ansible-playbook [core 2.12.6] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpke2c_s6q executable location = /usr/bin/ansible-playbook python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: rhel-7_setup.yml ***************************************************** 1 plays in /cache/rhel-7_setup.yml PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /cache/rhel-7_setup.yml:5 Wednesday 06 July 2022 22:29:59 +0000 (0:00:00.018) 0:00:00.018 ******** ok: [/cache/rhel-7.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } ok: [/cache/rhel-7.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } ok: [/cache/rhel-7.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } ok: [/cache/rhel-7.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } ok: [/cache/rhel-7.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-7.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Wednesday 06 July 2022 22:30:01 +0000 (0:00:01.436) 0:00:01.454 ******** =============================================================================== set up internal repositories -------------------------------------------- 1.44s /cache/rhel-7_setup.yml:5 ----------------------------------------------------- PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmpjbt6cq54/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpjbt6cq54/tests/tests_many_self_signed.yml:2 Wednesday 06 July 2022 22:30:01 +0000 (0:00:00.020) 0:00:01.475 ******** ok: [/cache/rhel-7.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Wednesday 06 July 2022 22:30:02 +0000 (0:00:00.936) 0:00:02.412 ******** included: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/rhel-7.qcow2 TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Wednesday 06 July 2022 22:30:02 +0000 (0:00:00.026) 0:00:02.438 ******** ok: [/cache/rhel-7.qcow2] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Wednesday 06 July 2022 22:30:02 +0000 (0:00:00.407) 0:00:02.845 ******** skipping: [/cache/rhel-7.qcow2] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-7.qcow2] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } ok: [/cache/rhel-7.qcow2] => (item=RedHat_7.yml) => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python-pyasn1", "python-cryptography", "python-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/vars/RedHat_7.yml" ], "ansible_loop_var": "item", "changed": false, "item": "RedHat_7.yml" } skipping: [/cache/rhel-7.qcow2] => (item=RedHat_7.9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_7.9.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Wednesday 06 July 2022 22:30:02 +0000 (0:00:00.051) 0:00:02.897 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "rc": 0, "results": [ "python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed", "dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Wednesday 06 July 2022 22:30:03 +0000 (0:00:01.156) 0:00:04.054 ******** ok: [/cache/rhel-7.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [ "certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Wednesday 06 July 2022 22:30:04 +0000 (0:00:00.561) 0:00:04.615 ******** ok: [/cache/rhel-7.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Wednesday 06 July 2022 22:30:04 +0000 (0:00:00.465) 0:00:05.081 ******** ok: [/cache/rhel-7.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Wednesday 06 July 2022 22:30:05 +0000 (0:00:00.332) 0:00:05.414 ******** ok: [/cache/rhel-7.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Wed 2022-07-06 18:25:22 EDT", "ActiveEnterTimestampMonotonic": "168479309", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "syslog.target basic.target systemd-journald.socket network.target dbus.service system.slice", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Wed 2022-07-06 18:25:22 EDT", "AssertTimestampMonotonic": "168468173", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2022-07-06 18:25:22 EDT", "ConditionTimestampMonotonic": "168468173", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "12368", "ExecMainStartTimestamp": "Wed 2022-07-06 18:25:22 EDT", "ExecMainStartTimestampMonotonic": "168468803", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2022-07-06 18:25:22 EDT", "InactiveExitTimestampMonotonic": "168468833", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14956", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14956", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "12368", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/var/run/certmonger.pid", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Wed 2022-07-06 18:25:22 EDT", "WatchdogTimestampMonotonic": "168479205", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Wednesday 06 July 2022 22:30:05 +0000 (0:00:00.660) 0:00:06.074 ******** changed: [/cache/rhel-7.qcow2] => (item={'name': 'mycert_many_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_many_self_signed" } } MSG: Certificate requested (new). changed: [/cache/rhel-7.qcow2] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/rhel-7.qcow2] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-7.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpjbt6cq54/tests/tests_many_self_signed.yml:18 Wednesday 06 July 2022 22:30:08 +0000 (0:00:02.405) 0:00:08.480 ******** ok: [/cache/rhel-7.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpjbt6cq54/tests/tests_many_self_signed.yml:50 Wednesday 06 July 2022 22:30:08 +0000 (0:00:00.690) 0:00:09.171 ******** included: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert_many_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_many_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 22:30:08 +0000 (0:00:00.058) 0:00:09.229 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 22:30:08 +0000 (0:00:00.029) 0:00:09.259 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 22:30:09 +0000 (0:00:00.561) 0:00:09.820 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 22:30:10 +0000 (0:00:01.056) 0:00:10.876 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 22:30:11 +0000 (0:00:00.781) 0:00:11.657 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657146606.1357877, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ca81ee57d5615ad11025a6feb861137e806fe842", "ctime": 1657146606.1327877, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 883791, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657146606.1327877, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_many_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "18446744072035981417", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 22:30:11 +0000 (0:00:00.406) 0:00:12.064 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 22:30:11 +0000 (0:00:00.033) 0:00:12.098 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 22:30:11 +0000 (0:00:00.046) 0:00:12.144 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 22:30:11 +0000 (0:00:00.041) 0:00:12.186 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657146606.0897877, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "814c44dd008d1ae9c857ae1530fad5bd6a515a95", "ctime": 1657146606.1327877, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 883790, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657146606.1327877, "nlink": 1, "path": "/etc/pki/tls/private/mycert_many_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "18446744073477285926", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 22:30:12 +0000 (0:00:00.311) 0:00:12.498 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 22:30:12 +0000 (0:00:00.032) 0:00:12.530 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 22:30:12 +0000 (0:00:00.045) 0:00:12.576 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_many_self_signed.crt" ], "delta": "0:00:00.278474", "end": "2022-07-06 18:30:12.499633", "rc": 0, "start": "2022-07-06 18:30:12.221159" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "FB:94:84:28:1C:C5:2F:0C:FD:5D:23:91:5D:16:C5:04:15:73:EF:1C", "critical": false }, "authorityKeyIdentifier": { "value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5F:4C:75:8E:9B:0C:4A:9C:71:19:DE:B2:A8:8B:0E:1A:BC:51:01:07:92:33:8B:80:77:91:92:ED:49:4B:7F:E9:86:1E:41:82:35:05:74:10:7A:74:51:B7:FC:94:73:6C:05:72:F1:B6:0B:D3:FE:B2:BA:C9:2E:C2:D3:05:35:A8:A5:7D:AA:CC:CC:C6:96:78:32:93:B4:F6:60:65:C8:E2:3C:00:A6:E8:33:64:C7:22:16:23:69:2C:DD:12:53:70:CB:DB:F3:B7:88:4D:49:27:4B:1B:0C:7E:94:DA:04:C4:96:07:3C:C4:C6:13:98:9C:91:7F:6B:D9:C4:48:7E:F2:DF:82:54:50:47:93:49:07:AC:1C:69:C5:D7:89:29:83:37:71:26:C8:F8:43:BF:D0:87:0A:5B:B6:08:65:F2:CB:1A:26:5A:AD:F4:3B:E1:6E:A2:99:84:8E:BE:49:04:9F:A8:A9:6A:87:6E:6E:DD:00:9E:80:1E:FE:85:3B:8C:E1:4C:9F:D6:EC:E3:2F:C8:0D:AC:81:C7:7E:35:41:33:C6:74:08:B0:27:9F:64:94:89:1D:0A:1D:5E:64:33:79:42:B1:26:AE:C5:7A:59:78:B7:12:74:90:AA:EB:A4:D5:35:FE:7E:70:46:93:81:50:8F:EA:E5:05:34:76:69:BE:8C" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 22:25:22", "not_valid_before": "2022-07-06 22:30:06" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 22:30:12 +0000 (0:00:00.713) 0:00:13.289 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "FB:94:84:28:1C:C5:2F:0C:FD:5D:23:91:5D:16:C5:04:15:73:EF:1C" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5F:4C:75:8E:9B:0C:4A:9C:71:19:DE:B2:A8:8B:0E:1A:BC:51:01:07:92:33:8B:80:77:91:92:ED:49:4B:7F:E9:86:1E:41:82:35:05:74:10:7A:74:51:B7:FC:94:73:6C:05:72:F1:B6:0B:D3:FE:B2:BA:C9:2E:C2:D3:05:35:A8:A5:7D:AA:CC:CC:C6:96:78:32:93:B4:F6:60:65:C8:E2:3C:00:A6:E8:33:64:C7:22:16:23:69:2C:DD:12:53:70:CB:DB:F3:B7:88:4D:49:27:4B:1B:0C:7E:94:DA:04:C4:96:07:3C:C4:C6:13:98:9C:91:7F:6B:D9:C4:48:7E:F2:DF:82:54:50:47:93:49:07:AC:1C:69:C5:D7:89:29:83:37:71:26:C8:F8:43:BF:D0:87:0A:5B:B6:08:65:F2:CB:1A:26:5A:AD:F4:3B:E1:6E:A2:99:84:8E:BE:49:04:9F:A8:A9:6A:87:6E:6E:DD:00:9E:80:1E:FE:85:3B:8C:E1:4C:9F:D6:EC:E3:2F:C8:0D:AC:81:C7:7E:35:41:33:C6:74:08:B0:27:9F:64:94:89:1D:0A:1D:5E:64:33:79:42:B1:26:AE:C5:7A:59:78:B7:12:74:90:AA:EB:A4:D5:35:FE:7E:70:46:93:81:50:8F:EA:E5:05:34:76:69:BE:8C" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 22:25:22", "not_valid_before": "2022-07-06 22:30:06" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 22:30:12 +0000 (0:00:00.043) 0:00:13.333 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 22:30:13 +0000 (0:00:00.041) 0:00:13.375 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 22:30:13 +0000 (0:00:00.030) 0:00:13.405 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 22:30:13 +0000 (0:00:00.043) 0:00:13.448 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 22:30:13 +0000 (0:00:00.045) 0:00:13.493 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 22:30:13 +0000 (0:00:00.042) 0:00:13.536 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_many_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.077506", "end": "2022-07-06 18:30:13.134535", "rc": 0, "start": "2022-07-06 18:30:13.057029" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 22:30:13 +0000 (0:00:00.384) 0:00:13.920 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 22:30:13 +0000 (0:00:00.044) 0:00:13.965 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 22:30:13 +0000 (0:00:00.026) 0:00:13.991 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 22:30:14 +0000 (0:00:00.544) 0:00:14.536 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 22:30:15 +0000 (0:00:00.950) 0:00:15.487 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 22:30:15 +0000 (0:00:00.789) 0:00:16.276 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657146606.9127877, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a69505c2d1f818529ad6670d1ac7eb7a81c03456", "ctime": 1657146606.9097877, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 883796, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657146606.9097877, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "18446744072259372050", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 22:30:16 +0000 (0:00:00.315) 0:00:16.591 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 22:30:16 +0000 (0:00:00.031) 0:00:16.623 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 22:30:16 +0000 (0:00:00.044) 0:00:16.667 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 22:30:16 +0000 (0:00:00.041) 0:00:16.708 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657146606.8647876, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "eb1460f6deb450c64965d0dfd9c207ea613b1f38", "ctime": 1657146606.9097877, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 883792, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657146606.9097877, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "18446744073172214052", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 22:30:16 +0000 (0:00:00.316) 0:00:17.025 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 22:30:16 +0000 (0:00:00.031) 0:00:17.057 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 22:30:16 +0000 (0:00:00.045) 0:00:17.102 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.251465", "end": "2022-07-06 18:30:16.874045", "rc": 0, "start": "2022-07-06 18:30:16.622580" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "AB:B0:1B:41:D8:5F:45:12:0D:DC:7F:C7:02:5C:AD:8A:B7:F8:BF:5F", "critical": false }, "authorityKeyIdentifier": { "value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6B:58:29:FC:68:AE:8A:1A:76:04:48:5E:05:8E:18:3C:AF:31:DF:FE:F9:D1:94:80:48:D0:C2:B5:2B:B2:B8:DF:AF:9C:17:53:32:F4:CF:40:CB:46:19:32:7B:9E:85:69:34:3D:AB:20:B0:ED:2E:8D:C2:DD:B4:87:24:93:20:9C:7B:5E:D5:15:1F:5A:DB:A2:DA:33:14:91:47:83:59:6C:F3:92:11:E2:80:95:7E:B9:CE:96:BE:F4:92:8B:FC:33:23:F2:A0:ED:FD:23:BD:5B:F1:3B:49:63:0A:32:97:8D:52:B7:1C:3D:F0:ED:B0:D0:88:E0:AC:F9:EE:EC:60:C3:4E:2D:82:73:E1:56:28:F5:C4:0E:97:3D:83:A4:3E:83:04:F8:7C:CB:35:AA:BB:4D:7E:A3:FE:E4:7C:0B:D0:74:17:26:09:D2:9C:6B:C9:F2:E3:5F:DF:37:36:00:72:FB:E7:E5:80:AB:45:B8:68:04:71:1D:D4:15:7A:F7:2C:1C:F7:4F:1A:2E:83:EA:CD:38:4E:52:E0:0C:A6:C2:B8:36:1D:B6:71:01:8E:20:83:14:DF:E3:AA:93:C0:29:56:10:D0:E2:13:42:74:E4:CE:76:23:24:96:5E:E3:B8:98:F4:32:54:CF:7B:B0:7A:70:FC:D9:AC:48:1C:27:3D:4D:C8" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 22:25:22", "not_valid_before": "2022-07-06 22:30:06" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.560) 0:00:17.663 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "AB:B0:1B:41:D8:5F:45:12:0D:DC:7F:C7:02:5C:AD:8A:B7:F8:BF:5F" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6B:58:29:FC:68:AE:8A:1A:76:04:48:5E:05:8E:18:3C:AF:31:DF:FE:F9:D1:94:80:48:D0:C2:B5:2B:B2:B8:DF:AF:9C:17:53:32:F4:CF:40:CB:46:19:32:7B:9E:85:69:34:3D:AB:20:B0:ED:2E:8D:C2:DD:B4:87:24:93:20:9C:7B:5E:D5:15:1F:5A:DB:A2:DA:33:14:91:47:83:59:6C:F3:92:11:E2:80:95:7E:B9:CE:96:BE:F4:92:8B:FC:33:23:F2:A0:ED:FD:23:BD:5B:F1:3B:49:63:0A:32:97:8D:52:B7:1C:3D:F0:ED:B0:D0:88:E0:AC:F9:EE:EC:60:C3:4E:2D:82:73:E1:56:28:F5:C4:0E:97:3D:83:A4:3E:83:04:F8:7C:CB:35:AA:BB:4D:7E:A3:FE:E4:7C:0B:D0:74:17:26:09:D2:9C:6B:C9:F2:E3:5F:DF:37:36:00:72:FB:E7:E5:80:AB:45:B8:68:04:71:1D:D4:15:7A:F7:2C:1C:F7:4F:1A:2E:83:EA:CD:38:4E:52:E0:0C:A6:C2:B8:36:1D:B6:71:01:8E:20:83:14:DF:E3:AA:93:C0:29:56:10:D0:E2:13:42:74:E4:CE:76:23:24:96:5E:E3:B8:98:F4:32:54:CF:7B:B0:7A:70:FC:D9:AC:48:1C:27:3D:4D:C8" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-07-06 22:25:22", "not_valid_before": "2022-07-06 22:30:06" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.045) 0:00:17.708 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.046) 0:00:17.754 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.032) 0:00:17.787 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.042) 0:00:17.829 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.043) 0:00:17.873 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.042) 0:00:17.915 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.078545", "end": "2022-07-06 18:30:17.516403", "rc": 0, "start": "2022-07-06 18:30:17.437858" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.386) 0:00:18.302 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 22:30:17 +0000 (0:00:00.045) 0:00:18.347 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 22:30:18 +0000 (0:00:00.027) 0:00:18.375 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 22:30:18 +0000 (0:00:00.548) 0:00:18.924 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 22:30:19 +0000 (0:00:00.950) 0:00:19.875 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 22:30:20 +0000 (0:00:00.811) 0:00:20.686 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657146607.6207876, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "99cdb20dd4cd832d093cd377e11cdf80b9dbe869", "ctime": 1657146607.6177876, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 883800, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657146607.6177876, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "18446744072809370356", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 22:30:20 +0000 (0:00:00.321) 0:00:21.007 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 22:30:20 +0000 (0:00:00.060) 0:00:21.067 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 22:30:20 +0000 (0:00:00.047) 0:00:21.114 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 22:30:20 +0000 (0:00:00.042) 0:00:21.156 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657146607.5737877, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2629531a3501ed353b7cb0ef17e18097217362d3", "ctime": 1657146607.6177876, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 883799, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657146607.6177876, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "18446744073404677672", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.321) 0:00:21.478 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.029) 0:00:21.507 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.043) 0:00:21.550 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.254615", "end": "2022-07-06 18:30:21.313588", "rc": 0, "start": "2022-07-06 18:30:21.058973" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "61:79:A5:CA:F8:72:BF:21:DA:73:47:10:10:D8:FE:2C:53:CB:2E:FC", "critical": false }, "authorityKeyIdentifier": { "value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "8F:90:8C:40:AC:86:3D:9C:57:D0:4E:54:F9:2F:D9:0F:5A:62:51:B3:54:97:51:89:08:83:66:DE:A7:DA:CF:DC:93:D5:BB:EB:A6:1A:1D:D7:43:60:D4:A0:57:FA:48:C2:3F:44:D1:B4:E7:1F:D4:50:7D:F1:53:60:7C:2D:7C:63:4E:AF:F4:30:BB:E7:06:A2:2B:F8:09:65:03:81:45:83:38:69:96:69:1F:95:E0:F0:DE:1E:C0:95:69:1F:6F:45:65:B2:1E:16:F1:00:D9:D6:75:FA:ED:20:7D:2F:23:38:9A:E7:54:0D:7E:63:43:DF:E6:EF:06:6D:3A:77:B8:8E:89:51:CC:08:06:5D:3A:CA:B9:E4:22:39:87:CE:05:65:72:02:EA:B3:03:52:05:CD:54:46:33:4F:9C:66:25:58:CE:69:CE:F2:8A:FD:AA:8C:04:25:9E:6A:51:58:E1:38:18:A6:90:08:37:E5:78:97:58:E2:A9:B0:17:94:32:6B:E1:8B:31:49:B2:9C:1C:8A:13:64:D5:79:DA:20:F5:FF:3F:9B:10:83:F8:07:69:49:14:98:0C:71:5F:36:82:AD:4C:F6:30:C3:60:98:4D:65:B8:35:1E:DD:9C:FA:B3:BB:48:53:A7:5D:33:A1:AB:D0:23:39:62:17:81:DE:04:7B" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 22:25:22", "not_valid_before": "2022-07-06 22:30:07" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.550) 0:00:22.101 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5C:B5:F9:EF:37:B6:3A:00:66:75:0F:29:55:98:7E:09:7A:9C:E0:10" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "61:79:A5:CA:F8:72:BF:21:DA:73:47:10:10:D8:FE:2C:53:CB:2E:FC" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "8F:90:8C:40:AC:86:3D:9C:57:D0:4E:54:F9:2F:D9:0F:5A:62:51:B3:54:97:51:89:08:83:66:DE:A7:DA:CF:DC:93:D5:BB:EB:A6:1A:1D:D7:43:60:D4:A0:57:FA:48:C2:3F:44:D1:B4:E7:1F:D4:50:7D:F1:53:60:7C:2D:7C:63:4E:AF:F4:30:BB:E7:06:A2:2B:F8:09:65:03:81:45:83:38:69:96:69:1F:95:E0:F0:DE:1E:C0:95:69:1F:6F:45:65:B2:1E:16:F1:00:D9:D6:75:FA:ED:20:7D:2F:23:38:9A:E7:54:0D:7E:63:43:DF:E6:EF:06:6D:3A:77:B8:8E:89:51:CC:08:06:5D:3A:CA:B9:E4:22:39:87:CE:05:65:72:02:EA:B3:03:52:05:CD:54:46:33:4F:9C:66:25:58:CE:69:CE:F2:8A:FD:AA:8C:04:25:9E:6A:51:58:E1:38:18:A6:90:08:37:E5:78:97:58:E2:A9:B0:17:94:32:6B:E1:8B:31:49:B2:9C:1C:8A:13:64:D5:79:DA:20:F5:FF:3F:9B:10:83:F8:07:69:49:14:98:0C:71:5F:36:82:AD:4C:F6:30:C3:60:98:4D:65:B8:35:1E:DD:9C:FA:B3:BB:48:53:A7:5D:33:A1:AB:D0:23:39:62:17:81:DE:04:7B" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-07-06 22:25:22", "not_valid_before": "2022-07-06 22:30:07" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.043) 0:00:22.144 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.066) 0:00:22.211 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.055) 0:00:22.266 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.043) 0:00:22.310 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 22:30:21 +0000 (0:00:00.042) 0:00:22.353 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 22:30:22 +0000 (0:00:00.049) 0:00:22.402 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.071811", "end": "2022-07-06 18:30:21.998745", "rc": 0, "start": "2022-07-06 18:30:21.926934" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 22:30:22 +0000 (0:00:00.384) 0:00:22.787 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-7.qcow2 : ok=75 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Wednesday 06 July 2022 22:30:22 +0000 (0:00:00.082) 0:00:22.870 ******** =============================================================================== linux-system-roles.certificate : Ensure certificate requests ------------ 2.41s /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 set up internal repositories -------------------------------------------- 1.44s /cache/rhel-7_setup.yml:5 ----------------------------------------------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.16s /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Install the package, force upgrade -------------------------------------- 1.06s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install the package, force upgrade -------------------------------------- 0.95s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install the package, force upgrade -------------------------------------- 0.95s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:11 ------------- Gathering Facts --------------------------------------------------------- 0.94s /tmp/tmpjbt6cq54/tests/tests_many_self_signed.yml:2 --------------------------- Install certreader ------------------------------------------------------ 0.81s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18 ------------- Install certreader ------------------------------------------------------ 0.79s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18 ------------- Install certreader ------------------------------------------------------ 0.78s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:18 ------------- Parse certificate ------------------------------------------------------- 0.71s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.69s /tmp/tmpjbt6cq54/tests/tests_many_self_signed.yml:18 -------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.66s /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - linux-system-roles.certificate : Ensure provider packages are installed --- 0.56s /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Ensure python3 is installed --------------------------------------------- 0.56s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6 -------------- Parse certificate ------------------------------------------------------- 0.56s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.55s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:78 ------------- Ensure python3 is installed --------------------------------------------- 0.55s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 0.54s /tmp/tmpjbt6cq54/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.47s /tmp/tmpjbt6cq54/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - ansible-playbook [core 2.12.6] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpke2c_s6q executable location = /usr/bin/ansible-playbook python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: rhel-7_setup.yml ***************************************************** 1 plays in /cache/rhel-7_setup.yml PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /cache/rhel-7_setup.yml:5 Wednesday 06 July 2022 22:39:39 +0000 (0:00:00.018) 0:00:00.018 ******** ok: [/cache/rhel-7.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } ok: [/cache/rhel-7.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } ok: [/cache/rhel-7.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } ok: [/cache/rhel-7.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } ok: [/cache/rhel-7.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-7.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Wednesday 06 July 2022 22:39:40 +0000 (0:00:01.438) 0:00:01.456 ******** =============================================================================== set up internal repositories -------------------------------------------- 1.44s /cache/rhel-7_setup.yml:5 ----------------------------------------------------- PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmp5zfmitu6/tests/certificate/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tests_many_self_signed.yml:2 Wednesday 06 July 2022 22:39:40 +0000 (0:00:00.021) 0:00:01.478 ******** ok: [/cache/rhel-7.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Wednesday 06 July 2022 22:39:41 +0000 (0:00:00.910) 0:00:02.389 ******** included: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/rhel-7.qcow2 TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Wednesday 06 July 2022 22:39:41 +0000 (0:00:00.027) 0:00:02.416 ******** ok: [/cache/rhel-7.qcow2] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Wednesday 06 July 2022 22:39:42 +0000 (0:00:00.413) 0:00:02.829 ******** skipping: [/cache/rhel-7.qcow2] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/rhel-7.qcow2] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } ok: [/cache/rhel-7.qcow2] => (item=RedHat_7.yml) => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python-pyasn1", "python-cryptography", "python-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/RedHat_7.yml" ], "ansible_loop_var": "item", "changed": false, "item": "RedHat_7.yml" } skipping: [/cache/rhel-7.qcow2] => (item=RedHat_7.9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat_7.9.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Wednesday 06 July 2022 22:39:42 +0000 (0:00:00.049) 0:00:02.879 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "rc": 0, "results": [ "python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed", "dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Wednesday 06 July 2022 22:39:43 +0000 (0:00:01.115) 0:00:03.994 ******** ok: [/cache/rhel-7.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [ "certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Wednesday 06 July 2022 22:39:44 +0000 (0:00:00.558) 0:00:04.553 ******** ok: [/cache/rhel-7.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Wednesday 06 July 2022 22:39:44 +0000 (0:00:00.446) 0:00:05.000 ******** ok: [/cache/rhel-7.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Wednesday 06 July 2022 22:39:44 +0000 (0:00:00.351) 0:00:05.351 ******** ok: [/cache/rhel-7.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Wed 2022-07-06 18:34:59 EDT", "ActiveEnterTimestampMonotonic": "168076552", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "basic.target systemd-journald.socket dbus.service syslog.target network.target system.slice", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Wed 2022-07-06 18:34:59 EDT", "AssertTimestampMonotonic": "168065283", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2022-07-06 18:34:59 EDT", "ConditionTimestampMonotonic": "168065282", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "12367", "ExecMainStartTimestamp": "Wed 2022-07-06 18:34:59 EDT", "ExecMainStartTimestampMonotonic": "168065868", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2022-07-06 18:34:59 EDT", "InactiveExitTimestampMonotonic": "168065897", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14956", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14956", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "12367", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/var/run/certmonger.pid", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Wed 2022-07-06 18:34:59 EDT", "WatchdogTimestampMonotonic": "168076513", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Wednesday 06 July 2022 22:39:45 +0000 (0:00:00.671) 0:00:06.023 ******** changed: [/cache/rhel-7.qcow2] => (item={'name': 'mycert_many_self_signed', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert_many_self_signed" } } MSG: Certificate requested (new). changed: [/cache/rhel-7.qcow2] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/rhel-7.qcow2] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/rhel-7.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tests_many_self_signed.yml:18 Wednesday 06 July 2022 22:39:48 +0000 (0:00:02.875) 0:00:08.898 ******** ok: [/cache/rhel-7.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tests_many_self_signed.yml:50 Wednesday 06 July 2022 22:39:49 +0000 (0:00:00.690) 0:00:09.589 ******** included: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert_many_self_signed.crt', 'key_path': '/etc/pki/tls/private/mycert_many_self_signed.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/rhel-7.qcow2 => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 22:39:49 +0000 (0:00:00.055) 0:00:09.644 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 22:39:49 +0000 (0:00:00.070) 0:00:09.715 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 22:39:49 +0000 (0:00:00.570) 0:00:10.285 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 22:39:50 +0000 (0:00:01.100) 0:00:11.386 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 22:39:51 +0000 (0:00:00.822) 0:00:12.209 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657147185.2713168, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4fa031e4aa7acd25f4e3399709f74a36d5e46e2b", "ctime": 1657147185.2683167, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 884896, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657147185.2683167, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_many_self_signed.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "18446744072996746041", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 22:39:52 +0000 (0:00:00.412) 0:00:12.621 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 22:39:52 +0000 (0:00:00.030) 0:00:12.652 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 22:39:52 +0000 (0:00:00.044) 0:00:12.696 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 22:39:52 +0000 (0:00:00.041) 0:00:12.737 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657147185.2243166, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "259ffe8cc882eeb03d4b3f492550051b4aca5710", "ctime": 1657147185.2683167, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 884894, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657147185.2683167, "nlink": 1, "path": "/etc/pki/tls/private/mycert_many_self_signed.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "18446744073564083450", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 22:39:52 +0000 (0:00:00.323) 0:00:13.061 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 22:39:52 +0000 (0:00:00.030) 0:00:13.092 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 22:39:52 +0000 (0:00:00.044) 0:00:13.137 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_many_self_signed.crt" ], "delta": "0:00:00.259864", "end": "2022-07-06 18:39:52.226898", "rc": 0, "start": "2022-07-06 18:39:51.967034" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "40:AA:96:B2:95:8E:D6:00:0C:CF:5A:FE:82:17:55:1D:3E:70:20:56", "critical": false }, "authorityKeyIdentifier": { "value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3D:8D:96:84:DF:1C:E6:F4:F6:7B:BD:DF:11:94:9A:4C:40:F5:73:6E:A1:96:CD:83:22:B4:C5:FF:40:30:9E:0F:1A:9A:F0:49:4D:AE:3F:E3:C8:83:8A:0F:16:9A:1D:DE:8D:78:F2:2A:87:96:37:73:76:15:0B:3E:2A:69:92:31:B4:D4:CD:ED:AF:73:F8:17:AF:E6:18:1F:E5:1B:CB:A4:84:8F:D8:B2:00:F3:70:39:A5:03:7E:DB:8B:53:6F:47:83:5D:6D:5D:66:64:05:D3:5C:9F:A1:30:FE:40:CE:88:B6:95:A8:CC:6E:2F:6E:E9:7E:A3:CD:D1:E3:4D:3E:86:D8:BB:58:9A:D1:6E:1C:18:96:6B:52:A3:18:CE:FD:E4:E9:AC:56:45:F6:6C:71:AE:A3:BA:25:71:76:A5:2B:D6:CC:A5:E5:82:5E:B6:64:DE:27:A6:8F:40:21:AD:41:F8:74:CB:18:6D:FE:F3:09:57:72:02:B2:8D:AF:7C:7A:52:07:49:B7:81:D9:85:A9:EC:54:41:9F:33:29:24:79:4A:A4:2D:44:50:51:05:07:88:21:19:16:5F:79:1D:A7:5D:B1:B4:56:7D:10:65:CF:77:03:62:15:4E:90:1B:F6:62:B5:6F:55:07:E8:47:56:13:D2:73:1D:15:CC:3A:22:C0" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 22:34:59", "not_valid_before": "2022-07-06 22:39:45" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.689) 0:00:13.826 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "40:AA:96:B2:95:8E:D6:00:0C:CF:5A:FE:82:17:55:1D:3E:70:20:56" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3D:8D:96:84:DF:1C:E6:F4:F6:7B:BD:DF:11:94:9A:4C:40:F5:73:6E:A1:96:CD:83:22:B4:C5:FF:40:30:9E:0F:1A:9A:F0:49:4D:AE:3F:E3:C8:83:8A:0F:16:9A:1D:DE:8D:78:F2:2A:87:96:37:73:76:15:0B:3E:2A:69:92:31:B4:D4:CD:ED:AF:73:F8:17:AF:E6:18:1F:E5:1B:CB:A4:84:8F:D8:B2:00:F3:70:39:A5:03:7E:DB:8B:53:6F:47:83:5D:6D:5D:66:64:05:D3:5C:9F:A1:30:FE:40:CE:88:B6:95:A8:CC:6E:2F:6E:E9:7E:A3:CD:D1:E3:4D:3E:86:D8:BB:58:9A:D1:6E:1C:18:96:6B:52:A3:18:CE:FD:E4:E9:AC:56:45:F6:6C:71:AE:A3:BA:25:71:76:A5:2B:D6:CC:A5:E5:82:5E:B6:64:DE:27:A6:8F:40:21:AD:41:F8:74:CB:18:6D:FE:F3:09:57:72:02:B2:8D:AF:7C:7A:52:07:49:B7:81:D9:85:A9:EC:54:41:9F:33:29:24:79:4A:A4:2D:44:50:51:05:07:88:21:19:16:5F:79:1D:A7:5D:B1:B4:56:7D:10:65:CF:77:03:62:15:4E:90:1B:F6:62:B5:6F:55:07:E8:47:56:13:D2:73:1D:15:CC:3A:22:C0" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 22:34:59", "not_valid_before": "2022-07-06 22:39:45" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.045) 0:00:13.872 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.044) 0:00:13.916 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.030) 0:00:13.947 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.042) 0:00:13.989 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.041) 0:00:14.031 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.041) 0:00:14.073 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_many_self_signed.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.079420", "end": "2022-07-06 18:39:52.861569", "rc": 0, "start": "2022-07-06 18:39:52.782149" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.386) 0:00:14.459 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 22:39:53 +0000 (0:00:00.043) 0:00:14.503 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 22:39:54 +0000 (0:00:00.026) 0:00:14.529 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 22:39:54 +0000 (0:00:00.556) 0:00:15.085 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 22:39:55 +0000 (0:00:00.975) 0:00:16.061 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 22:39:56 +0000 (0:00:00.779) 0:00:16.840 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657147186.1903167, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "34065faa7d4815ee3f30788707a47b9178bbb63d", "ctime": 1657147186.1873167, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 884915, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657147186.1873167, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "18446744072197911095", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 22:39:56 +0000 (0:00:00.315) 0:00:17.156 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 22:39:56 +0000 (0:00:00.030) 0:00:17.187 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 22:39:56 +0000 (0:00:00.044) 0:00:17.231 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 22:39:56 +0000 (0:00:00.045) 0:00:17.276 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657147186.1433167, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "278532d7c778853219f6ed952058a008370cb68e", "ctime": 1657147186.1873167, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 884914, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657147186.1873167, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1026504454", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.330) 0:00:17.607 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.033) 0:00:17.640 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.047) 0:00:17.687 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.267870", "end": "2022-07-06 18:39:56.674498", "rc": 0, "start": "2022-07-06 18:39:56.406628" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "31:64:28:4E:FA:62:B7:75:7B:56:DF:A6:39:A4:02:3F:C2:99:B9:CC", "critical": false }, "authorityKeyIdentifier": { "value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5E:9E:6F:1E:57:95:63:97:DE:3D:6A:77:82:0D:50:52:5E:21:2B:1B:EF:18:EA:6D:C0:3F:30:9F:FB:E5:EE:58:1D:EE:15:DA:CB:4E:B5:76:EF:7C:4C:B9:E0:E8:89:B0:BF:90:48:DE:DE:CC:F5:21:3A:8F:A8:9E:E8:92:58:E9:25:5D:95:0A:1A:B2:3A:BF:08:B7:C5:19:2F:0B:C9:B5:75:E0:AC:14:46:3C:53:DC:03:FB:56:FC:97:8A:A4:E9:0A:FC:BC:2B:EF:32:E5:F7:02:E1:B5:32:7E:BF:5B:D2:FB:E7:16:F9:29:B7:69:CA:AB:15:65:F3:B1:03:C5:84:58:55:E5:AF:70:3E:14:9E:66:84:9A:29:E7:AC:E0:EC:57:17:EB:4B:18:29:8F:02:CF:C3:A0:E9:7B:0C:D2:0E:F1:AB:BF:40:9A:34:2D:42:BE:2C:48:E1:86:46:CA:C1:E7:C4:B1:06:07:0E:D9:AC:A9:48:3A:DE:DD:55:D2:FB:02:FC:88:EB:48:83:3E:04:1B:48:29:3A:22:48:AC:09:EC:45:19:F1:68:79:90:8B:42:9C:6E:F3:7F:98:54:52:78:27:2C:9B:84:1C:52:58:8D:A9:46:52:8E:86:E1:C8:3A:67:5E:EA:DE:66:E8:3F:FB:EA:05:6D:49:26:DF:88" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 22:34:59", "not_valid_before": "2022-07-06 22:39:46" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.586) 0:00:18.274 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "31:64:28:4E:FA:62:B7:75:7B:56:DF:A6:39:A4:02:3F:C2:99:B9:CC" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5E:9E:6F:1E:57:95:63:97:DE:3D:6A:77:82:0D:50:52:5E:21:2B:1B:EF:18:EA:6D:C0:3F:30:9F:FB:E5:EE:58:1D:EE:15:DA:CB:4E:B5:76:EF:7C:4C:B9:E0:E8:89:B0:BF:90:48:DE:DE:CC:F5:21:3A:8F:A8:9E:E8:92:58:E9:25:5D:95:0A:1A:B2:3A:BF:08:B7:C5:19:2F:0B:C9:B5:75:E0:AC:14:46:3C:53:DC:03:FB:56:FC:97:8A:A4:E9:0A:FC:BC:2B:EF:32:E5:F7:02:E1:B5:32:7E:BF:5B:D2:FB:E7:16:F9:29:B7:69:CA:AB:15:65:F3:B1:03:C5:84:58:55:E5:AF:70:3E:14:9E:66:84:9A:29:E7:AC:E0:EC:57:17:EB:4B:18:29:8F:02:CF:C3:A0:E9:7B:0C:D2:0E:F1:AB:BF:40:9A:34:2D:42:BE:2C:48:E1:86:46:CA:C1:E7:C4:B1:06:07:0E:D9:AC:A9:48:3A:DE:DD:55:D2:FB:02:FC:88:EB:48:83:3E:04:1B:48:29:3A:22:48:AC:09:EC:45:19:F1:68:79:90:8B:42:9C:6E:F3:7F:98:54:52:78:27:2C:9B:84:1C:52:58:8D:A9:46:52:8E:86:E1:C8:3A:67:5E:EA:DE:66:E8:3F:FB:EA:05:6D:49:26:DF:88" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-07-06 22:34:59", "not_valid_before": "2022-07-06 22:39:46" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.043) 0:00:18.318 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.043) 0:00:18.361 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.031) 0:00:18.393 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.043) 0:00:18.437 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 22:39:57 +0000 (0:00:00.044) 0:00:18.481 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 22:39:58 +0000 (0:00:00.045) 0:00:18.527 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.079228", "end": "2022-07-06 18:39:57.320765", "rc": 0, "start": "2022-07-06 18:39:57.241537" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 22:39:58 +0000 (0:00:00.391) 0:00:18.918 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 22:39:58 +0000 (0:00:00.045) 0:00:18.963 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 22:39:58 +0000 (0:00:00.027) 0:00:18.991 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 22:39:59 +0000 (0:00:00.528) 0:00:19.519 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 22:39:59 +0000 (0:00:00.930) 0:00:20.449 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 22:40:00 +0000 (0:00:00.784) 0:00:21.234 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657147187.1893167, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8dde181e388fc4fdcab10563787c33b5f7ff498a", "ctime": 1657147187.1863167, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 884919, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657147187.1863167, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "18446744071782190453", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 22:40:01 +0000 (0:00:00.320) 0:00:21.554 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 22:40:01 +0000 (0:00:00.032) 0:00:21.587 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 22:40:01 +0000 (0:00:00.047) 0:00:21.634 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 22:40:01 +0000 (0:00:00.043) 0:00:21.678 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "stat": { "atime": 1657147187.1423166, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d8e7ad8d869b5415a82c2a84193ac70fc98180f8", "ctime": 1657147187.1863167, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 884918, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657147187.1863167, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "449598240", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 22:40:01 +0000 (0:00:00.329) 0:00:22.008 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 22:40:01 +0000 (0:00:00.032) 0:00:22.041 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 22:40:01 +0000 (0:00:00.046) 0:00:22.087 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.260354", "end": "2022-07-06 18:40:01.061533", "rc": 0, "start": "2022-07-06 18:40:00.801179" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "9E:0A:FE:56:F1:9F:08:66:BA:C2:CC:18:26:E4:56:DE:E9:0A:47:F3", "critical": false }, "authorityKeyIdentifier": { "value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "26:2B:35:11:33:54:28:CD:BE:AF:05:D4:1A:AF:83:CF:AA:1E:A1:3A:AA:7C:B3:6B:BF:D2:48:9F:2C:B2:27:08:AB:1D:63:F6:26:4F:50:20:AF:48:0F:7F:95:99:14:3A:4D:F5:9B:0C:0C:3F:52:8E:65:2C:67:B7:A7:2D:37:40:5F:A0:12:90:31:D6:BE:75:5F:31:2E:05:87:72:3A:B8:97:9A:F1:F7:1A:35:08:A2:8F:1E:7B:3B:41:68:9D:FA:64:D2:9F:B3:09:71:30:72:99:3D:97:BC:0D:6D:EE:24:AE:3A:AC:88:81:AF:9D:9E:D2:E9:E7:21:74:91:CA:03:38:9A:47:9E:4B:4A:71:AA:10:D4:B7:D5:99:39:5A:59:76:96:7C:63:89:8E:74:58:B6:56:76:9F:70:F7:EF:20:86:8B:32:26:60:2A:85:07:1F:F2:9E:92:36:BA:D7:55:47:85:FD:0A:11:50:D3:17:D9:CC:55:ED:02:76:F3:7E:FF:49:C0:71:5C:CF:C2:14:7D:18:AA:D7:BF:94:EA:09:5B:30:7E:EF:62:C3:AA:7E:C4:DF:97:4D:89:BF:D5:0A:F9:F6:94:F9:16:F6:06:FD:E7:76:E2:97:EA:62:4C:5D:6F:CD:91:21:52:9C:18:55:72:2F:91:F9:E5:E7:8A:33" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 22:34:59", "not_valid_before": "2022-07-06 22:39:47" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.572) 0:00:22.659 ******** ok: [/cache/rhel-7.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "AA:FA:3B:D5:1D:F9:BA:48:A3:9E:42:C6:70:FF:42:C3:C1:C4:59:A8" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "9E:0A:FE:56:F1:9F:08:66:BA:C2:CC:18:26:E4:56:DE:E9:0A:47:F3" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "26:2B:35:11:33:54:28:CD:BE:AF:05:D4:1A:AF:83:CF:AA:1E:A1:3A:AA:7C:B3:6B:BF:D2:48:9F:2C:B2:27:08:AB:1D:63:F6:26:4F:50:20:AF:48:0F:7F:95:99:14:3A:4D:F5:9B:0C:0C:3F:52:8E:65:2C:67:B7:A7:2D:37:40:5F:A0:12:90:31:D6:BE:75:5F:31:2E:05:87:72:3A:B8:97:9A:F1:F7:1A:35:08:A2:8F:1E:7B:3B:41:68:9D:FA:64:D2:9F:B3:09:71:30:72:99:3D:97:BC:0D:6D:EE:24:AE:3A:AC:88:81:AF:9D:9E:D2:E9:E7:21:74:91:CA:03:38:9A:47:9E:4B:4A:71:AA:10:D4:B7:D5:99:39:5A:59:76:96:7C:63:89:8E:74:58:B6:56:76:9F:70:F7:EF:20:86:8B:32:26:60:2A:85:07:1F:F2:9E:92:36:BA:D7:55:47:85:FD:0A:11:50:D3:17:D9:CC:55:ED:02:76:F3:7E:FF:49:C0:71:5C:CF:C2:14:7D:18:AA:D7:BF:94:EA:09:5B:30:7E:EF:62:C3:AA:7E:C4:DF:97:4D:89:BF:D5:0A:F9:F6:94:F9:16:F6:06:FD:E7:76:E2:97:EA:62:4C:5D:6F:CD:91:21:52:9C:18:55:72:2F:91:F9:E5:E7:8A:33" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-07-06 22:34:59", "not_valid_before": "2022-07-06 22:39:47" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.043) 0:00:22.703 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.073) 0:00:22.777 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.058) 0:00:22.835 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.044) 0:00:22.880 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.044) 0:00:22.924 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.042) 0:00:22.967 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.080735", "end": "2022-07-06 18:40:01.762096", "rc": 0, "start": "2022-07-06 18:40:01.681361" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.393) 0:00:23.360 ******** ok: [/cache/rhel-7.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-7.qcow2 : ok=75 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Wednesday 06 July 2022 22:40:02 +0000 (0:00:00.082) 0:00:23.443 ******** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate requests ----- 2.88s /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 set up internal repositories -------------------------------------------- 1.44s /cache/rhel-7_setup.yml:5 ----------------------------------------------------- fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.12s /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Install the package, force upgrade -------------------------------------- 1.10s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install the package, force upgrade -------------------------------------- 0.98s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install the package, force upgrade -------------------------------------- 0.93s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Gathering Facts --------------------------------------------------------- 0.91s /tmp/tmp5zfmitu6/tests/certificate/tests_many_self_signed.yml:2 --------------- Install certreader ------------------------------------------------------ 0.82s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install certreader ------------------------------------------------------ 0.78s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install certreader ------------------------------------------------------ 0.78s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Gathering Facts --------------------------------------------------------- 0.69s /tmp/tmp5zfmitu6/tests/certificate/tests_many_self_signed.yml:18 -------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.67s /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Parse certificate ------------------------------------------------------- 0.59s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.57s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Ensure python3 is installed --------------------------------------------- 0.57s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.56s /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Ensure python3 is installed --------------------------------------------- 0.56s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 0.53s /tmp/tmp5zfmitu6/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.45s /tmp/tmpke2c_s6q/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33