:05:48 +0000 (0:00:03.658) 0:00:10.952 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_many_self_signed.yml:50 Monday 09 May 2022 17:05:49 +0000 (0:00:00.894) 0:00:11.847 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_many_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_many_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:05:49 +0000 (0:00:00.049) 0:00:11.896 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:05:49 +0000 (0:00:00.017) 0:00:11.913 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:05:50 +0000 (0:00:00.921) 0:00:12.835 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:05:56 +0000 (0:00:05.288) 0:00:18.123 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 22.3 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 26.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 27.9 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 34.2 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:05:59 +0000 (0:00:03.201) 0:00:21.325 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115946.2600965, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fe66cabb471cee11128ccb45ff37044de0a5e13f", "ctime": 1652115946.2580967, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8886659, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115946.2580967, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_many_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2865500836", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:05:59 +0000 (0:00:00.537) 0:00:21.862 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:05:59 +0000 (0:00:00.023) 0:00:21.886 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:05:59 +0000 (0:00:00.039) 0:00:21.925 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:05:59 +0000 (0:00:00.036) 0:00:21.962 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115946.2000966, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "62f161347af7ab6188b98786358d1a8e5f76060f", "ctime": 1652115946.2580967, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17305, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115946.2580967, "nlink": 1, "path": "/etc/pki/tls/private/mycert_many_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "488583734", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:06:00 +0000 (0:00:00.388) 0:00:22.350 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:06:00 +0000 (0:00:00.020) 0:00:22.371 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:06:00 +0000 (0:00:00.036) 0:00:22.408 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_many_self_signed.crt" ], "delta": "0:00:00.225274", "end": "2022-05-09 13:06:00.327674", "rc": 0, "start": "2022-05-09 13:06:00.102400" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "75:CF:1C:CC:83:FD:A9:63:3D:FE:B4:03:AD:DD:BC:58:CB:E9:0E:29", "critical": false }, "authorityKeyIdentifier": { "value": "65:F2:54:5A:8B:08:75:E6:BA:44:E0:0F:CE:54:F6:6B:B9:72:93:A7", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4D:E6:09:46:1C:A5:CD:5A:62:C2:65:80:DE:FF:4C:4E:40:72:A0:6A:45:01:4C:D7:10:25:57:C0:B8:E6:E9:04:22:82:CB:54:4C:B5:5E:52:58:60:37:A1:94:16:A3:D1:75:BB:D5:11:FD:BB:65:E2:70:7C:80:30:63:47:87:E4:E9:FD:F8:51:DD:A5:2F:50:77:BA:0B:15:95:6E:2F:EA:20:C4:ED:AA:F9:1D:E7:66:14:C1:EA:75:0F:8E:E8:08:54:17:E5:F2:CC:54:DF:26:04:86:A0:99:24:F7:C2:A5:89:3A:3F:35:4F:E6:A0:FE:62:A4:CC:44:55:13:2C:41:AD:CE:FF:F3:88:6D:33:42:56:5F:84:45:10:8F:8F:69:56:A2:D0:8E:1A:AB:FF:8F:58:0F:89:6E:CF:4B:51:3D:0F:5F:AC:EC:20:74:AB:00:65:ED:F6:5C:AC:A2:AA:17:E6:C7:93:FE:5B:A7:FB:1F:F7:F5:E8:D9:A0:68:CC:5E:2D:1A:D6:46:63:78:02:6D:C7:1E:C1:50:F5:96:66:99:86:FE:BB:59:19:57:35:D3:AD:86:E2:7F:DF:2A:D1:D8:04:2E:40:0D:58:BA:D9:3C:15:79:C3:E3:54:BE:73:6A:9C:B6:9F:49:D7:22:34:0F:41:D5:BE:7C:BB:B0:8E:E7" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:05:44", "not_valid_before": "2022-05-09 17:05:46" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:06:00 +0000 (0:00:00.699) 0:00:23.108 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "65:F2:54:5A:8B:08:75:E6:BA:44:E0:0F:CE:54:F6:6B:B9:72:93:A7" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "75:CF:1C:CC:83:FD:A9:63:3D:FE:B4:03:AD:DD:BC:58:CB:E9:0E:29" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4D:E6:09:46:1C:A5:CD:5A:62:C2:65:80:DE:FF:4C:4E:40:72:A0:6A:45:01:4C:D7:10:25:57:C0:B8:E6:E9:04:22:82:CB:54:4C:B5:5E:52:58:60:37:A1:94:16:A3:D1:75:BB:D5:11:FD:BB:65:E2:70:7C:80:30:63:47:87:E4:E9:FD:F8:51:DD:A5:2F:50:77:BA:0B:15:95:6E:2F:EA:20:C4:ED:AA:F9:1D:E7:66:14:C1:EA:75:0F:8E:E8:08:54:17:E5:F2:CC:54:DF:26:04:86:A0:99:24:F7:C2:A5:89:3A:3F:35:4F:E6:A0:FE:62:A4:CC:44:55:13:2C:41:AD:CE:FF:F3:88:6D:33:42:56:5F:84:45:10:8F:8F:69:56:A2:D0:8E:1A:AB:FF:8F:58:0F:89:6E:CF:4B:51:3D:0F:5F:AC:EC:20:74:AB:00:65:ED:F6:5C:AC:A2:AA:17:E6:C7:93:FE:5B:A7:FB:1F:F7:F5:E8:D9:A0:68:CC:5E:2D:1A:D6:46:63:78:02:6D:C7:1E:C1:50:F5:96:66:99:86:FE:BB:59:19:57:35:D3:AD:86:E2:7F:DF:2A:D1:D8:04:2E:40:0D:58:BA:D9:3C:15:79:C3:E3:54:BE:73:6A:9C:B6:9F:49:D7:22:34:0F:41:D5:BE:7C:BB:B0:8E:E7" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:05:44", "not_valid_before": "2022-05-09 17:05:46" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:06:01 +0000 (0:00:00.031) 0:00:23.140 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:06:01 +0000 (0:00:00.033) 0:00:23.173 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:06:01 +0000 (0:00:00.022) 0:00:23.195 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:06:01 +0000 (0:00:00.036) 0:00:23.232 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:06:01 +0000 (0:00:00.034) 0:00:23.266 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:06:01 +0000 (0:00:00.034) 0:00:23.301 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_many_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042780", "end": "2022-05-09 13:06:00.944011", "rc": 0, "start": "2022-05-09 13:06:00.901231" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:06:01 +0000 (0:00:00.420) 0:00:23.721 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:06:01 +0000 (0:00:00.034) 0:00:23.755 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:06:01 +0000 (0:00:00.016) 0:00:23.771 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:06:02 +0000 (0:00:01.026) 0:00:24.798 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:06:03 +0000 (0:00:01.110) 0:00:25.909 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:06:04 +0000 (0:00:00.985) 0:00:26.894 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115947.1450968, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "84219e35b2632a6b916e2ce236657b00b5098135", "ctime": 1652115947.1430967, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8886676, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115947.1430967, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1637730376", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:06:05 +0000 (0:00:00.376) 0:00:27.270 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:06:05 +0000 (0:00:00.020) 0:00:27.291 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:06:05 +0000 (0:00:00.036) 0:00:27.327 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:06:05 +0000 (0:00:00.034) 0:00:27.362 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115947.0760968, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "db893f59d6044bcf11a8ce825772e9bd0e07f689", "ctime": 1652115947.1430967, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17323, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115947.1430967, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2063751634", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:06:05 +0000 (0:00:00.424) 0:00:27.786 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:06:05 +0000 (0:00:00.020) 0:00:27.807 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:06:05 +0000 (0:00:00.034) 0:00:27.842 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.208182", "end": "2022-05-09 13:06:05.641254", "rc": 0, "start": "2022-05-09 13:06:05.433072" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "AD:E1:9E:E6:77:C0:54:31:2E:57:78:4A:6A:56:49:E6:1F:A6:97:17", "critical": false }, "authorityKeyIdentifier": { "value": "65:F2:54:5A:8B:08:75:E6:BA:44:E0:0F:CE:54:F6:6B:B9:72:93:A7", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5A:96:BB:D1:2E:50:2F:40:67:CB:E9:A5:8E:8C:00:D9:A1:5F:51:D4:49:E8:BF:C9:B1:2F:92:BF:9B:4B:21:E9:DF:86:45:DC:0F:7B:70:D1:D1:11:18:1F:E1:6F:20:A7:01:B6:14:F8:EE:95:16:83:3A:5D:06:8C:6F:56:F4:02:14:2D:44:44:1D:5F:35:D8:55:26:FE:B1:9D:36:E6:8A:DD:80:46:D6:73:93:3D:83:C3:D2:DE:FC:C1:E3:70:89:4B:56:DF:F4:46:AA:83:71:D0:9E:68:DB:99:3F:90:0A:CC:10:5A:4A:15:28:9E:93:9B:AF:BA:FA:FD:DE:20:97:1C:FB:C1:BC:6A:53:62:93:E5:5B:46:6C:CF:3E:3F:E3:B4:84:E8:69:18:13:D8:D3:9E:67:A1:F4:75:C0:ED:B0:CF:19:5F:D4:D7:B9:6E:05:76:7B:0C:7A:4C:F4:9B:69:E0:B3:9A:5B:B4:3F:09:BA:43:2A:AE:60:99:7F:E3:CB:74:E1:7D:6D:9F:7F:17:E5:89:05:BD:3B:3D:D0:BD:C2:F3:8C:7D:62:18:97:0F:91:89:5E:49:96:8D:F6:35:7C:5B:FF:70:9F:1D:13:D5:3C:C2:A1:84:09:43:B1:37:CA:83:87:46:81:97:82:21:A7:4A:D1:E1:70:6A:8A:E4:67" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:05:44", "not_valid_before": "2022-05-09 17:05:47" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:06:06 +0000 (0:00:00.577) 0:00:28.419 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "65:F2:54:5A:8B:08:75:E6:BA:44:E0:0F:CE:54:F6:6B:B9:72:93:A7" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "AD:E1:9E:E6:77:C0:54:31:2E:57:78:4A:6A:56:49:E6:1F:A6:97:17" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5A:96:BB:D1:2E:50:2F:40:67:CB:E9:A5:8E:8C:00:D9:A1:5F:51:D4:49:E8:BF:C9:B1:2F:92:BF:9B:4B:21:E9:DF:86:45:DC:0F:7B:70:D1:D1:11:18:1F:E1:6F:20:A7:01:B6:14:F8:EE:95:16:83:3A:5D:06:8C:6F:56:F4:02:14:2D:44:44:1D:5F:35:D8:55:26:FE:B1:9D:36:E6:8A:DD:80:46:D6:73:93:3D:83:C3:D2:DE:FC:C1:E3:70:89:4B:56:DF:F4:46:AA:83:71:D0:9E:68:DB:99:3F:90:0A:CC:10:5A:4A:15:28:9E:93:9B:AF:BA:FA:FD:DE:20:97:1C:FB:C1:BC:6A:53:62:93:E5:5B:46:6C:CF:3E:3F:E3:B4:84:E8:69:18:13:D8:D3:9E:67:A1:F4:75:C0:ED:B0:CF:19:5F:D4:D7:B9:6E:05:76:7B:0C:7A:4C:F4:9B:69:E0:B3:9A:5B:B4:3F:09:BA:43:2A:AE:60:99:7F:E3:CB:74:E1:7D:6D:9F:7F:17:E5:89:05:BD:3B:3D:D0:BD:C2:F3:8C:7D:62:18:97:0F:91:89:5E:49:96:8D:F6:35:7C:5B:FF:70:9F:1D:13:D5:3C:C2:A1:84:09:43:B1:37:CA:83:87:46:81:97:82:21:A7:4A:D1:E1:70:6A:8A:E4:67" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-05-09 17:05:44", "not_valid_before": "2022-05-09 17:05:47" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:06:06 +0000 (0:00:00.032) 0:00:28.451 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:06:06 +0000 (0:00:00.032) 0:00:28.484 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:06:06 +0000 (0:00:00.020) 0:00:28.504 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:06:06 +0000 (0:00:00.032) 0:00:28.537 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:06:06 +0000 (0:00:00.032) 0:00:28.569 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:06:06 +0000 (0:00:00.033) 0:00:28.603 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039921", "end": "2022-05-09 13:06:06.229939", "rc": 0, "start": "2022-05-09 13:06:06.190018" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:06:06 +0000 (0:00:00.401) 0:00:29.004 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:06:06 +0000 (0:00:00.035) 0:00:29.040 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:06:06 +0000 (0:00:00.016) 0:00:29.056 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:06:07 +0000 (0:00:00.887) 0:00:29.944 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:06:08 +0000 (0:00:01.076) 0:00:31.021 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:06:09 +0000 (0:00:00.955) 0:00:31.977 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115948.0220966, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "561b4a559e6ea6515a989e4ff35cdb5a6f2c0849", "ctime": 1652115948.0200968, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8388826, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115948.0200968, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "701161417", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:06:10 +0000 (0:00:00.375) 0:00:32.353 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:06:10 +0000 (0:00:00.022) 0:00:32.376 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:06:10 +0000 (0:00:00.038) 0:00:32.414 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:06:10 +0000 (0:00:00.034) 0:00:32.448 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115947.9610968, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b2564b11c00b9cd851d9997e107c08ccfae8dd51", "ctime": 1652115948.0200968, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17333, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115948.0200968, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1047290762", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:06:10 +0000 (0:00:00.374) 0:00:32.823 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:06:10 +0000 (0:00:00.025) 0:00:32.849 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:06:10 +0000 (0:00:00.041) 0:00:32.890 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.200404", "end": "2022-05-09 13:06:10.668226", "rc": 0, "start": "2022-05-09 13:06:10.467822" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "D8:63:53:63:8B:E2:05:31:BB:C1:55:64:B2:F2:94:53:F4:4F:8E:9F", "critical": false }, "authorityKeyIdentifier": { "value": "65:F2:54:5A:8B:08:75:E6:BA:44:E0:0F:CE:54:F6:6B:B9:72:93:A7", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "94:E0:A8:AD:4C:55:AB:53:28:3A:F8:88:74:67:80:7E:57:12:D3:C3:0F:0B:0B:3B:C7:93:CF:A7:88:E6:6B:CF:5D:FA:B0:0B:A7:35:A7:F3:0E:0A:6A:8C:33:A1:0B:D5:59:7C:C1:40:CE:59:AA:1C:4F:F6:BC:99:93:FB:CC:D5:AA:17:87:D8:97:12:26:20:24:67:ED:76:98:97:29:D9:44:1F:02:F5:98:19:96:E1:B1:CC:18:2E:DC:92:AB:02:3B:60:B0:CE:C9:E3:62:90:2F:78:73:21:AB:C6:3C:0E:26:01:4A:A1:75:70:66:1A:97:BB:BB:1E:48:96:34:A3:13:F5:A1:41:64:AB:59:56:51:12:5A:82:82:B1:6A:5B:0D:FC:01:78:87:13:B2:A7:26:CA:55:F1:F8:CD:82:C8:07:62:61:DF:0C:EA:4C:9E:51:DE:FC:BE:27:5F:44:CF:E8:D5:25:E2:73:86:3A:3C:A6:CA:6C:0F:5E:2C:08:22:2C:F9:2F:7D:64:5B:28:4F:D0:F3:4B:0C:16:68:9A:EC:13:A9:3E:B2:53:7E:36:31:7B:BA:93:E6:1C:BD:30:AC:2A:0F:2F:95:DD:7B:78:6A:19:B9:38:8F:26:CF:F6:93:DD:5B:64:7C:A6:F4:41:D8:41:0E:44:9F:90:69:B3:18" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:05:44", "not_valid_before": "2022-05-09 17:05:48" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:06:11 +0000 (0:00:00.553) 0:00:33.444 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "65:F2:54:5A:8B:08:75:E6:BA:44:E0:0F:CE:54:F6:6B:B9:72:93:A7" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "D8:63:53:63:8B:E2:05:31:BB:C1:55:64:B2:F2:94:53:F4:4F:8E:9F" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "94:E0:A8:AD:4C:55:AB:53:28:3A:F8:88:74:67:80:7E:57:12:D3:C3:0F:0B:0B:3B:C7:93:CF:A7:88:E6:6B:CF:5D:FA:B0:0B:A7:35:A7:F3:0E:0A:6A:8C:33:A1:0B:D5:59:7C:C1:40:CE:59:AA:1C:4F:F6:BC:99:93:FB:CC:D5:AA:17:87:D8:97:12:26:20:24:67:ED:76:98:97:29:D9:44:1F:02:F5:98:19:96:E1:B1:CC:18:2E:DC:92:AB:02:3B:60:B0:CE:C9:E3:62:90:2F:78:73:21:AB:C6:3C:0E:26:01:4A:A1:75:70:66:1A:97:BB:BB:1E:48:96:34:A3:13:F5:A1:41:64:AB:59:56:51:12:5A:82:82:B1:6A:5B:0D:FC:01:78:87:13:B2:A7:26:CA:55:F1:F8:CD:82:C8:07:62:61:DF:0C:EA:4C:9E:51:DE:FC:BE:27:5F:44:CF:E8:D5:25:E2:73:86:3A:3C:A6:CA:6C:0F:5E:2C:08:22:2C:F9:2F:7D:64:5B:28:4F:D0:F3:4B:0C:16:68:9A:EC:13:A9:3E:B2:53:7E:36:31:7B:BA:93:E6:1C:BD:30:AC:2A:0F:2F:95:DD:7B:78:6A:19:B9:38:8F:26:CF:F6:93:DD:5B:64:7C:A6:F4:41:D8:41:0E:44:9F:90:69:B3:18" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-05-09 17:05:44", "not_valid_before": "2022-05-09 17:05:48" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:06:11 +0000 (0:00:00.032) 0:00:33.476 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:06:11 +0000 (0:00:00.035) 0:00:33.512 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:06:11 +0000 (0:00:00.021) 0:00:33.533 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:06:11 +0000 (0:00:00.032) 0:00:33.566 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:06:11 +0000 (0:00:00.034) 0:00:33.601 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:06:11 +0000 (0:00:00.034) 0:00:33.635 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039634", "end": "2022-05-09 13:06:11.260256", "rc": 0, "start": "2022-05-09 13:06:11.220622" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:06:11 +0000 (0:00:00.400) 0:00:34.036 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=73 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:06:11 +0000 (0:00:00.039) 0:00:34.076 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.29s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 3.66s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Install certreader ------------------------------------------------------ 3.20s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.22s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.38s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpvsyllm8f/tests/tests_many_self_signed.yml:2 --------------------------- Install the package, force upgrade -------------------------------------- 1.11s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install the package, force upgrade -------------------------------------- 1.08s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Ensure python3 is installed --------------------------------------------- 1.03s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.01s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Install certreader ------------------------------------------------------ 0.99s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- Install certreader ------------------------------------------------------ 0.96s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 0.92s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.89s /tmp/tmpvsyllm8f/tests/tests_many_self_signed.yml:18 -------------------------- Ensure python3 is installed --------------------------------------------- 0.89s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.58s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.55s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- Retrieve certificate file stats ----------------------------------------- 0.54s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_no_auto_renew.yml:2 Monday 09 May 2022 17:06:26 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:06:27 +0000 (0:00:01.153) 0:00:01.163 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:06:27 +0000 (0:00:00.019) 0:00:01.183 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:06:27 +0000 (0:00:00.513) 0:00:01.696 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:06:27 +0000 (0:00:00.035) 0:00:01.732 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:06:29 +0000 (0:00:01.348) 0:00:03.081 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:06:31 +0000 (0:00:02.134) 0:00:05.216 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:06:31 +0000 (0:00:00.518) 0:00:05.735 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:06:32 +0000 (0:00:00.382) 0:00:06.118 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket syslog.target sysinit.target network.target dbus.socket system.slice dbus-broker.service basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:06:33 +0000 (0:00:00.993) 0:00:07.112 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_no_auto_renew', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => { "ansible_loop_var": "item", "changed": true, "item": { "auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert_no_auto_renew" } } MSG: Certificate requested (new). changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "defaultcert" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_no_auto_renew.yml:17 Monday 09 May 2022 17:06:36 +0000 (0:00:03.040) 0:00:10.152 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_no_auto_renew.yml:42 Monday 09 May 2022 17:06:37 +0000 (0:00:00.818) 0:00:10.970 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_no_auto_renew.crt', 'key_path': '/etc/pki/tls/private/mycert_no_auto_renew.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': False}) included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/defaultcert.crt', 'key_path': '/etc/pki/tls/private/defaultcert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': True}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:06:37 +0000 (0:00:00.042) 0:00:11.012 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:06:37 +0000 (0:00:00.016) 0:00:11.029 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:06:37 +0000 (0:00:00.872) 0:00:11.901 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:06:43 +0000 (0:00:05.425) 0:00:17.327 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 28.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 26.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 27.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 44.6 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:06:46 +0000 (0:00:03.163) 0:00:20.491 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115994.9234147, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9f2bd14be77468690e738573337e1af15a7a0d81", "ctime": 1652115994.9214146, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8887182, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115994.9214146, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_no_auto_renew.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "897432213", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:06:47 +0000 (0:00:00.503) 0:00:20.994 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:06:47 +0000 (0:00:00.021) 0:00:21.015 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:06:47 +0000 (0:00:00.035) 0:00:21.051 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:06:47 +0000 (0:00:00.032) 0:00:21.083 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115994.8624146, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1c24a2556b2f26a6ec80406c852bde906dc394c9", "ctime": 1652115994.9214146, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17317, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115994.9214146, "nlink": 1, "path": "/etc/pki/tls/private/mycert_no_auto_renew.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "122622419", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:06:47 +0000 (0:00:00.369) 0:00:21.453 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:06:47 +0000 (0:00:00.021) 0:00:21.474 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:06:47 +0000 (0:00:00.036) 0:00:21.511 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_no_auto_renew.crt" ], "delta": "0:00:00.198895", "end": "2022-05-09 13:06:47.941176", "rc": 0, "start": "2022-05-09 13:06:47.742281" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "19:C4:5C:D3:77:6C:3E:EB:27:B9:28:28:0A:11:9B:CD:DB:C8:0E:D9", "critical": false }, "authorityKeyIdentifier": { "value": "3F:A0:85:FB:F2:7C:3C:8B:D7:4E:0A:24:74:95:A0:E6:A9:31:ED:A3", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4F:49:52:CE:B8:73:4A:88:91:25:75:D7:64:C5:2E:20:CF:9F:DD:DB:8D:6D:CA:40:6A:55:3B:B7:7D:6D:F9:56:99:8C:BD:DC:DC:DB:B2:D9:3E:2D:70:6D:7D:01:06:56:4A:8C:27:A8:D5:83:31:5F:2D:6A:6E:F0:F2:A4:FB:D1:7D:55:CF:63:75:87:02:1E:EF:8A:7F:8D:A1:B5:33:F5:10:E1:4A:E8:F4:C4:B7:5A:12:52:7D:AC:57:6B:A2:49:1C:F3:20:39:8D:08:6B:6F:51:BD:A4:47:CB:90:F5:EF:DD:E0:0C:2C:99:A7:5D:6F:FE:27:2C:E7:C9:0E:1C:32:44:CF:FD:11:98:92:C6:CA:4C:71:2B:7C:1A:4B:BE:87:01:3C:96:23:4D:3E:E8:F3:5F:19:A0:D9:FE:4E:D7:8F:35:95:93:2D:EA:05:C6:46:7E:64:F6:A3:F4:3E:53:85:39:2C:18:7F:26:0C:44:99:9B:9C:BF:AB:12:AF:4A:20:85:EF:C6:20:0E:4C:BC:3B:0B:56:B0:E0:69:36:E5:3A:1F:82:F7:83:60:2E:46:89:14:7E:56:3C:2E:30:D3:FC:0D:D8:0F:AC:83:92:03:55:74:7C:89:05:23:64:95:88:16:7A:43:98:0E:E6:97:E6:DB:44:72:EE:EF:7C:03:6C" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:06:33", "not_valid_before": "2022-05-09 17:06:34" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:06:48 +0000 (0:00:00.675) 0:00:22.187 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "3F:A0:85:FB:F2:7C:3C:8B:D7:4E:0A:24:74:95:A0:E6:A9:31:ED:A3" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "19:C4:5C:D3:77:6C:3E:EB:27:B9:28:28:0A:11:9B:CD:DB:C8:0E:D9" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4F:49:52:CE:B8:73:4A:88:91:25:75:D7:64:C5:2E:20:CF:9F:DD:DB:8D:6D:CA:40:6A:55:3B:B7:7D:6D:F9:56:99:8C:BD:DC:DC:DB:B2:D9:3E:2D:70:6D:7D:01:06:56:4A:8C:27:A8:D5:83:31:5F:2D:6A:6E:F0:F2:A4:FB:D1:7D:55:CF:63:75:87:02:1E:EF:8A:7F:8D:A1:B5:33:F5:10:E1:4A:E8:F4:C4:B7:5A:12:52:7D:AC:57:6B:A2:49:1C:F3:20:39:8D:08:6B:6F:51:BD:A4:47:CB:90:F5:EF:DD:E0:0C:2C:99:A7:5D:6F:FE:27:2C:E7:C9:0E:1C:32:44:CF:FD:11:98:92:C6:CA:4C:71:2B:7C:1A:4B:BE:87:01:3C:96:23:4D:3E:E8:F3:5F:19:A0:D9:FE:4E:D7:8F:35:95:93:2D:EA:05:C6:46:7E:64:F6:A3:F4:3E:53:85:39:2C:18:7F:26:0C:44:99:9B:9C:BF:AB:12:AF:4A:20:85:EF:C6:20:0E:4C:BC:3B:0B:56:B0:E0:69:36:E5:3A:1F:82:F7:83:60:2E:46:89:14:7E:56:3C:2E:30:D3:FC:0D:D8:0F:AC:83:92:03:55:74:7C:89:05:23:64:95:88:16:7A:43:98:0E:E6:97:E6:DB:44:72:EE:EF:7C:03:6C" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:06:33", "not_valid_before": "2022-05-09 17:06:34" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:06:48 +0000 (0:00:00.032) 0:00:22.219 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:06:48 +0000 (0:00:00.033) 0:00:22.253 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:06:48 +0000 (0:00:00.021) 0:00:22.274 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:06:48 +0000 (0:00:00.034) 0:00:22.309 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:06:48 +0000 (0:00:00.063) 0:00:22.372 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:06:48 +0000 (0:00:00.032) 0:00:22.405 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_no_auto_renew.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044618", "end": "2022-05-09 13:06:48.561423", "rc": 0, "start": "2022-05-09 13:06:48.516805" } STDOUT: no TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:06:48 +0000 (0:00:00.400) 0:00:22.805 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:06:48 +0000 (0:00:00.032) 0:00:22.838 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:06:48 +0000 (0:00:00.014) 0:00:22.853 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:06:49 +0000 (0:00:00.887) 0:00:23.740 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:06:50 +0000 (0:00:01.053) 0:00:24.794 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:06:51 +0000 (0:00:00.894) 0:00:25.689 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115995.8304148, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1214707003319514bbdc98bbedba0f68c7a5b95f", "ctime": 1652115995.8294146, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8388826, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115995.8294146, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "701161416", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:06:52 +0000 (0:00:00.366) 0:00:26.055 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:06:52 +0000 (0:00:00.019) 0:00:26.074 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:06:52 +0000 (0:00:00.035) 0:00:26.110 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:06:52 +0000 (0:00:00.031) 0:00:26.141 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652115995.7704146, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7a3092b6a9500ab65ef69754ade642d583ca22b8", "ctime": 1652115995.8294146, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17336, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652115995.8294146, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2354126820", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:06:52 +0000 (0:00:00.362) 0:00:26.504 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:06:52 +0000 (0:00:00.020) 0:00:26.524 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:06:52 +0000 (0:00:00.036) 0:00:26.561 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt" ], "delta": "0:00:00.199693", "end": "2022-05-09 13:06:52.859388", "rc": 0, "start": "2022-05-09 13:06:52.659695" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "A1:76:5C:49:03:0E:CF:AA:6E:55:80:96:47:FD:43:B1:02:14:34:55", "critical": false }, "authorityKeyIdentifier": { "value": "3F:A0:85:FB:F2:7C:3C:8B:D7:4E:0A:24:74:95:A0:E6:A9:31:ED:A3", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "73:3D:F9:F7:2C:B5:74:CF:AC:D9:F7:7F:CE:A2:13:32:91:84:CF:D8:E0:E1:D9:63:3B:A2:84:F8:55:FF:48:89:B4:0E:EA:52:63:0A:4D:06:89:66:27:77:D5:A5:25:CC:87:07:33:01:9F:EE:FC:1D:E5:37:D5:E4:B9:78:C8:19:BF:36:F6:7E:44:3C:6F:13:07:87:2A:81:9C:4A:C0:77:A8:FB:48:3A:5C:82:72:4C:69:5C:91:D0:09:A5:C3:E1:72:B5:7C:85:18:09:A0:31:A7:0F:8F:15:C4:B9:AD:48:7D:C9:F0:B7:2C:1A:D5:73:53:30:1E:36:85:E0:43:C1:EC:65:ED:00:D5:AC:5E:B0:9B:DE:4E:C7:EA:31:5C:09:12:73:66:5B:FD:14:0D:4F:4D:BF:5A:FA:FB:C1:6E:9F:D9:D8:14:34:25:FA:3E:CD:10:F2:42:8C:82:36:23:03:68:F2:1E:94:C4:D5:F4:5C:39:AE:C4:CA:41:4B:28:2C:D7:93:C1:96:74:22:E1:73:1C:8E:31:62:16:1F:E0:F9:04:2B:DD:AE:DC:F9:03:2D:AE:D3:76:4E:4F:1F:A7:77:17:37:D6:E4:13:57:62:04:F6:A5:9C:59:13:76:40:ED:A5:E4:EC:59:37:2D:43:02:99:41:33:4A:C3:F1:4B:E7" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:06:33", "not_valid_before": "2022-05-09 17:06:35" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:06:53 +0000 (0:00:00.544) 0:00:27.105 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "3F:A0:85:FB:F2:7C:3C:8B:D7:4E:0A:24:74:95:A0:E6:A9:31:ED:A3" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A1:76:5C:49:03:0E:CF:AA:6E:55:80:96:47:FD:43:B1:02:14:34:55" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "73:3D:F9:F7:2C:B5:74:CF:AC:D9:F7:7F:CE:A2:13:32:91:84:CF:D8:E0:E1:D9:63:3B:A2:84:F8:55:FF:48:89:B4:0E:EA:52:63:0A:4D:06:89:66:27:77:D5:A5:25:CC:87:07:33:01:9F:EE:FC:1D:E5:37:D5:E4:B9:78:C8:19:BF:36:F6:7E:44:3C:6F:13:07:87:2A:81:9C:4A:C0:77:A8:FB:48:3A:5C:82:72:4C:69:5C:91:D0:09:A5:C3:E1:72:B5:7C:85:18:09:A0:31:A7:0F:8F:15:C4:B9:AD:48:7D:C9:F0:B7:2C:1A:D5:73:53:30:1E:36:85:E0:43:C1:EC:65:ED:00:D5:AC:5E:B0:9B:DE:4E:C7:EA:31:5C:09:12:73:66:5B:FD:14:0D:4F:4D:BF:5A:FA:FB:C1:6E:9F:D9:D8:14:34:25:FA:3E:CD:10:F2:42:8C:82:36:23:03:68:F2:1E:94:C4:D5:F4:5C:39:AE:C4:CA:41:4B:28:2C:D7:93:C1:96:74:22:E1:73:1C:8E:31:62:16:1F:E0:F9:04:2B:DD:AE:DC:F9:03:2D:AE:D3:76:4E:4F:1F:A7:77:17:37:D6:E4:13:57:62:04:F6:A5:9C:59:13:76:40:ED:A5:E4:EC:59:37:2D:43:02:99:41:33:4A:C3:F1:4B:E7" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:06:33", "not_valid_before": "2022-05-09 17:06:35" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:06:53 +0000 (0:00:00.032) 0:00:27.137 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:06:53 +0000 (0:00:00.031) 0:00:27.169 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:06:53 +0000 (0:00:00.019) 0:00:27.188 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:06:53 +0000 (0:00:00.031) 0:00:27.220 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:06:53 +0000 (0:00:00.032) 0:00:27.252 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:06:53 +0000 (0:00:00.033) 0:00:27.285 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038258", "end": "2022-05-09 13:06:53.431708", "rc": 0, "start": "2022-05-09 13:06:53.393450" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:06:53 +0000 (0:00:00.389) 0:00:27.675 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=52 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:06:53 +0000 (0:00:00.039) 0:00:27.714 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.43s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.16s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 3.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure provider packages are installed --- 2.13s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.35s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmpvsyllm8f/tests/tests_no_auto_renew.yml:2 ------------------------------ Install the package, force upgrade -------------------------------------- 1.05s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.99s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Install certreader ------------------------------------------------------ 0.89s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 0.89s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 0.87s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.82s /tmp/tmpvsyllm8f/tests/tests_no_auto_renew.yml:17 ----------------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.54s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.51s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.38s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml:2 Monday 09 May 2022 17:07:09 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:07:10 +0000 (0:00:01.210) 0:00:01.220 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:07:10 +0000 (0:00:00.021) 0:00:01.242 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:07:11 +0000 (0:00:00.549) 0:00:01.791 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:07:11 +0000 (0:00:00.038) 0:00:01.830 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:07:12 +0000 (0:00:01.371) 0:00:03.201 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:07:14 +0000 (0:00:02.187) 0:00:05.389 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:07:15 +0000 (0:00:00.535) 0:00:05.925 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:07:15 +0000 (0:00:00.395) 0:00:06.320 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service sysinit.target system.slice syslog.target network.target systemd-journald.socket basic.target dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:07:16 +0000 (0:00:01.046) 0:00:07.367 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_not_wait_for_cert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_not_wait_for_cert" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml:14 Monday 09 May 2022 17:07:17 +0000 (0:00:00.652) 0:00:08.020 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml:28 Monday 09 May 2022 17:07:18 +0000 (0:00:00.801) 0:00:08.822 ************ ok: [/cache/rhel-x.qcow2.snap] => (item={'path': '/etc/pki/tls/certs/mycert_not_wait_for_cert.crt', 'key_path': '/etc/pki/tls/private/mycert_not_wait_for_cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => { "ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": { "key_path": "/etc/pki/tls/private/mycert_not_wait_for_cert.key", "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "subject_alt_name": [ { "name": "DNS", "value": "www.example.com" } ] }, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1294, "state": "file", "uid": 0 } TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml:34 Monday 09 May 2022 17:07:18 +0000 (0:00:00.491) 0:00:09.313 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_not_wait_for_cert.crt', 'key_path': '/etc/pki/tls/private/mycert_not_wait_for_cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:07:18 +0000 (0:00:00.042) 0:00:09.355 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:07:18 +0000 (0:00:00.019) 0:00:09.375 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:07:19 +0000 (0:00:00.893) 0:00:10.268 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:07:24 +0000 (0:00:05.302) 0:00:15.570 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 11.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 20.3 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 28.9 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 26.0 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 40.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:07:28 +0000 (0:00:03.146) 0:00:18.717 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116037.5738027, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "afb08dae974c5fb9a4a8d352449f6a5c60088bac", "ctime": 1652116037.5718029, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8388826, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116037.5718029, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "701161416", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:07:28 +0000 (0:00:00.492) 0:00:19.210 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:07:28 +0000 (0:00:00.020) 0:00:19.231 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:07:28 +0000 (0:00:00.034) 0:00:19.266 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:07:28 +0000 (0:00:00.032) 0:00:19.298 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116037.5138028, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "62bfbbac068b889a1a68c5151eb1a13e965eabeb", "ctime": 1652116037.5718029, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17297, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116037.5718029, "nlink": 1, "path": "/etc/pki/tls/private/mycert_not_wait_for_cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2173195228", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:07:29 +0000 (0:00:00.356) 0:00:19.655 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:07:29 +0000 (0:00:00.020) 0:00:19.675 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:07:29 +0000 (0:00:00.036) 0:00:19.711 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt" ], "delta": "0:00:00.203154", "end": "2022-05-09 13:07:29.555636", "rc": 0, "start": "2022-05-09 13:07:29.352482" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "7A:10:91:BD:CA:02:A5:BC:69:A0:DB:12:DE:E1:7A:5E:7C:64:DA:55", "critical": false }, "authorityKeyIdentifier": { "value": "D0:86:68:78:F1:57:12:B2:F5:11:DE:DD:62:7C:CA:B0:F7:B7:96:C4", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "08:3C:94:72:86:5B:84:A5:BC:DD:6C:56:41:AF:FB:12:4D:2B:CB:C8:4B:87:62:80:D0:5C:20:C6:4B:EE:1D:02:EB:DF:EA:7E:C9:09:4B:B6:FF:8E:FD:57:4D:94:64:FE:86:D3:05:BF:E4:B0:78:36:2E:00:4D:D0:27:E4:33:6A:20:5B:C5:95:A0:23:4A:E7:82:43:EC:48:32:B4:5E:29:54:F4:13:BA:F7:50:1B:AB:C8:54:A6:7B:22:48:B6:69:D9:C1:3A:40:96:BC:4B:BE:ED:DA:8F:64:18:C0:62:06:9A:AA:6D:CE:91:7F:BA:12:5B:A6:74:AD:03:9E:E5:0A:83:C6:FC:4E:E8:1B:0A:34:49:29:8A:C9:FC:C4:6A:A4:B1:20:94:78:63:B5:59:2A:8E:19:CF:41:B5:78:C1:51:CC:60:8A:40:26:28:84:2D:EC:01:4F:64:78:97:D3:76:00:0A:35:1F:73:65:90:AE:81:57:93:30:4C:5F:6F:25:F9:D9:DC:F2:2E:05:22:68:44:10:64:67:3C:E9:12:CE:79:AC:7B:3B:73:B7:CE:E4:F4:ED:9B:62:BE:7C:27:63:98:97:81:AA:E5:B8:67:33:96:8B:14:EE:83:5B:59:47:4A:0F:F5:4C:A5:0A:98:53:96:51:E4:BD:C2:D2:AA:E3" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:07:16", "not_valid_before": "2022-05-09 17:07:17" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:07:29 +0000 (0:00:00.675) 0:00:20.387 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "D0:86:68:78:F1:57:12:B2:F5:11:DE:DD:62:7C:CA:B0:F7:B7:96:C4" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "7A:10:91:BD:CA:02:A5:BC:69:A0:DB:12:DE:E1:7A:5E:7C:64:DA:55" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "08:3C:94:72:86:5B:84:A5:BC:DD:6C:56:41:AF:FB:12:4D:2B:CB:C8:4B:87:62:80:D0:5C:20:C6:4B:EE:1D:02:EB:DF:EA:7E:C9:09:4B:B6:FF:8E:FD:57:4D:94:64:FE:86:D3:05:BF:E4:B0:78:36:2E:00:4D:D0:27:E4:33:6A:20:5B:C5:95:A0:23:4A:E7:82:43:EC:48:32:B4:5E:29:54:F4:13:BA:F7:50:1B:AB:C8:54:A6:7B:22:48:B6:69:D9:C1:3A:40:96:BC:4B:BE:ED:DA:8F:64:18:C0:62:06:9A:AA:6D:CE:91:7F:BA:12:5B:A6:74:AD:03:9E:E5:0A:83:C6:FC:4E:E8:1B:0A:34:49:29:8A:C9:FC:C4:6A:A4:B1:20:94:78:63:B5:59:2A:8E:19:CF:41:B5:78:C1:51:CC:60:8A:40:26:28:84:2D:EC:01:4F:64:78:97:D3:76:00:0A:35:1F:73:65:90:AE:81:57:93:30:4C:5F:6F:25:F9:D9:DC:F2:2E:05:22:68:44:10:64:67:3C:E9:12:CE:79:AC:7B:3B:73:B7:CE:E4:F4:ED:9B:62:BE:7C:27:63:98:97:81:AA:E5:B8:67:33:96:8B:14:EE:83:5B:59:47:4A:0F:F5:4C:A5:0A:98:53:96:51:E4:BD:C2:D2:AA:E3" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:07:16", "not_valid_before": "2022-05-09 17:07:17" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:07:29 +0000 (0:00:00.031) 0:00:20.418 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:07:29 +0000 (0:00:00.032) 0:00:20.451 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:07:29 +0000 (0:00:00.020) 0:00:20.472 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:07:29 +0000 (0:00:00.075) 0:00:20.547 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:07:29 +0000 (0:00:00.032) 0:00:20.580 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:07:29 +0000 (0:00:00.031) 0:00:20.611 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_not_wait_for_cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040634", "end": "2022-05-09 13:07:30.176429", "rc": 0, "start": "2022-05-09 13:07:30.135795" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:07:30 +0000 (0:00:00.392) 0:00:21.004 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=32 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:07:30 +0000 (0:00:00.039) 0:00:21.044 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.30s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.15s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.19s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.37s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.21s /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml:2 -------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.05s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Ensure python3 is installed --------------------------------------------- 0.89s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.80s /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml:14 ------------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.65s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.55s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- Wait for certificate ---------------------------------------------------- 0.49s /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml:28 ------------------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify key size --------------------------------------------------------- 0.08s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 ------------ Verify each certificate ------------------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tests_not_wait_for_cert.yml:34 ------------------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 ------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmpvsyllm8f/tests/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_principal.yml:2 Monday 09 May 2022 17:07:44 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:07:45 +0000 (0:00:01.115) 0:00:01.124 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:07:45 +0000 (0:00:00.021) 0:00:01.146 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:07:46 +0000 (0:00:00.505) 0:00:01.651 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:07:46 +0000 (0:00:00.037) 0:00:01.688 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:07:47 +0000 (0:00:01.322) 0:00:03.011 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:07:49 +0000 (0:00:02.028) 0:00:05.040 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:07:50 +0000 (0:00:00.520) 0:00:05.560 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:07:50 +0000 (0:00:00.376) 0:00:05.936 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target dbus-broker.service syslog.target system.slice dbus.socket systemd-journald.socket basic.target network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:07:51 +0000 (0:00:00.964) 0:00:06.901 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_principal', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_principal", "principal": "HTTP/www.example.com@EXAMPLE.COM" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_principal.yml:13 Monday 09 May 2022 17:07:52 +0000 (0:00:00.884) 0:00:07.786 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_principal.yml:33 Monday 09 May 2022 17:07:53 +0000 (0:00:00.798) 0:00:08.584 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_principal.crt', 'key_path': '/etc/pki/tls/private/mycert_principal.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}, {'name': 'Universal Principal Name (UPN)', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.4.1.311.20.2.3'}, {'name': 'Kerberos principalname', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.5.2.2'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:07:53 +0000 (0:00:00.034) 0:00:08.618 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:07:53 +0000 (0:00:00.019) 0:00:08.638 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:07:54 +0000 (0:00:00.894) 0:00:09.533 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:07:59 +0000 (0:00:05.205) 0:00:14.738 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 10.9 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 24.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 29.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 2.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 37.7 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:08:03 +0000 (0:00:03.697) 0:00:18.435 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116072.6312866, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "95cec120986730587dab3ecb7608f5cd4564e490", "ctime": 1652116072.6292865, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116072.6292865, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_principal.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1456, "uid": 0, "version": "2058062737", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:08:03 +0000 (0:00:00.497) 0:00:18.932 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:08:03 +0000 (0:00:00.023) 0:00:18.955 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:08:03 +0000 (0:00:00.038) 0:00:18.994 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:08:03 +0000 (0:00:00.034) 0:00:19.029 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116072.5712867, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9121ba97266a549e2026c3a8ff5b31559bca06de", "ctime": 1652116072.6292865, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116072.6292865, "nlink": 1, "path": "/etc/pki/tls/private/mycert_principal.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4006034298", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:08:04 +0000 (0:00:00.353) 0:00:19.383 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:08:04 +0000 (0:00:00.021) 0:00:19.404 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:08:04 +0000 (0:00:00.039) 0:00:19.443 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_principal.crt" ], "delta": "0:00:00.200415", "end": "2022-05-09 13:08:05.042192", "rc": 0, "start": "2022-05-09 13:08:04.841777" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.5.2.2" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "ED:57:24:1D:70:88:51:68:73:EC:25:E2:DC:2E:39:F5:F2:69:97:42", "critical": false }, "authorityKeyIdentifier": { "value": "18:EA:9D:6C:F3:24:4F:1C:D1:70:6D:46:D2:D6:B2:41:60:65:01:8C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "85:4D:B4:B1:76:D7:BD:D9:67:96:42:57:77:5B:BF:EE:4F:10:87:4C:7F:DA:0B:DA:77:26:95:1B:30:BB:1D:A6:52:B1:8F:90:CA:DA:85:51:7D:DA:21:7B:DA:21:47:41:81:2F:52:18:04:59:DB:24:78:A7:D8:7E:C8:41:DF:E0:EA:CC:14:09:92:64:5F:C1:B6:47:91:38:1E:89:C6:89:E7:32:8B:5B:5B:3E:FC:CF:25:1A:A3:21:FE:C2:EA:5C:4D:53:77:D1:0C:5D:A8:33:D5:6E:DF:BA:C6:A6:F6:C5:FE:56:18:83:55:43:3E:D7:29:D0:94:18:E7:B2:E9:19:E7:4E:A7:89:64:AF:5E:C5:07:D9:86:4D:16:D9:7E:0A:92:1A:5A:28:71:30:12:D5:23:46:BC:08:A5:F0:D2:48:59:47:AF:70:35:CA:54:FC:33:39:F5:A6:8B:F1:A3:C1:52:D6:33:D1:D3:4C:99:4E:46:DA:66:4D:00:40:30:B2:BB:FB:C0:EE:09:92:71:90:74:93:E2:5F:28:07:80:72:C5:8B:EE:71:C8:9C:64:F7:31:06:42:1F:FB:FB:7A:52:B1:EF:A2:4D:FF:80:83:FC:E9:E2:5F:95:A0:1F:39:AF:76:27:D1:1F:F9:4C:E5:30:8F:28:0A:E7:70:37:B3:95" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:07:52", "not_valid_before": "2022-05-09 17:07:52" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:08:04 +0000 (0:00:00.692) 0:00:20.136 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "18:EA:9D:6C:F3:24:4F:1C:D1:70:6D:46:D2:D6:B2:41:60:65:01:8C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "ED:57:24:1D:70:88:51:68:73:EC:25:E2:DC:2E:39:F5:F2:69:97:42" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "85:4D:B4:B1:76:D7:BD:D9:67:96:42:57:77:5B:BF:EE:4F:10:87:4C:7F:DA:0B:DA:77:26:95:1B:30:BB:1D:A6:52:B1:8F:90:CA:DA:85:51:7D:DA:21:7B:DA:21:47:41:81:2F:52:18:04:59:DB:24:78:A7:D8:7E:C8:41:DF:E0:EA:CC:14:09:92:64:5F:C1:B6:47:91:38:1E:89:C6:89:E7:32:8B:5B:5B:3E:FC:CF:25:1A:A3:21:FE:C2:EA:5C:4D:53:77:D1:0C:5D:A8:33:D5:6E:DF:BA:C6:A6:F6:C5:FE:56:18:83:55:43:3E:D7:29:D0:94:18:E7:B2:E9:19:E7:4E:A7:89:64:AF:5E:C5:07:D9:86:4D:16:D9:7E:0A:92:1A:5A:28:71:30:12:D5:23:46:BC:08:A5:F0:D2:48:59:47:AF:70:35:CA:54:FC:33:39:F5:A6:8B:F1:A3:C1:52:D6:33:D1:D3:4C:99:4E:46:DA:66:4D:00:40:30:B2:BB:FB:C0:EE:09:92:71:90:74:93:E2:5F:28:07:80:72:C5:8B:EE:71:C8:9C:64:F7:31:06:42:1F:FB:FB:7A:52:B1:EF:A2:4D:FF:80:83:FC:E9:E2:5F:95:A0:1F:39:AF:76:27:D1:1F:F9:4C:E5:30:8F:28:0A:E7:70:37:B3:95" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:07:52", "not_valid_before": "2022-05-09 17:07:52" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:08:04 +0000 (0:00:00.031) 0:00:20.167 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:08:04 +0000 (0:00:00.032) 0:00:20.200 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:08:04 +0000 (0:00:00.023) 0:00:20.223 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:08:04 +0000 (0:00:00.035) 0:00:20.259 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:08:04 +0000 (0:00:00.036) 0:00:20.295 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:08:04 +0000 (0:00:00.035) 0:00:20.331 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_principal.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040576", "end": "2022-05-09 13:08:05.626170", "rc": 0, "start": "2022-05-09 13:08:05.585594" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:08:05 +0000 (0:00:00.389) 0:00:20.720 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_principal.yml:40 Monday 09 May 2022 17:08:05 +0000 (0:00:00.047) 0:00:20.768 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:08:06 +0000 (0:00:00.779) 0:00:21.548 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:08:06 +0000 (0:00:00.020) 0:00:21.568 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:08:06 +0000 (0:00:00.488) 0:00:22.057 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:08:06 +0000 (0:00:00.037) 0:00:22.095 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:08:07 +0000 (0:00:00.881) 0:00:22.977 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:08:08 +0000 (0:00:00.909) 0:00:23.886 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:08:08 +0000 (0:00:00.373) 0:00:24.260 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:08:09 +0000 (0:00:00.395) 0:00:24.655 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-05-09 13:07:51 EDT", "ActiveEnterTimestampMonotonic": "16965733", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target syslog.target system.slice systemd-journald.socket dbus-broker.service dbus.socket network.target sysinit.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-05-09 13:07:51 EDT", "AssertTimestampMonotonic": "16954633", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "675721000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-05-09 13:07:51 EDT", "ConditionTimestampMonotonic": "16954631", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "7067", "ExecMainStartTimestamp": "Mon 2022-05-09 13:07:51 EDT", "ExecMainStartTimestampMonotonic": "16955805", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Mon 2022-05-09 13:07:51 EDT] ; stop_time=[n/a] ; pid=7067 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Mon 2022-05-09 13:07:51 EDT] ; stop_time=[n/a] ; pid=7067 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-05-09 13:07:51 EDT", "InactiveExitTimestampMonotonic": "16956155", "InvocationID": "a8f69ccb5c2545e89d4cca227f8703c4", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "7067", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "3641344", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-05-09 13:07:51 EDT", "StateChangeTimestampMonotonic": "16965733", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:08:09 +0000 (0:00:00.590) 0:00:25.246 ************ failed: [/cache/rhel-x.qcow2.snap] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc" } } MSG: Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM' TASK [assert...] *************************************************************** task path: /tmp/tmpvsyllm8f/tests/tests_principal.yml:59 Monday 09 May 2022 17:08:10 +0000 (0:00:00.478) 0:00:25.725 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=40 changed=7 unreachable=0 failed=0 skipped=2 rescued=1 ignored=0 Monday 09 May 2022 17:08:10 +0000 (0:00:00.025) 0:00:25.751 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.21s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.70s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.03s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.32s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmpvsyllm8f/tests/tests_principal.yml:2 ---------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.96s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure provider packages are installed --- 0.91s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Ensure python3 is installed --------------------------------------------- 0.89s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.88s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 0.88s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 0.80s /tmp/tmpvsyllm8f/tests/tests_principal.yml:13 --------------------------------- Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpvsyllm8f/tests/tests_principal.yml:40 --------------------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.59s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.51s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.49s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure certificate requests ------------ 0.48s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_provider.yml:2 Monday 09 May 2022 17:08:25 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:08:26 +0000 (0:00:01.120) 0:00:01.130 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:08:26 +0000 (0:00:00.019) 0:00:01.149 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:08:27 +0000 (0:00:00.532) 0:00:01.681 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:08:27 +0000 (0:00:00.036) 0:00:01.718 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:08:28 +0000 (0:00:01.330) 0:00:03.048 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:08:30 +0000 (0:00:02.155) 0:00:05.204 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:08:31 +0000 (0:00:00.534) 0:00:05.738 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:08:31 +0000 (0:00:00.380) 0:00:06.119 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target syslog.target sysinit.target system.slice dbus-broker.service dbus.socket systemd-journald.socket basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:08:32 +0000 (0:00:00.935) 0:00:07.054 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_provider', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_provider", "provider": "certmonger" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_provider.yml:13 Monday 09 May 2022 17:08:33 +0000 (0:00:00.986) 0:00:08.041 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_provider.yml:27 Monday 09 May 2022 17:08:34 +0000 (0:00:00.766) 0:00:08.807 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_provider.crt', 'key_path': '/etc/pki/tls/private/mycert_provider.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:08:34 +0000 (0:00:00.030) 0:00:08.838 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:08:34 +0000 (0:00:00.014) 0:00:08.853 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:08:35 +0000 (0:00:00.806) 0:00:09.659 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:08:40 +0000 (0:00:05.104) 0:00:14.763 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 13.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 27.0 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 30.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 30.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 30.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:08:43 +0000 (0:00:03.003) 0:00:17.767 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116112.9000068, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a706a65c3926d35984100be29036052e1f75bedd", "ctime": 1652116112.898007, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116112.898007, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_provider.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2514625665", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:08:43 +0000 (0:00:00.504) 0:00:18.272 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:08:43 +0000 (0:00:00.021) 0:00:18.293 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:08:43 +0000 (0:00:00.037) 0:00:18.330 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:08:43 +0000 (0:00:00.034) 0:00:18.365 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116112.8400068, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "75eee2ac74b4440a86da70c0226b6857abb53e2e", "ctime": 1652116112.898007, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17298, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116112.898007, "nlink": 1, "path": "/etc/pki/tls/private/mycert_provider.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2402955255", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:08:44 +0000 (0:00:00.376) 0:00:18.741 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:08:44 +0000 (0:00:00.023) 0:00:18.765 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:08:44 +0000 (0:00:00.039) 0:00:18.804 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_provider.crt" ], "delta": "0:00:00.204300", "end": "2022-05-09 13:08:44.481235", "rc": 0, "start": "2022-05-09 13:08:44.276935" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "C1:19:23:1E:E0:E2:A9:B4:72:43:38:D7:91:1F:35:42:8F:74:D7:84", "critical": false }, "authorityKeyIdentifier": { "value": "1A:8E:03:6B:02:83:D2:76:ED:8E:FA:99:73:20:60:BE:6A:6F:75:F0", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3D:14:7E:49:9D:F1:1F:F1:4D:DC:CE:BB:EC:C8:4B:93:84:63:72:C8:13:64:CC:5A:8B:F0:F7:9F:02:81:39:48:C1:1D:F8:EF:9E:CD:85:98:42:89:9F:E8:02:19:8B:9D:1B:E6:90:03:2B:5D:7D:6C:F7:C2:7F:AD:C5:C6:D9:C4:91:20:FC:9D:81:83:B2:F9:ED:26:EF:C5:5D:C7:33:31:6E:75:8B:05:47:01:A0:F3:B3:F4:C9:A8:99:16:A1:69:A7:9F:BC:4A:64:E2:6A:D2:BD:8D:90:D5:80:2B:11:9A:1F:14:73:72:74:52:E7:A7:13:1C:39:6E:DC:F7:B3:43:27:6A:96:4E:A8:59:18:29:62:E3:E7:88:E7:A1:B4:2A:2A:2A:F8:77:3B:07:D9:28:99:D4:38:C8:E0:43:50:9C:EB:EF:93:EB:AD:BD:E7:7C:ED:5F:6D:4E:C1:51:74:24:6B:67:96:79:94:AA:58:E7:A9:46:6E:2B:6F:DD:E7:6C:60:F9:C4:E7:63:C3:49:C6:F9:B0:6E:FE:F8:FB:68:1D:A7:A6:3A:8D:CC:62:0D:D6:56:87:E1:74:CF:14:FA:CB:C3:00:8D:2D:5E:C9:F3:12:F6:50:5C:D0:4C:6F:84:B5:4E:52:84:BE:E0:C1:E7:AB:22:C2:88:9F:09:D2:47:04" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:08:32", "not_valid_before": "2022-05-09 17:08:32" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:08:45 +0000 (0:00:00.697) 0:00:19.501 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "1A:8E:03:6B:02:83:D2:76:ED:8E:FA:99:73:20:60:BE:6A:6F:75:F0" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "C1:19:23:1E:E0:E2:A9:B4:72:43:38:D7:91:1F:35:42:8F:74:D7:84" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3D:14:7E:49:9D:F1:1F:F1:4D:DC:CE:BB:EC:C8:4B:93:84:63:72:C8:13:64:CC:5A:8B:F0:F7:9F:02:81:39:48:C1:1D:F8:EF:9E:CD:85:98:42:89:9F:E8:02:19:8B:9D:1B:E6:90:03:2B:5D:7D:6C:F7:C2:7F:AD:C5:C6:D9:C4:91:20:FC:9D:81:83:B2:F9:ED:26:EF:C5:5D:C7:33:31:6E:75:8B:05:47:01:A0:F3:B3:F4:C9:A8:99:16:A1:69:A7:9F:BC:4A:64:E2:6A:D2:BD:8D:90:D5:80:2B:11:9A:1F:14:73:72:74:52:E7:A7:13:1C:39:6E:DC:F7:B3:43:27:6A:96:4E:A8:59:18:29:62:E3:E7:88:E7:A1:B4:2A:2A:2A:F8:77:3B:07:D9:28:99:D4:38:C8:E0:43:50:9C:EB:EF:93:EB:AD:BD:E7:7C:ED:5F:6D:4E:C1:51:74:24:6B:67:96:79:94:AA:58:E7:A9:46:6E:2B:6F:DD:E7:6C:60:F9:C4:E7:63:C3:49:C6:F9:B0:6E:FE:F8:FB:68:1D:A7:A6:3A:8D:CC:62:0D:D6:56:87:E1:74:CF:14:FA:CB:C3:00:8D:2D:5E:C9:F3:12:F6:50:5C:D0:4C:6F:84:B5:4E:52:84:BE:E0:C1:E7:AB:22:C2:88:9F:09:D2:47:04" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:08:32", "not_valid_before": "2022-05-09 17:08:32" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:08:45 +0000 (0:00:00.034) 0:00:19.536 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:08:45 +0000 (0:00:00.036) 0:00:19.573 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:08:45 +0000 (0:00:00.024) 0:00:19.597 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:08:45 +0000 (0:00:00.037) 0:00:19.634 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:08:45 +0000 (0:00:00.036) 0:00:19.671 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:08:45 +0000 (0:00:00.036) 0:00:19.707 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_provider.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.036970", "end": "2022-05-09 13:08:45.086711", "rc": 0, "start": "2022-05-09 13:08:45.049741" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:08:45 +0000 (0:00:00.395) 0:00:20.102 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:08:45 +0000 (0:00:00.043) 0:00:20.146 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.10s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.00s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.16s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.33s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmpvsyllm8f/tests/tests_provider.yml:2 ----------------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.99s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure provider service is running ----- 0.94s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Ensure python3 is installed --------------------------------------------- 0.81s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpvsyllm8f/tests/tests_provider.yml:13 ---------------------------------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.38s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify key size --------------------------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 ------------ Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 ------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:2 Monday 09 May 2022 17:08:59 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:09:00 +0000 (0:00:01.093) 0:00:01.104 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:09:00 +0000 (0:00:00.019) 0:00:01.123 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:09:01 +0000 (0:00:00.505) 0:00:01.629 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:09:01 +0000 (0:00:00.039) 0:00:01.668 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:09:02 +0000 (0:00:01.259) 0:00:02.928 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:09:04 +0000 (0:00:02.003) 0:00:04.931 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:09:05 +0000 (0:00:00.531) 0:00:05.463 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:09:05 +0000 (0:00:00.408) 0:00:05.871 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service dbus.socket basic.target system.slice systemd-journald.socket sysinit.target syslog.target network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:09:06 +0000 (0:00:00.948) 0:00:06.820 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_run_hooks', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_run_hooks", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n" } } MSG: Certificate requested (new). Pre/Post run hooks updated. META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:17 Monday 09 May 2022 17:09:07 +0000 (0:00:00.884) 0:00:07.705 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:31 Monday 09 May 2022 17:09:08 +0000 (0:00:00.772) 0:00:08.477 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_run_hooks.crt', 'key_path': '/etc/pki/tls/private/mycert_run_hooks.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:09:08 +0000 (0:00:00.031) 0:00:08.509 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:09:08 +0000 (0:00:00.015) 0:00:08.524 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:09:09 +0000 (0:00:00.858) 0:00:09.382 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:09:14 +0000 (0:00:05.117) 0:00:14.500 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.5 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 2.7 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 30.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.7 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:09:17 +0000 (0:00:03.275) 0:00:17.776 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116146.742013, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "49835af99bca1ee6f02ee20dde6ce869c75e90c9", "ctime": 1652116146.7400131, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8887168, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116146.7400131, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_run_hooks.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3499758135", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:09:18 +0000 (0:00:00.529) 0:00:18.305 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:09:18 +0000 (0:00:00.022) 0:00:18.327 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:09:18 +0000 (0:00:00.044) 0:00:18.372 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:09:18 +0000 (0:00:00.037) 0:00:18.409 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116146.679013, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ef743526abc4e1585d0956a0e09aa376e4804a21", "ctime": 1652116146.7400131, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116146.7400131, "nlink": 1, "path": "/etc/pki/tls/private/mycert_run_hooks.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2854780388", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:09:18 +0000 (0:00:00.403) 0:00:18.813 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:09:18 +0000 (0:00:00.022) 0:00:18.836 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:09:18 +0000 (0:00:00.038) 0:00:18.875 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_run_hooks.crt" ], "delta": "0:00:00.203232", "end": "2022-05-09 13:09:18.678007", "rc": 0, "start": "2022-05-09 13:09:18.474775" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "A9:B7:81:12:5F:C1:FE:CD:9E:80:26:09:72:26:ED:7E:12:F1:0F:08", "critical": false }, "authorityKeyIdentifier": { "value": "5C:84:32:4D:A9:92:5E:A3:81:F8:69:45:21:E4:8A:BE:50:F7:27:70", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "77:48:65:A7:E4:E1:62:57:57:DB:84:DC:EA:A9:05:18:52:79:8C:9E:6D:6D:91:2B:1B:4A:E4:AC:6A:14:04:D2:4A:D9:2F:E5:17:BF:31:A9:F7:A2:36:84:E4:C0:F5:D2:5B:A7:FB:D1:30:D8:92:87:92:22:DB:E7:13:C1:08:DE:B3:5B:FE:C4:6B:BD:9D:63:83:29:8C:63:2C:A6:9F:FB:83:C4:5A:38:A2:20:F2:19:11:8F:86:83:CA:C1:4C:85:85:45:86:95:59:B4:B8:60:A7:EF:4F:74:79:7D:1D:16:0D:25:EB:42:14:A4:29:56:6C:8C:0B:28:DD:30:24:4D:5B:E3:FA:BE:DA:23:04:30:92:9F:01:32:C5:11:8A:9F:30:96:DD:B3:7B:46:1F:21:7C:78:11:06:15:B6:DD:DB:26:CE:7C:78:C7:5F:33:74:38:A5:84:DD:0C:9D:69:B6:E6:1E:AB:22:04:17:3C:72:53:E0:A8:C7:41:D6:DB:DB:9A:82:5A:73:C2:6F:8A:F3:60:A2:C2:55:BB:1E:D3:82:BD:E9:E4:08:BE:C0:AB:0D:64:24:FE:03:A0:FE:1F:74:65:70:A9:97:12:64:E6:60:03:7C:96:B1:03:5B:76:49:1A:9B:00:93:AF:82:E6:C4:44:C0:14:69:0B:94:DC:EF" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:09:06", "not_valid_before": "2022-05-09 17:09:06" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:09:19 +0000 (0:00:00.693) 0:00:19.568 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5C:84:32:4D:A9:92:5E:A3:81:F8:69:45:21:E4:8A:BE:50:F7:27:70" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A9:B7:81:12:5F:C1:FE:CD:9E:80:26:09:72:26:ED:7E:12:F1:0F:08" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "77:48:65:A7:E4:E1:62:57:57:DB:84:DC:EA:A9:05:18:52:79:8C:9E:6D:6D:91:2B:1B:4A:E4:AC:6A:14:04:D2:4A:D9:2F:E5:17:BF:31:A9:F7:A2:36:84:E4:C0:F5:D2:5B:A7:FB:D1:30:D8:92:87:92:22:DB:E7:13:C1:08:DE:B3:5B:FE:C4:6B:BD:9D:63:83:29:8C:63:2C:A6:9F:FB:83:C4:5A:38:A2:20:F2:19:11:8F:86:83:CA:C1:4C:85:85:45:86:95:59:B4:B8:60:A7:EF:4F:74:79:7D:1D:16:0D:25:EB:42:14:A4:29:56:6C:8C:0B:28:DD:30:24:4D:5B:E3:FA:BE:DA:23:04:30:92:9F:01:32:C5:11:8A:9F:30:96:DD:B3:7B:46:1F:21:7C:78:11:06:15:B6:DD:DB:26:CE:7C:78:C7:5F:33:74:38:A5:84:DD:0C:9D:69:B6:E6:1E:AB:22:04:17:3C:72:53:E0:A8:C7:41:D6:DB:DB:9A:82:5A:73:C2:6F:8A:F3:60:A2:C2:55:BB:1E:D3:82:BD:E9:E4:08:BE:C0:AB:0D:64:24:FE:03:A0:FE:1F:74:65:70:A9:97:12:64:E6:60:03:7C:96:B1:03:5B:76:49:1A:9B:00:93:AF:82:E6:C4:44:C0:14:69:0B:94:DC:EF" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:09:06", "not_valid_before": "2022-05-09 17:09:06" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:09:19 +0000 (0:00:00.032) 0:00:19.600 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:09:19 +0000 (0:00:00.032) 0:00:19.633 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:09:19 +0000 (0:00:00.022) 0:00:19.656 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:09:19 +0000 (0:00:00.032) 0:00:19.689 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:09:19 +0000 (0:00:00.034) 0:00:19.723 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:09:19 +0000 (0:00:00.035) 0:00:19.758 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_run_hooks.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040231", "end": "2022-05-09 13:09:19.264824", "rc": 0, "start": "2022-05-09 13:09:19.224593" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:09:20 +0000 (0:00:00.395) 0:00:20.154 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:39 Monday 09 May 2022 17:09:20 +0000 (0:00:00.076) 0:00:20.230 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116146.742013, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "49835af99bca1ee6f02ee20dde6ce869c75e90c9", "ctime": 1652116146.7400131, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8887168, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116146.7400131, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_run_hooks.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3499758135", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:43 Monday 09 May 2022 17:09:20 +0000 (0:00:00.366) 0:00:20.597 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116146.736013, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1652116146.736013, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 25712561, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1652116146.736013, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "4167557933", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:47 Monday 09 May 2022 17:09:20 +0000 (0:00:00.352) 0:00:20.950 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116146.772013, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1652116146.772013, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 25712788, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1652116146.772013, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "4180036833", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Assert file created before cert] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:51 Monday 09 May 2022 17:09:21 +0000 (0:00:00.356) 0:00:21.307 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Assert file created after cert] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:58 Monday 09 May 2022 17:09:21 +0000 (0:00:00.022) 0:00:21.329 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Get the ansible_managed comment in pre/post-scripts] ********************* task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:66 Monday 09 May 2022 17:09:21 +0000 (0:00:00.021) 0:00:21.351 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "find", "/etc/certmonger/pre-scripts", "/etc/certmonger/post-scripts", "-type", "f", "-exec", "grep", "^# Ansible managed", "{}", ";" ], "delta": "0:00:00.005430", "end": "2022-05-09 13:09:20.817009", "rc": 0, "start": "2022-05-09 13:09:20.811579" } STDOUT: # Ansible managed # Ansible managed TASK [Verify the ansible_managed comment in pre/post-scripts] ****************** task path: /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:72 Monday 09 May 2022 17:09:21 +0000 (0:00:00.353) 0:00:21.704 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=38 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:09:21 +0000 (0:00:00.038) 0:00:21.743 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.12s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.28s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.00s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.26s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.09s /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:2 ---------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.95s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.88s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Ensure python3 is installed --------------------------------------------- 0.86s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:17 --------------------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.53s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.51s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve key file stats ------------------------------------------------- 0.40s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ Get certificate timestamp ----------------------------------------------- 0.37s /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:39 --------------------------------- Get post-run file timestamp --------------------------------------------- 0.36s /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:47 --------------------------------- Get the ansible_managed comment in pre/post-scripts --------------------- 0.35s /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:66 --------------------------------- Get pre-run file timestamp ---------------------------------------------- 0.35s /tmp/tmpvsyllm8f/tests/tests_run_hooks.yml:43 --------------------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_subject.yml:2 Monday 09 May 2022 17:09:37 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:09:38 +0000 (0:00:01.172) 0:00:01.183 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:09:38 +0000 (0:00:00.019) 0:00:01.202 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:09:38 +0000 (0:00:00.533) 0:00:01.736 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:09:38 +0000 (0:00:00.037) 0:00:01.773 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:09:40 +0000 (0:00:01.357) 0:00:03.130 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:09:42 +0000 (0:00:02.275) 0:00:05.406 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:09:43 +0000 (0:00:00.529) 0:00:05.935 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:09:43 +0000 (0:00:00.389) 0:00:06.324 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service network.target sysinit.target dbus.socket syslog.target system.slice basic.target systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:09:44 +0000 (0:00:00.995) 0:00:07.320 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_subject', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert_subject", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_subject.yml:19 Monday 09 May 2022 17:09:45 +0000 (0:00:00.924) 0:00:08.245 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_subject.yml:48 Monday 09 May 2022 17:09:46 +0000 (0:00:00.811) 0:00:09.057 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_subject.crt', 'key_path': '/etc/pki/tls/private/mycert_subject.key', 'subject': [{'name': 'countryName', 'oid': '2.5.4.6', 'value': 'US'}, {'name': 'stateOrProvinceName', 'oid': '2.5.4.8', 'value': 'NC'}, {'name': 'localityName', 'oid': '2.5.4.7', 'value': 'Raleigh'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'Red Hat'}, {'name': 'organizationalUnitName', 'oid': '2.5.4.11', 'value': 'Linux'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': 'Some other common name'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:09:46 +0000 (0:00:00.040) 0:00:09.097 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:09:46 +0000 (0:00:00.017) 0:00:09.115 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:09:47 +0000 (0:00:00.896) 0:00:10.012 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:09:52 +0000 (0:00:05.162) 0:00:15.175 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.1 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.0 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 26.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 26.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 34.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:09:55 +0000 (0:00:03.142) 0:00:18.318 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116185.3748643, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "584a97f7608353b936b391e2205548b496814743", "ctime": 1652116185.3728642, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116185.3728642, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_subject.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1411, "uid": 0, "version": "2653058361", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:09:56 +0000 (0:00:00.508) 0:00:18.827 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:09:56 +0000 (0:00:00.021) 0:00:18.848 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:09:56 +0000 (0:00:00.035) 0:00:18.884 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:09:56 +0000 (0:00:00.035) 0:00:18.920 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116185.3148644, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "de7783d0553aff8eb6f9fe5a4dffc3cfc02630b6", "ctime": 1652116185.3728642, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116185.3728642, "nlink": 1, "path": "/etc/pki/tls/private/mycert_subject.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2405109973", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:09:56 +0000 (0:00:00.372) 0:00:19.293 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:09:56 +0000 (0:00:00.023) 0:00:19.316 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:09:56 +0000 (0:00:00.037) 0:00:19.354 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_subject.crt" ], "delta": "0:00:00.201442", "end": "2022-05-09 13:09:57.277937", "rc": 0, "start": "2022-05-09 13:09:57.076495" } STDOUT: { "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "88:77:1D:AD:FD:1E:FA:AB:3F:40:9E:93:D9:68:D8:EF:10:16:55:00", "critical": false }, "authorityKeyIdentifier": { "value": "2E:2F:35:C3:C1:7E:E7:71:CF:86:69:68:03:82:E0:8F:C9:64:BD:B3", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "18:3D:9D:C6:33:9A:40:76:BA:B6:9B:E3:41:45:24:EB:12:6D:AF:02:41:0F:B7:D1:B0:51:8C:36:62:53:FB:8D:74:6D:00:91:2F:C1:89:81:DE:AA:5D:F3:BC:74:45:0B:F1:18:8F:29:98:B3:44:E1:2A:E6:90:BE:21:C9:28:86:78:F7:56:F8:79:77:0F:32:34:2A:3D:F2:85:1C:28:8E:2C:5B:DF:0B:04:54:1F:0B:32:F8:E8:CB:A0:07:8E:60:EE:CA:60:FD:95:2A:EB:35:76:2E:A6:E2:4D:7F:C7:69:B3:BD:CB:0A:0A:88:B7:E9:55:17:1E:04:C1:72:25:57:D1:60:17:82:BF:63:2F:70:D0:A2:B8:08:4C:7C:5F:C2:38:13:99:76:CD:DE:B8:F1:84:A7:30:A9:82:72:F0:50:85:56:BC:46:DB:CB:97:78:13:AD:9C:23:B7:FC:95:A1:A8:38:85:F2:79:1A:9C:CA:2B:13:5D:97:4C:D1:2F:92:D5:17:E9:6E:C4:8F:6E:12:46:C1:ED:8F:3F:DB:CF:F8:93:87:93:71:A7:5C:96:8E:4E:E3:BD:DD:C1:72:56:81:BD:0E:B2:42:B2:EA:11:29:C3:EB:45:E0:D7:5B:54:4E:17:F6:1B:65:50:F1:17:E0:18:64:30:2E:1B:A3:99:3A" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:09:44", "not_valid_before": "2022-05-09 17:09:45" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:09:57 +0000 (0:00:00.701) 0:00:20.055 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "2E:2F:35:C3:C1:7E:E7:71:CF:86:69:68:03:82:E0:8F:C9:64:BD:B3" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "88:77:1D:AD:FD:1E:FA:AB:3F:40:9E:93:D9:68:D8:EF:10:16:55:00" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "18:3D:9D:C6:33:9A:40:76:BA:B6:9B:E3:41:45:24:EB:12:6D:AF:02:41:0F:B7:D1:B0:51:8C:36:62:53:FB:8D:74:6D:00:91:2F:C1:89:81:DE:AA:5D:F3:BC:74:45:0B:F1:18:8F:29:98:B3:44:E1:2A:E6:90:BE:21:C9:28:86:78:F7:56:F8:79:77:0F:32:34:2A:3D:F2:85:1C:28:8E:2C:5B:DF:0B:04:54:1F:0B:32:F8:E8:CB:A0:07:8E:60:EE:CA:60:FD:95:2A:EB:35:76:2E:A6:E2:4D:7F:C7:69:B3:BD:CB:0A:0A:88:B7:E9:55:17:1E:04:C1:72:25:57:D1:60:17:82:BF:63:2F:70:D0:A2:B8:08:4C:7C:5F:C2:38:13:99:76:CD:DE:B8:F1:84:A7:30:A9:82:72:F0:50:85:56:BC:46:DB:CB:97:78:13:AD:9C:23:B7:FC:95:A1:A8:38:85:F2:79:1A:9C:CA:2B:13:5D:97:4C:D1:2F:92:D5:17:E9:6E:C4:8F:6E:12:46:C1:ED:8F:3F:DB:CF:F8:93:87:93:71:A7:5C:96:8E:4E:E3:BD:DD:C1:72:56:81:BD:0E:B2:42:B2:EA:11:29:C3:EB:45:E0:D7:5B:54:4E:17:F6:1B:65:50:F1:17:E0:18:64:30:2E:1B:A3:99:3A" }, "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "validity": { "not_valid_after": "2023-05-09 17:09:44", "not_valid_before": "2022-05-09 17:09:45" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:09:57 +0000 (0:00:00.032) 0:00:20.087 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:09:57 +0000 (0:00:00.030) 0:00:20.118 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:09:57 +0000 (0:00:00.022) 0:00:20.141 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:09:57 +0000 (0:00:00.058) 0:00:20.200 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:09:57 +0000 (0:00:00.033) 0:00:20.233 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:09:57 +0000 (0:00:00.031) 0:00:20.264 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_subject.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.036556", "end": "2022-05-09 13:09:57.869312", "rc": 0, "start": "2022-05-09 13:09:57.832756" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:09:57 +0000 (0:00:00.376) 0:00:20.641 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:09:57 +0000 (0:00:00.039) 0:00:20.681 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.16s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.14s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.28s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.36s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.17s /tmp/tmpvsyllm8f/tests/tests_subject.yml:2 ------------------------------------ linux-system-roles.certificate : Ensure provider service is running ----- 1.00s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure certificate requests ------------ 0.92s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Ensure python3 is installed --------------------------------------------- 0.90s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.81s /tmp/tmpvsyllm8f/tests/tests_subject.yml:19 ----------------------------------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve auto-renew flag ------------------------------------------------ 0.38s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify key size --------------------------------------------------------- 0.06s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 ------------ Verify each certificate ------------------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tests_subject.yml:48 ----------------------------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 ------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmpvsyllm8f/tests/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_subject_complex.yml:2 Monday 09 May 2022 17:10:13 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:10:14 +0000 (0:00:01.157) 0:00:01.168 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:10:14 +0000 (0:00:00.021) 0:00:01.189 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:10:15 +0000 (0:00:00.532) 0:00:01.722 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:10:15 +0000 (0:00:00.035) 0:00:01.758 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:10:16 +0000 (0:00:01.402) 0:00:03.161 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:10:18 +0000 (0:00:02.254) 0:00:05.415 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:10:19 +0000 (0:00:00.530) 0:00:05.946 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:10:19 +0000 (0:00:00.405) 0:00:06.351 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target system.slice syslog.target basic.target systemd-journald.socket sysinit.target dbus-broker.service dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:10:20 +0000 (0:00:00.992) 0:00:07.343 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_subject_complex', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert_subject_complex" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_subject_complex.yml:16 Monday 09 May 2022 17:10:22 +0000 (0:00:01.276) 0:00:08.620 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_subject_complex.yml:36 Monday 09 May 2022 17:10:22 +0000 (0:00:00.799) 0:00:09.420 ************ included: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_subject_complex.crt', 'key_path': '/etc/pki/tls/private/mycert_subject_complex.key', 'subject': [{'name': 'emailAddress', 'oid': '1.2.840.113549.1.9.1', 'value': 'admin@example.com'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': '# \\\\Every"thing+that,ne;edsing\\0 '}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:10:22 +0000 (0:00:00.042) 0:00:09.462 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:10:22 +0000 (0:00:00.026) 0:00:09.489 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:10:23 +0000 (0:00:00.871) 0:00:10.361 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:10:37 +0000 (0:00:13.876) 0:00:24.237 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 1.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 13.5 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 936.4 kB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 1.1 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 9.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:10:47 +0000 (0:00:10.073) 0:00:34.311 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116221.697222, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6068c05c475fbeb445faabd3fcd86fefe45f3deb", "ctime": 1652116221.6952221, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116221.6952221, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_subject_complex.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1375, "uid": 0, "version": "63961260", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:10:48 +0000 (0:00:00.516) 0:00:34.827 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:10:48 +0000 (0:00:00.023) 0:00:34.850 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:49 Monday 09 May 2022 17:10:48 +0000 (0:00:00.038) 0:00:34.889 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 Monday 09 May 2022 17:10:48 +0000 (0:00:00.034) 0:00:34.924 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116221.637222, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "add07e97dcdf2d013e91ac69472a5b863a5e67ce", "ctime": 1652116221.6952221, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17298, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116221.6952221, "nlink": 1, "path": "/etc/pki/tls/private/mycert_subject_complex.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4123622367", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:60 Monday 09 May 2022 17:10:48 +0000 (0:00:00.368) 0:00:35.292 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 Monday 09 May 2022 17:10:48 +0000 (0:00:00.025) 0:00:35.318 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 Monday 09 May 2022 17:10:48 +0000 (0:00:00.091) 0:00:35.409 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_subject_complex.crt" ], "delta": "0:00:00.212207", "end": "2022-05-09 13:10:49.352965", "rc": 0, "start": "2022-05-09 13:10:49.140758" } STDOUT: { "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "A6:BE:06:29:13:1F:4E:BB:27:4E:E5:F0:DD:69:BF:3F:14:E6:59:DA", "critical": false }, "authorityKeyIdentifier": { "value": "83:F0:C9:5C:84:88:00:4C:B0:45:BF:D3:04:CB:51:57:A4:4C:F7:76", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4D:A0:A3:75:EF:DD:0E:14:E7:42:48:F3:94:0A:4A:84:EC:6E:BE:A8:4C:3D:DB:CD:2B:E3:85:49:66:BB:0E:89:C5:FA:73:4A:EA:D5:94:F6:F2:DF:A6:E4:D2:B9:B5:B7:11:96:A9:85:9F:8A:C9:CC:38:3C:5B:C9:AD:71:CC:9B:76:8D:45:4E:37:EE:5A:7B:A8:62:5B:DD:1A:30:0C:A7:45:F5:06:9E:E4:15:4F:9D:BB:F9:BF:C4:A1:17:E2:8E:1D:BD:B7:A6:66:E5:5E:3A:68:35:36:69:53:3F:5A:6B:C9:FC:BD:F6:73:24:F1:4F:FB:A3:65:40:53:4E:7E:3B:A6:9A:9B:4E:A1:92:17:78:F3:32:7C:55:5F:C7:F4:6A:A8:BF:FB:DA:95:BD:1E:9B:11:3F:13:0B:A4:C8:9A:CC:34:D7:7C:66:84:ED:7F:F8:06:8A:C2:4F:61:B0:0D:E9:B0:52:4D:5B:C0:53:3A:26:F6:1F:F7:AA:0E:BD:CF:19:72:5F:C7:28:E1:6E:E7:19:7F:AC:B5:E5:35:F6:9C:A6:19:62:E0:29:3E:2F:0A:AD:D9:6C:D7:6F:E3:71:B3:FB:75:7D:7E:02:62:AF:40:B5:92:45:63:A6:92:E9:97:98:38:70:95:A2:68:A8:D7:A4:DB:5E:A6:39:80:7B:3E:FA" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:10:21", "not_valid_before": "2022-05-09 17:10:21" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:10:49 +0000 (0:00:00.693) 0:00:36.103 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "83:F0:C9:5C:84:88:00:4C:B0:45:BF:D3:04:CB:51:57:A4:4C:F7:76" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A6:BE:06:29:13:1F:4E:BB:27:4E:E5:F0:DD:69:BF:3F:14:E6:59:DA" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4D:A0:A3:75:EF:DD:0E:14:E7:42:48:F3:94:0A:4A:84:EC:6E:BE:A8:4C:3D:DB:CD:2B:E3:85:49:66:BB:0E:89:C5:FA:73:4A:EA:D5:94:F6:F2:DF:A6:E4:D2:B9:B5:B7:11:96:A9:85:9F:8A:C9:CC:38:3C:5B:C9:AD:71:CC:9B:76:8D:45:4E:37:EE:5A:7B:A8:62:5B:DD:1A:30:0C:A7:45:F5:06:9E:E4:15:4F:9D:BB:F9:BF:C4:A1:17:E2:8E:1D:BD:B7:A6:66:E5:5E:3A:68:35:36:69:53:3F:5A:6B:C9:FC:BD:F6:73:24:F1:4F:FB:A3:65:40:53:4E:7E:3B:A6:9A:9B:4E:A1:92:17:78:F3:32:7C:55:5F:C7:F4:6A:A8:BF:FB:DA:95:BD:1E:9B:11:3F:13:0B:A4:C8:9A:CC:34:D7:7C:66:84:ED:7F:F8:06:8A:C2:4F:61:B0:0D:E9:B0:52:4D:5B:C0:53:3A:26:F6:1F:F7:AA:0E:BD:CF:19:72:5F:C7:28:E1:6E:E7:19:7F:AC:B5:E5:35:F6:9C:A6:19:62:E0:29:3E:2F:0A:AD:D9:6C:D7:6F:E3:71:B3:FB:75:7D:7E:02:62:AF:40:B5:92:45:63:A6:92:E9:97:98:38:70:95:A2:68:A8:D7:A4:DB:5E:A6:39:80:7B:3E:FA" }, "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "validity": { "not_valid_after": "2023-05-09 17:10:21", "not_valid_before": "2022-05-09 17:10:21" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:87 Monday 09 May 2022 17:10:49 +0000 (0:00:00.040) 0:00:36.143 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:96 Monday 09 May 2022 17:10:49 +0000 (0:00:00.037) 0:00:36.181 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:105 Monday 09 May 2022 17:10:49 +0000 (0:00:00.024) 0:00:36.206 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:112 Monday 09 May 2022 17:10:49 +0000 (0:00:00.035) 0:00:36.241 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:125 Monday 09 May 2022 17:10:49 +0000 (0:00:00.033) 0:00:36.275 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:10:49 +0000 (0:00:00.034) 0:00:36.309 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_subject_complex.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042236", "end": "2022-05-09 13:10:49.972318", "rc": 0, "start": "2022-05-09 13:10:49.930082" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 Monday 09 May 2022 17:10:50 +0000 (0:00:00.408) 0:00:36.718 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:10:50 +0000 (0:00:00.042) 0:00:36.760 ************ =============================================================================== Install the package, force upgrade ------------------------------------- 13.88s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ----------------------------------------------------- 10.07s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.25s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.40s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- linux-system-roles.certificate : Ensure certificate requests ------------ 1.28s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpvsyllm8f/tests/tests_subject_complex.yml:2 ---------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.99s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Ensure python3 is installed --------------------------------------------- 0.87s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 0.80s /tmp/tmpvsyllm8f/tests/tests_subject_complex.yml:16 --------------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.41s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify key file owner and group ----------------------------------------- 0.09s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify each certificate ------------------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tests_subject_complex.yml:36 --------------------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:150 ------------ Load certificate YAML to cert_issued variable --------------------------- 0.04s /tmp/tmpvsyllm8f/tests/tasks/assert_certificate_parameters.yml:83 ------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmpvsyllm8f/tests/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpvsyllm8f/tests/tests_wrong_provider.yml:2 Monday 09 May 2022 17:11:04 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 09 May 2022 17:11:05 +0000 (0:00:01.147) 0:00:01.156 ************ included: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:11:05 +0000 (0:00:00.022) 0:00:01.179 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Monday 09 May 2022 17:11:06 +0000 (0:00:00.521) 0:00:01.700 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Monday 09 May 2022 17:11:06 +0000 (0:00:00.038) 0:00:01.738 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Monday 09 May 2022 17:11:07 +0000 (0:00:01.327) 0:00:03.066 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Monday 09 May 2022 17:11:07 +0000 (0:00:00.035) 0:00:03.102 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Monday 09 May 2022 17:11:07 +0000 (0:00:00.037) 0:00:03.139 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Monday 09 May 2022 17:11:07 +0000 (0:00:00.035) 0:00:03.175 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 09 May 2022 17:11:07 +0000 (0:00:00.037) 0:00:03.212 ************ failed: [/cache/rhel-x.qcow2.snap] (item={'name': 'mycert_wrong_provider', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_wrong_provider", "provider": "fake-provider" } } MSG: Chosen provider 'fake-provider' is not available. TASK [assert...] *************************************************************** task path: /tmp/tmpvsyllm8f/tests/tests_wrong_provider.yml:22 Monday 09 May 2022 17:11:08 +0000 (0:00:00.579) 0:00:03.792 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0 Monday 09 May 2022 17:11:08 +0000 (0:00:00.027) 0:00:03.820 ************ =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.33s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmpvsyllm8f/tests/tests_wrong_provider.yml:2 ----------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.58s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.52s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 linux-system-roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure provider service is running ----- 0.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure provider packages are installed --- 0.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.04s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - assert... --------------------------------------------------------------- 0.03s /tmp/tmpvsyllm8f/tests/tests_wrong_provider.yml:22 ---------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.02s /tmp/tmpvsyllm8f/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file statically imported: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_basic_ipa.yml:2 Monday 09 May 2022 17:11:23 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml:2 Monday 09 May 2022 17:11:24 +0000 (0:00:01.133) 0:00:01.143 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml:6 Monday 09 May 2022 17:11:24 +0000 (0:00:00.070) 0:00:01.213 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml:12 Monday 09 May 2022 17:11:24 +0000 (0:00:00.017) 0:00:01.231 ************ ok: [/cache/rhel-x.qcow2.snap -> 127.0.0.1] => { "after": "ba3fe74b60bcfcc8140e32ed33d06bb3dd14b112", "before": "ba3fe74b60bcfcc8140e32ed33d06bb3dd14b112", "changed": false, "remote_url_changed": false } TASK [Create role symlinks] **************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml:21 Monday 09 May 2022 17:11:25 +0000 (0:00:00.664) 0:00:01.896 ************ changed: [/cache/rhel-x.qcow2.snap -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmp2bcmclq9/tests/certificate/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmp2bcmclq9/tests/certificate/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml:33 Monday 09 May 2022 17:11:25 +0000 (0:00:00.479) 0:00:02.375 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Set hostname] ************************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml:38 Monday 09 May 2022 17:11:27 +0000 (0:00:01.289) 0:00:03.665 ************ changed: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml:42 Monday 09 May 2022 17:11:27 +0000 (0:00:00.782) 0:00:04.447 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [Include ipaserver role] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/setup_ipa.yml:50 Monday 09 May 2022 17:11:29 +0000 (0:00:01.500) 0:00:05.948 ************ TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Monday 09 May 2022 17:11:29 +0000 (0:00:00.028) 0:00:05.977 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/default.yml) => { "ansible_facts": { "ipaserver_packages": [ "ipa-server", "python3-libselinux" ], "ipaserver_packages_adtrust": [ "freeipa-server-trust-ad" ], "ipaserver_packages_dns": [ "ipa-server-dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/default.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:19 Monday 09 May 2022 17:11:29 +0000 (0:00:00.033) 0:00:06.010 ************ included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/rhel-x.qcow2.snap TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 Monday 09 May 2022 17:11:29 +0000 (0:00:00.059) 0:00:06.069 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: perl-IO-1.43-479.el9.x86_64", "Installed: perl-IO-Compress-2.102-4.el9.noarch", "Installed: perl-IO-Compress-Lzma-2.101-4.el9.noarch", "Installed: jakarta-activation-1.2.2-5.el9.noarch", "Installed: jakarta-annotations-1.3.5-12.el9.noarch", "Installed: perl-IO-Socket-IP-0.41-5.el9.noarch", "Installed: perl-IO-Socket-SSL-2.073-1.el9.noarch", "Installed: perl-IO-Zlib-1:1.11-4.el9.noarch", "Installed: perl-IPC-Open3-1.21-479.el9.noarch", "Installed: java-11-openjdk-1:11.0.15.0.8-0.1.ea.el9.x86_64", "Installed: java-11-openjdk-devel-1:11.0.15.0.8-0.1.ea.el9.x86_64", "Installed: java-11-openjdk-headless-1:11.0.15.0.8-0.1.ea.el9.x86_64", "Installed: perl-MIME-Base64-3.16-4.el9.x86_64", "Installed: java-17-openjdk-headless-1:17.0.3.0.7-1.el9.x86_64", "Installed: javapackages-filesystem-6.0.0-3.el9.noarch", "Installed: javapackages-tools-6.0.0-3.el9.noarch", "Installed: jaxb-api-2.3.3-5.el9.noarch", "Installed: jbigkit-libs-2.1-23.el9.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-16.el9.noarch", "Installed: jboss-logging-3.4.1-9.el9.noarch", "Installed: jboss-logging-tools-2.2.1-7.el9.noarch", "Installed: perl-Mozilla-CA-20200520-6.el9.noarch", "Installed: perl-NDBM_File-1.15-479.el9.x86_64", "Installed: jdeparser-2.0.3-12.el9.noarch", "Installed: perl-Net-SSLeay-1.92-1.el9.x86_64", "Installed: graphite2-1.3.14-9.el9.x86_64", "Installed: perl-POSIX-1.94-479.el9.x86_64", "Installed: perl-PathTools-3.78-461.el9.x86_64", "Installed: perl-Pod-Escapes-1:1.07-460.el9.noarch", "Installed: perl-Pod-Perldoc-3.28.01-461.el9.noarch", "Installed: perl-Pod-Simple-1:3.42-4.el9.noarch", "Installed: perl-Pod-Usage-4:2.01-4.el9.noarch", "Installed: perl-Scalar-List-Utils-4:1.56-461.el9.x86_64", "Installed: harfbuzz-2.7.4-5.el9.x86_64", "Installed: perl-SelectSaver-1.02-479.el9.noarch", "Installed: perl-Socket-4:2.031-4.el9.x86_64", "Installed: perl-Storable-1:3.21-460.el9.x86_64", "Installed: perl-Symbol-1.08-479.el9.noarch", "Installed: perl-Term-ANSIColor-5.01-461.el9.noarch", "Installed: perl-Term-Cap-1.17-460.el9.noarch", "Installed: perl-Term-ReadLine-1.17-479.el9.noarch", "Installed: perl-Text-Diff-1.45-13.el9.noarch", "Installed: perl-Text-ParseWords-3.30-460.el9.noarch", "Installed: perl-Text-Tabs+Wrap-2013.0523-460.el9.noarch", "Installed: perl-Tie-4.6-479.el9.noarch", "Installed: perl-Time-Local-2:1.300-7.el9.noarch", "Installed: perl-URI-5.09-3.el9.noarch", "Installed: perl-base-2.27-479.el9.noarch", "Installed: perl-constant-1.33-461.el9.noarch", "Installed: perl-debugger-1.56-479.el9.noarch", "Installed: perl-if-0.60.800-479.el9.noarch", "Installed: perl-interpreter-4:5.32.1-479.el9.x86_64", "Installed: krb5-pkinit-1.19.1-17.el9.x86_64", "Installed: krb5-server-1.19.1-17.el9.x86_64", "Installed: perl-libnet-3.13-4.el9.noarch", "Installed: krb5-workstation-1.19.1-17.el9.x86_64", "Installed: perl-libs-4:5.32.1-479.el9.x86_64", "Installed: langpacks-core-font-en-3.0-16.el9.noarch", "Installed: perl-meta-notation-5.32.1-479.el9.noarch", "Installed: perl-mro-1.23-479.el9.x86_64", "Installed: perl-overload-1.31-479.el9.noarch", "Installed: perl-overloading-0.02-479.el9.noarch", "Installed: perl-parent-1:0.238-460.el9.noarch", "Installed: perl-podlators-1:4.14-460.el9.noarch", "Installed: perl-sigtrap-1.09-479.el9.noarch", "Installed: perl-subs-1.03-479.el9.noarch", "Installed: perl-threads-1:2.25-460.el9.x86_64", "Installed: perl-threads-shared-1.61-460.el9.x86_64", "Installed: perl-vars-1.05-479.el9.noarch", "Installed: pipewire-0.3.47-2.el9.x86_64", "Installed: pipewire-alsa-0.3.47-2.el9.x86_64", "Installed: pipewire-jack-audio-connection-kit-0.3.47-2.el9.x86_64", "Installed: pipewire-libs-0.3.47-2.el9.x86_64", "Installed: pipewire-pulseaudio-0.3.47-2.el9.x86_64", "Installed: pixman-0.40.0-5.el9.x86_64", "Installed: pki-acme-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-base-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-ca-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-jackson-annotations-2.11.4-6.el9.noarch", "Installed: pki-jackson-core-2.11.4-6.el9.noarch", "Installed: pki-jackson-databind-2.11.4-6.el9.noarch", "Installed: pki-jackson-jaxrs-json-provider-2.11.4-7.el9.noarch", "Installed: pki-jackson-jaxrs-providers-2.11.4-7.el9.noarch", "Installed: pki-jackson-module-jaxb-annotations-2.11.4-8.el9.noarch", "Installed: pki-java-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-kra-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-resteasy-client-3.0.26-15.el9.noarch", "Installed: pki-resteasy-core-3.0.26-15.el9.noarch", "Installed: pki-resteasy-jackson2-provider-3.0.26-15.el9.noarch", "Installed: pki-server-11.2.0-0.2.beta1.el9.noarch", "Installed: pki-servlet-4.0-api-1:9.0.50-1.el9.noarch", "Installed: pki-servlet-engine-1:9.0.50-1.el9.noarch", "Installed: pki-tools-11.2.0-0.2.beta1.el9.x86_64", "Installed: libipa_hbac-2.6.2-2.el9.x86_64", "Installed: libkadm5-1.19.1-17.el9.x86_64", "Installed: libpciaccess-0.16-6.el9.x86_64", "Installed: libpkgconf-1.7.3-9.el9.x86_64", "Installed: poppler-21.01.0-12.el9.x86_64", "Installed: poppler-data-0.4.9-9.el9.noarch", "Installed: poppler-glib-21.01.0-12.el9.x86_64", "Installed: libsss_autofs-2.6.2-2.el9.x86_64", "Installed: publicsuffix-list-20210518-3.el9.noarch", "Installed: pulseaudio-libs-15.0-2.el9.x86_64", "Installed: pulseaudio-utils-15.0-2.el9.x86_64", "Installed: python3-argcomplete-1.12.0-5.el9.noarch", "Installed: python3-augeas-0.5.0-25.el9.noarch", "Installed: lcms2-2.12-3.el9.x86_64", "Installed: ldapjdk-5.2.0-0.2.beta1.el9.noarch", "Installed: libX11-1.7.0-7.el9.x86_64", "Installed: libX11-common-1.7.0-7.el9.noarch", "Installed: libwbclient-4.15.5-105.el9_0.x86_64", "Installed: libX11-xcb-1.7.0-7.el9.x86_64", "Installed: python3-gssapi-1.6.9-5.el9.x86_64", "Installed: libXau-1.0.9-8.el9.x86_64", "Installed: python3-ipaclient-4.9.8-8.el9.noarch", "Installed: python3-ipalib-4.9.8-8.el9.noarch", "Installed: python3-ipaserver-4.9.8-8.el9.noarch", "Installed: lksctp-tools-1.0.19-1.el9.x86_64", "Installed: libXcomposite-0.4.5-7.el9.x86_64", "Installed: libXcursor-1.2.0-7.el9.x86_64", "Installed: python3-jwcrypto-0.8-4.el9.noarch", "Installed: python3-kdcproxy-1.0.0-7.el9.noarch", "Installed: libXdamage-1.1.5-7.el9.x86_64", "Installed: python3-ldap-3.3.1-8.el9.x86_64", "Installed: python3-lib389-2.0.14-1.el9.noarch", "Installed: libXext-1.3.4-8.el9.x86_64", "Installed: libXfixes-5.0.3-16.el9.x86_64", "Installed: mailcap-2.1.49-5.el9.noarch", "Installed: libXft-2.3.3-8.el9.x86_64", "Installed: libXi-1.7.10-8.el9.x86_64", "Installed: python3-lxml-4.6.5-2.el9.x86_64", "Installed: libXinerama-1.1.4-10.el9.x86_64", "Installed: python3-mod_wsgi-4.7.1-10.el9.x86_64", "Installed: python3-netaddr-0.8.0-5.el9.noarch", "Installed: python3-pki-11.2.0-0.2.beta1.el9.noarch", "Installed: libXrandr-1.5.2-8.el9.x86_64", "Installed: libXrender-0.9.10-16.el9.x86_64", "Installed: python3-psutil-5.8.0-12.el9.x86_64", "Installed: python3-pyasn1-modules-0.4.8-6.el9.noarch", "Installed: libXtst-1.2.3-16.el9.x86_64", "Installed: libXv-1.0.11-16.el9.x86_64", "Installed: python3-pyusb-1.0.2-13.el9.noarch", "Installed: libXxf86vm-1.1.4-18.el9.x86_64", "Installed: openldap-clients-2.4.59-5.el9.x86_64", "Installed: python3-qrcode-core-6.1-12.el9.noarch", "Installed: openldap-compat-2.4.59-5.el9.x86_64", "Installed: libasyncns-0.8-22.el9.x86_64", "Installed: 389-ds-base-2.0.14-1.el9.x86_64", "Installed: 389-ds-base-libs-2.0.14-1.el9.x86_64", "Installed: python3-yubico-1.3.3-7.el9.noarch", "Installed: pkgconf-1.7.3-9.el9.x86_64", "Installed: pkgconf-m4-1.7.3-9.el9.noarch", "Installed: pkgconf-pkg-config-1.7.3-9.el9.x86_64", "Installed: libcanberra-0.30-26.el9.x86_64", "Installed: libcanberra-gtk3-0.30-26.el9.x86_64", "Installed: python3-dns-2.1.0-6.el9.noarch", "Installed: adwaita-cursor-theme-40.1.1-3.el9.noarch", "Installed: adwaita-icon-theme-40.1.1-3.el9.noarch", "Installed: alsa-lib-1.2.6.1-3.el9.x86_64", "Installed: python3-libipa_hbac-2.6.2-2.el9.x86_64", "Installed: libdatrie-0.2.13-4.el9.x86_64", "Installed: libdb-utils-5.3.28-53.el9.x86_64", "Installed: libdrm-2.4.108-1.el9.x86_64", "Installed: python3-sss-2.6.2-2.el9.x86_64", "Installed: python3-sss-murmur-2.6.2-2.el9.x86_64", "Installed: python3-sssdconfig-2.6.2-2.el9.noarch", "Installed: libepoxy-1.5.5-4.el9.x86_64", "Installed: ant-1.10.9-7.el9.noarch", "Installed: libexif-0.6.22-6.el9.x86_64", "Installed: ant-lib-1.10.9-7.el9.noarch", "Installed: samba-client-libs-4.15.5-105.el9_0.x86_64", "Installed: samba-common-4.15.5-105.el9_0.noarch", "Installed: apache-commons-cli-1.4-16.el9.noarch", "Installed: apache-commons-codec-1.15-6.el9.noarch", "Installed: apache-commons-io-1:2.8.0-7.el9.noarch", "Installed: apache-commons-lang3-3.12.0-5.el9.noarch", "Installed: apache-commons-logging-1.2-29.el9.noarch", "Installed: apache-commons-net-3.6-14.el9.noarch", "Installed: libfontenc-1.1.3-17.el9.x86_64", "Installed: samba-common-libs-4.15.5-105.el9_0.x86_64", "Installed: apr-1.7.0-11.el9.x86_64", "Installed: apr-util-1.6.1-20.el9.x86_64", "Installed: apr-util-bdb-1.6.1-20.el9.x86_64", "Installed: apr-util-openssl-1.6.1-20.el9.x86_64", "Installed: libgexiv2-0.12.3-1.el9.x86_64", "Installed: libglvnd-1:1.3.4-1.el9.x86_64", "Installed: at-spi2-atk-2.38.0-4.el9.x86_64", "Installed: libglvnd-egl-1:1.3.4-1.el9.x86_64", "Installed: at-spi2-core-2.40.3-1.el9.x86_64", "Installed: libglvnd-glx-1:1.3.4-1.el9.x86_64", "Installed: atk-2.36.0-5.el9.x86_64", "Installed: sssd-common-pac-2.6.2-2.el9.x86_64", "Installed: sssd-dbus-2.6.2-2.el9.x86_64", "Installed: sssd-ipa-2.6.2-2.el9.x86_64", "Installed: sssd-krb5-common-2.6.2-2.el9.x86_64", "Installed: libgsf-1.14.47-5.el9.x86_64", "Installed: sssd-tools-2.6.2-2.el9.x86_64", "Installed: augeas-libs-1.13.0-2.el9.x86_64", "Installed: libgxps-0.3.2-3.el9.x86_64", "Installed: redhat-logos-httpd-90.4-1.el9.noarch", "Installed: redhat-logos-ipa-90.4-1.el9.noarch", "Installed: avahi-glib-0.8-12.el9.x86_64", "Installed: libiptcdata-1.0.5-9.el9.x86_64", "Installed: words-3.0-39.el9.noarch", "Installed: bind-libs-32:9.16.23-3.el9.x86_64", "Installed: bind-license-32:9.16.23-3.el9.noarch", "Installed: bind-utils-32:9.16.23-3.el9.x86_64", "Installed: libldac-2.0.2.3-10.el9.x86_64", "Installed: rtkit-0.11-28.el9.x86_64", "Installed: libnotify-0.7.9-8.el9.x86_64", "Installed: libnsl2-2.0.0-1.el9.x86_64", "Installed: libogg-2:1.3.4-6.el9.x86_64", "Installed: libosinfo-1.9.0-5.el9.x86_64", "Installed: cairo-1.17.4-7.el9.x86_64", "Installed: cairo-gobject-1.17.4-7.el9.x86_64", "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: slapi-nis-0.56.7-4.el9.x86_64", "Installed: slf4j-1.7.30-12.el9.noarch", "Installed: slf4j-jdk14-1.7.30-12.el9.noarch", "Installed: softhsm-2.6.1-7.el9.2.x86_64", "Installed: sound-theme-freedesktop-0.8-17.el9.noarch", "Installed: colord-libs-1.4.5-4.el9.x86_64", "Installed: copy-jdk-configs-4.0-3.el9.noarch", "Installed: cyrus-sasl-md5-2.1.27-20.el9.x86_64", "Installed: dconf-0.40.0-6.el9.x86_64", "Installed: librsvg2-2.50.7-1.el9.x86_64", "Installed: libsbc-1.4-9.el9.x86_64", "Installed: libsndfile-1.0.31-7.el9.x86_64", "Installed: libthai-0.1.28-8.el9.x86_64", "Installed: libtheora-1:1.1.1-31.el9.x86_64", "Installed: libtiff-4.2.0-3.el9.x86_64", "Installed: exempi-2.6.0-0.2.20211007gite23c213.el9.x86_64", "Installed: exiv2-0.27.5-2.el9.x86_64", "Installed: libtool-ltdl-2.4.6-45.el9.x86_64", "Installed: exiv2-libs-0.27.5-2.el9.x86_64", "Installed: libtracker-sparql-3.1.2-2.el9.x86_64", "Installed: fdk-aac-free-2.0.0-8.el9.x86_64", "Installed: libuv-1:1.42.0-1.el9.x86_64", "Installed: libvisual-1:0.4.0-34.el9.x86_64", "Installed: libvorbis-1:1.3.7-5.el9.x86_64", "Installed: flac-libs-1.3.3-10.el9.x86_64", "Installed: flatpak-1.12.7-1.el9.x86_64", "Installed: libwayland-client-1.19.0-4.el9.x86_64", "Installed: flatpak-selinux-1.12.7-1.el9.noarch", "Installed: flatpak-session-helper-1.12.7-1.el9.x86_64", "Installed: libwayland-cursor-1.19.0-4.el9.x86_64", "Installed: libwayland-egl-1.19.0-4.el9.x86_64", "Installed: libwayland-server-1.19.0-4.el9.x86_64", "Installed: libwebp-1.2.0-3.el9.x86_64", "Installed: fontawesome-fonts-1:4.7.0-13.el9.noarch", "Installed: fontconfig-2.14.0-1.el9.x86_64", "Installed: libxcb-1.13.1-9.el9.x86_64", "Installed: libxkbcommon-1.0.3-4.el9.x86_64", "Installed: fribidi-1.0.10-6.el9.2.x86_64", "Installed: libxshmfence-1.3-10.el9.x86_64", "Installed: libxslt-1.1.34-9.el9.x86_64", "Installed: fstrm-0.6.1-3.el9.x86_64", "Installed: llvm-libs-13.0.1-1.el9.x86_64", "Installed: gdk-pixbuf2-modules-2.42.6-2.el9.x86_64", "Installed: geoclue2-2.5.7-5.el9.x86_64", "Installed: low-memory-monitor-2.1-4.el9.x86_64", "Installed: lua-5.4.2-4.el9.x86_64", "Installed: lua-posix-35.0-8.el9.x86_64", "Installed: giflib-5.2.1-9.el9.x86_64", "Installed: tomcatjss-8.2.0-0.2.beta1.el9.noarch", "Installed: mesa-libEGL-21.3.4-2.el9.x86_64", "Installed: totem-pl-parser-3.26.6-2.el9.x86_64", "Installed: mesa-libGL-21.3.4-2.el9.x86_64", "Installed: tracker-3.1.2-2.el9.x86_64", "Installed: tracker-miners-3.1.2-1.el9.x86_64", "Installed: ttmkfdir-3.0.9-65.el9.x86_64", "Installed: mesa-libgbm-21.3.4-2.el9.x86_64", "Installed: gnome-desktop3-40.4-1.el9.x86_64", "Installed: mesa-libglapi-21.3.4-2.el9.x86_64", "Installed: mesa-vulkan-drivers-21.3.4-2.el9.x86_64", "Installed: tzdata-java-2022a-1.el9.noarch", "Installed: mkfontscale-1.2.1-3.el9.x86_64", "Installed: mod_auth_gssapi-1.6.3-7.el9.x86_64", "Installed: mod_http2-1.15.19-2.el9.x86_64", "Installed: mod_lookup_identity-1.0.0-15.el9.x86_64", "Installed: mod_lua-2.4.51-8.el9.x86_64", "Installed: upower-0.99.13-2.el9.x86_64", "Installed: mod_session-2.4.51-8.el9.x86_64", "Installed: mod_ssl-1:2.4.51-8.el9.x86_64", "Installed: vulkan-loader-1.3.204.0-2.el9.x86_64", "Installed: webrtc-audio-processing-0.3.1-8.el9.x86_64", "Installed: wireplumber-0.4.8-1.el9.x86_64", "Installed: wireplumber-libs-0.4.8-1.el9.x86_64", "Installed: xdg-dbus-proxy-0.1.3-1.el9.x86_64", "Installed: xdg-desktop-portal-1.12.4-1.el9.x86_64", "Installed: xdg-desktop-portal-gtk-1.12.0-2.el9.x86_64", "Installed: xkeyboard-config-2.33-2.el9.noarch", "Installed: graphene-1.10.6-2.el9.x86_64", "Installed: xml-common-0.6.3-58.el9.noarch", "Installed: gsm-1.0.19-6.el9.x86_64", "Installed: gstreamer1-1.18.4-4.el9.x86_64", "Installed: nss-tools-3.71.0-7.el9.x86_64", "Installed: gstreamer1-plugins-base-1.18.4-5.el9.x86_64", "Installed: xorg-x11-fonts-Type1-7.5-33.el9.noarch", "Installed: gtk-update-icon-cache-3.24.31-2.el9.x86_64", "Installed: gtk3-3.24.31-2.el9.x86_64", "Installed: open-sans-fonts-1.10-16.el9.noarch", "Installed: ModemManager-glib-1.18.2-3.el9.x86_64", "Installed: openjpeg2-2.4.0-6.el9.x86_64", "Installed: hicolor-icon-theme-0.17-12.el9.noarch", "Installed: openssl-perl-1:3.0.1-20.el9_0.x86_64", "Installed: opus-1.3.1-10.el9.x86_64", "Installed: httpcomponents-client-4.5.13-2.el9.noarch", "Installed: httpcomponents-core-4.4.13-6.el9.noarch", "Installed: httpd-2.4.51-8.el9.x86_64", "Installed: orc-0.4.31-6.el9.x86_64", "Installed: httpd-filesystem-2.4.51-8.el9.noarch", "Installed: autofs-1:5.1.7-27.el9.x86_64", "Installed: httpd-tools-2.4.51-8.el9.x86_64", "Installed: avahi-libs-0.8-12.el9.x86_64", "Installed: bash-completion-1:2.11-4.el9.noarch", "Installed: bluez-libs-5.56-8.el9.x86_64", "Installed: osinfo-db-20211216-1.el9.noarch", "Installed: osinfo-db-tools-1.9.0-3.el9.x86_64", "Installed: ostree-libs-2022.3-2.el9.x86_64", "Installed: chkconfig-1.20-2.el9.x86_64", "Installed: p11-kit-server-0.24.1-2.el9.x86_64", "Installed: pango-1.48.7-2.el9.x86_64", "Installed: cups-libs-1:2.3.3op2-13.el9.x86_64", "Installed: cyrus-sasl-gssapi-2.1.27-20.el9.x86_64", "Installed: cyrus-sasl-plain-2.1.27-20.el9.x86_64", "Installed: dejavu-sans-fonts-2.37-18.el9.noarch", "Installed: freetype-2.10.4-6.el9.x86_64", "Installed: fuse-2.9.9-15.el9.x86_64", "Installed: fuse-common-3.10.2-5.el9.x86_64", "Installed: perl-Algorithm-Diff-1.2010-4.el9.noarch", "Installed: perl-Archive-Tar-2.38-6.el9.noarch", "Installed: perl-AutoLoader-5.74-479.el9.noarch", "Installed: perl-B-1.80-479.el9.x86_64", "Installed: perl-Carp-1.50-460.el9.noarch", "Installed: perl-Class-Struct-0.66-479.el9.noarch", "Installed: perl-Compress-Raw-Bzip2-2.101-5.el9.x86_64", "Installed: perl-Compress-Raw-Lzma-2.101-3.el9.x86_64", "Installed: perl-Compress-Raw-Zlib-2.101-5.el9.x86_64", "Installed: perl-DB_File-1.855-4.el9.x86_64", "Installed: perl-Data-Dumper-2.174-462.el9.x86_64", "Installed: perl-Devel-Peek-1.28-479.el9.x86_64", "Installed: perl-Digest-1.19-4.el9.noarch", "Installed: perl-Digest-MD5-2.58-4.el9.x86_64", "Installed: perl-Encode-4:3.08-462.el9.x86_64", "Installed: perl-Errno-1.30-479.el9.x86_64", "Installed: perl-Exporter-5.74-461.el9.noarch", "Installed: idm-jss-5.2.0-0.3.beta2.el9.x86_64", "Installed: perl-Fcntl-1.13-479.el9.x86_64", "Installed: perl-File-Basename-2.85-479.el9.noarch", "Installed: perl-File-Find-1.37-479.el9.noarch", "Installed: perl-File-Path-2.18-4.el9.noarch", "Installed: ipa-client-4.9.8-8.el9.x86_64", "Installed: ipa-client-common-4.9.8-8.el9.noarch", "Installed: perl-File-Temp-1:0.231.100-4.el9.noarch", "Installed: ipa-common-4.9.8-8.el9.noarch", "Installed: perl-File-stat-1.09-479.el9.noarch", "Installed: ipa-healthcheck-core-0.9-3.el9.noarch", "Installed: ipa-selinux-4.9.8-8.el9.noarch", "Installed: ipa-server-4.9.8-8.el9.x86_64", "Installed: ipa-server-common-4.9.8-8.el9.noarch", "Installed: perl-FileHandle-2.03-479.el9.noarch", "Installed: perl-Getopt-Long-1:2.52-4.el9.noarch", "Installed: perl-Getopt-Std-1.12-479.el9.noarch", "Installed: perl-HTTP-Tiny-0.076-460.el9.noarch", "Installed: iso-codes-4.6.0-3.el9.noarch" ] } TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 Monday 09 May 2022 17:12:16 +0000 (0:00:47.212) 0:00:53.282 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: opendnssec-2.1.8-4.el9.x86_64", "Installed: ldns-1.7.1-10.el9.x86_64", "Installed: python3-bind-32:9.16.23-3.el9.noarch", "Installed: opencryptoki-3.17.0-5.el9_0.x86_64", "Installed: opencryptoki-icsftok-3.17.0-5.el9_0.x86_64", "Installed: opencryptoki-libs-3.17.0-5.el9_0.x86_64", "Installed: sqlite-3.34.1-5.el9.x86_64", "Installed: bind-32:9.16.23-3.el9.x86_64", "Installed: bind-dnssec-doc-32:9.16.23-3.el9.noarch", "Installed: bind-dnssec-utils-32:9.16.23-3.el9.x86_64", "Installed: bind-dyndb-ldap-11.9-7.el9.x86_64", "Installed: ipa-server-dns-4.9.8-8.el9.noarch" ] } TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Monday 09 May 2022 17:12:20 +0000 (0:00:03.944) 0:00:57.227 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 Monday 09 May 2022 17:12:20 +0000 (0:00:00.033) 0:00:57.260 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "rc": 0, "results": [ "Installed: ipset-7.11-6.el9.x86_64", "Installed: libcap-ng-python3-0.8.2-7.el9.x86_64", "Installed: ipset-libs-7.11-6.el9.x86_64", "Installed: nftables-1:0.9.8-12.el9.x86_64", "Installed: libnftnl-1.1.9-4.el9.x86_64", "Installed: iptables-nft-1.8.7-28.el9.x86_64", "Installed: python3-firewall-1.0.0-4.el9.noarch", "Installed: firewalld-1.0.0-4.el9.noarch", "Installed: firewalld-filesystem-1.0.0-4.el9.noarch", "Installed: python3-nftables-1:0.9.8-12.el9.x86_64" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Monday 09 May 2022 17:12:22 +0000 (0:00:02.240) 0:00:59.500 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket dbus-broker.service polkit.service sysinit.target system.slice basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target network-pre.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "iptables.service ip6tables.service shutdown.target ipset.service ebtables.service nftables.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [ipaserver : Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 Monday 09 May 2022 17:12:23 +0000 (0:00:01.026) 0:01:00.526 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Monday 09 May 2022 17:12:23 +0000 (0:00:00.035) 0:01:00.562 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 Monday 09 May 2022 17:12:23 +0000 (0:00:00.033) 0:01:00.595 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 Monday 09 May 2022 17:12:23 +0000 (0:00:00.033) 0:01:00.629 ************ ok: [/cache/rhel-x.qcow2.snap] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 141399999, "idstart": 141200000, "ipa_python_version": 40908, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:138 Monday 09 May 2022 17:12:25 +0000 (0:00:01.338) 0:01:01.967 ************ changed: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:145 Monday 09 May 2022 17:12:26 +0000 (0:00:01.233) 0:01:03.201 ************ ok: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:153 Monday 09 May 2022 17:12:26 +0000 (0:00:00.031) 0:01:03.233 ************ changed: [/cache/rhel-x.qcow2.snap] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": [ "10.0.2.3" ], "ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:197 Monday 09 May 2022 17:12:28 +0000 (0:00:02.277) 0:01:05.511 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:204 Monday 09 May 2022 17:12:39 +0000 (0:00:10.557) 0:01:16.068 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:233 Monday 09 May 2022 17:12:57 +0000 (0:00:18.260) 0:01:34.328 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:260 Monday 09 May 2022 17:13:03 +0000 (0:00:05.627) 0:01:39.955 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:266 Monday 09 May 2022 17:13:07 +0000 (0:00:04.353) 0:01:44.308 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "/cache/rhel-x.qcow2.snap-ipa.csr"] **** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:307 Monday 09 May 2022 17:15:41 +0000 (0:02:34.020) 0:04:18.329 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:316 Monday 09 May 2022 17:15:41 +0000 (0:00:00.034) 0:04:18.363 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:322 Monday 09 May 2022 17:15:44 +0000 (0:00:02.605) 0:04:20.968 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:354 Monday 09 May 2022 17:18:11 +0000 (0:02:26.943) 0:06:47.911 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:365 Monday 09 May 2022 17:18:11 +0000 (0:00:00.036) 0:06:47.947 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:382 Monday 09 May 2022 17:18:18 +0000 (0:00:07.558) 0:06:55.506 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:397 Monday 09 May 2022 17:18:18 +0000 (0:00:00.036) 0:06:55.543 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:414 Monday 09 May 2022 17:18:21 +0000 (0:00:02.277) 0:06:57.820 ************ TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Monday 09 May 2022 17:18:21 +0000 (0:00:00.057) 0:06:57.877 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => { "ansible_facts": { "ipaclient_packages": [ "ipa-client", "python3-libselinux" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:19 Monday 09 May 2022 17:18:21 +0000 (0:00:00.053) 0:06:57.930 ************ included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/rhel-x.qcow2.snap TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 Monday 09 May 2022 17:18:21 +0000 (0:00:00.066) 0:06:57.997 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [ipaclient : Install - Set ipaclient_servers] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 Monday 09 May 2022 17:18:22 +0000 (0:00:01.049) 0:06:59.047 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 Monday 09 May 2022 17:18:22 +0000 (0:00:00.036) 0:06:59.083 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 Monday 09 May 2022 17:18:22 +0000 (0:00:00.035) 0:06:59.119 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 Monday 09 May 2022 17:18:22 +0000 (0:00:00.034) 0:06:59.153 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 Monday 09 May 2022 17:18:22 +0000 (0:00:00.037) 0:06:59.190 ************ ok: [/cache/rhel-x.qcow2.snap] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40908, "kdc": "ipaserver.test.local", "nosssd_files": {}, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 Monday 09 May 2022 17:18:23 +0000 (0:00:00.958) 0:07:00.149 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 Monday 09 May 2022 17:18:23 +0000 (0:00:00.441) 0:07:00.590 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 Monday 09 May 2022 17:18:24 +0000 (0:00:00.910) 0:07:01.500 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 Monday 09 May 2022 17:18:24 +0000 (0:00:00.036) 0:07:01.537 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 Monday 09 May 2022 17:18:24 +0000 (0:00:00.037) 0:07:01.575 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 Monday 09 May 2022 17:18:26 +0000 (0:00:01.684) 0:07:03.260 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 Monday 09 May 2022 17:18:26 +0000 (0:00:00.037) 0:07:03.297 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 Monday 09 May 2022 17:18:26 +0000 (0:00:00.039) 0:07:03.337 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Monday 09 May 2022 17:18:26 +0000 (0:00:00.037) 0:07:03.374 ************ skipping: [/cache/rhel-x.qcow2.snap] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 Monday 09 May 2022 17:18:26 +0000 (0:00:00.037) 0:07:03.412 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 Monday 09 May 2022 17:18:26 +0000 (0:00:00.034) 0:07:03.446 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 Monday 09 May 2022 17:18:26 +0000 (0:00:00.033) 0:07:03.480 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 Monday 09 May 2022 17:18:26 +0000 (0:00:00.036) 0:07:03.516 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 Monday 09 May 2022 17:18:26 +0000 (0:00:00.043) 0:07:03.560 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:192 Monday 09 May 2022 17:18:26 +0000 (0:00:00.045) 0:07:03.606 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:197 Monday 09 May 2022 17:18:26 +0000 (0:00:00.041) 0:07:03.647 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : krb5 configuration not correct] ****************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:219 Monday 09 May 2022 17:18:27 +0000 (0:00:00.040) 0:07:03.688 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : IPA test failed] ********************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:225 Monday 09 May 2022 17:18:27 +0000 (0:00:00.037) 0:07:03.726 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : ca.crt file is missing] ************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:229 Monday 09 May 2022 17:18:27 +0000 (0:00:00.039) 0:07:03.766 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:242 Monday 09 May 2022 17:18:27 +0000 (0:00:00.041) 0:07:03.808 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:251 Monday 09 May 2022 17:18:27 +0000 (0:00:00.038) 0:07:03.847 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:273 Monday 09 May 2022 17:18:28 +0000 (0:00:00.929) 0:07:04.776 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:287 Monday 09 May 2022 17:18:28 +0000 (0:00:00.038) 0:07:04.815 ************ changed: [/cache/rhel-x.qcow2.snap] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:295 Monday 09 May 2022 17:18:30 +0000 (0:00:01.949) 0:07:06.764 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:305 Monday 09 May 2022 17:18:30 +0000 (0:00:00.042) 0:07:06.807 ************ changed: [/cache/rhel-x.qcow2.snap] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 Monday 09 May 2022 17:18:34 +0000 (0:00:04.231) 0:07:11.039 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:345 Monday 09 May 2022 17:18:35 +0000 (0:00:00.974) 0:07:12.013 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:351 Monday 09 May 2022 17:18:36 +0000 (0:00:00.916) 0:07:12.929 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:357 Monday 09 May 2022 17:18:36 +0000 (0:00:00.041) 0:07:12.971 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:375 Monday 09 May 2022 17:18:37 +0000 (0:00:01.171) 0:07:14.142 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:381 Monday 09 May 2022 17:18:37 +0000 (0:00:00.037) 0:07:14.179 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:23 Monday 09 May 2022 17:18:37 +0000 (0:00:00.447) 0:07:14.627 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/rhel-x.qcow2.snap TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:429 Monday 09 May 2022 17:18:38 +0000 (0:00:00.039) 0:07:14.667 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true } TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:436 Monday 09 May 2022 17:18:42 +0000 (0:00:04.468) 0:07:19.135 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:442 Monday 09 May 2022 17:18:42 +0000 (0:00:00.484) 0:07:19.620 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.261214", "end": "2022-05-09 13:18:43.190894", "rc": 0, "start": "2022-05-09 13:18:42.929680" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:456 Monday 09 May 2022 17:18:43 +0000 (0:00:00.872) 0:07:20.492 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.221221", "end": "2022-05-09 13:18:43.875503", "rc": 0, "start": "2022-05-09 13:18:43.654282" } STDOUT: success TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:472 Monday 09 May 2022 17:18:44 +0000 (0:00:00.689) 0:07:21.182 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [/cache/rhel-x.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [/cache/rhel-x.qcow2.snap] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:23 Monday 09 May 2022 17:18:45 +0000 (0:00:01.411) 0:07:22.594 ************ skipping: [/cache/rhel-x.qcow2.snap] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Issue IPA signed certificates] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_basic_ipa.yml:10 Monday 09 May 2022 17:18:45 +0000 (0:00:00.046) 0:07:22.641 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:18:46 +0000 (0:00:00.903) 0:07:23.544 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:18:46 +0000 (0:00:00.022) 0:07:23.567 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:18:47 +0000 (0:00:00.575) 0:07:24.142 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:18:47 +0000 (0:00:00.034) 0:07:24.177 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:18:48 +0000 (0:00:00.997) 0:07:25.175 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:18:49 +0000 (0:00:01.000) 0:07:26.175 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:18:50 +0000 (0:00:00.488) 0:07:26.664 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:18:50 +0000 (0:00:00.497) 0:07:27.161 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-05-09 13:14:55 EDT", "ActiveEnterTimestampMonotonic": "222318971", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "syslog.target system.slice sysinit.target dbus-broker.service network.target systemd-journald.socket dbus.socket basic.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-05-09 13:14:55 EDT", "AssertTimestampMonotonic": "222306423", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "38857340000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-05-09 13:14:55 EDT", "ConditionTimestampMonotonic": "222306417", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "20953", "ExecMainStartTimestamp": "Mon 2022-05-09 13:14:55 EDT", "ExecMainStartTimestampMonotonic": "222308096", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-05-09 13:14:55 EDT", "InactiveExitTimestampMonotonic": "222308549", "InvocationID": "4d9af1e99cac4897900af9f98b02f6f0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "20953", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "7229440", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-05-09 13:18:39 EDT", "StateChangeTimestampMonotonic": "446997645", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:18:51 +0000 (0:00:00.604) 0:07:27.765 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_basic_ipa', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert_basic_ipa", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificates] ***************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_basic_ipa.yml:30 Monday 09 May 2022 17:18:56 +0000 (0:00:05.147) 0:07:32.913 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_basic_ipa.yml:89 Monday 09 May 2022 17:18:57 +0000 (0:00:00.875) 0:07:33.788 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_basic_ipa.crt', 'key_path': '/etc/pki/tls/private/mycert_basic_ipa.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/groupcert.crt', 'key_path': '/etc/pki/tls/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:18:57 +0000 (0:00:00.038) 0:07:33.827 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:18:57 +0000 (0:00:00.015) 0:07:33.842 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:18:58 +0000 (0:00:00.984) 0:07:34.826 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:19:03 +0000 (0:00:05.196) 0:07:40.023 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.8 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 27.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.7 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 28.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 51.7 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:19:06 +0000 (0:00:03.197) 0:07:43.221 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116733.7918553, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d8d87a2337b641854d04a1a210fb55cd8cb2efc8", "ctime": 1652116733.7888553, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9297216, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116733.7888553, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_basic_ipa.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "2628974792", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:19:07 +0000 (0:00:00.595) 0:07:43.817 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:19:07 +0000 (0:00:00.023) 0:07:43.840 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:19:07 +0000 (0:00:00.039) 0:07:43.879 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:19:07 +0000 (0:00:00.038) 0:07:43.918 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116731.6708553, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d0c817ccd7b887632232ce27ad1da2155e2f2ef1", "ctime": 1652116733.7888553, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 24731, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116733.7888553, "nlink": 1, "path": "/etc/pki/tls/private/mycert_basic_ipa.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "1965834155", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:19:07 +0000 (0:00:00.444) 0:07:44.362 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:19:07 +0000 (0:00:00.020) 0:07:44.383 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:19:07 +0000 (0:00:00.036) 0:07:44.420 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_basic_ipa.crt" ], "delta": "0:00:00.199620", "end": "2022-05-09 13:19:07.762684", "rc": 0, "start": "2022-05-09 13:19:07.563064" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "82:FD:57:34:C1:2C:C2:B3:A5:15:C8:67:C6:36:62:49:EF:2A:6C:49", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "72:8A:B2:D6:F1:7F:58:26:82:62:55:74:8D:B1:41:AF:B2:E7:B3:93", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "14:74:FD:CA:91:84:FE:30:DD:75:7A:0A:4F:71:6F:08:50:AC:94:F0:FC:19:A4:0C:95:0E:CB:6F:7A:04:F1:0E:1D:5B:94:F2:74:59:2C:93:FD:E0:1C:E8:33:F7:7E:B3:EB:C3:FE:44:FE:BC:B0:E6:99:67:F8:D0:24:D9:5E:02:4A:44:66:1F:AA:04:51:D5:AD:0B:29:6A:FA:B8:94:5E:CD:7B:4C:4E:39:EB:D3:82:70:A1:32:65:6D:35:96:02:35:6A:EF:9C:14:7C:C5:5B:1C:2B:15:0F:95:21:AA:E0:7F:52:C2:F2:BA:93:04:9A:73:B5:24:02:8D:BC:56:37:76:51:5B:BE:A9:59:FA:30:4D:72:18:AE:CA:4C:3F:DC:FC:3E:07:A6:3A:44:18:4E:90:01:59:A4:EE:51:D6:63:23:CA:92:9D:8E:B4:BC:05:09:4B:6E:E7:6C:50:CB:29:CC:1E:30:8A:E1:D9:AD:7E:73:1F:EF:12:46:58:49:F4:13:7B:A5:11:C4:8B:5D:C7:30:07:E8:20:6F:72:05:21:C5:49:00:E9:42:DE:3D:49:ED:C5:4C:8E:EB:C0:8C:4F:21:88:51:F7:19:46:B5:F1:32:FA:C1:06:5A:96:09:A9:EE:31:CC:8B:4D:71:F6:36:B9:10:A5:7C:01:B9:53:1A:17:5A:CB:2B:E4:2D:F6:51:1F:94:4F:0A:A7:68:86:3F:E9:CB:FF:D1:A0:67:00:F5:5E:91:38:8D:41:FD:DB:44:0D:2C:BD:60:EA:02:C2:13:F2:B1:03:0D:3A:50:5C:CE:0B:FB:F2:9E:79:FF:12:91:D2:28:32:7E:A0:A5:BD:E3:01:7D:04:5D:B3:83:D3:36:AD:B5:77:A4:49:60:93:0C:20:36:13:59:58:AA:31:BC:88:3C:C2:56:F1:18:ED:57:0A:27:9D:76:7E:63:55:33:B2:CF:C5:55:2D:B4:2D:2A:FD:5B:25:76:41:4E:05:2A:76:E3:91:0B:F3:EB:B7:91" }, "key_size": 2048, "validity": { "not_valid_after": "2024-05-09 17:18:53", "not_valid_before": "2022-05-09 17:18:53" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:19:08 +0000 (0:00:00.646) 0:07:45.066 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "82:FD:57:34:C1:2C:C2:B3:A5:15:C8:67:C6:36:62:49:EF:2A:6C:49" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "72:8A:B2:D6:F1:7F:58:26:82:62:55:74:8D:B1:41:AF:B2:E7:B3:93" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "14:74:FD:CA:91:84:FE:30:DD:75:7A:0A:4F:71:6F:08:50:AC:94:F0:FC:19:A4:0C:95:0E:CB:6F:7A:04:F1:0E:1D:5B:94:F2:74:59:2C:93:FD:E0:1C:E8:33:F7:7E:B3:EB:C3:FE:44:FE:BC:B0:E6:99:67:F8:D0:24:D9:5E:02:4A:44:66:1F:AA:04:51:D5:AD:0B:29:6A:FA:B8:94:5E:CD:7B:4C:4E:39:EB:D3:82:70:A1:32:65:6D:35:96:02:35:6A:EF:9C:14:7C:C5:5B:1C:2B:15:0F:95:21:AA:E0:7F:52:C2:F2:BA:93:04:9A:73:B5:24:02:8D:BC:56:37:76:51:5B:BE:A9:59:FA:30:4D:72:18:AE:CA:4C:3F:DC:FC:3E:07:A6:3A:44:18:4E:90:01:59:A4:EE:51:D6:63:23:CA:92:9D:8E:B4:BC:05:09:4B:6E:E7:6C:50:CB:29:CC:1E:30:8A:E1:D9:AD:7E:73:1F:EF:12:46:58:49:F4:13:7B:A5:11:C4:8B:5D:C7:30:07:E8:20:6F:72:05:21:C5:49:00:E9:42:DE:3D:49:ED:C5:4C:8E:EB:C0:8C:4F:21:88:51:F7:19:46:B5:F1:32:FA:C1:06:5A:96:09:A9:EE:31:CC:8B:4D:71:F6:36:B9:10:A5:7C:01:B9:53:1A:17:5A:CB:2B:E4:2D:F6:51:1F:94:4F:0A:A7:68:86:3F:E9:CB:FF:D1:A0:67:00:F5:5E:91:38:8D:41:FD:DB:44:0D:2C:BD:60:EA:02:C2:13:F2:B1:03:0D:3A:50:5C:CE:0B:FB:F2:9E:79:FF:12:91:D2:28:32:7E:A0:A5:BD:E3:01:7D:04:5D:B3:83:D3:36:AD:B5:77:A4:49:60:93:0C:20:36:13:59:58:AA:31:BC:88:3C:C2:56:F1:18:ED:57:0A:27:9D:76:7E:63:55:33:B2:CF:C5:55:2D:B4:2D:2A:FD:5B:25:76:41:4E:05:2A:76:E3:91:0B:F3:EB:B7:91" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-05-09 17:18:53", "not_valid_before": "2022-05-09 17:18:53" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:19:08 +0000 (0:00:00.034) 0:07:45.101 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:19:08 +0000 (0:00:00.033) 0:07:45.134 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:19:08 +0000 (0:00:00.021) 0:07:45.155 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:19:08 +0000 (0:00:00.032) 0:07:45.188 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:19:08 +0000 (0:00:00.033) 0:07:45.221 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:19:08 +0000 (0:00:00.032) 0:07:45.254 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_basic_ipa.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.051189", "end": "2022-05-09 13:19:08.432264", "rc": 0, "start": "2022-05-09 13:19:08.381075" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:19:09 +0000 (0:00:00.481) 0:07:45.736 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:19:09 +0000 (0:00:00.035) 0:07:45.771 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:19:09 +0000 (0:00:00.015) 0:07:45.787 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:19:10 +0000 (0:00:01.005) 0:07:46.792 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:19:11 +0000 (0:00:01.115) 0:07:47.908 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:19:12 +0000 (0:00:00.973) 0:07:48.881 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116735.4998553, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e52b75999c8385facd43177add3a11208e8f8b1e", "ctime": 1652116735.5858552, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 9297219, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652116735.4978552, "nlink": 1, "path": "/etc/pki/tls/certs/groupcert.crt", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "3291430918", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:19:12 +0000 (0:00:00.435) 0:07:49.317 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:19:12 +0000 (0:00:00.020) 0:07:49.337 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:19:12 +0000 (0:00:00.034) 0:07:49.372 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:19:12 +0000 (0:00:00.031) 0:07:49.403 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116734.6318552, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "41cb5244349672c3bd154b49d8a72c4f2174effe", "ctime": 1652116735.5858552, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 24732, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652116735.4978552, "nlink": 1, "path": "/etc/pki/tls/private/groupcert.key", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "878985956", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:19:13 +0000 (0:00:00.437) 0:07:49.840 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:19:13 +0000 (0:00:00.019) 0:07:49.860 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:19:13 +0000 (0:00:00.034) 0:07:49.894 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/groupcert.crt" ], "delta": "0:00:00.192981", "end": "2022-05-09 13:19:13.213715", "rc": 0, "start": "2022-05-09 13:19:13.020734" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "82:FD:57:34:C1:2C:C2:B3:A5:15:C8:67:C6:36:62:49:EF:2A:6C:49", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "40:C7:C7:75:EA:4A:C8:5B:20:62:50:FD:F5:55:BD:48:28:87:C4:28", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "72:63:8B:78:58:51:38:E2:BC:02:05:36:D1:03:27:A4:01:A7:59:45:E6:C7:AE:6C:AA:8D:A3:BF:29:CF:E3:53:29:A5:A3:26:02:4C:19:23:E9:40:55:FE:F5:E3:AD:B9:86:1E:EE:3B:80:0B:72:F6:78:5B:9C:9A:C7:43:1F:C7:95:C6:37:50:31:4B:6F:02:88:94:A1:EF:EA:88:88:99:34:06:DF:B8:F6:63:8F:60:49:60:C4:27:09:0F:1B:45:67:91:D4:D5:23:50:8B:66:63:93:4E:74:F9:DB:D5:D5:60:C4:25:11:7F:F0:42:85:2B:6B:82:7A:06:4D:BA:D8:95:7D:9C:64:05:35:4C:48:C5:73:68:59:79:8A:71:C5:37:07:74:2D:BD:7E:E2:06:03:43:96:30:E0:2B:46:0E:97:BD:AA:F8:3D:4A:28:11:D8:CF:0E:C4:40:90:B8:28:1D:90:92:45:14:30:27:26:33:F7:40:BE:7E:F7:FF:AF:BB:DD:BB:DE:F0:A5:63:E3:51:90:BB:1F:B9:15:05:77:8A:92:9B:7B:47:5B:C8:0B:61:13:67:16:06:AA:AF:3E:A6:25:4B:DD:0B:2B:54:0C:41:17:49:B5:E8:E4:79:0E:B4:AA:F5:56:80:5F:84:DA:5C:4A:53:8F:89:FE:78:B4:74:A7:32:E1:52:B3:B1:3E:78:1A:16:82:08:AD:D2:80:88:4F:D1:3D:95:73:74:F4:1B:61:C0:11:02:BF:C0:94:97:B3:14:4F:3A:DF:FE:1E:C7:0F:B3:F2:F5:71:66:ED:EC:01:0C:20:95:AB:80:8B:79:42:ED:6D:6D:72:7A:23:FF:67:39:1E:C2:72:F9:7C:24:CB:1E:8D:A7:DA:E8:F4:CF:5C:B3:05:36:40:61:AB:D5:17:81:C9:C6:D8:AB:8A:DE:27:CF:3E:34:F4:20:FB:D6:CF:56:FA:CD:3D:4C:BB:1D:12:DE:26:2A:7D:48:1C:E6:C6:26:93:67:84:18:C2" }, "key_size": 2048, "validity": { "not_valid_after": "2024-05-09 17:18:55", "not_valid_before": "2022-05-09 17:18:55" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:19:13 +0000 (0:00:00.619) 0:07:50.513 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "82:FD:57:34:C1:2C:C2:B3:A5:15:C8:67:C6:36:62:49:EF:2A:6C:49" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "40:C7:C7:75:EA:4A:C8:5B:20:62:50:FD:F5:55:BD:48:28:87:C4:28" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "72:63:8B:78:58:51:38:E2:BC:02:05:36:D1:03:27:A4:01:A7:59:45:E6:C7:AE:6C:AA:8D:A3:BF:29:CF:E3:53:29:A5:A3:26:02:4C:19:23:E9:40:55:FE:F5:E3:AD:B9:86:1E:EE:3B:80:0B:72:F6:78:5B:9C:9A:C7:43:1F:C7:95:C6:37:50:31:4B:6F:02:88:94:A1:EF:EA:88:88:99:34:06:DF:B8:F6:63:8F:60:49:60:C4:27:09:0F:1B:45:67:91:D4:D5:23:50:8B:66:63:93:4E:74:F9:DB:D5:D5:60:C4:25:11:7F:F0:42:85:2B:6B:82:7A:06:4D:BA:D8:95:7D:9C:64:05:35:4C:48:C5:73:68:59:79:8A:71:C5:37:07:74:2D:BD:7E:E2:06:03:43:96:30:E0:2B:46:0E:97:BD:AA:F8:3D:4A:28:11:D8:CF:0E:C4:40:90:B8:28:1D:90:92:45:14:30:27:26:33:F7:40:BE:7E:F7:FF:AF:BB:DD:BB:DE:F0:A5:63:E3:51:90:BB:1F:B9:15:05:77:8A:92:9B:7B:47:5B:C8:0B:61:13:67:16:06:AA:AF:3E:A6:25:4B:DD:0B:2B:54:0C:41:17:49:B5:E8:E4:79:0E:B4:AA:F5:56:80:5F:84:DA:5C:4A:53:8F:89:FE:78:B4:74:A7:32:E1:52:B3:B1:3E:78:1A:16:82:08:AD:D2:80:88:4F:D1:3D:95:73:74:F4:1B:61:C0:11:02:BF:C0:94:97:B3:14:4F:3A:DF:FE:1E:C7:0F:B3:F2:F5:71:66:ED:EC:01:0C:20:95:AB:80:8B:79:42:ED:6D:6D:72:7A:23:FF:67:39:1E:C2:72:F9:7C:24:CB:1E:8D:A7:DA:E8:F4:CF:5C:B3:05:36:40:61:AB:D5:17:81:C9:C6:D8:AB:8A:DE:27:CF:3E:34:F4:20:FB:D6:CF:56:FA:CD:3D:4C:BB:1D:12:DE:26:2A:7D:48:1C:E6:C6:26:93:67:84:18:C2" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-05-09 17:18:55", "not_valid_before": "2022-05-09 17:18:55" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:19:13 +0000 (0:00:00.031) 0:07:50.545 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:19:13 +0000 (0:00:00.031) 0:07:50.577 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:19:13 +0000 (0:00:00.019) 0:07:50.596 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:19:13 +0000 (0:00:00.033) 0:07:50.629 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:19:13 +0000 (0:00:00.030) 0:07:50.660 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:19:14 +0000 (0:00:00.033) 0:07:50.693 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/groupcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.046544", "end": "2022-05-09 13:19:13.863647", "rc": 0, "start": "2022-05-09 13:19:13.817103" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:19:14 +0000 (0:00:00.466) 0:07:51.160 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=98 changed=32 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 Monday 09 May 2022 17:19:14 +0000 (0:00:00.040) 0:07:51.200 ************ =============================================================================== ipaserver : Install - Setup CA ---------------------------------------- 154.02s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:266 ----------------------- ipaserver : Install - Setup HTTP -------------------------------------- 146.94s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:322 ----------------------- ipaserver : Install - Ensure that IPA server packages are installed ---- 47.21s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 ------------------------- ipaserver : Install - Setup DS ----------------------------------------- 18.26s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:204 ----------------------- ipaserver : Install - Setup NTP ---------------------------------------- 10.56s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:197 ----------------------- ipaserver : Install - Setup DNS ----------------------------------------- 7.56s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:365 ----------------------- ipaserver : Install - Setup KRB ----------------------------------------- 5.63s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:233 ----------------------- Install the package, force upgrade -------------------------------------- 5.20s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure certificate requests ----- 5.15s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 ipaserver : Install - Enable IPA ---------------------------------------- 4.47s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:429 ----------------------- ipaserver : Install - Setup custodia ------------------------------------ 4.35s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:260 ----------------------- ipaclient : Install - Create IPA NSS database --------------------------- 4.23s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:305 ----------------------- ipaserver : Install - Ensure that IPA server packages for dns are installed --- 3.94s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 ------------------------ Install certreader ------------------------------------------------------ 3.20s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - ipaserver : Install - Setup otpd ---------------------------------------- 2.61s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:316 ----------------------- ipaserver : Install - Server preparation -------------------------------- 2.28s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:153 ----------------------- ipaserver : Install - Set DS password ----------------------------------- 2.28s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:397 ----------------------- ipaserver : Install - Ensure that firewall packages installed ----------- 2.24s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 ------------------------ ipaclient : Install - IPA API calls for remaining enrollment parts ------ 1.95s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:287 ----------------------- ipaclient : Install - Test if IPA client has working krb5.keytab -------- 1.68s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 ------------------------ ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_basic_self_signed.yml:2 Monday 09 May 2022 17:19:28 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:19:29 +0000 (0:00:01.133) 0:00:01.144 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:19:29 +0000 (0:00:00.022) 0:00:01.167 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:19:30 +0000 (0:00:00.504) 0:00:01.671 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:19:30 +0000 (0:00:00.038) 0:00:01.709 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:19:31 +0000 (0:00:01.304) 0:00:03.014 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:19:33 +0000 (0:00:02.010) 0:00:05.024 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:19:34 +0000 (0:00:00.510) 0:00:05.534 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:19:34 +0000 (0:00:00.386) 0:00:05.921 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket dbus-broker.service basic.target sysinit.target systemd-journald.socket network.target system.slice syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:19:35 +0000 (0:00:01.001) 0:00:06.922 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_basic_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_basic_self_signed" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_basic_self_signed.yml:13 Monday 09 May 2022 17:19:36 +0000 (0:00:01.028) 0:00:07.951 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_basic_self_signed.yml:27 Monday 09 May 2022 17:19:37 +0000 (0:00:00.786) 0:00:08.737 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_basic_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_basic_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:19:37 +0000 (0:00:00.035) 0:00:08.773 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:19:37 +0000 (0:00:00.017) 0:00:08.791 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:19:38 +0000 (0:00:00.829) 0:00:09.620 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:19:43 +0000 (0:00:04.866) 0:00:14.487 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 11.9 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 25.7 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 15.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 26.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:19:46 +0000 (0:00:03.126) 0:00:17.613 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116776.5859468, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6edb37016430b20cc7ecd95a65127ae02fae9f59", "ctime": 1652116776.5839467, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116776.5839467, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_basic_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3347363197", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:19:46 +0000 (0:00:00.498) 0:00:18.112 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:19:46 +0000 (0:00:00.022) 0:00:18.134 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:19:46 +0000 (0:00:00.034) 0:00:18.168 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:19:46 +0000 (0:00:00.030) 0:00:18.199 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116776.5269468, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b35f6151b2254ea10b75df5e0f91b8b6b825161f", "ctime": 1652116776.5839467, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116776.5839467, "nlink": 1, "path": "/etc/pki/tls/private/mycert_basic_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3595680109", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:19:47 +0000 (0:00:00.361) 0:00:18.560 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:19:47 +0000 (0:00:00.021) 0:00:18.582 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:19:47 +0000 (0:00:00.037) 0:00:18.619 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_basic_self_signed.crt" ], "delta": "0:00:00.201006", "end": "2022-05-09 13:19:48.112097", "rc": 0, "start": "2022-05-09 13:19:47.911091" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "28:2D:95:CC:CE:91:80:B6:C6:F3:17:DA:78:B3:D5:00:90:74:1E:0B", "critical": false }, "authorityKeyIdentifier": { "value": "5D:FF:ED:FC:08:10:F8:C4:CB:A3:03:BA:FF:EF:A9:9B:3D:AD:2A:AA", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "96:11:C7:F5:77:76:F2:8C:65:BD:9C:4B:D2:9C:1A:6F:65:D6:39:6C:E9:D5:A4:90:13:B4:AC:35:CD:6E:93:BC:DD:27:EF:55:C5:39:5A:79:C1:99:6A:D3:9A:9A:92:C9:C9:9F:22:19:60:F3:44:DE:DD:BF:D4:5F:00:BB:26:12:61:2E:C8:66:51:93:42:3A:F6:E1:F1:0A:3F:3E:FF:26:E6:75:1C:65:DB:CF:6F:99:AC:37:C3:5E:75:46:71:9E:90:27:23:0F:D7:DF:A9:C9:6B:0B:A1:31:99:49:E0:08:9D:73:8D:63:62:F7:2A:81:C5:39:29:F6:6E:54:51:C8:64:0F:C3:A2:BF:7D:DC:29:7E:FF:39:05:4D:D0:1C:76:F7:53:A6:4B:23:72:0D:7A:B3:14:39:2B:AE:10:F6:AF:0E:2A:FD:56:51:EB:DA:62:7F:5E:6A:B0:3A:87:3E:D4:A4:D8:47:C9:35:51:52:70:F3:49:F9:3E:BB:A8:29:DB:EB:4A:14:5A:63:60:88:FF:79:71:DB:C4:E9:2F:FA:5B:63:71:A3:7F:4A:C4:BF:FA:48:9C:E9:53:1F:27:6C:AA:1A:95:A7:F1:5F:2B:EA:EC:7C:0C:B1:1C:D4:0C:BB:C8:C4:E3:5E:58:84:61:B3:28:08:CC:C9:5B:77:31:E1:AC" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:19:35", "not_valid_before": "2022-05-09 17:19:36" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:19:47 +0000 (0:00:00.695) 0:00:19.315 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5D:FF:ED:FC:08:10:F8:C4:CB:A3:03:BA:FF:EF:A9:9B:3D:AD:2A:AA" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "28:2D:95:CC:CE:91:80:B6:C6:F3:17:DA:78:B3:D5:00:90:74:1E:0B" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "96:11:C7:F5:77:76:F2:8C:65:BD:9C:4B:D2:9C:1A:6F:65:D6:39:6C:E9:D5:A4:90:13:B4:AC:35:CD:6E:93:BC:DD:27:EF:55:C5:39:5A:79:C1:99:6A:D3:9A:9A:92:C9:C9:9F:22:19:60:F3:44:DE:DD:BF:D4:5F:00:BB:26:12:61:2E:C8:66:51:93:42:3A:F6:E1:F1:0A:3F:3E:FF:26:E6:75:1C:65:DB:CF:6F:99:AC:37:C3:5E:75:46:71:9E:90:27:23:0F:D7:DF:A9:C9:6B:0B:A1:31:99:49:E0:08:9D:73:8D:63:62:F7:2A:81:C5:39:29:F6:6E:54:51:C8:64:0F:C3:A2:BF:7D:DC:29:7E:FF:39:05:4D:D0:1C:76:F7:53:A6:4B:23:72:0D:7A:B3:14:39:2B:AE:10:F6:AF:0E:2A:FD:56:51:EB:DA:62:7F:5E:6A:B0:3A:87:3E:D4:A4:D8:47:C9:35:51:52:70:F3:49:F9:3E:BB:A8:29:DB:EB:4A:14:5A:63:60:88:FF:79:71:DB:C4:E9:2F:FA:5B:63:71:A3:7F:4A:C4:BF:FA:48:9C:E9:53:1F:27:6C:AA:1A:95:A7:F1:5F:2B:EA:EC:7C:0C:B1:1C:D4:0C:BB:C8:C4:E3:5E:58:84:61:B3:28:08:CC:C9:5B:77:31:E1:AC" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:19:35", "not_valid_before": "2022-05-09 17:19:36" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:19:47 +0000 (0:00:00.034) 0:00:19.349 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:19:47 +0000 (0:00:00.035) 0:00:19.384 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:19:47 +0000 (0:00:00.021) 0:00:19.406 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:19:48 +0000 (0:00:00.033) 0:00:19.440 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:19:48 +0000 (0:00:00.036) 0:00:19.476 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:19:48 +0000 (0:00:00.062) 0:00:19.538 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_basic_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040289", "end": "2022-05-09 13:19:48.733234", "rc": 0, "start": "2022-05-09 13:19:48.692945" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:19:48 +0000 (0:00:00.393) 0:00:19.932 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:19:48 +0000 (0:00:00.039) 0:00:19.972 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 4.87s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.13s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.01s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.30s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.13s /tmp/tmp2bcmclq9/tests/certificate/tests_basic_self_signed.yml:2 -------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.00s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Ensure python3 is installed --------------------------------------------- 0.83s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmp2bcmclq9/tests/certificate/tests_basic_self_signed.yml:13 ------------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.51s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.50s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate Extended Key Usage ----------------------------------- 0.06s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:20:04 +0000 (0:00:00.013) 0:00:00.013 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:20:04 +0000 (0:00:00.015) 0:00:00.028 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:20:04 +0000 (0:00:00.806) 0:00:00.834 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:20:04 +0000 (0:00:00.032) 0:00:00.867 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:20:06 +0000 (0:00:01.271) 0:00:02.138 ************ TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:20:06 +0000 (0:00:00.025) 0:00:02.164 ************ TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:20:06 +0000 (0:00:00.024) 0:00:02.189 ************ TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:20:06 +0000 (0:00:00.025) 0:00:02.214 ************ TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:20:06 +0000 (0:00:00.025) 0:00:02.239 ************ META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=3 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 09 May 2022 17:20:06 +0000 (0:00:00.017) 0:00:02.257 ************ =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.27s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.81s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Set version specific variables --- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_dns_ip_email.yml:2 Monday 09 May 2022 17:20:21 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:20:23 +0000 (0:00:01.119) 0:00:01.130 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:20:23 +0000 (0:00:00.022) 0:00:01.152 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:20:23 +0000 (0:00:00.504) 0:00:01.657 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:20:23 +0000 (0:00:00.039) 0:00:01.697 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:20:24 +0000 (0:00:01.314) 0:00:03.012 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:20:27 +0000 (0:00:02.161) 0:00:05.174 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:20:27 +0000 (0:00:00.532) 0:00:05.706 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:20:27 +0000 (0:00:00.391) 0:00:06.097 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket dbus-broker.service sysinit.target system.slice systemd-journald.socket network.target basic.target syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:20:29 +0000 (0:00:01.029) 0:00:07.127 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_dns_ip_email', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "My Certificate with SAN", "dns": [ "sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com" ], "email": [ "sysadmin@example.com", "support@example.com" ], "ip": [ "192.0.2.12", "198.51.100.65", "2001:db8::2:1" ], "name": "mycert_dns_ip_email" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_dns_ip_email.yml:24 Monday 09 May 2022 17:20:29 +0000 (0:00:00.898) 0:00:08.026 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_dns_ip_email.yml:54 Monday 09 May 2022 17:20:30 +0000 (0:00:00.785) 0:00:08.811 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_dns_ip_email.crt', 'key_path': '/etc/pki/tls/private/mycert_dns_ip_email.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'My Certificate with SAN'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'sub1.example.com'}, {'name': 'DNS', 'value': 'www.example.com'}, {'name': 'DNS', 'value': 'sub2.example.com'}, {'name': 'DNS', 'value': 'sub3.example.com'}, {'name': 'email', 'value': 'sysadmin@example.com'}, {'name': 'email', 'value': 'support@example.com'}, {'name': 'IP Address', 'value': '192.0.2.12'}, {'name': 'IP Address', 'value': '198.51.100.65'}, {'name': 'IP Address', 'value': '2001:db8::2:1'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:20:30 +0000 (0:00:00.037) 0:00:08.848 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:20:30 +0000 (0:00:00.015) 0:00:08.864 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:20:31 +0000 (0:00:00.820) 0:00:09.684 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:20:36 +0000 (0:00:05.089) 0:00:14.774 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 28.3 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 34.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 28.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 38.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:20:39 +0000 (0:00:03.061) 0:00:17.835 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116829.1718316, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "792675ed920ad94ddff10a775d9a8f9798fda54a", "ctime": 1652116829.1698315, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116829.1698315, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_dns_ip_email.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1484, "uid": 0, "version": "3877985576", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:20:40 +0000 (0:00:00.461) 0:00:18.297 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:20:40 +0000 (0:00:00.022) 0:00:18.319 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:20:40 +0000 (0:00:00.037) 0:00:18.356 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:20:40 +0000 (0:00:00.034) 0:00:18.391 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116829.1118317, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "212265af561b64404050ed2b095cbf03e0aafd49", "ctime": 1652116829.1698315, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17298, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116829.1698315, "nlink": 1, "path": "/etc/pki/tls/private/mycert_dns_ip_email.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1336580234", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:20:40 +0000 (0:00:00.360) 0:00:18.751 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:20:40 +0000 (0:00:00.020) 0:00:18.772 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:20:40 +0000 (0:00:00.035) 0:00:18.807 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_dns_ip_email.crt" ], "delta": "0:00:00.197059", "end": "2022-05-09 13:20:40.694245", "rc": 0, "start": "2022-05-09 13:20:40.497186" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "61:C2:62:3C:ED:0A:13:10:68:A8:49:77:E9:9B:59:CB:9E:D9:72:92", "critical": false }, "authorityKeyIdentifier": { "value": "FA:21:59:BA:DC:DD:A8:96:EC:0B:30:F3:E5:5E:F6:F4:2C:19:14:6F", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "76:F6:EF:05:78:C8:D2:39:9F:E1:14:2C:ED:35:01:B0:81:EA:88:96:F7:96:B7:8B:B6:F3:57:F7:3A:97:01:C1:2B:CC:19:C3:57:A1:83:AA:1A:D3:2D:9C:FE:AC:3B:C4:6C:E3:A9:47:A0:C4:31:FA:34:63:AF:E2:26:DD:53:C7:32:AD:27:D9:2A:E1:04:AD:62:07:F1:E6:3C:68:97:98:74:E9:D8:EB:D4:97:31:DF:64:17:78:B0:72:05:DA:FF:3B:E5:88:FC:22:BA:98:CE:40:1F:AE:33:04:1F:25:04:B8:02:62:99:08:97:98:8C:40:57:27:C9:31:B6:23:BB:A5:18:F5:76:4B:46:A8:64:A6:AF:A9:00:8A:07:A1:C1:C3:DB:E5:23:B6:0D:36:AE:E5:39:C9:A0:36:50:F7:79:88:89:43:D9:9D:D0:F3:0D:8E:23:1A:96:0B:C7:CC:3E:85:F3:A4:1D:82:3E:9F:BE:62:21:6B:28:7A:CD:5C:52:29:89:C5:89:5C:06:2B:95:F1:3E:A9:E1:4B:B7:2F:D0:BF:DE:B0:BF:FA:DD:69:8E:8F:88:13:B7:D1:44:0B:67:D7:A9:4F:3B:B4:F0:DC:6F:C2:01:DE:BD:06:3A:9B:F7:14:CE:13:0F:15:66:B8:3A:56:24:93:CC:2B:E0:48:10" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:20:28", "not_valid_before": "2022-05-09 17:20:29" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:20:41 +0000 (0:00:00.667) 0:00:19.475 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "FA:21:59:BA:DC:DD:A8:96:EC:0B:30:F3:E5:5E:F6:F4:2C:19:14:6F" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "61:C2:62:3C:ED:0A:13:10:68:A8:49:77:E9:9B:59:CB:9E:D9:72:92" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "76:F6:EF:05:78:C8:D2:39:9F:E1:14:2C:ED:35:01:B0:81:EA:88:96:F7:96:B7:8B:B6:F3:57:F7:3A:97:01:C1:2B:CC:19:C3:57:A1:83:AA:1A:D3:2D:9C:FE:AC:3B:C4:6C:E3:A9:47:A0:C4:31:FA:34:63:AF:E2:26:DD:53:C7:32:AD:27:D9:2A:E1:04:AD:62:07:F1:E6:3C:68:97:98:74:E9:D8:EB:D4:97:31:DF:64:17:78:B0:72:05:DA:FF:3B:E5:88:FC:22:BA:98:CE:40:1F:AE:33:04:1F:25:04:B8:02:62:99:08:97:98:8C:40:57:27:C9:31:B6:23:BB:A5:18:F5:76:4B:46:A8:64:A6:AF:A9:00:8A:07:A1:C1:C3:DB:E5:23:B6:0D:36:AE:E5:39:C9:A0:36:50:F7:79:88:89:43:D9:9D:D0:F3:0D:8E:23:1A:96:0B:C7:CC:3E:85:F3:A4:1D:82:3E:9F:BE:62:21:6B:28:7A:CD:5C:52:29:89:C5:89:5C:06:2B:95:F1:3E:A9:E1:4B:B7:2F:D0:BF:DE:B0:BF:FA:DD:69:8E:8F:88:13:B7:D1:44:0B:67:D7:A9:4F:3B:B4:F0:DC:6F:C2:01:DE:BD:06:3A:9B:F7:14:CE:13:0F:15:66:B8:3A:56:24:93:CC:2B:E0:48:10" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "validity": { "not_valid_after": "2023-05-09 17:20:28", "not_valid_before": "2022-05-09 17:20:29" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:20:41 +0000 (0:00:00.033) 0:00:19.508 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:20:41 +0000 (0:00:00.033) 0:00:19.542 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:20:41 +0000 (0:00:00.021) 0:00:19.564 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:20:41 +0000 (0:00:00.032) 0:00:19.596 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:20:41 +0000 (0:00:00.034) 0:00:19.630 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:20:41 +0000 (0:00:00.033) 0:00:19.664 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_dns_ip_email.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039346", "end": "2022-05-09 13:20:41.273024", "rc": 0, "start": "2022-05-09 13:20:41.233678" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:20:41 +0000 (0:00:00.390) 0:00:20.054 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:20:41 +0000 (0:00:00.042) 0:00:20.096 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.09s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.06s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.16s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.31s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmp2bcmclq9/tests/certificate/tests_dns_ip_email.yml:2 ------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.90s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Ensure python3 is installed --------------------------------------------- 0.82s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmp2bcmclq9/tests/certificate/tests_dns_ip_email.yml:24 ------------------ Parse certificate ------------------------------------------------------- 0.67s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.50s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.46s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Verify each certificate ------------------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tests_dns_ip_email.yml:54 ------------------ Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:2 Monday 09 May 2022 17:20:56 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:5 Monday 09 May 2022 17:20:57 +0000 (0:00:01.195) 0:00:01.204 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:9 Monday 09 May 2022 17:20:57 +0000 (0:00:00.625) 0:00:01.830 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:13 Monday 09 May 2022 17:20:58 +0000 (0:00:00.501) 0:00:02.331 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:20:59 +0000 (0:00:00.786) 0:00:03.118 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:20:59 +0000 (0:00:00.021) 0:00:03.140 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:20:59 +0000 (0:00:00.541) 0:00:03.681 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:20:59 +0000 (0:00:00.037) 0:00:03.719 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:21:01 +0000 (0:00:01.310) 0:00:05.030 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:21:03 +0000 (0:00:02.143) 0:00:07.174 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:21:03 +0000 (0:00:00.533) 0:00:07.708 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:21:04 +0000 (0:00:00.383) 0:00:08.091 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket dbus-broker.service network.target system.slice syslog.target dbus.socket basic.target sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:21:05 +0000 (0:00:01.055) 0:00:09.147 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:31 Monday 09 May 2022 17:21:07 +0000 (0:00:01.792) 0:00:10.940 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:60 Monday 09 May 2022 17:21:07 +0000 (0:00:00.809) 0:00:11.749 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_fs_attrs.crt', 'key_path': '/etc/pki/tls/private/mycert_fs_attrs.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'}) included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:21:07 +0000 (0:00:00.038) 0:00:11.787 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:21:07 +0000 (0:00:00.015) 0:00:11.803 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:21:08 +0000 (0:00:00.864) 0:00:12.668 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:21:14 +0000 (0:00:05.419) 0:00:18.088 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 7.2 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 14.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 33.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 15.0 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 33.3 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:21:17 +0000 (0:00:03.417) 0:00:21.506 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116865.781114, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3ca5b22c9c76351b5f68e5004f54e033f51af1d9", "ctime": 1652116865.847114, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 8388826, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652116865.778114, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "701161414", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:21:18 +0000 (0:00:00.493) 0:00:21.999 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:21:18 +0000 (0:00:00.021) 0:00:22.021 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:21:18 +0000 (0:00:00.034) 0:00:22.056 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:21:18 +0000 (0:00:00.031) 0:00:22.087 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116865.7181141, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "48571f5a0f20f90c23bcb2138e0dcd12cb79c2af", "ctime": 1652116865.847114, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 14823, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652116865.778114, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "1724531539", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:21:18 +0000 (0:00:00.366) 0:00:22.453 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:21:18 +0000 (0:00:00.022) 0:00:22.475 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:21:18 +0000 (0:00:00.037) 0:00:22.513 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_fs_attrs.crt" ], "delta": "0:00:00.200098", "end": "2022-05-09 13:21:18.978069", "rc": 0, "start": "2022-05-09 13:21:18.777971" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "96:29:84:CE:16:BA:BD:3C:C0:E8:FC:B8:A2:61:EE:DF:3B:23:8A:11", "critical": false }, "authorityKeyIdentifier": { "value": "FB:44:FD:9E:AD:54:3A:63:EB:28:E8:2A:D4:C1:1E:DD:5A:F7:70:1E", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "9B:CB:30:97:2B:AC:54:14:EE:ED:51:34:B1:F3:13:6F:D1:2B:86:4C:1A:A1:53:BE:5E:C7:33:DF:42:E8:DB:10:CD:0E:77:9F:33:5B:76:69:1C:16:D8:F7:3F:50:49:4F:2E:A7:82:4D:20:40:B9:27:AA:82:FF:FF:54:DC:53:15:5F:F8:39:B0:BE:D4:08:E9:1F:29:B5:C9:1D:29:26:83:AA:BE:6C:8E:D9:EF:2C:C4:F0:7E:8B:F1:9A:D8:5B:42:06:8D:29:DD:E0:35:C8:BF:67:24:3A:6F:31:EC:80:6B:F6:8F:5A:37:9D:CA:3D:BA:E5:DA:E6:82:7F:AE:7A:5F:02:09:54:1D:E6:4C:95:CE:70:C2:F1:98:9C:0A:A7:94:08:DE:50:95:40:60:A4:A3:79:D7:73:95:E8:EE:7F:C3:C0:84:08:7D:0B:3D:D1:5F:D9:F0:12:C1:77:86:A5:B1:5C:F0:56:AC:D4:80:3C:51:3D:C3:C9:5D:E7:6D:19:C8:05:95:AF:6F:24:DA:AC:07:6C:1F:36:CE:33:80:B3:78:15:D6:F4:29:5C:BF:E7:B3:46:41:8C:1E:48:6D:A5:EF:8A:C9:E4:8E:00:5B:D2:A1:96:CD:11:26:6A:C8:F7:92:D2:19:74:C7:E8:2A:AF:28:D4:1D:E0:55:42:9F:4C:B6" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:21:05", "not_valid_before": "2022-05-09 17:21:05" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:21:19 +0000 (0:00:00.673) 0:00:23.186 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "FB:44:FD:9E:AD:54:3A:63:EB:28:E8:2A:D4:C1:1E:DD:5A:F7:70:1E" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "96:29:84:CE:16:BA:BD:3C:C0:E8:FC:B8:A2:61:EE:DF:3B:23:8A:11" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "9B:CB:30:97:2B:AC:54:14:EE:ED:51:34:B1:F3:13:6F:D1:2B:86:4C:1A:A1:53:BE:5E:C7:33:DF:42:E8:DB:10:CD:0E:77:9F:33:5B:76:69:1C:16:D8:F7:3F:50:49:4F:2E:A7:82:4D:20:40:B9:27:AA:82:FF:FF:54:DC:53:15:5F:F8:39:B0:BE:D4:08:E9:1F:29:B5:C9:1D:29:26:83:AA:BE:6C:8E:D9:EF:2C:C4:F0:7E:8B:F1:9A:D8:5B:42:06:8D:29:DD:E0:35:C8:BF:67:24:3A:6F:31:EC:80:6B:F6:8F:5A:37:9D:CA:3D:BA:E5:DA:E6:82:7F:AE:7A:5F:02:09:54:1D:E6:4C:95:CE:70:C2:F1:98:9C:0A:A7:94:08:DE:50:95:40:60:A4:A3:79:D7:73:95:E8:EE:7F:C3:C0:84:08:7D:0B:3D:D1:5F:D9:F0:12:C1:77:86:A5:B1:5C:F0:56:AC:D4:80:3C:51:3D:C3:C9:5D:E7:6D:19:C8:05:95:AF:6F:24:DA:AC:07:6C:1F:36:CE:33:80:B3:78:15:D6:F4:29:5C:BF:E7:B3:46:41:8C:1E:48:6D:A5:EF:8A:C9:E4:8E:00:5B:D2:A1:96:CD:11:26:6A:C8:F7:92:D2:19:74:C7:E8:2A:AF:28:D4:1D:E0:55:42:9F:4C:B6" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:21:05", "not_valid_before": "2022-05-09 17:21:05" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:21:19 +0000 (0:00:00.033) 0:00:23.219 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:21:19 +0000 (0:00:00.034) 0:00:23.253 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:21:19 +0000 (0:00:00.022) 0:00:23.275 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:21:19 +0000 (0:00:00.032) 0:00:23.308 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:21:19 +0000 (0:00:00.033) 0:00:23.341 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:21:19 +0000 (0:00:00.033) 0:00:23.375 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042081", "end": "2022-05-09 13:21:19.565381", "rc": 0, "start": "2022-05-09 13:21:19.523300" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:21:19 +0000 (0:00:00.401) 0:00:23.776 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:21:19 +0000 (0:00:00.035) 0:00:23.811 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:21:19 +0000 (0:00:00.016) 0:00:23.827 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:21:20 +0000 (0:00:00.947) 0:00:24.774 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:21:21 +0000 (0:00:01.038) 0:00:25.813 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:21:22 +0000 (0:00:00.903) 0:00:26.716 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116866.5801141, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f90c547ba7cf011fe2aa401e319756e1dc0fd3f6", "ctime": 1652116866.7041142, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 8402598, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652116866.578114, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "742682886", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:21:23 +0000 (0:00:00.367) 0:00:27.083 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:21:23 +0000 (0:00:00.022) 0:00:27.106 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:21:23 +0000 (0:00:00.035) 0:00:27.142 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:21:23 +0000 (0:00:00.031) 0:00:27.174 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116866.522114, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "15a2d2e823ae95e47058000eeb855bb3a74d7402", "ctime": 1652116866.7041142, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 17318, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1652116866.578114, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "3739888650", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:21:23 +0000 (0:00:00.358) 0:00:27.532 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:21:23 +0000 (0:00:00.020) 0:00:27.553 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:21:23 +0000 (0:00:00.045) 0:00:27.598 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.201304", "end": "2022-05-09 13:21:23.942810", "rc": 0, "start": "2022-05-09 13:21:23.741506" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "D0:A2:40:9C:43:2E:1E:71:8D:F7:D1:63:A6:89:39:AD:B2:B0:B9:A2", "critical": false }, "authorityKeyIdentifier": { "value": "FB:44:FD:9E:AD:54:3A:63:EB:28:E8:2A:D4:C1:1E:DD:5A:F7:70:1E", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "8F:3F:E5:D5:26:13:E8:68:BD:F5:7E:65:23:8F:95:DB:E8:2F:3F:E9:DF:1B:A0:19:4E:1D:C1:F0:7F:AA:D7:12:AA:C0:85:03:CC:61:4C:E4:C8:72:28:F8:CB:23:46:3D:AD:BE:FF:76:C0:B1:95:FF:32:AE:64:F2:A7:5F:EA:E1:4E:66:B7:71:72:86:CB:C0:E6:49:B5:C4:0C:94:ED:9A:AF:94:91:DB:82:1F:7A:D0:76:27:3A:C3:88:32:96:35:C1:BF:9C:F2:47:E7:C5:CF:44:99:43:8D:5E:7D:6C:09:F6:DE:37:6F:08:E2:B3:E1:17:50:EA:04:22:7D:C7:70:F1:1E:59:3C:98:9E:8C:F9:E5:69:22:B1:32:6D:34:10:C1:43:71:E1:95:34:63:4A:41:4B:E9:5F:A4:41:F2:DB:D6:4C:A1:15:EC:55:D6:42:DF:CC:75:70:AB:46:32:61:23:5E:F7:F3:7F:8C:20:A2:D7:9A:98:17:15:9C:B8:E7:06:61:C8:2A:05:89:2B:09:1C:CD:7A:6F:35:B2:B7:78:2C:5A:CB:4E:04:6B:DB:5D:7E:D7:57:58:B1:CA:06:FF:2E:B0:7B:88:4E:7B:D2:DB:EA:18:4E:50:D5:28:76:5A:00:EA:30:F1:F2:4E:BF:55:2C:D9:68:28:ED:E1:C9:87" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:21:05", "not_valid_before": "2022-05-09 17:21:06" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:21:24 +0000 (0:00:00.552) 0:00:28.150 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "FB:44:FD:9E:AD:54:3A:63:EB:28:E8:2A:D4:C1:1E:DD:5A:F7:70:1E" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "D0:A2:40:9C:43:2E:1E:71:8D:F7:D1:63:A6:89:39:AD:B2:B0:B9:A2" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "8F:3F:E5:D5:26:13:E8:68:BD:F5:7E:65:23:8F:95:DB:E8:2F:3F:E9:DF:1B:A0:19:4E:1D:C1:F0:7F:AA:D7:12:AA:C0:85:03:CC:61:4C:E4:C8:72:28:F8:CB:23:46:3D:AD:BE:FF:76:C0:B1:95:FF:32:AE:64:F2:A7:5F:EA:E1:4E:66:B7:71:72:86:CB:C0:E6:49:B5:C4:0C:94:ED:9A:AF:94:91:DB:82:1F:7A:D0:76:27:3A:C3:88:32:96:35:C1:BF:9C:F2:47:E7:C5:CF:44:99:43:8D:5E:7D:6C:09:F6:DE:37:6F:08:E2:B3:E1:17:50:EA:04:22:7D:C7:70:F1:1E:59:3C:98:9E:8C:F9:E5:69:22:B1:32:6D:34:10:C1:43:71:E1:95:34:63:4A:41:4B:E9:5F:A4:41:F2:DB:D6:4C:A1:15:EC:55:D6:42:DF:CC:75:70:AB:46:32:61:23:5E:F7:F3:7F:8C:20:A2:D7:9A:98:17:15:9C:B8:E7:06:61:C8:2A:05:89:2B:09:1C:CD:7A:6F:35:B2:B7:78:2C:5A:CB:4E:04:6B:DB:5D:7E:D7:57:58:B1:CA:06:FF:2E:B0:7B:88:4E:7B:D2:DB:EA:18:4E:50:D5:28:76:5A:00:EA:30:F1:F2:4E:BF:55:2C:D9:68:28:ED:E1:C9:87" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:21:05", "not_valid_before": "2022-05-09 17:21:06" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:21:24 +0000 (0:00:00.031) 0:00:28.182 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:21:24 +0000 (0:00:00.034) 0:00:28.217 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:21:24 +0000 (0:00:00.021) 0:00:28.239 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:21:24 +0000 (0:00:00.032) 0:00:28.271 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:21:24 +0000 (0:00:00.033) 0:00:28.304 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:21:24 +0000 (0:00:00.032) 0:00:28.336 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038570", "end": "2022-05-09 13:21:24.512986", "rc": 0, "start": "2022-05-09 13:21:24.474416" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:21:24 +0000 (0:00:00.381) 0:00:28.718 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=55 changed=9 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:21:24 +0000 (0:00:00.038) 0:00:28.756 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.42s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.42s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.14s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.79s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.31s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.20s /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:2 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.06s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Install the package, force upgrade -------------------------------------- 1.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Ensure python3 is installed --------------------------------------------- 0.95s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Install certreader ------------------------------------------------------ 0.90s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 0.87s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.81s /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:31 ---------------------- Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:13 ---------------------- Parse certificate ------------------------------------------------------- 0.67s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Ensure user exists ------------------------------------------------------ 0.63s /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:5 ----------------------- Parse certificate ------------------------------------------------------- 0.55s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.54s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Ensure group "somegroup" exists ----------------------------------------- 0.50s /tmp/tmp2bcmclq9/tests/certificate/tests_fs_attrs.yml:9 ----------------------- Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_include_vars_from_parent.yml:1 Monday 09 May 2022 17:21:40 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_include_vars_from_parent.yml:3 Monday 09 May 2022 17:21:41 +0000 (0:00:01.119) 0:00:01.128 ************ changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat-9.1) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp2bcmclq9/tests/certificate/roles/caller/vars/RedHat-9.1.yml", "gid": 0, "group": "root", "item": "RedHat-9.1", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652116901.6691995-199540-152657189022938/source", "state": "file", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat-9) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp2bcmclq9/tests/certificate/roles/caller/vars/RedHat-9.yml", "gid": 0, "group": "root", "item": "RedHat-9", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652116902.225416-199540-57518734855102/source", "state": "file", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat_9.1) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp2bcmclq9/tests/certificate/roles/caller/vars/RedHat_9.1.yml", "gid": 0, "group": "root", "item": "RedHat_9.1", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652116902.563127-199540-114075607592084/source", "state": "file", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat_9) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp2bcmclq9/tests/certificate/roles/caller/vars/RedHat_9.yml", "gid": 0, "group": "root", "item": "RedHat_9", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652116902.8960834-199540-10246406874395/source", "state": "file", "uid": 0 } changed: [/cache/rhel-x.qcow2.snap -> localhost] => (item=RedHat) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmp2bcmclq9/tests/certificate/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1652116903.2408688-199540-114371617029799/source", "state": "file", "uid": 0 } TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/roles/caller/tasks/main.yml:4 Monday 09 May 2022 17:21:43 +0000 (0:00:01.968) 0:00:03.097 ************ TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:21:43 +0000 (0:00:00.035) 0:00:03.132 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:21:43 +0000 (0:00:00.021) 0:00:03.153 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:21:44 +0000 (0:00:00.479) 0:00:03.633 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:21:44 +0000 (0:00:00.035) 0:00:03.668 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:21:45 +0000 (0:00:01.283) 0:00:04.952 ************ TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:21:45 +0000 (0:00:00.017) 0:00:04.969 ************ TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:21:45 +0000 (0:00:00.017) 0:00:04.987 ************ TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:21:45 +0000 (0:00:00.016) 0:00:05.003 ************ TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:21:45 +0000 (0:00:00.015) 0:00:05.019 ************ META: role_complete for /cache/rhel-x.qcow2.snap TASK [caller : assert] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/roles/caller/tasks/main.yml:7 Monday 09 May 2022 17:21:45 +0000 (0:00:00.017) 0:00:05.037 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=6 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 09 May 2022 17:21:45 +0000 (0:00:00.026) 0:00:05.063 ************ =============================================================================== create var file in caller that can override the one in called role ------ 1.97s /tmp/tmp2bcmclq9/tests/certificate/tests_include_vars_from_parent.yml:3 ------- fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.28s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmp2bcmclq9/tests/certificate/tests_include_vars_from_parent.yml:1 ------- fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.48s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.04s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 include_role : {{ roletoinclude }} -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/roles/caller/tasks/main.yml:4 -------------- caller : assert --------------------------------------------------------- 0.03s /tmp/tmp2bcmclq9/tests/certificate/roles/caller/tasks/main.yml:7 -------------- fedora.linux_system_roles.certificate : Set version specific variables --- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_key_size.yml:2 Monday 09 May 2022 17:21:59 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:22:00 +0000 (0:00:01.176) 0:00:01.187 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:22:00 +0000 (0:00:00.023) 0:00:01.211 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:22:01 +0000 (0:00:00.533) 0:00:01.744 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:22:01 +0000 (0:00:00.037) 0:00:01.782 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:22:02 +0000 (0:00:01.382) 0:00:03.164 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:22:04 +0000 (0:00:02.063) 0:00:05.227 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:22:05 +0000 (0:00:00.516) 0:00:05.744 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:22:05 +0000 (0:00:00.398) 0:00:06.143 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target sysinit.target dbus.socket system.slice systemd-journald.socket dbus-broker.service basic.target syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:22:06 +0000 (0:00:00.999) 0:00:07.142 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_key_size', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert_key_size" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_key_size.yml:14 Monday 09 May 2022 17:22:08 +0000 (0:00:02.043) 0:00:09.185 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_key_size.yml:29 Monday 09 May 2022 17:22:09 +0000 (0:00:00.871) 0:00:10.057 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_size.crt', 'key_path': '/etc/pki/tls/private/mycert_key_size.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_size': 4096}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:22:09 +0000 (0:00:00.041) 0:00:10.099 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:22:09 +0000 (0:00:00.017) 0:00:10.117 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:22:10 +0000 (0:00:00.849) 0:00:10.966 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:22:15 +0000 (0:00:05.096) 0:00:16.062 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.4 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.5 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 28.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 25.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:22:18 +0000 (0:00:03.090) 0:00:19.153 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116927.9879837, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "da13356d39f79b28e6c1c45e1fb0b8532a4c87d3", "ctime": 1652116927.9859836, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8887181, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116927.9859836, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_size.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1639, "uid": 0, "version": "3298830842", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:22:19 +0000 (0:00:00.479) 0:00:19.632 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:22:19 +0000 (0:00:00.023) 0:00:19.655 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:22:19 +0000 (0:00:00.038) 0:00:19.694 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:22:19 +0000 (0:00:00.035) 0:00:19.730 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116927.9159837, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a94f870ed467dd09bfe81558360be1d54dcfd1d4", "ctime": 1652116927.9859836, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17316, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116927.9859836, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_size.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "1143595612", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:22:19 +0000 (0:00:00.364) 0:00:20.094 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:22:19 +0000 (0:00:00.023) 0:00:20.118 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:22:19 +0000 (0:00:00.045) 0:00:20.163 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_size.crt" ], "delta": "0:00:00.197723", "end": "2022-05-09 13:22:19.754359", "rc": 0, "start": "2022-05-09 13:22:19.556636" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "4A:C4:A3:24:A6:FB:79:B9:CF:E1:42:24:05:3C:B0:A4:99:EC:B6:C7", "critical": false }, "authorityKeyIdentifier": { "value": "E3:3B:0D:CA:90:69:37:60:B5:CE:B5:03:9D:F4:F7:F0:6F:FF:2E:74", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7D:2A:B5:64:66:43:34:F6:93:E4:90:D2:91:A9:0D:29:1B:54:8C:5D:AB:74:1C:97:22:E9:DE:8B:A3:EA:B4:06:7A:0C:1C:7E:9A:97:0F:50:6F:57:48:F4:41:73:67:B8:84:01:46:5F:49:4C:FE:C2:BD:13:45:40:B5:87:3D:3E:24:51:12:22:FF:B6:A6:77:77:B4:2B:6A:E8:78:CB:E7:EC:8E:D6:A6:AF:4A:E9:2F:09:21:EC:A0:46:64:E8:1D:3F:90:71:80:FF:E3:DB:A2:58:C4:7A:B6:0E:45:6B:F3:42:B1:C5:13:A5:6F:FA:59:33:52:CF:03:D8:68:26:3F:A2:FC:9E:D0:9A:BC:3F:20:11:20:CF:05:54:D0:C0:92:A3:01:1E:A7:A3:C5:8F:4B:E6:99:C4:C8:DB:A3:F8:7F:7C:82:47:8D:E0:10:FC:18:6E:2D:4A:AA:56:9D:AB:AD:89:C9:86:F9:CA:D0:A3:87:04:4A:09:0A:5A:1A:5C:6A:45:CC:74:D8:E8:2E:87:7D:A6:E3:4F:E7:BB:8E:EB:EB:8B:B8:6C:BE:89:D1:0C:10:4E:81:50:21:C2:1D:39:C6:17:3C:F2:FF:70:7E:42:09:B9:AB:D8:57:BD:C5:2E:CE:4F:E9:87:BC:56:36:26:6F:AB:CB:57:96:67:BF:9E:94" }, "key_size": 4096, "validity": { "not_valid_after": "2023-05-09 17:22:06", "not_valid_before": "2022-05-09 17:22:07" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:22:20 +0000 (0:00:00.690) 0:00:20.854 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E3:3B:0D:CA:90:69:37:60:B5:CE:B5:03:9D:F4:F7:F0:6F:FF:2E:74" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "4A:C4:A3:24:A6:FB:79:B9:CF:E1:42:24:05:3C:B0:A4:99:EC:B6:C7" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7D:2A:B5:64:66:43:34:F6:93:E4:90:D2:91:A9:0D:29:1B:54:8C:5D:AB:74:1C:97:22:E9:DE:8B:A3:EA:B4:06:7A:0C:1C:7E:9A:97:0F:50:6F:57:48:F4:41:73:67:B8:84:01:46:5F:49:4C:FE:C2:BD:13:45:40:B5:87:3D:3E:24:51:12:22:FF:B6:A6:77:77:B4:2B:6A:E8:78:CB:E7:EC:8E:D6:A6:AF:4A:E9:2F:09:21:EC:A0:46:64:E8:1D:3F:90:71:80:FF:E3:DB:A2:58:C4:7A:B6:0E:45:6B:F3:42:B1:C5:13:A5:6F:FA:59:33:52:CF:03:D8:68:26:3F:A2:FC:9E:D0:9A:BC:3F:20:11:20:CF:05:54:D0:C0:92:A3:01:1E:A7:A3:C5:8F:4B:E6:99:C4:C8:DB:A3:F8:7F:7C:82:47:8D:E0:10:FC:18:6E:2D:4A:AA:56:9D:AB:AD:89:C9:86:F9:CA:D0:A3:87:04:4A:09:0A:5A:1A:5C:6A:45:CC:74:D8:E8:2E:87:7D:A6:E3:4F:E7:BB:8E:EB:EB:8B:B8:6C:BE:89:D1:0C:10:4E:81:50:21:C2:1D:39:C6:17:3C:F2:FF:70:7E:42:09:B9:AB:D8:57:BD:C5:2E:CE:4F:E9:87:BC:56:36:26:6F:AB:CB:57:96:67:BF:9E:94" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:22:06", "not_valid_before": "2022-05-09 17:22:07" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:22:20 +0000 (0:00:00.036) 0:00:20.890 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:22:20 +0000 (0:00:00.036) 0:00:20.927 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:22:20 +0000 (0:00:00.024) 0:00:20.951 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:22:20 +0000 (0:00:00.035) 0:00:20.987 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:22:20 +0000 (0:00:00.035) 0:00:21.022 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:22:20 +0000 (0:00:00.034) 0:00:21.056 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_size.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040346", "end": "2022-05-09 13:22:20.352860", "rc": 0, "start": "2022-05-09 13:22:20.312514" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:22:21 +0000 (0:00:00.391) 0:00:21.448 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:22:21 +0000 (0:00:00.040) 0:00:21.489 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.10s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.09s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.06s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 2.04s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.38s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.18s /tmp/tmp2bcmclq9/tests/certificate/tests_key_size.yml:2 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.00s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Gathering Facts --------------------------------------------------------- 0.87s /tmp/tmp2bcmclq9/tests/certificate/tests_key_size.yml:14 ---------------------- Ensure python3 is installed --------------------------------------------- 0.85s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.48s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify key file owner and group ----------------------------------------- 0.05s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify each certificate ------------------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tests_key_size.yml:29 ---------------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_key_usage_and_extended_key_usage.yml:2 Monday 09 May 2022 17:22:35 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:22:36 +0000 (0:00:01.148) 0:00:01.160 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:22:36 +0000 (0:00:00.021) 0:00:01.182 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:22:36 +0000 (0:00:00.547) 0:00:01.729 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:22:36 +0000 (0:00:00.036) 0:00:01.766 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:22:38 +0000 (0:00:01.340) 0:00:03.107 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:22:40 +0000 (0:00:02.195) 0:00:05.302 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:22:41 +0000 (0:00:00.534) 0:00:05.836 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:22:41 +0000 (0:00:00.399) 0:00:06.236 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target systemd-journald.socket basic.target sysinit.target dbus-broker.service dbus.socket syslog.target system.slice", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:22:42 +0000 (0:00:00.996) 0:00:07.232 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_key_usage_and_extended_key_usage', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "extended_key_usage": [ "id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5" ], "key_usage": [ "digitalSignature", "nonRepudiation", "keyEncipherment" ], "name": "mycert_key_usage_and_extended_key_usage" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_key_usage_and_extended_key_usage.yml:22 Monday 09 May 2022 17:22:43 +0000 (0:00:01.026) 0:00:08.258 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_key_usage_and_extended_key_usage.yml:50 Monday 09 May 2022 17:22:44 +0000 (0:00:00.827) 0:00:09.086 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt', 'key_path': '/etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment'], 'extended_key_usage': [{'name': 'id-kp-clientAuth', 'oid': '1.3.6.1.5.5.7.3.2'}, {'name': 'id-kp-serverAuth', 'oid': '1.3.6.1.5.5.7.3.1'}, {'name': 'id-kp-ipsecTunnel', 'oid': '1.3.6.1.5.5.7.3.6'}, {'name': None, 'oid': '1.3.6.1.5.2.3.5'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:22:44 +0000 (0:00:00.036) 0:00:09.122 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:22:44 +0000 (0:00:00.015) 0:00:09.138 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:22:45 +0000 (0:00:00.911) 0:00:10.050 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:22:50 +0000 (0:00:05.481) 0:00:15.531 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 11.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 12.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 21.9 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 30.2 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:22:54 +0000 (0:00:03.876) 0:00:19.407 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116962.8619952, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d242516591bf4eab6e408dfb9ff4e001c85435a4", "ctime": 1652116962.8599954, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116962.8599954, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1322, "uid": 0, "version": "1365894943", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:22:55 +0000 (0:00:00.494) 0:00:19.902 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:22:55 +0000 (0:00:00.020) 0:00:19.922 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:22:55 +0000 (0:00:00.047) 0:00:19.970 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:22:55 +0000 (0:00:00.032) 0:00:20.003 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116962.7999952, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9ecd7dc139a3e7785b650891b02ae62e930091e0", "ctime": 1652116962.8599954, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116962.8599954, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1700, "uid": 0, "version": "3421256026", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:22:55 +0000 (0:00:00.364) 0:00:20.367 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:22:55 +0000 (0:00:00.022) 0:00:20.390 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:22:55 +0000 (0:00:00.035) 0:00:20.426 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt" ], "delta": "0:00:00.209513", "end": "2022-05-09 13:22:55.840174", "rc": 0, "start": "2022-05-09 13:22:55.630661" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "5F:F9:87:98:7F:A5:6A:3B:F2:61:96:6F:CF:93:FC:06:4E:CF:FD:3B", "critical": false }, "authorityKeyIdentifier": { "value": "87:5B:B7:EE:8B:D6:7D:1F:D8:C7:3C:97:59:FA:2C:E8:71:9E:23:20", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7A:42:74:01:4F:A3:0F:C8:C8:EC:F4:4D:BA:AC:CF:12:9F:2F:A0:38:03:D1:95:FE:7E:27:D9:99:83:74:04:37:56:B0:A7:5F:51:55:A2:7B:A6:B2:DF:16:0E:43:F2:3B:A9:B4:2A:ED:AD:3C:7D:83:B1:74:BD:88:41:4B:36:94:EE:94:06:5E:89:33:F5:82:F7:A1:35:ED:2B:39:FC:9E:E2:8C:8F:9E:4D:C3:95:1F:13:9D:71:8F:D8:3D:DB:F3:3E:E8:6C:C9:24:64:AF:42:DE:5F:EA:74:93:F0:0D:0C:B4:FF:87:DC:7A:44:C9:D2:D3:C3:C7:AF:9E:E8:52:25:85:24:04:BA:17:BC:99:91:E8:A3:E9:8E:F1:E8:5D:A4:D6:F3:83:46:FA:8A:52:55:CC:BD:23:70:7B:0D:C9:CC:FE:5E:42:4F:6F:50:B3:CB:39:80:FB:5F:FD:F2:55:78:B5:F5:0D:F7:BB:14:F3:94:89:B1:F9:E5:71:42:E4:50:24:7A:E9:4E:31:33:30:FB:1E:62:6B:32:47:B9:51:F6:95:73:3B:96:DE:4D:28:9C:21:C4:83:8C:13:A8:23:F1:50:1F:EA:B4:4A:7B:9E:7A:0D:3D:80:4C:2C:25:DF:B7:7B:5F:46:97:35:BC:7F:B5:38:D7:87:20:BE:38:ED:EC" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:22:42", "not_valid_before": "2022-05-09 17:22:42" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:22:56 +0000 (0:00:00.688) 0:00:21.114 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "87:5B:B7:EE:8B:D6:7D:1F:D8:C7:3C:97:59:FA:2C:E8:71:9E:23:20" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "content_commitment", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "5F:F9:87:98:7F:A5:6A:3B:F2:61:96:6F:CF:93:FC:06:4E:CF:FD:3B" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7A:42:74:01:4F:A3:0F:C8:C8:EC:F4:4D:BA:AC:CF:12:9F:2F:A0:38:03:D1:95:FE:7E:27:D9:99:83:74:04:37:56:B0:A7:5F:51:55:A2:7B:A6:B2:DF:16:0E:43:F2:3B:A9:B4:2A:ED:AD:3C:7D:83:B1:74:BD:88:41:4B:36:94:EE:94:06:5E:89:33:F5:82:F7:A1:35:ED:2B:39:FC:9E:E2:8C:8F:9E:4D:C3:95:1F:13:9D:71:8F:D8:3D:DB:F3:3E:E8:6C:C9:24:64:AF:42:DE:5F:EA:74:93:F0:0D:0C:B4:FF:87:DC:7A:44:C9:D2:D3:C3:C7:AF:9E:E8:52:25:85:24:04:BA:17:BC:99:91:E8:A3:E9:8E:F1:E8:5D:A4:D6:F3:83:46:FA:8A:52:55:CC:BD:23:70:7B:0D:C9:CC:FE:5E:42:4F:6F:50:B3:CB:39:80:FB:5F:FD:F2:55:78:B5:F5:0D:F7:BB:14:F3:94:89:B1:F9:E5:71:42:E4:50:24:7A:E9:4E:31:33:30:FB:1E:62:6B:32:47:B9:51:F6:95:73:3B:96:DE:4D:28:9C:21:C4:83:8C:13:A8:23:F1:50:1F:EA:B4:4A:7B:9E:7A:0D:3D:80:4C:2C:25:DF:B7:7B:5F:46:97:35:BC:7F:B5:38:D7:87:20:BE:38:ED:EC" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:22:42", "not_valid_before": "2022-05-09 17:22:42" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:22:56 +0000 (0:00:00.034) 0:00:21.149 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:22:56 +0000 (0:00:00.040) 0:00:21.189 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:22:56 +0000 (0:00:00.023) 0:00:21.212 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:22:56 +0000 (0:00:00.034) 0:00:21.246 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:22:56 +0000 (0:00:00.033) 0:00:21.280 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:22:56 +0000 (0:00:00.033) 0:00:21.313 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044493", "end": "2022-05-09 13:22:56.448118", "rc": 0, "start": "2022-05-09 13:22:56.403625" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:22:56 +0000 (0:00:00.404) 0:00:21.718 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:22:56 +0000 (0:00:00.042) 0:00:21.760 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.48s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.88s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.20s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.34s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmp2bcmclq9/tests/certificate/tests_key_usage_and_extended_key_usage.yml:2 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.00s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Ensure python3 is installed --------------------------------------------- 0.91s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.83s /tmp/tmp2bcmclq9/tests/certificate/tests_key_usage_and_extended_key_usage.yml:22 Parse certificate ------------------------------------------------------- 0.69s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.55s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate file owner and group --------------------------------- 0.05s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 - Verify each certificate ------------------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tests_key_usage_and_extended_key_usage.yml:50 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_many_self_signed.yml:2 Monday 09 May 2022 17:23:11 +0000 (0:00:00.010) 0:00:00.011 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:23:12 +0000 (0:00:01.246) 0:00:01.257 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:23:12 +0000 (0:00:00.049) 0:00:01.307 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:23:12 +0000 (0:00:00.504) 0:00:01.811 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:23:12 +0000 (0:00:00.038) 0:00:01.850 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:23:14 +0000 (0:00:01.353) 0:00:03.203 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:23:16 +0000 (0:00:02.102) 0:00:05.306 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:23:16 +0000 (0:00:00.559) 0:00:05.866 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:23:17 +0000 (0:00:00.383) 0:00:06.250 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target basic.target dbus.socket dbus-broker.service sysinit.target systemd-journald.socket network.target system.slice", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:23:18 +0000 (0:00:01.014) 0:00:07.265 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_many_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_many_self_signed" } } MSG: Certificate requested (new). changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_many_self_signed.yml:18 Monday 09 May 2022 17:23:21 +0000 (0:00:03.302) 0:00:10.567 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_many_self_signed.yml:50 Monday 09 May 2022 17:23:22 +0000 (0:00:00.857) 0:00:11.425 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_many_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_many_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:23:22 +0000 (0:00:00.053) 0:00:11.478 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:23:22 +0000 (0:00:00.017) 0:00:11.496 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:23:23 +0000 (0:00:01.127) 0:00:12.623 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:23:29 +0000 (0:00:05.314) 0:00:17.938 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 16.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 26.4 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 45.7 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:23:36 +0000 (0:00:07.724) 0:00:25.662 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116999.1976075, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f7d5596ca8ff108613c0e23144ff8973967bd497", "ctime": 1652116999.1956074, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116999.1956074, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_many_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1264121476", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:23:37 +0000 (0:00:00.503) 0:00:26.166 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:23:37 +0000 (0:00:00.022) 0:00:26.188 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:23:37 +0000 (0:00:00.036) 0:00:26.225 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:23:37 +0000 (0:00:00.033) 0:00:26.258 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652116999.1356075, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4d63d246efbc191839cfc785ceda46c85e03d138", "ctime": 1652116999.1956074, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652116999.1956074, "nlink": 1, "path": "/etc/pki/tls/private/mycert_many_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2535531234", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:23:37 +0000 (0:00:00.367) 0:00:26.626 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:23:37 +0000 (0:00:00.020) 0:00:26.646 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:23:37 +0000 (0:00:00.033) 0:00:26.680 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_many_self_signed.crt" ], "delta": "0:00:00.206996", "end": "2022-05-09 13:23:38.184418", "rc": 0, "start": "2022-05-09 13:23:37.977422" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "ED:C6:01:D8:3A:F7:5B:78:C6:7E:86:2B:DA:9A:89:37:93:D0:86:33", "critical": false }, "authorityKeyIdentifier": { "value": "3C:92:78:A8:17:38:BD:FD:9B:CE:52:CF:2C:C9:FD:52:E4:FA:C6:10", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "80:E3:8A:A6:2C:41:6D:8F:4D:79:03:D4:DB:1A:79:E5:D1:A8:C2:2F:E2:DF:DD:A3:E2:AB:63:C8:51:72:28:E0:3F:45:C0:B6:FF:68:74:E1:A4:DB:2F:67:29:C2:32:61:6A:C2:5E:40:9C:D2:7C:64:33:EC:04:A4:C8:A2:24:86:BE:0A:3B:46:83:CF:66:CD:6A:F0:1A:32:43:A7:7A:71:97:8B:12:5B:5E:0A:BF:8A:46:8A:1D:89:A8:F7:19:AF:15:7F:33:38:1A:15:B9:B6:98:04:DA:3A:10:BC:5F:EC:48:DF:61:98:FF:9C:EE:6A:C7:26:7A:1A:8B:D0:04:11:13:85:B0:4D:AE:12:C2:FD:09:69:71:7D:EB:54:D4:BA:41:DC:F2:C3:F4:E1:97:D7:8A:A4:D9:4C:CD:F0:D5:8D:75:D4:AD:B1:8E:79:57:38:74:D3:DE:D8:3F:78:F3:64:76:58:CE:9C:4F:3C:44:DA:84:DE:B4:F0:49:1D:DB:CA:28:8A:82:52:2D:D8:C0:09:1C:47:A9:05:BF:82:49:3E:A4:1B:7A:32:BD:B3:82:66:EF:F7:BF:92:E0:12:5C:C4:6E:A7:F5:27:25:79:73:06:44:B1:1D:AC:16:3F:77:F7:2B:D7:2A:0C:75:9E:DF:07:83:8E:DD:AD:3F:71:BD:62" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:23:18", "not_valid_before": "2022-05-09 17:23:19" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:23:38 +0000 (0:00:00.658) 0:00:27.338 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "3C:92:78:A8:17:38:BD:FD:9B:CE:52:CF:2C:C9:FD:52:E4:FA:C6:10" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "ED:C6:01:D8:3A:F7:5B:78:C6:7E:86:2B:DA:9A:89:37:93:D0:86:33" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "80:E3:8A:A6:2C:41:6D:8F:4D:79:03:D4:DB:1A:79:E5:D1:A8:C2:2F:E2:DF:DD:A3:E2:AB:63:C8:51:72:28:E0:3F:45:C0:B6:FF:68:74:E1:A4:DB:2F:67:29:C2:32:61:6A:C2:5E:40:9C:D2:7C:64:33:EC:04:A4:C8:A2:24:86:BE:0A:3B:46:83:CF:66:CD:6A:F0:1A:32:43:A7:7A:71:97:8B:12:5B:5E:0A:BF:8A:46:8A:1D:89:A8:F7:19:AF:15:7F:33:38:1A:15:B9:B6:98:04:DA:3A:10:BC:5F:EC:48:DF:61:98:FF:9C:EE:6A:C7:26:7A:1A:8B:D0:04:11:13:85:B0:4D:AE:12:C2:FD:09:69:71:7D:EB:54:D4:BA:41:DC:F2:C3:F4:E1:97:D7:8A:A4:D9:4C:CD:F0:D5:8D:75:D4:AD:B1:8E:79:57:38:74:D3:DE:D8:3F:78:F3:64:76:58:CE:9C:4F:3C:44:DA:84:DE:B4:F0:49:1D:DB:CA:28:8A:82:52:2D:D8:C0:09:1C:47:A9:05:BF:82:49:3E:A4:1B:7A:32:BD:B3:82:66:EF:F7:BF:92:E0:12:5C:C4:6E:A7:F5:27:25:79:73:06:44:B1:1D:AC:16:3F:77:F7:2B:D7:2A:0C:75:9E:DF:07:83:8E:DD:AD:3F:71:BD:62" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:23:18", "not_valid_before": "2022-05-09 17:23:19" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:23:38 +0000 (0:00:00.031) 0:00:27.369 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:23:38 +0000 (0:00:00.031) 0:00:27.400 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:23:38 +0000 (0:00:00.018) 0:00:27.419 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:23:38 +0000 (0:00:00.030) 0:00:27.450 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:23:38 +0000 (0:00:00.030) 0:00:27.481 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:23:38 +0000 (0:00:00.031) 0:00:27.512 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_many_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041433", "end": "2022-05-09 13:23:38.749675", "rc": 0, "start": "2022-05-09 13:23:38.708242" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:23:38 +0000 (0:00:00.392) 0:00:27.905 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:23:39 +0000 (0:00:00.032) 0:00:27.938 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:23:39 +0000 (0:00:00.015) 0:00:27.953 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:23:39 +0000 (0:00:00.884) 0:00:28.837 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:23:41 +0000 (0:00:01.086) 0:00:29.923 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:23:41 +0000 (0:00:00.930) 0:00:30.854 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117000.2046075, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6306c344919533692a67c701ffcab159d18fac1e", "ctime": 1652117000.2026074, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8886921, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117000.2026074, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "23205494", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:23:42 +0000 (0:00:00.374) 0:00:31.228 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:23:42 +0000 (0:00:00.020) 0:00:31.248 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:23:42 +0000 (0:00:00.035) 0:00:31.284 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:23:42 +0000 (0:00:00.031) 0:00:31.316 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117000.1416075, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ef6bee0d78c9af7b3518d461521e4bb1cadd79d6", "ctime": 1652117000.2026074, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17314, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117000.2026074, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4046843503", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:23:42 +0000 (0:00:00.370) 0:00:31.687 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:23:42 +0000 (0:00:00.020) 0:00:31.707 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:23:42 +0000 (0:00:00.035) 0:00:31.743 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.205912", "end": "2022-05-09 13:23:43.153637", "rc": 0, "start": "2022-05-09 13:23:42.947725" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E5:E8:65:4F:28:B0:D9:66:43:1F:FD:83:A9:26:7D:B0:3A:21:7B:7F", "critical": false }, "authorityKeyIdentifier": { "value": "3C:92:78:A8:17:38:BD:FD:9B:CE:52:CF:2C:C9:FD:52:E4:FA:C6:10", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "B2:AB:6D:74:76:98:41:B1:ED:C1:FB:29:CD:BC:A5:4B:C8:74:CA:84:97:36:89:9B:C2:8E:63:75:3E:FC:2B:52:00:3C:C4:B5:80:1E:D9:C6:7B:71:4C:9F:1C:2E:88:55:D7:1B:96:CD:9E:8E:88:19:73:E4:F8:F2:A3:E4:9A:8A:E2:56:28:44:50:40:C7:AA:45:BE:B6:77:64:15:A8:F8:AD:9C:5D:9E:D9:2F:AE:88:73:24:7F:63:EC:D7:66:D4:9B:59:17:63:37:79:6C:98:8D:8A:25:B5:65:6D:A2:D8:73:0B:F1:59:C0:FF:73:37:1B:9D:24:63:5A:8D:21:89:65:28:3B:AA:D5:26:F5:6C:F6:CA:BF:D9:FA:E2:7C:79:53:48:A5:0E:C8:D2:6A:80:46:85:07:A1:0C:31:4C:68:E7:7A:EE:A5:D8:A1:11:BE:0E:DF:3B:43:7C:ED:EE:11:96:6E:5D:DC:68:83:21:80:15:17:4C:11:0E:68:7C:D7:83:D9:DD:ED:A6:A0:1E:47:B8:CC:1F:CF:28:33:D5:42:74:44:8A:4B:2C:37:43:F7:C8:EA:D4:D9:57:45:29:6C:6F:68:A4:2E:FA:0C:FE:8F:8D:92:D3:AE:EE:2C:BD:4F:C5:7E:0C:88:FB:0A:82:4B:DC:E4:15:06:AD:1D:92:11" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:23:18", "not_valid_before": "2022-05-09 17:23:20" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:23:43 +0000 (0:00:00.566) 0:00:32.309 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "3C:92:78:A8:17:38:BD:FD:9B:CE:52:CF:2C:C9:FD:52:E4:FA:C6:10" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E5:E8:65:4F:28:B0:D9:66:43:1F:FD:83:A9:26:7D:B0:3A:21:7B:7F" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "B2:AB:6D:74:76:98:41:B1:ED:C1:FB:29:CD:BC:A5:4B:C8:74:CA:84:97:36:89:9B:C2:8E:63:75:3E:FC:2B:52:00:3C:C4:B5:80:1E:D9:C6:7B:71:4C:9F:1C:2E:88:55:D7:1B:96:CD:9E:8E:88:19:73:E4:F8:F2:A3:E4:9A:8A:E2:56:28:44:50:40:C7:AA:45:BE:B6:77:64:15:A8:F8:AD:9C:5D:9E:D9:2F:AE:88:73:24:7F:63:EC:D7:66:D4:9B:59:17:63:37:79:6C:98:8D:8A:25:B5:65:6D:A2:D8:73:0B:F1:59:C0:FF:73:37:1B:9D:24:63:5A:8D:21:89:65:28:3B:AA:D5:26:F5:6C:F6:CA:BF:D9:FA:E2:7C:79:53:48:A5:0E:C8:D2:6A:80:46:85:07:A1:0C:31:4C:68:E7:7A:EE:A5:D8:A1:11:BE:0E:DF:3B:43:7C:ED:EE:11:96:6E:5D:DC:68:83:21:80:15:17:4C:11:0E:68:7C:D7:83:D9:DD:ED:A6:A0:1E:47:B8:CC:1F:CF:28:33:D5:42:74:44:8A:4B:2C:37:43:F7:C8:EA:D4:D9:57:45:29:6C:6F:68:A4:2E:FA:0C:FE:8F:8D:92:D3:AE:EE:2C:BD:4F:C5:7E:0C:88:FB:0A:82:4B:DC:E4:15:06:AD:1D:92:11" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-05-09 17:23:18", "not_valid_before": "2022-05-09 17:23:20" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:23:43 +0000 (0:00:00.031) 0:00:32.341 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:23:43 +0000 (0:00:00.035) 0:00:32.377 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:23:43 +0000 (0:00:00.021) 0:00:32.399 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:23:43 +0000 (0:00:00.031) 0:00:32.430 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:23:43 +0000 (0:00:00.031) 0:00:32.462 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:23:43 +0000 (0:00:00.032) 0:00:32.494 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040046", "end": "2022-05-09 13:23:43.742812", "rc": 0, "start": "2022-05-09 13:23:43.702766" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:23:43 +0000 (0:00:00.404) 0:00:32.899 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:23:44 +0000 (0:00:00.034) 0:00:32.934 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:23:44 +0000 (0:00:00.017) 0:00:32.951 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:23:44 +0000 (0:00:00.896) 0:00:33.847 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:23:46 +0000 (0:00:01.117) 0:00:34.965 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:23:47 +0000 (0:00:00.989) 0:00:35.954 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117001.2306075, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "98950f6f5368d212311894a81968606d074361a8", "ctime": 1652117001.2276075, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8886944, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117001.2276075, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2635695934", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:23:47 +0000 (0:00:00.374) 0:00:36.329 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:23:47 +0000 (0:00:00.020) 0:00:36.350 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:23:47 +0000 (0:00:00.033) 0:00:36.383 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:23:47 +0000 (0:00:00.030) 0:00:36.414 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117001.1656075, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "62479efbed87a58f456e052f1b517b52fe4160ed", "ctime": 1652117001.2276075, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17338, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117001.2276075, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2949949823", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:23:47 +0000 (0:00:00.368) 0:00:36.782 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:23:47 +0000 (0:00:00.022) 0:00:36.805 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:23:47 +0000 (0:00:00.040) 0:00:36.845 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.208537", "end": "2022-05-09 13:23:48.261897", "rc": 0, "start": "2022-05-09 13:23:48.053360" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "0D:D8:AD:22:67:C1:04:8A:20:76:20:58:B9:89:D8:3D:65:B2:2A:BE", "critical": false }, "authorityKeyIdentifier": { "value": "3C:92:78:A8:17:38:BD:FD:9B:CE:52:CF:2C:C9:FD:52:E4:FA:C6:10", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "77:6B:70:37:F3:44:AD:4F:89:77:15:AC:83:23:00:D4:23:A8:F4:8F:AD:29:EB:D5:9F:A4:F3:DA:6D:30:DC:A9:C8:73:D0:DA:36:DB:4C:84:83:E3:3B:BC:6C:7B:E6:03:95:E1:29:29:CF:CE:C7:E6:F3:81:CB:1C:B8:25:C8:4D:80:67:2E:E9:D3:F7:04:AF:8F:C1:6E:61:90:17:6B:0C:34:0E:13:B2:D2:6B:5E:71:9C:3B:7B:9E:01:2E:62:B3:CD:FF:05:15:0B:8D:A8:07:62:0E:76:C4:BD:25:B2:39:4D:88:3C:6A:5D:9D:D0:80:D5:D4:93:CF:3E:4C:32:22:5D:6C:AC:E7:D0:96:03:54:80:72:95:FB:39:3D:C4:D8:02:B5:22:E7:DC:19:3B:58:B3:77:AC:0D:BE:8B:39:02:18:CE:10:84:71:F9:2C:54:CC:EA:A2:F6:76:28:15:1F:CE:22:45:51:F7:13:67:A6:A4:E7:66:95:EB:78:87:4E:E4:AB:B2:47:D8:22:A4:D8:F3:4E:F5:9F:85:0A:9B:92:F6:D0:53:23:F0:D9:90:32:B5:39:0B:CC:5E:0B:9D:3B:9C:C4:49:75:B9:24:9C:03:AA:82:AF:22:AC:07:7C:CD:69:B8:E5:0D:06:33:6C:76:DF:66:9B:61:82:A2:16:35" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:23:18", "not_valid_before": "2022-05-09 17:23:21" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:23:48 +0000 (0:00:00.570) 0:00:37.416 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "3C:92:78:A8:17:38:BD:FD:9B:CE:52:CF:2C:C9:FD:52:E4:FA:C6:10" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "0D:D8:AD:22:67:C1:04:8A:20:76:20:58:B9:89:D8:3D:65:B2:2A:BE" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "77:6B:70:37:F3:44:AD:4F:89:77:15:AC:83:23:00:D4:23:A8:F4:8F:AD:29:EB:D5:9F:A4:F3:DA:6D:30:DC:A9:C8:73:D0:DA:36:DB:4C:84:83:E3:3B:BC:6C:7B:E6:03:95:E1:29:29:CF:CE:C7:E6:F3:81:CB:1C:B8:25:C8:4D:80:67:2E:E9:D3:F7:04:AF:8F:C1:6E:61:90:17:6B:0C:34:0E:13:B2:D2:6B:5E:71:9C:3B:7B:9E:01:2E:62:B3:CD:FF:05:15:0B:8D:A8:07:62:0E:76:C4:BD:25:B2:39:4D:88:3C:6A:5D:9D:D0:80:D5:D4:93:CF:3E:4C:32:22:5D:6C:AC:E7:D0:96:03:54:80:72:95:FB:39:3D:C4:D8:02:B5:22:E7:DC:19:3B:58:B3:77:AC:0D:BE:8B:39:02:18:CE:10:84:71:F9:2C:54:CC:EA:A2:F6:76:28:15:1F:CE:22:45:51:F7:13:67:A6:A4:E7:66:95:EB:78:87:4E:E4:AB:B2:47:D8:22:A4:D8:F3:4E:F5:9F:85:0A:9B:92:F6:D0:53:23:F0:D9:90:32:B5:39:0B:CC:5E:0B:9D:3B:9C:C4:49:75:B9:24:9C:03:AA:82:AF:22:AC:07:7C:CD:69:B8:E5:0D:06:33:6C:76:DF:66:9B:61:82:A2:16:35" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-05-09 17:23:18", "not_valid_before": "2022-05-09 17:23:21" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:23:48 +0000 (0:00:00.032) 0:00:37.448 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:23:48 +0000 (0:00:00.035) 0:00:37.483 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:23:48 +0000 (0:00:00.022) 0:00:37.506 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:23:48 +0000 (0:00:00.035) 0:00:37.542 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:23:48 +0000 (0:00:00.034) 0:00:37.576 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:23:48 +0000 (0:00:00.033) 0:00:37.610 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039941", "end": "2022-05-09 13:23:48.851049", "rc": 0, "start": "2022-05-09 13:23:48.811108" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:23:49 +0000 (0:00:00.394) 0:00:38.004 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=73 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:23:49 +0000 (0:00:00.040) 0:00:38.045 ************ =============================================================================== Install certreader ------------------------------------------------------ 7.72s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install the package, force upgrade -------------------------------------- 5.31s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure certificate requests ----- 3.30s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.10s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.35s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.25s /tmp/tmp2bcmclq9/tests/certificate/tests_many_self_signed.yml:2 --------------- Ensure python3 is installed --------------------------------------------- 1.13s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Install the package, force upgrade -------------------------------------- 1.12s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install the package, force upgrade -------------------------------------- 1.09s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.01s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Install certreader ------------------------------------------------------ 0.99s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install certreader ------------------------------------------------------ 0.93s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 0.90s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 0.88s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.86s /tmp/tmp2bcmclq9/tests/certificate/tests_many_self_signed.yml:18 -------------- Parse certificate ------------------------------------------------------- 0.66s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.57s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.57s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.50s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_no_auto_renew.yml:2 Monday 09 May 2022 17:24:04 +0000 (0:00:00.011) 0:00:00.011 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:24:05 +0000 (0:00:01.156) 0:00:01.168 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:24:06 +0000 (0:00:00.021) 0:00:01.189 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:24:06 +0000 (0:00:00.529) 0:00:01.719 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:24:06 +0000 (0:00:00.038) 0:00:01.757 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:24:07 +0000 (0:00:01.313) 0:00:03.071 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:24:09 +0000 (0:00:02.051) 0:00:05.123 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:24:10 +0000 (0:00:00.505) 0:00:05.628 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:24:10 +0000 (0:00:00.374) 0:00:06.003 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target system.slice syslog.target dbus.socket dbus-broker.service systemd-journald.socket basic.target network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:24:11 +0000 (0:00:00.983) 0:00:06.987 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_no_auto_renew', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => { "ansible_loop_var": "item", "changed": true, "item": { "auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert_no_auto_renew" } } MSG: Certificate requested (new). changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "defaultcert" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_no_auto_renew.yml:17 Monday 09 May 2022 17:24:13 +0000 (0:00:01.871) 0:00:08.858 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_no_auto_renew.yml:42 Monday 09 May 2022 17:24:14 +0000 (0:00:00.802) 0:00:09.661 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_no_auto_renew.crt', 'key_path': '/etc/pki/tls/private/mycert_no_auto_renew.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': False}) included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/defaultcert.crt', 'key_path': '/etc/pki/tls/private/defaultcert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': True}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:24:14 +0000 (0:00:00.042) 0:00:09.703 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:24:14 +0000 (0:00:00.016) 0:00:09.719 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:24:15 +0000 (0:00:00.839) 0:00:10.559 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:24:20 +0000 (0:00:05.246) 0:00:15.805 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 22.5 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 29.7 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 28.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 41.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:24:28 +0000 (0:00:08.140) 0:00:23.946 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117052.1331515, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "21b9e06585d2979e3276f0e59a6a2541940ce63e", "ctime": 1652117052.1311517, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117052.1311517, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_no_auto_renew.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1219194840", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:24:29 +0000 (0:00:00.497) 0:00:24.444 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:24:29 +0000 (0:00:00.022) 0:00:24.467 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:24:29 +0000 (0:00:00.037) 0:00:24.505 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:24:29 +0000 (0:00:00.034) 0:00:24.539 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117052.0741515, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9f44782d81c59ea809cc6bcb802b9cc8818e7e4e", "ctime": 1652117052.1311517, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117052.1311517, "nlink": 1, "path": "/etc/pki/tls/private/mycert_no_auto_renew.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1700, "uid": 0, "version": "1084993099", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:24:29 +0000 (0:00:00.385) 0:00:24.925 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:24:29 +0000 (0:00:00.022) 0:00:24.947 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:24:29 +0000 (0:00:00.039) 0:00:24.987 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_no_auto_renew.crt" ], "delta": "0:00:00.204109", "end": "2022-05-09 13:24:29.876471", "rc": 0, "start": "2022-05-09 13:24:29.672362" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "65:01:DF:46:0D:E4:7B:7E:90:CB:E1:85:23:DE:D4:58:C6:35:A1:63", "critical": false }, "authorityKeyIdentifier": { "value": "01:DA:AF:D2:61:FA:7B:1D:56:F2:7C:78:5B:F0:7D:A5:9A:15:6B:B3", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2A:E1:0B:6D:CB:00:49:22:2D:5F:5F:0C:39:15:2F:9F:0D:6A:E2:36:77:27:66:1F:DC:81:6B:0B:B0:3B:D5:C6:DC:60:8B:9A:C3:18:12:E5:47:2B:70:4A:4B:20:1B:00:78:E0:15:45:67:7A:E1:76:CF:8F:B2:89:F1:98:2F:1E:5C:EF:3F:B4:0B:BB:98:89:FE:7A:4C:40:00:B3:1F:B8:34:1E:59:75:AE:9E:0A:96:49:F7:5C:A1:BA:36:9E:D4:F2:3B:70:F6:75:D0:5A:55:3F:6A:93:DA:2A:29:D7:3C:DD:10:1F:91:36:52:33:03:1C:9A:6A:77:FD:F7:97:B6:46:DB:3A:47:FB:1E:0B:84:9F:AA:50:6F:FE:D4:37:2E:69:68:98:F2:E6:41:60:77:76:95:39:D7:8C:28:14:3F:5B:DF:26:0A:8D:DB:1C:A5:C8:51:75:08:47:1E:73:95:8B:3D:C2:AE:AB:7D:4E:B1:06:5C:DA:9D:8A:DE:66:AE:C8:DA:4B:59:74:DC:E1:E8:22:9E:AA:1E:C6:7D:57:22:C9:42:75:0D:88:83:44:EE:5A:81:81:D7:2A:0C:9B:5B:17:E9:42:98:2E:41:B5:BF:6E:D9:13:F8:CA:28:90:66:C0:A7:3A:BA:48:A2:6B:B1:91:1E:32:24:E9:3C:B6:A6" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:24:11", "not_valid_before": "2022-05-09 17:24:12" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:24:30 +0000 (0:00:00.669) 0:00:25.657 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "01:DA:AF:D2:61:FA:7B:1D:56:F2:7C:78:5B:F0:7D:A5:9A:15:6B:B3" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "65:01:DF:46:0D:E4:7B:7E:90:CB:E1:85:23:DE:D4:58:C6:35:A1:63" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2A:E1:0B:6D:CB:00:49:22:2D:5F:5F:0C:39:15:2F:9F:0D:6A:E2:36:77:27:66:1F:DC:81:6B:0B:B0:3B:D5:C6:DC:60:8B:9A:C3:18:12:E5:47:2B:70:4A:4B:20:1B:00:78:E0:15:45:67:7A:E1:76:CF:8F:B2:89:F1:98:2F:1E:5C:EF:3F:B4:0B:BB:98:89:FE:7A:4C:40:00:B3:1F:B8:34:1E:59:75:AE:9E:0A:96:49:F7:5C:A1:BA:36:9E:D4:F2:3B:70:F6:75:D0:5A:55:3F:6A:93:DA:2A:29:D7:3C:DD:10:1F:91:36:52:33:03:1C:9A:6A:77:FD:F7:97:B6:46:DB:3A:47:FB:1E:0B:84:9F:AA:50:6F:FE:D4:37:2E:69:68:98:F2:E6:41:60:77:76:95:39:D7:8C:28:14:3F:5B:DF:26:0A:8D:DB:1C:A5:C8:51:75:08:47:1E:73:95:8B:3D:C2:AE:AB:7D:4E:B1:06:5C:DA:9D:8A:DE:66:AE:C8:DA:4B:59:74:DC:E1:E8:22:9E:AA:1E:C6:7D:57:22:C9:42:75:0D:88:83:44:EE:5A:81:81:D7:2A:0C:9B:5B:17:E9:42:98:2E:41:B5:BF:6E:D9:13:F8:CA:28:90:66:C0:A7:3A:BA:48:A2:6B:B1:91:1E:32:24:E9:3C:B6:A6" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:24:11", "not_valid_before": "2022-05-09 17:24:12" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:24:30 +0000 (0:00:00.034) 0:00:25.691 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:24:30 +0000 (0:00:00.039) 0:00:25.731 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:24:30 +0000 (0:00:00.022) 0:00:25.754 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:24:30 +0000 (0:00:00.035) 0:00:25.790 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:24:30 +0000 (0:00:00.041) 0:00:25.832 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:24:30 +0000 (0:00:00.036) 0:00:25.868 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_no_auto_renew.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039367", "end": "2022-05-09 13:24:30.488806", "rc": 0, "start": "2022-05-09 13:24:30.449439" } STDOUT: no TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:24:31 +0000 (0:00:00.399) 0:00:26.268 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:24:31 +0000 (0:00:00.035) 0:00:26.304 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:24:31 +0000 (0:00:00.018) 0:00:26.322 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:24:32 +0000 (0:00:00.870) 0:00:27.193 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.4) TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:24:33 +0000 (0:00:01.121) 0:00:28.314 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:24:34 +0000 (0:00:00.905) 0:00:29.220 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117052.9681516, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d46ee3b03a39bb250765abacc456aea08affc5e5", "ctime": 1652117052.9661515, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8886411, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117052.9661515, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2795024308", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:24:34 +0000 (0:00:00.369) 0:00:29.589 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:24:34 +0000 (0:00:00.022) 0:00:29.611 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:24:34 +0000 (0:00:00.037) 0:00:29.649 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:24:34 +0000 (0:00:00.036) 0:00:29.685 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117052.9101515, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6a04d2965562a50a4f32dad57301d26b408b2898", "ctime": 1652117052.9661515, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17311, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117052.9661515, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4107673362", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:24:34 +0000 (0:00:00.384) 0:00:30.070 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:24:34 +0000 (0:00:00.021) 0:00:30.092 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:24:34 +0000 (0:00:00.036) 0:00:30.128 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt" ], "delta": "0:00:00.212629", "end": "2022-05-09 13:24:34.936094", "rc": 0, "start": "2022-05-09 13:24:34.723465" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "91:03:71:41:22:B5:6B:55:A8:BA:99:B8:57:E3:DC:5B:F0:02:91:DA", "critical": false }, "authorityKeyIdentifier": { "value": "01:DA:AF:D2:61:FA:7B:1D:56:F2:7C:78:5B:F0:7D:A5:9A:15:6B:B3", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3D:F8:3F:F5:30:AD:EF:BD:BE:CD:97:00:61:18:7C:EA:68:B0:FD:6A:F0:AC:15:1E:52:B0:A8:36:D2:7B:31:4E:F8:8D:77:57:42:32:D3:E8:63:C3:C1:84:97:A7:78:BB:0D:D0:57:B6:42:FA:4C:D0:00:7B:95:94:95:0C:45:AD:21:52:9E:CB:F3:9F:60:F4:1B:BE:26:E5:A1:0F:0A:43:27:DD:CF:4D:AD:CB:17:4E:38:BF:67:E5:1D:66:81:3F:80:6D:6F:17:6E:39:AA:7F:6E:2C:4D:C5:25:C1:F7:FD:00:B4:F1:86:12:EC:6D:73:7F:D9:D6:91:F9:FA:AE:A2:90:FE:F9:02:F3:D0:EB:3A:CC:A6:42:C8:EA:27:14:E2:08:B3:C2:FC:8B:02:00:40:39:B5:58:33:9E:8A:CF:24:06:64:29:F3:53:37:BA:79:B4:6B:96:94:C1:14:4A:6C:99:29:98:6C:55:32:C1:92:99:38:EE:37:31:D6:39:11:F7:88:EA:B9:73:7C:43:23:29:CE:87:12:82:8E:A1:65:D6:30:A1:34:8C:C4:F6:92:A3:28:B9:E4:E8:34:AD:EB:90:B8:F1:E5:EE:3A:0C:96:78:4C:1F:9C:59:19:4C:4E:C3:A5:AF:53:CB:E4:10:1B:12:45:A3:B0:11:AF:EC:DA" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:24:11", "not_valid_before": "2022-05-09 17:24:12" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:24:35 +0000 (0:00:00.591) 0:00:30.720 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "01:DA:AF:D2:61:FA:7B:1D:56:F2:7C:78:5B:F0:7D:A5:9A:15:6B:B3" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "91:03:71:41:22:B5:6B:55:A8:BA:99:B8:57:E3:DC:5B:F0:02:91:DA" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3D:F8:3F:F5:30:AD:EF:BD:BE:CD:97:00:61:18:7C:EA:68:B0:FD:6A:F0:AC:15:1E:52:B0:A8:36:D2:7B:31:4E:F8:8D:77:57:42:32:D3:E8:63:C3:C1:84:97:A7:78:BB:0D:D0:57:B6:42:FA:4C:D0:00:7B:95:94:95:0C:45:AD:21:52:9E:CB:F3:9F:60:F4:1B:BE:26:E5:A1:0F:0A:43:27:DD:CF:4D:AD:CB:17:4E:38:BF:67:E5:1D:66:81:3F:80:6D:6F:17:6E:39:AA:7F:6E:2C:4D:C5:25:C1:F7:FD:00:B4:F1:86:12:EC:6D:73:7F:D9:D6:91:F9:FA:AE:A2:90:FE:F9:02:F3:D0:EB:3A:CC:A6:42:C8:EA:27:14:E2:08:B3:C2:FC:8B:02:00:40:39:B5:58:33:9E:8A:CF:24:06:64:29:F3:53:37:BA:79:B4:6B:96:94:C1:14:4A:6C:99:29:98:6C:55:32:C1:92:99:38:EE:37:31:D6:39:11:F7:88:EA:B9:73:7C:43:23:29:CE:87:12:82:8E:A1:65:D6:30:A1:34:8C:C4:F6:92:A3:28:B9:E4:E8:34:AD:EB:90:B8:F1:E5:EE:3A:0C:96:78:4C:1F:9C:59:19:4C:4E:C3:A5:AF:53:CB:E4:10:1B:12:45:A3:B0:11:AF:EC:DA" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:24:11", "not_valid_before": "2022-05-09 17:24:12" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:24:35 +0000 (0:00:00.033) 0:00:30.753 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:24:35 +0000 (0:00:00.035) 0:00:30.788 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:24:35 +0000 (0:00:00.022) 0:00:30.811 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:24:35 +0000 (0:00:00.035) 0:00:30.846 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:24:35 +0000 (0:00:00.034) 0:00:30.881 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:24:35 +0000 (0:00:00.034) 0:00:30.915 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041315", "end": "2022-05-09 13:24:35.539540", "rc": 0, "start": "2022-05-09 13:24:35.498225" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:24:36 +0000 (0:00:00.402) 0:00:31.318 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=52 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:24:36 +0000 (0:00:00.040) 0:00:31.358 ************ =============================================================================== Install certreader ------------------------------------------------------ 8.14s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install the package, force upgrade -------------------------------------- 5.25s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.05s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.87s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.31s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmp2bcmclq9/tests/certificate/tests_no_auto_renew.yml:2 ------------------ Install the package, force upgrade -------------------------------------- 1.12s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.98s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Install certreader ------------------------------------------------------ 0.91s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 0.87s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 0.84s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.80s /tmp/tmp2bcmclq9/tests/certificate/tests_no_auto_renew.yml:17 ----------------- Parse certificate ------------------------------------------------------- 0.67s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.59s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.51s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_not_wait_for_cert.yml:2 Monday 09 May 2022 17:24:50 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:24:51 +0000 (0:00:01.147) 0:00:01.157 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:24:51 +0000 (0:00:00.020) 0:00:01.178 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:24:52 +0000 (0:00:00.531) 0:00:01.710 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:24:52 +0000 (0:00:00.036) 0:00:01.747 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:24:53 +0000 (0:00:01.306) 0:00:03.053 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:24:55 +0000 (0:00:02.288) 0:00:05.341 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:24:56 +0000 (0:00:00.525) 0:00:05.867 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:24:56 +0000 (0:00:00.396) 0:00:06.264 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus.socket system.slice sysinit.target syslog.target systemd-journald.socket basic.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:24:57 +0000 (0:00:00.961) 0:00:07.225 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_not_wait_for_cert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_not_wait_for_cert" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_not_wait_for_cert.yml:14 Monday 09 May 2022 17:24:58 +0000 (0:00:00.644) 0:00:07.870 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_not_wait_for_cert.yml:28 Monday 09 May 2022 17:24:59 +0000 (0:00:00.814) 0:00:08.684 ************ ok: [/cache/rhel-x.qcow2.snap] => (item={'path': '/etc/pki/tls/certs/mycert_not_wait_for_cert.crt', 'key_path': '/etc/pki/tls/private/mycert_not_wait_for_cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => { "ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": { "key_path": "/etc/pki/tls/private/mycert_not_wait_for_cert.key", "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "subject_alt_name": [ { "name": "DNS", "value": "www.example.com" } ] }, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1294, "state": "file", "uid": 0 } TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_not_wait_for_cert.yml:34 Monday 09 May 2022 17:24:59 +0000 (0:00:00.461) 0:00:09.146 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_not_wait_for_cert.crt', 'key_path': '/etc/pki/tls/private/mycert_not_wait_for_cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:24:59 +0000 (0:00:00.031) 0:00:09.177 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:24:59 +0000 (0:00:00.014) 0:00:09.192 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:25:00 +0000 (0:00:00.850) 0:00:10.043 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:25:05 +0000 (0:00:05.157) 0:00:15.200 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 13.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 27.5 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 30.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 28.9 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 27.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:25:08 +0000 (0:00:03.171) 0:00:18.371 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117097.9084048, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "47a4d4690411c278ae3fe7626947a498b9cc281b", "ctime": 1652117097.9054048, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8388826, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117097.9054048, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "701161416", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:25:09 +0000 (0:00:00.486) 0:00:18.857 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:25:09 +0000 (0:00:00.021) 0:00:18.879 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:25:09 +0000 (0:00:00.036) 0:00:18.916 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:25:09 +0000 (0:00:00.033) 0:00:18.949 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117097.8454049, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ac64316b8ade08c9cf289c732506773b51329e2b", "ctime": 1652117097.9054048, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17297, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117097.9054048, "nlink": 1, "path": "/etc/pki/tls/private/mycert_not_wait_for_cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4261668969", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:25:09 +0000 (0:00:00.366) 0:00:19.316 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:25:09 +0000 (0:00:00.020) 0:00:19.337 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:25:09 +0000 (0:00:00.036) 0:00:19.374 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_not_wait_for_cert.crt" ], "delta": "0:00:00.202842", "end": "2022-05-09 13:25:09.893004", "rc": 0, "start": "2022-05-09 13:25:09.690162" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "71:24:96:8C:1D:CD:76:31:AE:5E:66:90:67:4F:54:EC:18:33:B9:55", "critical": false }, "authorityKeyIdentifier": { "value": "E3:71:B5:A7:27:41:B2:D6:E9:EF:AC:6D:09:2E:AA:DA:9D:8B:D2:6F", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6A:ED:42:CF:22:FC:85:DC:28:58:DF:48:6C:95:8C:92:6A:18:F3:FA:98:32:11:17:48:B5:3D:92:CE:F0:BA:43:1F:2C:20:FC:48:89:FE:73:56:4E:1F:4B:EB:DE:57:84:43:25:9F:FC:F2:86:07:23:87:DE:79:98:DA:F4:F8:6F:76:61:D2:01:86:29:54:EB:9D:71:20:3D:A4:06:AA:F1:1A:E4:09:08:DB:4E:87:57:76:BE:9D:BE:3C:48:99:52:0E:A8:33:C5:52:71:09:F8:D2:95:9A:6D:8A:93:08:D3:01:49:A0:8F:86:FE:AB:A9:0E:B4:8F:E2:FC:A1:D1:57:56:20:7D:02:6D:64:A4:B2:D4:15:A3:A5:A5:BA:43:E9:92:C1:DB:2A:DA:12:C2:71:B6:0C:82:C1:41:ED:C4:F3:64:17:CB:CB:45:2E:4E:74:6B:E4:3F:E5:E8:88:AA:68:68:71:27:18:CE:02:C7:99:A3:7E:74:0B:D2:6F:D9:CC:18:AE:59:76:B3:47:6E:BD:A7:43:67:A4:00:01:1C:57:1E:94:06:AB:07:28:BD:84:D7:2C:E0:F9:AE:C4:D7:CC:06:53:6E:E0:96:F0:FC:22:93:90:6A:A5:20:A7:87:6E:24:6B:B7:9A:BA:0B:61:04:D7:8D:99:8A:8E:8F:DC:8C" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:24:57", "not_valid_before": "2022-05-09 17:24:57" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:25:10 +0000 (0:00:00.682) 0:00:20.056 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E3:71:B5:A7:27:41:B2:D6:E9:EF:AC:6D:09:2E:AA:DA:9D:8B:D2:6F" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "71:24:96:8C:1D:CD:76:31:AE:5E:66:90:67:4F:54:EC:18:33:B9:55" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6A:ED:42:CF:22:FC:85:DC:28:58:DF:48:6C:95:8C:92:6A:18:F3:FA:98:32:11:17:48:B5:3D:92:CE:F0:BA:43:1F:2C:20:FC:48:89:FE:73:56:4E:1F:4B:EB:DE:57:84:43:25:9F:FC:F2:86:07:23:87:DE:79:98:DA:F4:F8:6F:76:61:D2:01:86:29:54:EB:9D:71:20:3D:A4:06:AA:F1:1A:E4:09:08:DB:4E:87:57:76:BE:9D:BE:3C:48:99:52:0E:A8:33:C5:52:71:09:F8:D2:95:9A:6D:8A:93:08:D3:01:49:A0:8F:86:FE:AB:A9:0E:B4:8F:E2:FC:A1:D1:57:56:20:7D:02:6D:64:A4:B2:D4:15:A3:A5:A5:BA:43:E9:92:C1:DB:2A:DA:12:C2:71:B6:0C:82:C1:41:ED:C4:F3:64:17:CB:CB:45:2E:4E:74:6B:E4:3F:E5:E8:88:AA:68:68:71:27:18:CE:02:C7:99:A3:7E:74:0B:D2:6F:D9:CC:18:AE:59:76:B3:47:6E:BD:A7:43:67:A4:00:01:1C:57:1E:94:06:AB:07:28:BD:84:D7:2C:E0:F9:AE:C4:D7:CC:06:53:6E:E0:96:F0:FC:22:93:90:6A:A5:20:A7:87:6E:24:6B:B7:9A:BA:0B:61:04:D7:8D:99:8A:8E:8F:DC:8C" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:24:57", "not_valid_before": "2022-05-09 17:24:57" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:25:10 +0000 (0:00:00.033) 0:00:20.089 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:25:10 +0000 (0:00:00.034) 0:00:20.123 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:25:10 +0000 (0:00:00.024) 0:00:20.148 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:25:10 +0000 (0:00:00.034) 0:00:20.182 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:25:10 +0000 (0:00:00.063) 0:00:20.246 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:25:10 +0000 (0:00:00.033) 0:00:20.280 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_not_wait_for_cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037937", "end": "2022-05-09 13:25:10.507487", "rc": 0, "start": "2022-05-09 13:25:10.469550" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:25:11 +0000 (0:00:00.386) 0:00:20.667 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=32 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:25:11 +0000 (0:00:00.039) 0:00:20.706 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.16s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.17s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.29s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.31s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.15s /tmp/tmp2bcmclq9/tests/certificate/tests_not_wait_for_cert.yml:2 -------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.96s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Ensure python3 is installed --------------------------------------------- 0.85s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.81s /tmp/tmp2bcmclq9/tests/certificate/tests_not_wait_for_cert.yml:14 ------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.64s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Wait for certificate ---------------------------------------------------- 0.46s /tmp/tmp2bcmclq9/tests/certificate/tests_not_wait_for_cert.yml:28 ------------- fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate Key Usage -------------------------------------------- 0.06s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml:2 Monday 09 May 2022 17:25:25 +0000 (0:00:00.009) 0:00:00.009 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:25:26 +0000 (0:00:01.198) 0:00:01.208 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:25:26 +0000 (0:00:00.042) 0:00:01.250 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:25:26 +0000 (0:00:00.520) 0:00:01.770 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:25:27 +0000 (0:00:00.039) 0:00:01.809 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:25:28 +0000 (0:00:01.389) 0:00:03.199 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:25:30 +0000 (0:00:02.136) 0:00:05.336 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:25:31 +0000 (0:00:00.584) 0:00:05.921 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:25:31 +0000 (0:00:00.388) 0:00:06.309 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket system.slice sysinit.target network.target basic.target syslog.target dbus-broker.service systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:25:32 +0000 (0:00:01.021) 0:00:07.330 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_principal', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_principal", "principal": "HTTP/www.example.com@EXAMPLE.COM" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml:13 Monday 09 May 2022 17:25:33 +0000 (0:00:01.053) 0:00:08.383 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml:33 Monday 09 May 2022 17:25:34 +0000 (0:00:00.808) 0:00:09.191 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_principal.crt', 'key_path': '/etc/pki/tls/private/mycert_principal.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}, {'name': 'Universal Principal Name (UPN)', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.4.1.311.20.2.3'}, {'name': 'Kerberos principalname', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.5.2.2'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:25:34 +0000 (0:00:00.037) 0:00:09.229 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:25:34 +0000 (0:00:00.018) 0:00:09.247 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:25:35 +0000 (0:00:00.873) 0:00:10.121 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:25:40 +0000 (0:00:05.248) 0:00:15.369 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 10.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 20.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.8 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 26.1 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 33.2 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:25:43 +0000 (0:00:03.329) 0:00:18.698 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117133.0250835, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "00ff6f6903a1b30c0c72573a8a9e97a360ce287d", "ctime": 1652117133.0230837, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117133.0230837, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_principal.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1456, "uid": 0, "version": "3253211509", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:25:44 +0000 (0:00:00.493) 0:00:19.192 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:25:44 +0000 (0:00:00.022) 0:00:19.214 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:25:44 +0000 (0:00:00.039) 0:00:19.253 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:25:44 +0000 (0:00:00.034) 0:00:19.288 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117132.9370837, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "29e10d4082610b861ff4f4d75d716d87f672d316", "ctime": 1652117133.0230837, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17429, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117133.0230837, "nlink": 1, "path": "/etc/pki/tls/private/mycert_principal.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3162893614", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:25:44 +0000 (0:00:00.361) 0:00:19.650 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:25:44 +0000 (0:00:00.021) 0:00:19.671 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:25:44 +0000 (0:00:00.036) 0:00:19.707 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_principal.crt" ], "delta": "0:00:00.212376", "end": "2022-05-09 13:25:45.125196", "rc": 0, "start": "2022-05-09 13:25:44.912820" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.5.2.2" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "5B:60:5F:15:DB:B8:0A:F0:63:26:18:AF:F8:42:02:4B:E9:A0:25:5E", "critical": false }, "authorityKeyIdentifier": { "value": "92:52:B8:7A:31:9C:DB:49:53:49:17:89:31:30:F3:36:4E:F4:A3:10", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "32:8F:BD:3D:3E:7C:5C:E0:24:8C:92:D0:EF:8B:4D:68:90:F3:C9:23:C6:70:62:49:2D:D8:14:CB:B8:B4:93:CC:9B:1C:7F:74:80:1B:2C:E6:32:D9:F7:E4:18:C7:98:2E:22:C5:61:99:51:7A:04:F9:6E:37:3D:46:52:9C:56:D2:91:7E:5D:5A:CD:15:4D:01:A8:35:2F:C5:B2:9D:7A:6B:FA:6C:91:25:8B:EE:52:8F:A4:10:77:74:31:A0:E7:7F:F2:3E:0C:4C:3D:46:8D:47:8E:C8:8C:63:61:38:5D:97:84:69:16:BF:85:09:CC:D4:36:84:19:31:9C:70:77:E5:2A:32:49:53:46:0C:48:80:CD:F0:0F:11:10:73:BD:D0:B9:4D:C9:FE:78:33:A4:6E:70:F4:77:CF:F4:E9:EC:5F:91:47:BC:12:C3:2C:A1:42:27:A9:B9:97:67:67:D1:76:AF:B2:63:C7:F1:40:8E:9D:73:4F:42:BB:8C:17:7D:DC:AD:59:32:81:5C:21:86:80:A4:6D:18:11:12:58:7B:45:41:9E:16:53:9D:F8:59:EE:DA:A7:F0:8B:54:9F:C1:7E:AA:F4:DA:82:20:E6:F2:B0:48:AE:BD:5F:B7:65:F1:48:6D:85:37:30:1B:63:BC:FF:28:16:E2:84:45:FA:F8:96" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:25:32", "not_valid_before": "2022-05-09 17:25:33" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:25:45 +0000 (0:00:00.692) 0:00:20.400 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "92:52:B8:7A:31:9C:DB:49:53:49:17:89:31:30:F3:36:4E:F4:A3:10" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "5B:60:5F:15:DB:B8:0A:F0:63:26:18:AF:F8:42:02:4B:E9:A0:25:5E" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "32:8F:BD:3D:3E:7C:5C:E0:24:8C:92:D0:EF:8B:4D:68:90:F3:C9:23:C6:70:62:49:2D:D8:14:CB:B8:B4:93:CC:9B:1C:7F:74:80:1B:2C:E6:32:D9:F7:E4:18:C7:98:2E:22:C5:61:99:51:7A:04:F9:6E:37:3D:46:52:9C:56:D2:91:7E:5D:5A:CD:15:4D:01:A8:35:2F:C5:B2:9D:7A:6B:FA:6C:91:25:8B:EE:52:8F:A4:10:77:74:31:A0:E7:7F:F2:3E:0C:4C:3D:46:8D:47:8E:C8:8C:63:61:38:5D:97:84:69:16:BF:85:09:CC:D4:36:84:19:31:9C:70:77:E5:2A:32:49:53:46:0C:48:80:CD:F0:0F:11:10:73:BD:D0:B9:4D:C9:FE:78:33:A4:6E:70:F4:77:CF:F4:E9:EC:5F:91:47:BC:12:C3:2C:A1:42:27:A9:B9:97:67:67:D1:76:AF:B2:63:C7:F1:40:8E:9D:73:4F:42:BB:8C:17:7D:DC:AD:59:32:81:5C:21:86:80:A4:6D:18:11:12:58:7B:45:41:9E:16:53:9D:F8:59:EE:DA:A7:F0:8B:54:9F:C1:7E:AA:F4:DA:82:20:E6:F2:B0:48:AE:BD:5F:B7:65:F1:48:6D:85:37:30:1B:63:BC:FF:28:16:E2:84:45:FA:F8:96" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:25:32", "not_valid_before": "2022-05-09 17:25:33" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:25:45 +0000 (0:00:00.032) 0:00:20.432 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:25:45 +0000 (0:00:00.032) 0:00:20.465 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:25:45 +0000 (0:00:00.021) 0:00:20.486 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:25:45 +0000 (0:00:00.034) 0:00:20.521 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:25:45 +0000 (0:00:00.033) 0:00:20.554 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:25:45 +0000 (0:00:00.033) 0:00:20.588 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_principal.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037421", "end": "2022-05-09 13:25:45.700015", "rc": 0, "start": "2022-05-09 13:25:45.662594" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:25:46 +0000 (0:00:00.382) 0:00:20.970 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml:40 Monday 09 May 2022 17:25:46 +0000 (0:00:00.048) 0:00:21.018 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:25:47 +0000 (0:00:00.789) 0:00:21.808 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:25:47 +0000 (0:00:00.020) 0:00:21.829 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:25:47 +0000 (0:00:00.492) 0:00:22.322 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:25:47 +0000 (0:00:00.037) 0:00:22.359 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:25:48 +0000 (0:00:00.873) 0:00:23.233 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:25:49 +0000 (0:00:00.891) 0:00:24.125 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:25:49 +0000 (0:00:00.409) 0:00:24.534 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:25:50 +0000 (0:00:00.408) 0:00:24.942 ************ ok: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-05-09 13:25:32 EDT", "ActiveEnterTimestampMonotonic": "17209468", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target systemd-journald.socket dbus.socket system.slice sysinit.target syslog.target network.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-05-09 13:25:32 EDT", "AssertTimestampMonotonic": "17196527", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "691410000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-05-09 13:25:32 EDT", "ConditionTimestampMonotonic": "17196526", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "7347", "ExecMainStartTimestamp": "Mon 2022-05-09 13:25:32 EDT", "ExecMainStartTimestampMonotonic": "17197903", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Mon 2022-05-09 13:25:32 EDT] ; stop_time=[n/a] ; pid=7347 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Mon 2022-05-09 13:25:32 EDT] ; stop_time=[n/a] ; pid=7347 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-05-09 13:25:32 EDT", "InactiveExitTimestampMonotonic": "17198241", "InvocationID": "dc7122ebdd6d4581ae8de36d546c656b", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "7347", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "3649536", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-05-09 13:25:32 EDT", "StateChangeTimestampMonotonic": "17209468", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:25:50 +0000 (0:00:00.538) 0:00:25.481 ************ failed: [/cache/rhel-x.qcow2.snap] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc" } } MSG: Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM' TASK [assert...] *************************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml:59 Monday 09 May 2022 17:25:51 +0000 (0:00:00.467) 0:00:25.949 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=40 changed=7 unreachable=0 failed=0 skipped=2 rescued=1 ignored=0 Monday 09 May 2022 17:25:51 +0000 (0:00:00.026) 0:00:25.975 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.25s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.33s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.14s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.39s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.20s /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml:2 ---------------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.05s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.89s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Ensure python3 is installed --------------------------------------------- 0.87s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 0.87s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 0.81s /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml:13 --------------------- Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmp2bcmclq9/tests/certificate/tests_principal.yml:40 --------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.58s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.54s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.52s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.49s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.47s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.41s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_provider.yml:2 Monday 09 May 2022 17:26:05 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:26:06 +0000 (0:00:01.139) 0:00:01.150 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:26:06 +0000 (0:00:00.023) 0:00:01.174 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:26:06 +0000 (0:00:00.495) 0:00:01.669 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:26:07 +0000 (0:00:00.038) 0:00:01.708 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:26:08 +0000 (0:00:01.299) 0:00:03.008 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:26:10 +0000 (0:00:02.069) 0:00:05.077 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:26:10 +0000 (0:00:00.510) 0:00:05.588 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:26:11 +0000 (0:00:00.385) 0:00:05.973 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target sysinit.target dbus.socket system.slice syslog.target systemd-journald.socket network.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:26:12 +0000 (0:00:00.972) 0:00:06.945 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_provider', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_provider", "provider": "certmonger" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_provider.yml:13 Monday 09 May 2022 17:26:13 +0000 (0:00:01.421) 0:00:08.367 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_provider.yml:27 Monday 09 May 2022 17:26:14 +0000 (0:00:00.849) 0:00:09.217 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_provider.crt', 'key_path': '/etc/pki/tls/private/mycert_provider.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:26:14 +0000 (0:00:00.039) 0:00:09.257 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:26:14 +0000 (0:00:00.017) 0:00:09.274 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:26:15 +0000 (0:00:00.882) 0:00:10.157 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:26:20 +0000 (0:00:05.294) 0:00:15.452 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 28.6 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 27.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 34.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:26:24 +0000 (0:00:03.289) 0:00:18.741 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117172.2672346, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "92d527f635849ca605e773f89a3bdb5679d0c3f7", "ctime": 1652117172.2642345, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8887170, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117172.2642345, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_provider.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2231351087", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:26:24 +0000 (0:00:00.488) 0:00:19.230 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:26:24 +0000 (0:00:00.020) 0:00:19.251 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:26:24 +0000 (0:00:00.035) 0:00:19.287 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:26:24 +0000 (0:00:00.031) 0:00:19.318 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117172.1952345, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "db7dc418c7c0b031d895d28f6244dcec755abef3", "ctime": 1652117172.2642345, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117172.2642345, "nlink": 1, "path": "/etc/pki/tls/private/mycert_provider.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2383719125", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:26:24 +0000 (0:00:00.360) 0:00:19.678 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:26:25 +0000 (0:00:00.022) 0:00:19.700 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:26:25 +0000 (0:00:00.038) 0:00:19.739 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_provider.crt" ], "delta": "0:00:00.199692", "end": "2022-05-09 13:26:24.419122", "rc": 0, "start": "2022-05-09 13:26:24.219430" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "BF:D0:9F:F4:51:E0:46:73:F8:6D:85:92:68:0D:6C:DF:E6:5B:63:8A", "critical": false }, "authorityKeyIdentifier": { "value": "DD:09:F7:B7:E0:B0:DA:69:D5:18:62:58:E5:A2:84:5C:27:0F:BB:DA", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "97:71:A9:82:32:44:C7:65:17:19:22:81:D1:B2:0B:75:75:B2:0B:5E:54:01:3E:62:65:06:EC:E9:28:6F:49:7A:AE:1C:D4:5A:53:4A:07:8E:54:45:A4:86:C0:D5:6B:FE:BB:F0:62:04:A2:46:AF:A5:43:34:F8:47:21:A7:20:C7:3C:24:30:9B:8B:3D:B2:CC:E2:E0:64:B8:1C:05:02:D9:F9:A4:F9:D0:AB:58:44:2A:6B:B1:A3:E6:51:16:28:A7:55:74:87:CA:25:23:3D:5E:DF:E2:BA:44:F4:CF:DF:A5:1C:80:D7:12:47:89:C2:6F:B3:82:B7:2D:9C:18:BA:E8:DC:40:5E:6D:BB:1A:89:15:D0:BC:49:BD:76:F1:6B:05:1E:D1:98:9C:BA:9F:B2:44:A4:2D:D0:8E:AB:7C:CD:49:F3:51:66:3A:0C:39:5B:3C:0B:C1:D6:1F:71:00:4A:9A:8D:8B:48:B8:AC:D2:3A:25:1C:FF:4F:B8:51:29:DF:A7:E6:93:B6:E0:B5:FF:73:25:17:BE:58:D6:53:12:04:4A:A5:60:64:41:7A:50:B8:E7:9E:44:6C:B3:38:C3:D4:6D:37:40:43:AC:23:47:B2:AA:F5:7E:5A:B5:E6:7B:9B:EE:B0:ED:3D:D0:96:4B:4A:20:F3:B0:56:B1:CA:18:EE:18" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:26:11", "not_valid_before": "2022-05-09 17:26:12" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:26:25 +0000 (0:00:00.684) 0:00:20.423 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "DD:09:F7:B7:E0:B0:DA:69:D5:18:62:58:E5:A2:84:5C:27:0F:BB:DA" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "BF:D0:9F:F4:51:E0:46:73:F8:6D:85:92:68:0D:6C:DF:E6:5B:63:8A" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "97:71:A9:82:32:44:C7:65:17:19:22:81:D1:B2:0B:75:75:B2:0B:5E:54:01:3E:62:65:06:EC:E9:28:6F:49:7A:AE:1C:D4:5A:53:4A:07:8E:54:45:A4:86:C0:D5:6B:FE:BB:F0:62:04:A2:46:AF:A5:43:34:F8:47:21:A7:20:C7:3C:24:30:9B:8B:3D:B2:CC:E2:E0:64:B8:1C:05:02:D9:F9:A4:F9:D0:AB:58:44:2A:6B:B1:A3:E6:51:16:28:A7:55:74:87:CA:25:23:3D:5E:DF:E2:BA:44:F4:CF:DF:A5:1C:80:D7:12:47:89:C2:6F:B3:82:B7:2D:9C:18:BA:E8:DC:40:5E:6D:BB:1A:89:15:D0:BC:49:BD:76:F1:6B:05:1E:D1:98:9C:BA:9F:B2:44:A4:2D:D0:8E:AB:7C:CD:49:F3:51:66:3A:0C:39:5B:3C:0B:C1:D6:1F:71:00:4A:9A:8D:8B:48:B8:AC:D2:3A:25:1C:FF:4F:B8:51:29:DF:A7:E6:93:B6:E0:B5:FF:73:25:17:BE:58:D6:53:12:04:4A:A5:60:64:41:7A:50:B8:E7:9E:44:6C:B3:38:C3:D4:6D:37:40:43:AC:23:47:B2:AA:F5:7E:5A:B5:E6:7B:9B:EE:B0:ED:3D:D0:96:4B:4A:20:F3:B0:56:B1:CA:18:EE:18" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:26:11", "not_valid_before": "2022-05-09 17:26:12" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:26:25 +0000 (0:00:00.034) 0:00:20.458 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:26:25 +0000 (0:00:00.035) 0:00:20.494 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:26:25 +0000 (0:00:00.022) 0:00:20.517 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:26:25 +0000 (0:00:00.067) 0:00:20.584 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:26:25 +0000 (0:00:00.035) 0:00:20.620 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:26:25 +0000 (0:00:00.036) 0:00:20.656 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_provider.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039205", "end": "2022-05-09 13:26:25.037452", "rc": 0, "start": "2022-05-09 13:26:24.998247" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:26:26 +0000 (0:00:00.380) 0:00:21.037 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:26:26 +0000 (0:00:00.041) 0:00:21.078 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.29s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.29s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.07s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.42s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.30s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.14s /tmp/tmp2bcmclq9/tests/certificate/tests_provider.yml:2 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.97s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Ensure python3 is installed --------------------------------------------- 0.88s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.85s /tmp/tmp2bcmclq9/tests/certificate/tests_provider.yml:13 ---------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.51s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.50s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve auto-renew flag ------------------------------------------------ 0.38s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify key size --------------------------------------------------------- 0.07s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify each certificate ------------------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tests_provider.yml:27 ---------------------- Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:2 Monday 09 May 2022 17:26:40 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:26:41 +0000 (0:00:01.139) 0:00:01.150 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:26:41 +0000 (0:00:00.022) 0:00:01.172 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:26:42 +0000 (0:00:00.523) 0:00:01.696 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:26:42 +0000 (0:00:00.037) 0:00:01.733 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:26:43 +0000 (0:00:01.354) 0:00:03.088 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:26:45 +0000 (0:00:02.140) 0:00:05.228 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:26:46 +0000 (0:00:00.526) 0:00:05.755 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:26:46 +0000 (0:00:00.386) 0:00:06.141 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target syslog.target systemd-journald.socket network.target sysinit.target dbus.socket system.slice dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:26:47 +0000 (0:00:00.988) 0:00:07.130 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_run_hooks', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_run_hooks", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n" } } MSG: Certificate requested (new). Pre/Post run hooks updated. META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:17 Monday 09 May 2022 17:26:48 +0000 (0:00:01.170) 0:00:08.300 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:31 Monday 09 May 2022 17:26:49 +0000 (0:00:00.833) 0:00:09.134 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_run_hooks.crt', 'key_path': '/etc/pki/tls/private/mycert_run_hooks.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:26:49 +0000 (0:00:00.034) 0:00:09.168 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:26:49 +0000 (0:00:00.017) 0:00:09.185 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:26:50 +0000 (0:00:00.890) 0:00:10.076 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:26:55 +0000 (0:00:05.267) 0:00:15.344 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.5 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 29.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 28.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 41.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:26:59 +0000 (0:00:03.080) 0:00:18.424 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117208.2504408, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7799a502006d25ecc1980bde2608c05c0c0851ac", "ctime": 1652117208.2474408, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8886656, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117208.2474408, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_run_hooks.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "398820285", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:26:59 +0000 (0:00:00.492) 0:00:18.916 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:26:59 +0000 (0:00:00.020) 0:00:18.937 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:26:59 +0000 (0:00:00.034) 0:00:18.972 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:26:59 +0000 (0:00:00.034) 0:00:19.006 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117208.183441, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9ff9c2e62b1945be611cc2ae3a5d4344db954361", "ctime": 1652117208.2474408, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117208.2474408, "nlink": 1, "path": "/etc/pki/tls/private/mycert_run_hooks.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3361390107", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:27:00 +0000 (0:00:00.372) 0:00:19.379 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:27:00 +0000 (0:00:00.020) 0:00:19.399 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:27:00 +0000 (0:00:00.035) 0:00:19.435 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_run_hooks.crt" ], "delta": "0:00:00.211804", "end": "2022-05-09 13:27:00.284136", "rc": 0, "start": "2022-05-09 13:27:00.072332" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "10:A8:21:62:92:FE:B3:C1:ED:CB:D5:9F:C2:B2:36:19:E6:5B:0F:3E", "critical": false }, "authorityKeyIdentifier": { "value": "AA:1C:92:AA:95:0C:42:BD:B8:EF:AF:B4:F9:85:DE:D1:F1:58:21:F7", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "63:B5:07:00:D5:48:83:5A:40:44:37:6D:81:E9:59:58:B0:89:66:A1:3E:C4:85:73:26:35:C2:16:8E:69:F1:C9:CF:37:D5:5B:CE:49:A3:53:09:E9:61:A8:AB:36:AB:A9:FD:6A:89:AB:C2:DA:8E:96:7A:14:D3:E4:D3:88:FA:E2:9B:0A:EC:29:90:2D:54:1A:63:70:58:1B:29:77:60:47:3C:12:91:2D:8F:04:63:E7:51:BF:FC:DF:87:93:C6:38:7A:D4:03:F5:39:57:A1:E3:CF:B4:DA:A9:8D:64:C1:F0:18:30:AD:0F:4B:64:09:F4:07:DE:C9:07:42:25:98:29:2D:0B:A4:AE:DC:CB:04:62:9E:A9:A8:24:C7:9C:7E:AC:A1:52:79:CC:1F:9A:DB:5F:DD:97:AA:A7:35:E6:BE:1A:BB:D3:C5:7C:DE:75:27:ED:6C:08:F5:BD:67:96:E7:DF:2F:80:38:4D:BB:45:EE:04:6A:8A:3C:F2:67:B6:34:39:5B:E5:CB:70:40:76:11:8D:BB:C1:CC:82:3D:1E:AD:43:54:B0:14:26:94:15:2A:8D:57:03:0A:EB:72:BD:27:42:4D:AF:15:D9:32:5B:6A:A3:56:81:44:15:E4:2D:6D:06:B4:AE:42:61:5C:BE:9B:D3:54:2D:77:46:98:E2:41:31" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:26:47", "not_valid_before": "2022-05-09 17:26:48" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:27:00 +0000 (0:00:00.735) 0:00:20.171 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "AA:1C:92:AA:95:0C:42:BD:B8:EF:AF:B4:F9:85:DE:D1:F1:58:21:F7" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "10:A8:21:62:92:FE:B3:C1:ED:CB:D5:9F:C2:B2:36:19:E6:5B:0F:3E" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "63:B5:07:00:D5:48:83:5A:40:44:37:6D:81:E9:59:58:B0:89:66:A1:3E:C4:85:73:26:35:C2:16:8E:69:F1:C9:CF:37:D5:5B:CE:49:A3:53:09:E9:61:A8:AB:36:AB:A9:FD:6A:89:AB:C2:DA:8E:96:7A:14:D3:E4:D3:88:FA:E2:9B:0A:EC:29:90:2D:54:1A:63:70:58:1B:29:77:60:47:3C:12:91:2D:8F:04:63:E7:51:BF:FC:DF:87:93:C6:38:7A:D4:03:F5:39:57:A1:E3:CF:B4:DA:A9:8D:64:C1:F0:18:30:AD:0F:4B:64:09:F4:07:DE:C9:07:42:25:98:29:2D:0B:A4:AE:DC:CB:04:62:9E:A9:A8:24:C7:9C:7E:AC:A1:52:79:CC:1F:9A:DB:5F:DD:97:AA:A7:35:E6:BE:1A:BB:D3:C5:7C:DE:75:27:ED:6C:08:F5:BD:67:96:E7:DF:2F:80:38:4D:BB:45:EE:04:6A:8A:3C:F2:67:B6:34:39:5B:E5:CB:70:40:76:11:8D:BB:C1:CC:82:3D:1E:AD:43:54:B0:14:26:94:15:2A:8D:57:03:0A:EB:72:BD:27:42:4D:AF:15:D9:32:5B:6A:A3:56:81:44:15:E4:2D:6D:06:B4:AE:42:61:5C:BE:9B:D3:54:2D:77:46:98:E2:41:31" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-05-09 17:26:47", "not_valid_before": "2022-05-09 17:26:48" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:27:00 +0000 (0:00:00.066) 0:00:20.238 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:27:00 +0000 (0:00:00.035) 0:00:20.274 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:27:00 +0000 (0:00:00.025) 0:00:20.299 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:27:00 +0000 (0:00:00.035) 0:00:20.335 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:27:01 +0000 (0:00:00.036) 0:00:20.371 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:27:01 +0000 (0:00:00.033) 0:00:20.405 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_run_hooks.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040127", "end": "2022-05-09 13:27:00.925287", "rc": 0, "start": "2022-05-09 13:27:00.885160" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:27:01 +0000 (0:00:00.401) 0:00:20.806 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:39 Monday 09 May 2022 17:27:01 +0000 (0:00:00.038) 0:00:20.844 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117208.2504408, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7799a502006d25ecc1980bde2608c05c0c0851ac", "ctime": 1652117208.2474408, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8886656, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117208.2474408, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_run_hooks.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "398820285", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:43 Monday 09 May 2022 17:27:01 +0000 (0:00:00.359) 0:00:21.204 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117208.2444408, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1652117208.2444408, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 25712785, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1652117208.2444408, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "865447885", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:47 Monday 09 May 2022 17:27:02 +0000 (0:00:00.342) 0:00:21.547 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117208.282441, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1652117208.282441, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 25712789, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1652117208.282441, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "2821029225", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Assert file created before cert] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:51 Monday 09 May 2022 17:27:02 +0000 (0:00:00.338) 0:00:21.886 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Assert file created after cert] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:58 Monday 09 May 2022 17:27:02 +0000 (0:00:00.022) 0:00:21.908 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Get the ansible_managed comment in pre/post-scripts] ********************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:66 Monday 09 May 2022 17:27:02 +0000 (0:00:00.020) 0:00:21.929 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "find", "/etc/certmonger/pre-scripts", "/etc/certmonger/post-scripts", "-type", "f", "-exec", "grep", "^# Ansible managed", "{}", ";" ], "delta": "0:00:00.005324", "end": "2022-05-09 13:27:02.388418", "rc": 0, "start": "2022-05-09 13:27:02.383094" } STDOUT: # Ansible managed # Ansible managed TASK [Verify the ansible_managed comment in pre/post-scripts] ****************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:72 Monday 09 May 2022 17:27:02 +0000 (0:00:00.341) 0:00:22.270 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=38 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:27:02 +0000 (0:00:00.038) 0:00:22.309 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.27s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.08s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.14s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.35s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.17s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 1.14s /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:2 ---------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.99s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Ensure python3 is installed --------------------------------------------- 0.89s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.83s /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:17 --------------------- Parse certificate ------------------------------------------------------- 0.74s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.52s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Get certificate timestamp ----------------------------------------------- 0.36s /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:39 --------------------- Get pre-run file timestamp ---------------------------------------------- 0.34s /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:43 --------------------- Get the ansible_managed comment in pre/post-scripts --------------------- 0.34s /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:66 --------------------- Get post-run file timestamp --------------------------------------------- 0.34s /tmp/tmp2bcmclq9/tests/certificate/tests_run_hooks.yml:47 --------------------- ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_subject.yml:2 Monday 09 May 2022 17:27:18 +0000 (0:00:00.016) 0:00:00.016 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:27:19 +0000 (0:00:01.168) 0:00:01.184 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:27:19 +0000 (0:00:00.021) 0:00:01.206 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:27:20 +0000 (0:00:00.540) 0:00:01.746 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:27:20 +0000 (0:00:00.036) 0:00:01.782 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:27:21 +0000 (0:00:01.353) 0:00:03.136 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:27:23 +0000 (0:00:02.208) 0:00:05.344 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:27:24 +0000 (0:00:00.511) 0:00:05.856 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:27:24 +0000 (0:00:00.391) 0:00:06.248 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice sysinit.target dbus-broker.service dbus.socket syslog.target basic.target systemd-journald.socket network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:27:25 +0000 (0:00:01.015) 0:00:07.264 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_subject', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert_subject", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_subject.yml:19 Monday 09 May 2022 17:27:26 +0000 (0:00:01.044) 0:00:08.308 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_subject.yml:48 Monday 09 May 2022 17:27:27 +0000 (0:00:00.831) 0:00:09.140 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_subject.crt', 'key_path': '/etc/pki/tls/private/mycert_subject.key', 'subject': [{'name': 'countryName', 'oid': '2.5.4.6', 'value': 'US'}, {'name': 'stateOrProvinceName', 'oid': '2.5.4.8', 'value': 'NC'}, {'name': 'localityName', 'oid': '2.5.4.7', 'value': 'Raleigh'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'Red Hat'}, {'name': 'organizationalUnitName', 'oid': '2.5.4.11', 'value': 'Linux'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': 'Some other common name'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:27:27 +0000 (0:00:00.047) 0:00:09.187 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:27:27 +0000 (0:00:00.019) 0:00:09.207 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:27:28 +0000 (0:00:00.946) 0:00:10.153 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:27:34 +0000 (0:00:05.403) 0:00:15.557 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 11.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 22.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 28.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 38.5 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:27:37 +0000 (0:00:03.187) 0:00:18.745 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117246.5053859, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e63caf9e1c9b0931e5fa8d939a2ab1ba6700b923", "ctime": 1652117246.5033858, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8880959, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117246.5033858, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_subject.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1411, "uid": 0, "version": "2063853330", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:27:37 +0000 (0:00:00.504) 0:00:19.250 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:27:37 +0000 (0:00:00.023) 0:00:19.273 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:27:37 +0000 (0:00:00.036) 0:00:19.310 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:27:37 +0000 (0:00:00.032) 0:00:19.342 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117246.4443858, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c0ff7ffbc2ce0d9154c75188e507be4bc758ed47", "ctime": 1652117246.5033858, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17301, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117246.5033858, "nlink": 1, "path": "/etc/pki/tls/private/mycert_subject.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3038408603", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:27:38 +0000 (0:00:00.356) 0:00:19.698 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:27:38 +0000 (0:00:00.020) 0:00:19.718 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:27:38 +0000 (0:00:00.034) 0:00:19.753 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_subject.crt" ], "delta": "0:00:00.213876", "end": "2022-05-09 13:27:38.750530", "rc": 0, "start": "2022-05-09 13:27:38.536654" } STDOUT: { "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "9E:58:D6:C5:76:B6:55:39:E5:9F:D5:15:8D:26:C5:94:91:42:EB:5D", "critical": false }, "authorityKeyIdentifier": { "value": "58:F1:11:9F:2C:36:C7:96:18:2B:BD:AD:96:65:CB:17:09:48:39:3F", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1C:D9:2C:50:06:A1:82:94:4A:74:FD:92:D1:CB:11:1A:01:BA:09:A4:B9:BB:3C:4C:C5:6C:34:55:10:EB:54:AB:C2:4F:8C:BE:50:8C:1A:FF:80:4E:81:8C:84:53:B0:56:6A:58:DC:15:07:9F:F2:58:67:6C:96:0F:80:CB:B1:55:6F:29:32:19:A0:F8:D2:7C:64:A0:29:D8:5C:A6:47:97:71:FB:A9:22:E7:B1:7E:3B:AD:25:C9:1C:6C:9A:AA:52:0E:BA:1B:71:A4:E3:9E:33:39:26:AD:13:86:A5:89:D9:FE:F1:71:76:A2:02:F3:3E:56:36:1E:5E:45:9F:FC:E4:36:A6:D2:43:0F:99:B7:0F:D4:C7:C8:F1:5B:AE:CF:E0:CF:B0:A0:ED:92:71:9E:44:4E:17:DE:C9:C8:5B:AC:61:0B:05:42:92:0E:E1:F0:83:B3:6C:84:8E:A5:E8:47:3B:72:0E:94:79:B4:81:F9:D0:67:CC:C4:8A:CA:79:96:C7:CF:78:72:A1:82:C4:2A:98:45:3B:15:8F:20:56:5A:0E:DF:29:46:17:9B:F5:9F:E5:84:48:2C:CA:BF:AD:A6:47:9D:D4:54:C7:4B:E4:F8:5F:82:11:10:83:37:39:18:E8:92:C3:8A:EF:37:5C:B1:4B:41:FE:93:7E:23:CC:54:CA" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:27:25", "not_valid_before": "2022-05-09 17:27:26" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:27:39 +0000 (0:00:00.686) 0:00:20.440 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "58:F1:11:9F:2C:36:C7:96:18:2B:BD:AD:96:65:CB:17:09:48:39:3F" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "9E:58:D6:C5:76:B6:55:39:E5:9F:D5:15:8D:26:C5:94:91:42:EB:5D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1C:D9:2C:50:06:A1:82:94:4A:74:FD:92:D1:CB:11:1A:01:BA:09:A4:B9:BB:3C:4C:C5:6C:34:55:10:EB:54:AB:C2:4F:8C:BE:50:8C:1A:FF:80:4E:81:8C:84:53:B0:56:6A:58:DC:15:07:9F:F2:58:67:6C:96:0F:80:CB:B1:55:6F:29:32:19:A0:F8:D2:7C:64:A0:29:D8:5C:A6:47:97:71:FB:A9:22:E7:B1:7E:3B:AD:25:C9:1C:6C:9A:AA:52:0E:BA:1B:71:A4:E3:9E:33:39:26:AD:13:86:A5:89:D9:FE:F1:71:76:A2:02:F3:3E:56:36:1E:5E:45:9F:FC:E4:36:A6:D2:43:0F:99:B7:0F:D4:C7:C8:F1:5B:AE:CF:E0:CF:B0:A0:ED:92:71:9E:44:4E:17:DE:C9:C8:5B:AC:61:0B:05:42:92:0E:E1:F0:83:B3:6C:84:8E:A5:E8:47:3B:72:0E:94:79:B4:81:F9:D0:67:CC:C4:8A:CA:79:96:C7:CF:78:72:A1:82:C4:2A:98:45:3B:15:8F:20:56:5A:0E:DF:29:46:17:9B:F5:9F:E5:84:48:2C:CA:BF:AD:A6:47:9D:D4:54:C7:4B:E4:F8:5F:82:11:10:83:37:39:18:E8:92:C3:8A:EF:37:5C:B1:4B:41:FE:93:7E:23:CC:54:CA" }, "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "validity": { "not_valid_after": "2023-05-09 17:27:25", "not_valid_before": "2022-05-09 17:27:26" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:27:39 +0000 (0:00:00.034) 0:00:20.475 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:27:39 +0000 (0:00:00.039) 0:00:20.515 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:27:39 +0000 (0:00:00.022) 0:00:20.537 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:27:39 +0000 (0:00:00.031) 0:00:20.568 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:27:39 +0000 (0:00:00.031) 0:00:20.600 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:27:39 +0000 (0:00:00.036) 0:00:20.637 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_subject.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039241", "end": "2022-05-09 13:27:39.360161", "rc": 0, "start": "2022-05-09 13:27:39.320920" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:27:39 +0000 (0:00:00.411) 0:00:21.048 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:27:39 +0000 (0:00:00.042) 0:00:21.091 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.40s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.19s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.21s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.35s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Gathering Facts --------------------------------------------------------- 1.17s /tmp/tmp2bcmclq9/tests/certificate/tests_subject.yml:2 ------------------------ fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.04s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Ensure python3 is installed --------------------------------------------- 0.95s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 0.83s /tmp/tmp2bcmclq9/tests/certificate/tests_subject.yml:19 ----------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.54s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.51s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.41s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify each certificate ------------------------------------------------- 0.05s /tmp/tmp2bcmclq9/tests/certificate/tests_subject.yml:48 ----------------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 - Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_subject_complex.yml:2 Monday 09 May 2022 17:27:53 +0000 (0:00:00.010) 0:00:00.010 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:27:54 +0000 (0:00:01.171) 0:00:01.182 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:27:54 +0000 (0:00:00.021) 0:00:01.204 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:27:55 +0000 (0:00:00.541) 0:00:01.745 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:27:55 +0000 (0:00:00.036) 0:00:01.782 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:27:56 +0000 (0:00:01.396) 0:00:03.178 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.14-7.el9.x86_64", "Installed: nspr-4.32.0-9.el9.x86_64", "Installed: nss-3.71.0-7.el9.x86_64", "Installed: nss-softokn-3.71.0-7.el9.x86_64", "Installed: nss-softokn-freebl-3.71.0-7.el9.x86_64", "Installed: nss-sysinit-3.71.0-7.el9.x86_64", "Installed: nss-util-3.71.0-7.el9.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:27:59 +0000 (0:00:02.159) 0:00:05.337 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:27:59 +0000 (0:00:00.529) 0:00:05.866 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:28:00 +0000 (0:00:00.403) 0:00:06.270 ************ changed: [/cache/rhel-x.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket dbus-broker.service dbus.socket system.slice syslog.target network.target sysinit.target basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14626", "LimitNPROCSoft": "14626", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14626", "LimitSIGPENDINGSoft": "14626", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23402", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:28:01 +0000 (0:00:01.142) 0:00:07.413 ************ changed: [/cache/rhel-x.qcow2.snap] => (item={'name': 'mycert_subject_complex', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert_subject_complex" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-x.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_subject_complex.yml:16 Monday 09 May 2022 17:28:02 +0000 (0:00:01.287) 0:00:08.701 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_subject_complex.yml:36 Monday 09 May 2022 17:28:04 +0000 (0:00:01.831) 0:00:10.532 ************ included: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-x.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_subject_complex.crt', 'key_path': '/etc/pki/tls/private/mycert_subject_complex.key', 'subject': [{'name': 'emailAddress', 'oid': '1.2.840.113549.1.9.1', 'value': 'admin@example.com'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': '# \\\\Every"thing+that,ne;edsing\\0 '}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:2 Monday 09 May 2022 17:28:04 +0000 (0:00:00.038) 0:00:10.571 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 Monday 09 May 2022 17:28:04 +0000 (0:00:00.021) 0:00:10.592 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 Monday 09 May 2022 17:28:05 +0000 (0:00:00.874) 0:00:11.467 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.2.3) Collecting pip Downloading pip-22.0.4-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.2.3 Uninstalling pip-21.2.3: Successfully uninstalled pip-21.2.3 Successfully installed pip-22.0.4 TASK [Install certreader] ****************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 Monday 09 May 2022 17:28:10 +0000 (0:00:05.078) 0:00:16.545 ************ changed: [/cache/rhel-x.qcow2.snap] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 12.4 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 26.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 19.9 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 27.4 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 32.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 Monday 09 May 2022 17:28:13 +0000 (0:00:03.279) 0:00:19.824 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117282.4542878, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "93a515db8dff35b5d7f048008a5299646b4ced67", "ctime": 1652117282.4512877, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8887172, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117282.4512877, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_subject_complex.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1375, "uid": 0, "version": "1946703549", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:31 Monday 09 May 2022 17:28:14 +0000 (0:00:00.481) 0:00:20.306 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 Monday 09 May 2022 17:28:14 +0000 (0:00:00.023) 0:00:20.329 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:47 Monday 09 May 2022 17:28:14 +0000 (0:00:00.037) 0:00:20.366 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 Monday 09 May 2022 17:28:14 +0000 (0:00:00.034) 0:00:20.401 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "stat": { "atime": 1652117282.3902876, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fe1eef44dd2c88ddeb9f4967352d0cd62b44a820", "ctime": 1652117282.4512877, "dev": 64516, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17305, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1652117282.4512877, "nlink": 1, "path": "/etc/pki/tls/private/mycert_subject_complex.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3839443756", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:58 Monday 09 May 2022 17:28:14 +0000 (0:00:00.358) 0:00:20.759 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 Monday 09 May 2022 17:28:14 +0000 (0:00:00.023) 0:00:20.783 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 Monday 09 May 2022 17:28:14 +0000 (0:00:00.077) 0:00:20.861 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_subject_complex.crt" ], "delta": "0:00:00.221776", "end": "2022-05-09 13:28:15.411119", "rc": 0, "start": "2022-05-09 13:28:15.189343" } STDOUT: { "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "35:64:1D:27:8E:48:75:8A:08:53:F3:25:92:A4:C7:67:00:57:BC:7D", "critical": false }, "authorityKeyIdentifier": { "value": "54:31:D6:F4:10:7A:2B:15:EA:45:FE:B8:CA:66:37:B2:A7:85:18:EF", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7A:7B:B0:07:F8:95:D8:CD:23:0B:42:74:D9:0C:0F:D8:BC:F8:1C:03:D5:20:82:36:64:F6:CF:26:B9:C7:1A:40:EF:C3:18:7C:96:45:44:BB:55:04:CD:E8:C6:F6:2F:25:1E:BB:B6:09:61:06:EB:9B:81:74:69:60:F6:D6:A5:B1:D2:86:1A:48:8F:47:90:74:BE:11:00:AA:A8:49:10:18:5F:C6:63:84:BB:34:7D:6D:61:79:B0:3C:DE:8A:67:19:0C:4D:BC:6B:0A:B5:05:C2:D9:55:62:84:85:31:21:64:99:AA:04:D4:36:59:B0:7A:B0:33:60:BF:0B:B4:EC:0C:06:BC:63:9C:E0:C9:50:DD:04:DF:54:2C:8C:ED:D3:9B:C9:78:5E:BD:BB:FC:B3:4C:B6:CF:6C:8E:18:B2:61:31:33:B8:59:5B:D3:46:39:B0:26:67:42:21:AD:CD:BA:BD:1B:70:93:90:94:81:F4:6D:68:64:3E:A3:1B:18:DC:23:9A:6E:E0:ED:78:B8:73:D3:FC:22:F6:76:ED:46:BD:71:B5:FF:25:B3:F9:8A:CC:B0:83:AA:26:4E:A4:89:30:C8:17:06:4A:36:9F:63:C1:45:59:E4:B8:15:A6:58:A8:2A:2B:03:94:7B:0B:8A:08:E3:5C:44:E2:1B:9D:8C:32:F2" }, "key_size": 2048, "validity": { "not_valid_after": "2023-05-09 17:28:01", "not_valid_before": "2022-05-09 17:28:02" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:79 Monday 09 May 2022 17:28:15 +0000 (0:00:00.700) 0:00:21.562 ************ ok: [/cache/rhel-x.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "54:31:D6:F4:10:7A:2B:15:EA:45:FE:B8:CA:66:37:B2:A7:85:18:EF" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "35:64:1D:27:8E:48:75:8A:08:53:F3:25:92:A4:C7:67:00:57:BC:7D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7A:7B:B0:07:F8:95:D8:CD:23:0B:42:74:D9:0C:0F:D8:BC:F8:1C:03:D5:20:82:36:64:F6:CF:26:B9:C7:1A:40:EF:C3:18:7C:96:45:44:BB:55:04:CD:E8:C6:F6:2F:25:1E:BB:B6:09:61:06:EB:9B:81:74:69:60:F6:D6:A5:B1:D2:86:1A:48:8F:47:90:74:BE:11:00:AA:A8:49:10:18:5F:C6:63:84:BB:34:7D:6D:61:79:B0:3C:DE:8A:67:19:0C:4D:BC:6B:0A:B5:05:C2:D9:55:62:84:85:31:21:64:99:AA:04:D4:36:59:B0:7A:B0:33:60:BF:0B:B4:EC:0C:06:BC:63:9C:E0:C9:50:DD:04:DF:54:2C:8C:ED:D3:9B:C9:78:5E:BD:BB:FC:B3:4C:B6:CF:6C:8E:18:B2:61:31:33:B8:59:5B:D3:46:39:B0:26:67:42:21:AD:CD:BA:BD:1B:70:93:90:94:81:F4:6D:68:64:3E:A3:1B:18:DC:23:9A:6E:E0:ED:78:B8:73:D3:FC:22:F6:76:ED:46:BD:71:B5:FF:25:B3:F9:8A:CC:B0:83:AA:26:4E:A4:89:30:C8:17:06:4A:36:9F:63:C1:45:59:E4:B8:15:A6:58:A8:2A:2B:03:94:7B:0B:8A:08:E3:5C:44:E2:1B:9D:8C:32:F2" }, "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "validity": { "not_valid_after": "2023-05-09 17:28:01", "not_valid_before": "2022-05-09 17:28:02" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:83 Monday 09 May 2022 17:28:15 +0000 (0:00:00.035) 0:00:21.598 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:91 Monday 09 May 2022 17:28:15 +0000 (0:00:00.035) 0:00:21.633 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:99 Monday 09 May 2022 17:28:15 +0000 (0:00:00.022) 0:00:21.656 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:106 Monday 09 May 2022 17:28:15 +0000 (0:00:00.034) 0:00:21.691 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:118 Monday 09 May 2022 17:28:15 +0000 (0:00:00.035) 0:00:21.727 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 Monday 09 May 2022 17:28:15 +0000 (0:00:00.035) 0:00:21.763 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_subject_complex.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041025", "end": "2022-05-09 13:28:16.029578", "rc": 0, "start": "2022-05-09 13:28:15.988553" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Monday 09 May 2022 17:28:15 +0000 (0:00:00.411) 0:00:22.174 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=31 changed=7 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 09 May 2022 17:28:15 +0000 (0:00:00.041) 0:00:22.216 ************ =============================================================================== Install the package, force upgrade -------------------------------------- 5.08s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 3.28s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:18 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.16s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Gathering Facts --------------------------------------------------------- 1.83s /tmp/tmp2bcmclq9/tests/certificate/tests_subject_complex.yml:16 --------------- fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.40s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.29s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Gathering Facts --------------------------------------------------------- 1.17s /tmp/tmp2bcmclq9/tests/certificate/tests_subject_complex.yml:2 ---------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.14s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Ensure python3 is installed --------------------------------------------- 0.87s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.54s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.48s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.41s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify key file owner and group ----------------------------------------- 0.08s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify each certificate ------------------------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tests_subject_complex.yml:36 --------------- Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmp2bcmclq9/tests/certificate/tasks/assert_certificate_parameters.yml:37 - ansible-playbook [core 2.12.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpqfftqfbp executable location = /usr/bin/ansible-playbook python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmp2bcmclq9/tests/certificate/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp2bcmclq9/tests/certificate/tests_wrong_provider.yml:2 Monday 09 May 2022 17:28:31 +0000 (0:00:00.008) 0:00:00.008 ************ ok: [/cache/rhel-x.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Monday 09 May 2022 17:28:34 +0000 (0:00:03.154) 0:00:03.162 ************ included: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-x.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Monday 09 May 2022 17:28:34 +0000 (0:00:00.021) 0:00:03.184 ************ ok: [/cache/rhel-x.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Monday 09 May 2022 17:28:35 +0000 (0:00:00.520) 0:00:03.704 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-x.qcow2.snap] => (item=RedHat_9.1.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_9.1.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Monday 09 May 2022 17:28:35 +0000 (0:00:00.046) 0:00:03.751 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Monday 09 May 2022 17:28:36 +0000 (0:00:01.332) 0:00:05.084 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Monday 09 May 2022 17:28:36 +0000 (0:00:00.034) 0:00:05.118 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Monday 09 May 2022 17:28:36 +0000 (0:00:00.034) 0:00:05.153 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Monday 09 May 2022 17:28:36 +0000 (0:00:00.035) 0:00:05.189 ************ skipping: [/cache/rhel-x.qcow2.snap] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Monday 09 May 2022 17:28:36 +0000 (0:00:00.035) 0:00:05.224 ************ failed: [/cache/rhel-x.qcow2.snap] (item={'name': 'mycert_wrong_provider', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_wrong_provider", "provider": "fake-provider" } } MSG: Chosen provider 'fake-provider' is not available. TASK [assert...] *************************************************************** task path: /tmp/tmp2bcmclq9/tests/certificate/tests_wrong_provider.yml:22 Monday 09 May 2022 17:28:37 +0000 (0:00:00.621) 0:00:05.846 ************ ok: [/cache/rhel-x.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-x.qcow2.snap : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0 Monday 09 May 2022 17:28:37 +0000 (0:00:00.029) 0:00:05.875 ************ =============================================================================== Gathering Facts --------------------------------------------------------- 3.15s /tmp/tmp2bcmclq9/tests/certificate/tests_wrong_provider.yml:2 ----------------- fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.33s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.62s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.52s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 fedora.linux_system_roles.certificate : Set platform/version specific variables --- 0.05s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.04s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.04s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.03s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 assert... --------------------------------------------------------------- 0.03s /tmp/tmp2bcmclq9/tests/certificate/tests_wrong_provider.yml:22 ---------------- fedora.linux_system_roles.certificate : Set version specific variables --- 0.02s /tmp/tmpqfftqfbp/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2