ansible-playbook [core 2.12.6] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpoau9jedf executable location = /usr/bin/ansible-playbook python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmpqiz1ijmo/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpqiz1ijmo/tests/tests_many_self_signed.yml:2 Wednesday 06 July 2022 05:36:16 +0000 (0:00:00.014) 0:00:00.014 ******** ok: [/cache/centos-7.qcow2c.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Wednesday 06 July 2022 05:36:17 +0000 (0:00:01.028) 0:00:01.043 ******** included: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/centos-7.qcow2c.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Wednesday 06 July 2022 05:36:17 +0000 (0:00:00.030) 0:00:01.073 ******** ok: [/cache/centos-7.qcow2c.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Wednesday 06 July 2022 05:36:17 +0000 (0:00:00.428) 0:00:01.501 ******** skipping: [/cache/centos-7.qcow2c.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/centos-7.qcow2c.snap] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } ok: [/cache/centos-7.qcow2c.snap] => (item=CentOS_7.yml) => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python-pyasn1", "python-cryptography", "python-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/vars/CentOS_7.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.yml" } skipping: [/cache/centos-7.qcow2c.snap] => (item=CentOS_7.9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.9.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Wednesday 06 July 2022 05:36:17 +0000 (0:00:00.050) 0:00:01.551 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed", "dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Wednesday 06 July 2022 05:36:19 +0000 (0:00:01.171) 0:00:02.723 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [ "certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Wednesday 06 July 2022 05:36:19 +0000 (0:00:00.599) 0:00:03.322 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Wednesday 06 July 2022 05:36:20 +0000 (0:00:00.485) 0:00:03.808 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Wednesday 06 July 2022 05:36:20 +0000 (0:00:00.362) 0:00:04.171 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Wed 2022-07-06 05:31:41 UTC", "ActiveEnterTimestampMonotonic": "172162297", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket basic.target system.slice network.target syslog.target dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Wed 2022-07-06 05:31:41 UTC", "AssertTimestampMonotonic": "172148815", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2022-07-06 05:31:41 UTC", "ConditionTimestampMonotonic": "172148814", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6078", "ExecMainStartTimestamp": "Wed 2022-07-06 05:31:41 UTC", "ExecMainStartTimestampMonotonic": "172149537", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2022-07-06 05:31:41 UTC", "InactiveExitTimestampMonotonic": "172149585", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14960", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14960", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "6078", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/var/run/certmonger.pid", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Wed 2022-07-06 05:31:41 UTC", "WatchdogTimestampMonotonic": "172162252", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Wednesday 06 July 2022 05:36:21 +0000 (0:00:00.828) 0:00:04.999 ******** changed: [/cache/centos-7.qcow2c.snap] => (item={'name': 'mycert_many_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_many_self_signed" } } MSG: Certificate requested (new). changed: [/cache/centos-7.qcow2c.snap] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/centos-7.qcow2c.snap] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/centos-7.qcow2c.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpqiz1ijmo/tests/tests_many_self_signed.yml:18 Wednesday 06 July 2022 05:36:24 +0000 (0:00:03.080) 0:00:08.080 ******** ok: [/cache/centos-7.qcow2c.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpqiz1ijmo/tests/tests_many_self_signed.yml:50 Wednesday 06 July 2022 05:36:25 +0000 (0:00:00.728) 0:00:08.808 ******** included: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml for /cache/centos-7.qcow2c.snap => (item={'path': '/etc/pki/tls/certs/mycert_many_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_many_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml for /cache/centos-7.qcow2c.snap => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml for /cache/centos-7.qcow2c.snap => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 05:36:25 +0000 (0:00:00.054) 0:00:08.863 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 05:36:25 +0000 (0:00:00.029) 0:00:08.892 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 05:36:25 +0000 (0:00:00.627) 0:00:09.520 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 05:36:27 +0000 (0:00:01.113) 0:00:10.633 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 05:36:27 +0000 (0:00:00.868) 0:00:11.501 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657085782.1153765, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a9561b2c7c120769b3788a5808ec00a842e3aef7", "ctime": 1657085782.1113763, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8652439, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657085782.1113763, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_many_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "944641175", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 05:36:28 +0000 (0:00:00.460) 0:00:11.962 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 05:36:28 +0000 (0:00:00.034) 0:00:11.997 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 05:36:28 +0000 (0:00:00.049) 0:00:12.046 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 05:36:28 +0000 (0:00:00.078) 0:00:12.124 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657085782.0633764, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f54a64aa641c4b83b733a8914cb21e338fa89fb3", "ctime": 1657085782.1113763, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668532, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657085782.1113763, "nlink": 1, "path": "/etc/pki/tls/private/mycert_many_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "18446744072431883673", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 05:36:28 +0000 (0:00:00.373) 0:00:12.497 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 05:36:28 +0000 (0:00:00.072) 0:00:12.569 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 05:36:28 +0000 (0:00:00.051) 0:00:12.621 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_many_self_signed.crt" ], "delta": "0:00:00.258858", "end": "2022-07-06 05:36:29.633175", "rc": 0, "start": "2022-07-06 05:36:29.374317" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "C7:B5:80:FF:7D:8E:2A:56:77:9F:80:8A:5A:3A:0E:AC:07:B4:82:33", "critical": false }, "authorityKeyIdentifier": { "value": "02:AD:DA:38:F4:E2:5E:3D:60:C0:9D:C9:B6:8B:BA:75:33:70:48:A5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A3:A3:5D:C3:33:E9:A4:61:60:DF:D2:CF:CE:51:F4:5D:2E:40:E6:4A:F4:9F:EB:03:44:79:25:97:5E:DB:A2:0C:3B:FD:23:FF:1B:07:FD:14:68:D1:33:D9:7D:FB:29:DB:29:CA:93:EB:99:95:B5:96:34:7A:E8:B2:E4:F5:B4:4A:76:25:4C:28:BF:4F:10:44:AE:2D:4F:14:0F:A4:75:8D:BC:C1:53:84:B1:DA:05:22:B3:81:3C:CD:3A:6B:DE:91:3E:F4:3D:49:07:BD:1B:EF:4F:4D:4E:25:99:48:22:72:DC:EA:E3:6A:11:66:CE:94:C2:21:47:56:1E:D7:07:FD:89:B4:6E:FE:AF:6D:68:9A:19:8B:81:E9:84:82:77:78:10:88:2A:CA:30:E5:3B:49:DA:E2:16:00:3C:28:1D:31:00:30:08:D3:52:52:0F:9B:50:AF:11:9C:D9:63:80:72:1A:16:81:D9:D1:58:6C:56:F2:AB:32:D1:AD:67:38:E6:2F:4E:1A:DF:FB:87:BF:58:D5:77:36:96:A4:93:EC:85:F1:17:0F:55:CC:4E:C1:3F:E2:80:02:AF:DF:D3:D7:93:66:DF:A3:A2:5C:21:6E:F2:87:B4:D7:66:62:7C:3E:D3:A4:9B:EC:14:A1:D2:1D:B4:18:49:F9:90:EB:72:5A:FE" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 05:31:41", "not_valid_before": "2022-07-06 05:36:22" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 05:36:29 +0000 (0:00:00.709) 0:00:13.331 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "02:AD:DA:38:F4:E2:5E:3D:60:C0:9D:C9:B6:8B:BA:75:33:70:48:A5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "C7:B5:80:FF:7D:8E:2A:56:77:9F:80:8A:5A:3A:0E:AC:07:B4:82:33" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A3:A3:5D:C3:33:E9:A4:61:60:DF:D2:CF:CE:51:F4:5D:2E:40:E6:4A:F4:9F:EB:03:44:79:25:97:5E:DB:A2:0C:3B:FD:23:FF:1B:07:FD:14:68:D1:33:D9:7D:FB:29:DB:29:CA:93:EB:99:95:B5:96:34:7A:E8:B2:E4:F5:B4:4A:76:25:4C:28:BF:4F:10:44:AE:2D:4F:14:0F:A4:75:8D:BC:C1:53:84:B1:DA:05:22:B3:81:3C:CD:3A:6B:DE:91:3E:F4:3D:49:07:BD:1B:EF:4F:4D:4E:25:99:48:22:72:DC:EA:E3:6A:11:66:CE:94:C2:21:47:56:1E:D7:07:FD:89:B4:6E:FE:AF:6D:68:9A:19:8B:81:E9:84:82:77:78:10:88:2A:CA:30:E5:3B:49:DA:E2:16:00:3C:28:1D:31:00:30:08:D3:52:52:0F:9B:50:AF:11:9C:D9:63:80:72:1A:16:81:D9:D1:58:6C:56:F2:AB:32:D1:AD:67:38:E6:2F:4E:1A:DF:FB:87:BF:58:D5:77:36:96:A4:93:EC:85:F1:17:0F:55:CC:4E:C1:3F:E2:80:02:AF:DF:D3:D7:93:66:DF:A3:A2:5C:21:6E:F2:87:B4:D7:66:62:7C:3E:D3:A4:9B:EC:14:A1:D2:1D:B4:18:49:F9:90:EB:72:5A:FE" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 05:31:41", "not_valid_before": "2022-07-06 05:36:22" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 05:36:29 +0000 (0:00:00.045) 0:00:13.377 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 05:36:29 +0000 (0:00:00.044) 0:00:13.422 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 05:36:29 +0000 (0:00:00.034) 0:00:13.456 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 05:36:29 +0000 (0:00:00.049) 0:00:13.505 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 05:36:29 +0000 (0:00:00.042) 0:00:13.548 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 05:36:29 +0000 (0:00:00.042) 0:00:13.591 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_many_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.076360", "end": "2022-07-06 05:36:30.285299", "rc": 0, "start": "2022-07-06 05:36:30.208939" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 05:36:30 +0000 (0:00:00.391) 0:00:13.983 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 05:36:30 +0000 (0:00:00.046) 0:00:14.029 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 05:36:30 +0000 (0:00:00.027) 0:00:14.057 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 05:36:31 +0000 (0:00:00.579) 0:00:14.637 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 05:36:31 +0000 (0:00:00.963) 0:00:15.601 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 05:36:32 +0000 (0:00:00.803) 0:00:16.404 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657085783.2003763, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d2802897fc57a9d85d0094740517d64de4abd2b3", "ctime": 1657085783.1973765, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668189, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657085783.1973765, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "18446744072832670947", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 05:36:33 +0000 (0:00:00.332) 0:00:16.737 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 05:36:33 +0000 (0:00:00.031) 0:00:16.768 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 05:36:33 +0000 (0:00:00.047) 0:00:16.815 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 05:36:33 +0000 (0:00:00.042) 0:00:16.858 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657085783.1523764, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "52bbb3caa007f2c8d64a0a4acbfe66de5930cf85", "ctime": 1657085783.1973765, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668188, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657085783.1973765, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "18446744072249430403", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 05:36:33 +0000 (0:00:00.313) 0:00:17.171 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 05:36:33 +0000 (0:00:00.031) 0:00:17.203 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 05:36:33 +0000 (0:00:00.045) 0:00:17.248 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.258072", "end": "2022-07-06 05:36:34.113190", "rc": 0, "start": "2022-07-06 05:36:33.855118" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E2:74:2A:4F:C8:55:F7:EA:67:46:E2:CD:32:E3:AE:AB:4F:1C:8A:C0", "critical": false }, "authorityKeyIdentifier": { "value": "02:AD:DA:38:F4:E2:5E:3D:60:C0:9D:C9:B6:8B:BA:75:33:70:48:A5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "18:3C:B1:DE:6E:13:22:1D:0B:5E:D3:96:01:BC:CC:45:F2:D4:82:64:1B:1A:32:83:9D:8F:5D:57:7E:9E:FB:0C:74:9F:9B:E7:41:8B:2B:F6:5C:18:8D:61:03:52:CA:2C:08:3E:54:AD:F4:B0:55:59:A0:52:13:DF:53:35:6D:34:1C:B4:29:74:1F:9D:34:E1:6D:FC:A1:03:62:09:11:F0:49:33:7A:D2:D6:AD:2A:BF:DD:7C:2B:9E:18:9E:5C:5B:35:79:16:EF:80:DA:B1:FA:83:DA:31:86:0E:73:EE:3E:93:79:03:4F:45:3A:21:0B:C7:28:91:0E:5D:B8:67:25:9C:36:64:0A:36:D5:F7:E2:17:68:2E:84:5A:21:43:A3:5B:5B:5F:7A:40:F5:2F:DD:89:AD:04:02:33:BB:EF:81:78:1E:23:10:BD:7D:D3:CC:7C:00:45:28:E2:BE:0F:CD:71:23:75:C0:BB:63:36:04:13:CC:21:CF:D6:50:47:8C:B5:2E:6D:2C:7B:CC:14:CD:E4:1C:F9:AD:9E:1E:63:E6:97:78:9B:6E:AA:0A:01:62:DA:C2:55:0C:0D:93:A7:EF:9F:2A:77:62:44:EB:E7:B2:1B:72:C6:C6:32:01:2E:A2:C3:4C:70:ED:10:58:96:C5:90:CD:94:87:22:98:D6:BE" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 05:31:41", "not_valid_before": "2022-07-06 05:36:23" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.564) 0:00:17.813 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "02:AD:DA:38:F4:E2:5E:3D:60:C0:9D:C9:B6:8B:BA:75:33:70:48:A5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E2:74:2A:4F:C8:55:F7:EA:67:46:E2:CD:32:E3:AE:AB:4F:1C:8A:C0" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "18:3C:B1:DE:6E:13:22:1D:0B:5E:D3:96:01:BC:CC:45:F2:D4:82:64:1B:1A:32:83:9D:8F:5D:57:7E:9E:FB:0C:74:9F:9B:E7:41:8B:2B:F6:5C:18:8D:61:03:52:CA:2C:08:3E:54:AD:F4:B0:55:59:A0:52:13:DF:53:35:6D:34:1C:B4:29:74:1F:9D:34:E1:6D:FC:A1:03:62:09:11:F0:49:33:7A:D2:D6:AD:2A:BF:DD:7C:2B:9E:18:9E:5C:5B:35:79:16:EF:80:DA:B1:FA:83:DA:31:86:0E:73:EE:3E:93:79:03:4F:45:3A:21:0B:C7:28:91:0E:5D:B8:67:25:9C:36:64:0A:36:D5:F7:E2:17:68:2E:84:5A:21:43:A3:5B:5B:5F:7A:40:F5:2F:DD:89:AD:04:02:33:BB:EF:81:78:1E:23:10:BD:7D:D3:CC:7C:00:45:28:E2:BE:0F:CD:71:23:75:C0:BB:63:36:04:13:CC:21:CF:D6:50:47:8C:B5:2E:6D:2C:7B:CC:14:CD:E4:1C:F9:AD:9E:1E:63:E6:97:78:9B:6E:AA:0A:01:62:DA:C2:55:0C:0D:93:A7:EF:9F:2A:77:62:44:EB:E7:B2:1B:72:C6:C6:32:01:2E:A2:C3:4C:70:ED:10:58:96:C5:90:CD:94:87:22:98:D6:BE" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-07-06 05:31:41", "not_valid_before": "2022-07-06 05:36:23" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.041) 0:00:17.854 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.042) 0:00:17.896 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.030) 0:00:17.926 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.045) 0:00:17.972 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.043) 0:00:18.016 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.042) 0:00:18.059 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.064959", "end": "2022-07-06 05:36:34.721262", "rc": 0, "start": "2022-07-06 05:36:34.656303" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.363) 0:00:18.422 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.046) 0:00:18.469 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 05:36:34 +0000 (0:00:00.026) 0:00:18.495 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 05:36:35 +0000 (0:00:00.566) 0:00:19.062 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 05:36:36 +0000 (0:00:00.977) 0:00:20.040 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 05:36:37 +0000 (0:00:00.789) 0:00:20.829 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657085784.2043765, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "142130f790a1344f61d05b265ff2be24b6af49d3", "ctime": 1657085784.2003763, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668178, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657085784.2003763, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "18446744072077602940", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 05:36:37 +0000 (0:00:00.335) 0:00:21.164 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 05:36:37 +0000 (0:00:00.033) 0:00:21.198 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 05:36:37 +0000 (0:00:00.047) 0:00:21.245 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 05:36:37 +0000 (0:00:00.073) 0:00:21.319 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657085784.1563764, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f139fdf6682eb72e818348be96d2483965067766", "ctime": 1657085784.2003763, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9667808, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657085784.2003763, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1250679822", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 05:36:38 +0000 (0:00:00.331) 0:00:21.650 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 05:36:38 +0000 (0:00:00.032) 0:00:21.682 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 05:36:38 +0000 (0:00:00.046) 0:00:21.729 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.298268", "end": "2022-07-06 05:36:38.650290", "rc": 0, "start": "2022-07-06 05:36:38.352022" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "7A:E0:BF:F5:E4:82:B0:38:2D:43:ED:A6:1B:7D:42:B2:65:6E:3C:84", "critical": false }, "authorityKeyIdentifier": { "value": "02:AD:DA:38:F4:E2:5E:3D:60:C0:9D:C9:B6:8B:BA:75:33:70:48:A5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "20:E1:C8:C8:D5:D2:AC:E5:5C:F5:7B:36:14:96:07:C3:4C:BF:56:89:27:0F:92:0E:6B:A3:09:D0:DD:EA:D9:A2:89:2C:BD:D9:42:31:07:70:33:BD:A6:DA:F1:32:A3:D7:00:1D:32:6B:45:89:26:48:54:97:6C:48:D8:32:5D:A3:69:3D:95:C2:15:A0:13:18:C7:14:66:F4:90:35:07:1F:21:28:FB:E4:6A:0E:B2:14:E7:7A:69:28:6C:A6:5A:F3:CE:4B:2C:C9:B5:99:5A:D8:77:A3:3B:FB:91:CE:AE:AA:AE:AB:18:F2:5B:21:68:41:F0:47:46:53:C9:E2:2A:FE:0D:52:B4:5B:A0:8F:D2:FC:8C:1E:66:A9:0A:B6:18:2A:7F:8F:D0:A3:49:E9:A0:42:19:C5:A3:16:8B:28:1A:8F:9C:93:36:94:E6:78:EC:49:0B:3D:8A:55:54:41:96:38:8A:09:9B:17:5F:AB:0F:00:4B:C5:FA:C3:87:42:F9:6B:28:EC:5B:9A:F5:F4:97:60:CD:D3:3D:5D:C7:16:3E:23:BE:04:37:5E:63:98:0D:A8:37:15:D1:AA:39:1A:FD:18:FB:34:CE:30:DB:CA:29:A4:AA:E3:D5:FA:9F:55:41:5C:E0:6D:79:05:84:D2:57:05:28:1C:BF:34:F9:CF:5C:E6" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 05:31:41", "not_valid_before": "2022-07-06 05:36:24" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 05:36:38 +0000 (0:00:00.624) 0:00:22.354 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "02:AD:DA:38:F4:E2:5E:3D:60:C0:9D:C9:B6:8B:BA:75:33:70:48:A5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "7A:E0:BF:F5:E4:82:B0:38:2D:43:ED:A6:1B:7D:42:B2:65:6E:3C:84" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "20:E1:C8:C8:D5:D2:AC:E5:5C:F5:7B:36:14:96:07:C3:4C:BF:56:89:27:0F:92:0E:6B:A3:09:D0:DD:EA:D9:A2:89:2C:BD:D9:42:31:07:70:33:BD:A6:DA:F1:32:A3:D7:00:1D:32:6B:45:89:26:48:54:97:6C:48:D8:32:5D:A3:69:3D:95:C2:15:A0:13:18:C7:14:66:F4:90:35:07:1F:21:28:FB:E4:6A:0E:B2:14:E7:7A:69:28:6C:A6:5A:F3:CE:4B:2C:C9:B5:99:5A:D8:77:A3:3B:FB:91:CE:AE:AA:AE:AB:18:F2:5B:21:68:41:F0:47:46:53:C9:E2:2A:FE:0D:52:B4:5B:A0:8F:D2:FC:8C:1E:66:A9:0A:B6:18:2A:7F:8F:D0:A3:49:E9:A0:42:19:C5:A3:16:8B:28:1A:8F:9C:93:36:94:E6:78:EC:49:0B:3D:8A:55:54:41:96:38:8A:09:9B:17:5F:AB:0F:00:4B:C5:FA:C3:87:42:F9:6B:28:EC:5B:9A:F5:F4:97:60:CD:D3:3D:5D:C7:16:3E:23:BE:04:37:5E:63:98:0D:A8:37:15:D1:AA:39:1A:FD:18:FB:34:CE:30:DB:CA:29:A4:AA:E3:D5:FA:9F:55:41:5C:E0:6D:79:05:84:D2:57:05:28:1C:BF:34:F9:CF:5C:E6" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-07-06 05:31:41", "not_valid_before": "2022-07-06 05:36:24" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 05:36:38 +0000 (0:00:00.042) 0:00:22.397 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 05:36:38 +0000 (0:00:00.073) 0:00:22.471 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 05:36:38 +0000 (0:00:00.063) 0:00:22.535 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 05:36:38 +0000 (0:00:00.045) 0:00:22.581 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 05:36:39 +0000 (0:00:00.043) 0:00:22.624 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 05:36:39 +0000 (0:00:00.046) 0:00:22.671 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.067279", "end": "2022-07-06 05:36:39.351340", "rc": 0, "start": "2022-07-06 05:36:39.284061" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 05:36:39 +0000 (0:00:00.380) 0:00:23.051 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/centos-7.qcow2c.snap : ok=74 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Wednesday 06 July 2022 05:36:39 +0000 (0:00:00.080) 0:00:23.132 ******** =============================================================================== linux-system-roles.certificate : Ensure certificate requests ------------ 3.08s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.17s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Install the package, force upgrade -------------------------------------- 1.11s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:11 ------------- Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmpqiz1ijmo/tests/tests_many_self_signed.yml:2 --------------------------- Install the package, force upgrade -------------------------------------- 0.98s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install the package, force upgrade -------------------------------------- 0.96s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 0.87s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.83s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Install certreader ------------------------------------------------------ 0.80s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:18 ------------- Install certreader ------------------------------------------------------ 0.79s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:18 ------------- Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpqiz1ijmo/tests/tests_many_self_signed.yml:18 -------------------------- Parse certificate ------------------------------------------------------- 0.71s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:78 ------------- Ensure python3 is installed --------------------------------------------- 0.63s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:6 -------------- Parse certificate ------------------------------------------------------- 0.62s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 0.60s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Ensure python3 is installed --------------------------------------------- 0.58s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 0.57s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:6 -------------- Parse certificate ------------------------------------------------------- 0.56s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.49s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.46s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:26 ------------- ansible-playbook [core 2.12.6] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpoau9jedf executable location = /usr/bin/ansible-playbook python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmp5ygcfjec/tests/certificate/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tests_many_self_signed.yml:2 Wednesday 06 July 2022 05:46:01 +0000 (0:00:00.014) 0:00:00.014 ******** ok: [/cache/centos-7.qcow2c.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Wednesday 06 July 2022 05:46:02 +0000 (0:00:01.055) 0:00:01.070 ******** included: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/centos-7.qcow2c.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Wednesday 06 July 2022 05:46:02 +0000 (0:00:00.027) 0:00:01.097 ******** ok: [/cache/centos-7.qcow2c.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Wednesday 06 July 2022 05:46:03 +0000 (0:00:00.443) 0:00:01.541 ******** skipping: [/cache/centos-7.qcow2c.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/centos-7.qcow2c.snap] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } ok: [/cache/centos-7.qcow2c.snap] => (item=CentOS_7.yml) => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python-pyasn1", "python-cryptography", "python-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/CentOS_7.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.yml" } skipping: [/cache/centos-7.qcow2c.snap] => (item=CentOS_7.9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.9.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Wednesday 06 July 2022 05:46:03 +0000 (0:00:00.053) 0:00:01.594 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed", "dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Wednesday 06 July 2022 05:46:04 +0000 (0:00:01.246) 0:00:02.840 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [ "certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Wednesday 06 July 2022 05:46:05 +0000 (0:00:00.640) 0:00:03.481 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Wednesday 06 July 2022 05:46:05 +0000 (0:00:00.490) 0:00:03.972 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Wednesday 06 July 2022 05:46:05 +0000 (0:00:00.351) 0:00:04.323 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Wed 2022-07-06 05:41:20 UTC", "ActiveEnterTimestampMonotonic": "176677201", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice syslog.target systemd-journald.socket network.target basic.target dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Wed 2022-07-06 05:41:20 UTC", "AssertTimestampMonotonic": "176662452", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2022-07-06 05:41:20 UTC", "ConditionTimestampMonotonic": "176662451", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6092", "ExecMainStartTimestamp": "Wed 2022-07-06 05:41:20 UTC", "ExecMainStartTimestampMonotonic": "176663195", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2022-07-06 05:41:20 UTC", "InactiveExitTimestampMonotonic": "176663230", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14960", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14960", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "6092", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/var/run/certmonger.pid", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Wed 2022-07-06 05:41:20 UTC", "WatchdogTimestampMonotonic": "176677056", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Wednesday 06 July 2022 05:46:06 +0000 (0:00:00.700) 0:00:05.023 ******** changed: [/cache/centos-7.qcow2c.snap] => (item={'name': 'mycert_many_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_many_self_signed" } } MSG: Certificate requested (new). changed: [/cache/centos-7.qcow2c.snap] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/centos-7.qcow2c.snap] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/centos-7.qcow2c.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tests_many_self_signed.yml:18 Wednesday 06 July 2022 05:46:09 +0000 (0:00:02.870) 0:00:07.894 ******** ok: [/cache/centos-7.qcow2c.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tests_many_self_signed.yml:50 Wednesday 06 July 2022 05:46:10 +0000 (0:00:00.726) 0:00:08.621 ******** included: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/centos-7.qcow2c.snap => (item={'path': '/etc/pki/tls/certs/mycert_many_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_many_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/centos-7.qcow2c.snap => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/centos-7.qcow2c.snap => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 05:46:10 +0000 (0:00:00.057) 0:00:08.678 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 05:46:10 +0000 (0:00:00.071) 0:00:08.750 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 05:46:11 +0000 (0:00:00.607) 0:00:09.358 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 05:46:12 +0000 (0:00:01.117) 0:00:10.475 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 05:46:12 +0000 (0:00:00.873) 0:00:11.349 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657086367.3083508, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "dea01de2ccb520c631b606d039c60c207a77607d", "ctime": 1657086367.3043509, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 8652439, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657086367.3043509, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_many_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "571499090", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 05:46:13 +0000 (0:00:00.459) 0:00:11.808 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 05:46:13 +0000 (0:00:00.071) 0:00:11.880 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 05:46:13 +0000 (0:00:00.086) 0:00:11.966 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 05:46:13 +0000 (0:00:00.045) 0:00:12.011 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657086367.2573507, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4ea3719eb878c627ca2323099b1b3a181c011f1b", "ctime": 1657086367.3043509, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668436, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657086367.3043509, "nlink": 1, "path": "/etc/pki/tls/private/mycert_many_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "1810612396", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 05:46:13 +0000 (0:00:00.330) 0:00:12.342 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 05:46:14 +0000 (0:00:00.032) 0:00:12.375 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 05:46:14 +0000 (0:00:00.047) 0:00:12.422 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_many_self_signed.crt" ], "delta": "0:00:00.264285", "end": "2022-07-06 05:46:14.527213", "rc": 0, "start": "2022-07-06 05:46:14.262928" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "43:EF:3B:BE:00:69:7A:09:61:32:86:94:57:9C:28:D9:7D:4D:29:F3", "critical": false }, "authorityKeyIdentifier": { "value": "86:6C:07:61:C3:94:A9:ED:89:69:38:21:CE:07:8B:89:13:CF:C0:06", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "36:54:6E:F3:BE:26:1D:49:23:8A:59:F6:97:AE:7A:27:09:78:37:E9:C0:87:48:40:94:53:27:36:76:E6:B4:A3:4D:90:2C:60:E0:C1:ED:D0:D3:E0:57:47:2C:92:9D:A4:56:84:66:42:18:AE:C4:1A:FF:B1:B9:F0:63:0A:0D:B5:CE:A0:35:02:B2:E0:AA:05:85:8F:A3:21:52:C3:63:2B:5F:10:01:5F:DD:2C:1E:5F:78:03:76:09:84:51:AA:10:DE:FC:CC:4E:47:62:B1:77:C5:72:50:2E:7D:FD:9A:3D:BF:DC:48:BF:09:BF:3A:A2:2E:C7:75:A4:EE:9B:1F:69:62:33:77:18:39:56:AF:41:C9:C9:68:08:31:FB:B3:5D:6A:9E:0F:14:6E:43:D0:65:5A:ED:71:92:E7:28:F4:97:2C:C3:F5:A9:77:57:5A:E7:8A:A2:C1:4A:F7:69:BD:D5:06:DB:A2:AA:34:CC:7C:3E:EF:1A:4A:9D:00:FA:6E:BF:51:EA:5A:37:A6:C3:62:3E:E9:BB:56:E5:98:93:7B:27:20:E1:95:F9:9B:21:F0:9C:BA:F5:9C:D9:A4:32:91:BF:AC:E3:1E:C5:5F:85:05:D0:77:3D:DF:CD:48:AF:10:D7:43:4A:C9:31:C9:0E:DF:63:8A:20:F8:1F:E9:5D:E9:51" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 05:41:20", "not_valid_before": "2022-07-06 05:46:07" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 05:46:14 +0000 (0:00:00.688) 0:00:13.111 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "86:6C:07:61:C3:94:A9:ED:89:69:38:21:CE:07:8B:89:13:CF:C0:06" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "43:EF:3B:BE:00:69:7A:09:61:32:86:94:57:9C:28:D9:7D:4D:29:F3" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "36:54:6E:F3:BE:26:1D:49:23:8A:59:F6:97:AE:7A:27:09:78:37:E9:C0:87:48:40:94:53:27:36:76:E6:B4:A3:4D:90:2C:60:E0:C1:ED:D0:D3:E0:57:47:2C:92:9D:A4:56:84:66:42:18:AE:C4:1A:FF:B1:B9:F0:63:0A:0D:B5:CE:A0:35:02:B2:E0:AA:05:85:8F:A3:21:52:C3:63:2B:5F:10:01:5F:DD:2C:1E:5F:78:03:76:09:84:51:AA:10:DE:FC:CC:4E:47:62:B1:77:C5:72:50:2E:7D:FD:9A:3D:BF:DC:48:BF:09:BF:3A:A2:2E:C7:75:A4:EE:9B:1F:69:62:33:77:18:39:56:AF:41:C9:C9:68:08:31:FB:B3:5D:6A:9E:0F:14:6E:43:D0:65:5A:ED:71:92:E7:28:F4:97:2C:C3:F5:A9:77:57:5A:E7:8A:A2:C1:4A:F7:69:BD:D5:06:DB:A2:AA:34:CC:7C:3E:EF:1A:4A:9D:00:FA:6E:BF:51:EA:5A:37:A6:C3:62:3E:E9:BB:56:E5:98:93:7B:27:20:E1:95:F9:9B:21:F0:9C:BA:F5:9C:D9:A4:32:91:BF:AC:E3:1E:C5:5F:85:05:D0:77:3D:DF:CD:48:AF:10:D7:43:4A:C9:31:C9:0E:DF:63:8A:20:F8:1F:E9:5D:E9:51" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 05:41:20", "not_valid_before": "2022-07-06 05:46:07" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 05:46:14 +0000 (0:00:00.050) 0:00:13.161 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 05:46:14 +0000 (0:00:00.047) 0:00:13.209 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 05:46:14 +0000 (0:00:00.036) 0:00:13.245 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 05:46:14 +0000 (0:00:00.043) 0:00:13.288 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 05:46:14 +0000 (0:00:00.045) 0:00:13.334 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 05:46:15 +0000 (0:00:00.049) 0:00:13.384 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_many_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.072539", "end": "2022-07-06 05:46:15.187083", "rc": 0, "start": "2022-07-06 05:46:15.114544" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 05:46:15 +0000 (0:00:00.384) 0:00:13.769 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 05:46:15 +0000 (0:00:00.045) 0:00:13.814 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 05:46:15 +0000 (0:00:00.029) 0:00:13.844 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 05:46:16 +0000 (0:00:00.587) 0:00:14.431 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 05:46:17 +0000 (0:00:00.980) 0:00:15.412 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 05:46:17 +0000 (0:00:00.822) 0:00:16.234 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657086368.2613509, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "24df84da0d1ad19fc447aef8dc47ed1ff5274693", "ctime": 1657086368.2573507, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668093, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657086368.2573507, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "343846684", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 05:46:18 +0000 (0:00:00.330) 0:00:16.565 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 05:46:18 +0000 (0:00:00.033) 0:00:16.599 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 05:46:18 +0000 (0:00:00.049) 0:00:16.648 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 05:46:18 +0000 (0:00:00.042) 0:00:16.690 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657086368.2123508, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "c9ec82fbb4982b8dfd2511bc56d5b0a34b7c5b69", "ctime": 1657086368.2573507, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668092, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657086368.2573507, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "518321154", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 05:46:18 +0000 (0:00:00.321) 0:00:17.012 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 05:46:18 +0000 (0:00:00.031) 0:00:17.043 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 05:46:18 +0000 (0:00:00.044) 0:00:17.088 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.260086", "end": "2022-07-06 05:46:19.086768", "rc": 0, "start": "2022-07-06 05:46:18.826682" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E9:AC:50:D5:4E:A6:E1:59:1E:D5:A8:1D:8D:AD:AB:F4:9D:1B:D1:50", "critical": false }, "authorityKeyIdentifier": { "value": "86:6C:07:61:C3:94:A9:ED:89:69:38:21:CE:07:8B:89:13:CF:C0:06", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "02:5E:53:EA:DC:DA:B8:43:BF:B8:08:7D:F3:93:E5:A7:00:9E:60:28:58:EB:CA:81:E1:74:F5:A3:54:6D:01:41:EE:C9:5A:42:1B:FE:E4:22:EC:7C:EF:13:E3:72:78:1E:BC:AB:DB:FA:DA:D7:97:61:D7:1F:C6:32:51:E8:4D:17:CE:0D:7E:15:6D:42:DB:CF:90:AC:96:50:12:49:EC:38:3F:43:E4:A5:C9:F1:3A:9A:0C:98:13:06:D9:98:15:B5:A1:19:49:89:DB:D8:AA:01:74:3F:74:CC:2B:8C:97:74:A1:E0:AC:F6:5B:8A:27:C7:4B:B9:29:CA:54:A9:91:BE:A3:F9:97:E0:DD:01:F1:56:86:5C:BC:04:32:BB:A4:39:C3:8E:2D:82:F4:ED:B3:78:BC:20:EF:4F:CF:5A:78:BC:87:63:FF:60:4E:EF:59:1C:40:D6:64:DB:92:9F:EC:64:DB:D7:A3:86:5E:51:2F:C4:DB:DF:B6:07:93:36:4A:CA:65:EE:EE:31:5D:B8:DB:19:B2:24:52:46:7A:59:AC:66:08:9E:44:2C:77:EA:BC:D4:4B:F8:CF:8C:54:6B:9F:60:EF:54:C9:2F:23:FD:34:BD:70:B3:E5:5D:C2:D5:74:46:02:6F:AF:28:F4:9E:5D:3C:07:4F:B4:DB:77:A4:9E:33" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 05:41:20", "not_valid_before": "2022-07-06 05:46:08" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.580) 0:00:17.669 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "86:6C:07:61:C3:94:A9:ED:89:69:38:21:CE:07:8B:89:13:CF:C0:06" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E9:AC:50:D5:4E:A6:E1:59:1E:D5:A8:1D:8D:AD:AB:F4:9D:1B:D1:50" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "02:5E:53:EA:DC:DA:B8:43:BF:B8:08:7D:F3:93:E5:A7:00:9E:60:28:58:EB:CA:81:E1:74:F5:A3:54:6D:01:41:EE:C9:5A:42:1B:FE:E4:22:EC:7C:EF:13:E3:72:78:1E:BC:AB:DB:FA:DA:D7:97:61:D7:1F:C6:32:51:E8:4D:17:CE:0D:7E:15:6D:42:DB:CF:90:AC:96:50:12:49:EC:38:3F:43:E4:A5:C9:F1:3A:9A:0C:98:13:06:D9:98:15:B5:A1:19:49:89:DB:D8:AA:01:74:3F:74:CC:2B:8C:97:74:A1:E0:AC:F6:5B:8A:27:C7:4B:B9:29:CA:54:A9:91:BE:A3:F9:97:E0:DD:01:F1:56:86:5C:BC:04:32:BB:A4:39:C3:8E:2D:82:F4:ED:B3:78:BC:20:EF:4F:CF:5A:78:BC:87:63:FF:60:4E:EF:59:1C:40:D6:64:DB:92:9F:EC:64:DB:D7:A3:86:5E:51:2F:C4:DB:DF:B6:07:93:36:4A:CA:65:EE:EE:31:5D:B8:DB:19:B2:24:52:46:7A:59:AC:66:08:9E:44:2C:77:EA:BC:D4:4B:F8:CF:8C:54:6B:9F:60:EF:54:C9:2F:23:FD:34:BD:70:B3:E5:5D:C2:D5:74:46:02:6F:AF:28:F4:9E:5D:3C:07:4F:B4:DB:77:A4:9E:33" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-07-06 05:41:20", "not_valid_before": "2022-07-06 05:46:08" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.042) 0:00:17.711 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.046) 0:00:17.758 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.033) 0:00:17.792 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.043) 0:00:17.835 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.043) 0:00:17.879 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.042) 0:00:17.922 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.074557", "end": "2022-07-06 05:46:19.719543", "rc": 0, "start": "2022-07-06 05:46:19.644986" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.377) 0:00:18.299 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 05:46:19 +0000 (0:00:00.042) 0:00:18.342 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 05:46:20 +0000 (0:00:00.026) 0:00:18.369 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 05:46:20 +0000 (0:00:00.580) 0:00:18.949 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 05:46:21 +0000 (0:00:00.963) 0:00:19.912 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 05:46:22 +0000 (0:00:00.802) 0:00:20.714 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657086369.2203507, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "adb9694fd3d9cd37bac069f22b0f4c7bb93a879a", "ctime": 1657086369.2173507, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668082, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657086369.2173507, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1413015590", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 05:46:22 +0000 (0:00:00.354) 0:00:21.068 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 05:46:22 +0000 (0:00:00.031) 0:00:21.100 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 05:46:22 +0000 (0:00:00.048) 0:00:21.148 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 05:46:22 +0000 (0:00:00.072) 0:00:21.221 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657086369.1713507, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "187efc436aa6d1f4aac243626d806612ecc413dc", "ctime": 1657086369.2173507, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9667712, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657086369.2173507, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "18446744072554002112", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 05:46:23 +0000 (0:00:00.358) 0:00:21.579 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 05:46:23 +0000 (0:00:00.032) 0:00:21.612 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 05:46:23 +0000 (0:00:00.047) 0:00:21.660 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.343370", "end": "2022-07-06 05:46:23.828608", "rc": 0, "start": "2022-07-06 05:46:23.485238" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "F7:F2:09:50:E7:9A:08:90:BC:85:EC:E1:03:A5:93:F0:D7:17:B2:82", "critical": false }, "authorityKeyIdentifier": { "value": "86:6C:07:61:C3:94:A9:ED:89:69:38:21:CE:07:8B:89:13:CF:C0:06", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A5:17:A8:C0:E5:FB:B5:41:22:6F:F7:E7:E0:CE:13:81:F4:6C:2D:98:3B:CC:C9:99:19:76:A2:09:7C:CC:B1:9F:9A:C5:2A:02:32:F4:7E:F8:8D:44:C2:9F:EB:43:FB:6D:D8:B5:01:5B:FD:55:DF:FB:3D:21:4C:DB:D0:C4:54:91:39:5B:04:4B:A0:C1:86:77:FA:C1:18:64:92:30:83:1E:6A:BA:31:60:24:AF:6B:0C:89:C4:77:52:29:93:5E:E8:D8:C0:22:DE:94:92:94:03:60:B6:20:77:0F:3A:7A:55:6E:12:86:0E:C0:A3:14:81:CB:B6:2D:B9:E9:F2:8E:94:36:81:C3:8E:CC:5C:50:46:60:7E:E2:2E:76:C3:83:D5:74:D3:08:FF:C4:D6:BE:00:FE:D3:36:E1:0A:A7:FB:91:D2:0A:71:5A:C5:59:13:74:2A:E1:33:30:AF:6F:49:9C:23:2E:03:49:E0:0A:76:F1:73:CF:DC:A5:8E:D1:CB:2A:3B:65:C0:F7:CB:22:44:C0:D4:0E:9B:52:D9:FC:6B:23:20:92:CA:38:43:08:17:46:F1:D6:8A:76:75:FD:0D:24:4D:06:5C:B2:BB:BE:67:F9:1C:6F:56:B8:04:B3:25:9D:36:D4:C7:5A:0D:13:3D:69:50:5C:D8:7B:84:63:3F:52" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 05:41:20", "not_valid_before": "2022-07-06 05:46:09" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.752) 0:00:22.412 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "86:6C:07:61:C3:94:A9:ED:89:69:38:21:CE:07:8B:89:13:CF:C0:06" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "F7:F2:09:50:E7:9A:08:90:BC:85:EC:E1:03:A5:93:F0:D7:17:B2:82" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A5:17:A8:C0:E5:FB:B5:41:22:6F:F7:E7:E0:CE:13:81:F4:6C:2D:98:3B:CC:C9:99:19:76:A2:09:7C:CC:B1:9F:9A:C5:2A:02:32:F4:7E:F8:8D:44:C2:9F:EB:43:FB:6D:D8:B5:01:5B:FD:55:DF:FB:3D:21:4C:DB:D0:C4:54:91:39:5B:04:4B:A0:C1:86:77:FA:C1:18:64:92:30:83:1E:6A:BA:31:60:24:AF:6B:0C:89:C4:77:52:29:93:5E:E8:D8:C0:22:DE:94:92:94:03:60:B6:20:77:0F:3A:7A:55:6E:12:86:0E:C0:A3:14:81:CB:B6:2D:B9:E9:F2:8E:94:36:81:C3:8E:CC:5C:50:46:60:7E:E2:2E:76:C3:83:D5:74:D3:08:FF:C4:D6:BE:00:FE:D3:36:E1:0A:A7:FB:91:D2:0A:71:5A:C5:59:13:74:2A:E1:33:30:AF:6F:49:9C:23:2E:03:49:E0:0A:76:F1:73:CF:DC:A5:8E:D1:CB:2A:3B:65:C0:F7:CB:22:44:C0:D4:0E:9B:52:D9:FC:6B:23:20:92:CA:38:43:08:17:46:F1:D6:8A:76:75:FD:0D:24:4D:06:5C:B2:BB:BE:67:F9:1C:6F:56:B8:04:B3:25:9D:36:D4:C7:5A:0D:13:3D:69:50:5C:D8:7B:84:63:3F:52" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-07-06 05:41:20", "not_valid_before": "2022-07-06 05:46:09" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.073) 0:00:22.486 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.070) 0:00:22.557 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.033) 0:00:22.591 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.043) 0:00:22.634 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.069) 0:00:22.703 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.070) 0:00:22.774 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.064250", "end": "2022-07-06 05:46:24.603347", "rc": 0, "start": "2022-07-06 05:46:24.539097" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.421) 0:00:23.195 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/centos-7.qcow2c.snap : ok=74 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Wednesday 06 July 2022 05:46:24 +0000 (0:00:00.082) 0:00:23.278 ******** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate requests ----- 2.87s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.25s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Install the package, force upgrade -------------------------------------- 1.12s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Gathering Facts --------------------------------------------------------- 1.06s /tmp/tmp5ygcfjec/tests/certificate/tests_many_self_signed.yml:2 --------------- Install the package, force upgrade -------------------------------------- 0.98s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install the package, force upgrade -------------------------------------- 0.96s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 0.87s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install certreader ------------------------------------------------------ 0.82s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install certreader ------------------------------------------------------ 0.80s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Parse certificate ------------------------------------------------------- 0.75s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmp5ygcfjec/tests/certificate/tests_many_self_signed.yml:18 -------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.70s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Parse certificate ------------------------------------------------------- 0.69s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.64s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Ensure python3 is installed --------------------------------------------- 0.61s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 0.59s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Parse certificate ------------------------------------------------------- 0.58s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Ensure python3 is installed --------------------------------------------- 0.58s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.49s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.46s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:26 -