+ cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_basic_ipa.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:04:03 +0000 (0:00:00.012) 0:00:00.012 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:04:03 +0000 (0:00:00.017) 0:00:00.029 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:04:03 +0000 (0:00:00.018) 0:00:00.048 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- statically imported: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmpcwl050ue/tests/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_basic_ipa.yml:2 Tuesday 01 February 2022 17:04:03 +0000 (0:00:00.023) 0:00:00.071 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:2 Tuesday 01 February 2022 17:04:04 +0000 (0:00:01.092) 0:00:01.164 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:6 Tuesday 01 February 2022 17:04:04 +0000 (0:00:00.032) 0:00:01.197 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:12 Tuesday 01 February 2022 17:04:04 +0000 (0:00:00.016) 0:00:01.213 ****** ok: [/cache/fedora-34.qcow2 -> 127.0.0.1] => { "after": "6c7f433135795d3ebec2ce26d6ca398301792588", "before": "6c7f433135795d3ebec2ce26d6ca398301792588", "changed": false, "remote_url_changed": false } TASK [Create role symlinks] **************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:21 Tuesday 01 February 2022 17:04:06 +0000 (0:00:01.923) 0:00:03.137 ****** changed: [/cache/fedora-34.qcow2 -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpcwl050ue/tests/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [/cache/fedora-34.qcow2 -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpcwl050ue/tests/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:33 Tuesday 01 February 2022 17:04:07 +0000 (0:00:00.548) 0:00:03.685 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Set hostname] ************************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:38 Tuesday 01 February 2022 17:05:11 +0000 (0:01:04.587) 0:01:08.273 ****** changed: [/cache/fedora-34.qcow2] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:42 Tuesday 01 February 2022 17:05:12 +0000 (0:00:00.951) 0:01:09.225 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [Include ipaserver role] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:50 Tuesday 01 February 2022 17:05:16 +0000 (0:00:03.414) 0:01:12.639 ****** TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Tuesday 01 February 2022 17:05:16 +0000 (0:00:00.027) 0:01:12.666 ****** ok: [/cache/fedora-34.qcow2] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml) => { "ansible_facts": { "ipaserver_packages": [ "freeipa-server", "python3-libselinux" ], "ipaserver_packages_adtrust": [ "freeipa-server-trust-ad" ], "ipaserver_packages_dns": [ "freeipa-server-dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:12 Tuesday 01 February 2022 17:05:16 +0000 (0:00:00.030) 0:01:12.696 ****** included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/fedora-34.qcow2 TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 Tuesday 01 February 2022 17:05:16 +0000 (0:00:00.061) 0:01:12.758 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-lxml-4.6.5-1.fc34.x86_64", "Installed: perl-Term-ReadLine-1.17-477.fc34.noarch", "Installed: python-systemd-doc-234-19.fc34.x86_64", "Installed: oddjob-0.34.7-2.fc34.x86_64", "Installed: oddjob-mkhomedir-0.34.7-2.fc34.x86_64", "Installed: logrotate-3.18.0-3.fc34.x86_64", "Installed: libev-4.33-3.fc34.x86_64", "Installed: apache-commons-cli-1.5.0-1.fc34.noarch", "Installed: perl-Text-Tabs+Wrap-2021.0726-1.fc34.noarch", "Installed: jboss-annotations-1.2-api-1.0.2-5.fc34.noarch", "Installed: python3-augeas-0.5.0-23.fc34.noarch", "Installed: xerces-j2-2.12.1-3.fc34.noarch", "Installed: perl-Tie-4.6-477.fc34.noarch", "Installed: jboss-jaxrs-2.0-api-1.0.0-14.fc34.noarch", "Installed: jboss-logging-3.4.1-6.fc34.noarch", "Installed: perl-constant-1.33-459.fc34.noarch", "Installed: jboss-logging-tools-2.2.1-4.fc34.noarch", "Installed: python3-nss-1.0.1-23.fc34.x86_64", "Installed: tomcat-native-1.2.23-4.fc34.x86_64", "Installed: lua-5.4.3-1.fc34.x86_64", "Installed: python3-dns-2.1.0-3.fc34.noarch", "Installed: perl-base-2.27-477.fc34.noarch", "Installed: apr-1.7.0-9.fc34.x86_64", "Installed: perl-debugger-1.56-477.fc34.noarch", "Installed: perl-PathTools-3.78-459.fc34.x86_64", "Installed: tomcatjss-7.6.1-2.fc34.noarch", "Installed: libdb-utils-5.3.28-49.fc34.x86_64", "Installed: perl-if-0.60.800-477.fc34.noarch", "Installed: perl-interpreter-4:5.32.1-477.fc34.x86_64", "Installed: httpd-2.4.51-1.fc34.x86_64", "Installed: httpd-filesystem-2.4.51-1.fc34.noarch", "Installed: jdeparser-2.0.3-6.fc34.noarch", "Installed: httpd-tools-2.4.51-1.fc34.x86_64", "Installed: nss-tools-3.73.0-1.fc34.x86_64", "Installed: perl-libs-4:5.32.1-477.fc34.x86_64", "Installed: lua-posix-35.0-3.fc34.x86_64", "Installed: perl-meta-notation-5.32.1-477.fc34.noarch", "Installed: perl-mro-1.23-477.fc34.x86_64", "Installed: perl-libnet-3.13-2.fc34.noarch", "Installed: perl-overload-1.31-477.fc34.noarch", "Installed: perl-overloading-0.02-477.fc34.noarch", "Installed: perl-sigtrap-1.09-477.fc34.noarch", "Installed: perl-subs-1.03-477.fc34.noarch", "Installed: perl-vars-1.05-477.fc34.noarch", "Installed: bash-completion-1:2.11-2.fc34.noarch", "Installed: harfbuzz-2.7.4-3.fc34.x86_64", "Installed: perl-parent-1:0.238-458.fc34.noarch", "Installed: krb5-pkinit-1.19.2-2.fc34.x86_64", "Installed: krb5-server-1.19.2-2.fc34.x86_64", "Installed: python3-jwcrypto-0.8-2.fc34.noarch", "Installed: krb5-workstation-1.19.2-2.fc34.x86_64", "Installed: sscg-2.6.2-5.fc34.x86_64", "Installed: perl-Pod-Escapes-1:1.07-458.fc34.noarch", "Installed: perl-podlators-1:4.14-458.fc34.noarch", "Installed: cups-libs-1:2.3.3op2-11.fc34.x86_64", "Installed: perl-Pod-Perldoc-3.28.01-459.fc34.noarch", "Installed: mod_http2-1.15.24-1.fc34.x86_64", "Installed: mod_lua-2.4.51-1.fc34.x86_64", "Installed: open-sans-fonts-1.10-14.fc34.noarch", "Installed: libverto-libev-0.3.2-1.fc34.x86_64", "Installed: perl-Carp-1.50-458.fc34.noarch", "Installed: perl-Pod-Simple-1:3.42-2.fc34.noarch", "Installed: mod_session-2.4.51-1.fc34.x86_64", "Installed: mod_ssl-1:2.4.51-1.fc34.x86_64", "Installed: perl-threads-1:2.25-458.fc34.x86_64", "Installed: perl-threads-shared-1.61-458.fc34.x86_64", "Installed: perl-Pod-Usage-4:2.01-2.fc34.noarch", "Installed: gssproxy-0.8.4-2.fc34.x86_64", "Installed: cyrus-sasl-gssapi-2.1.27-8.fc34.x86_64", "Installed: slf4j-1.7.30-8.fc34.noarch", "Installed: samba-client-libs-2:4.14.11-0.fc34.x86_64", "Installed: augeas-libs-1.13.0-1.fc34.x86_64", "Installed: slf4j-jdk14-1.7.30-8.fc34.noarch", "Installed: samba-common-2:4.14.11-0.fc34.noarch", "Installed: cyrus-sasl-md5-2.1.27-8.fc34.x86_64", "Installed: samba-common-libs-2:4.14.11-0.fc34.x86_64", "Installed: freetype-2.10.4-3.fc34.x86_64", "Installed: cyrus-sasl-plain-2.1.27-8.fc34.x86_64", "Installed: xml-commons-apis-1.4.01-33.fc34.noarch", "Installed: xml-commons-resolver-1.2-33.fc34.noarch", "Installed: publicsuffix-list-20190417-5.fc34.noarch", "Installed: perl-Digest-MD5-2.58-2.fc34.x86_64", "Installed: python3-pyusb-1.0.2-11.fc34.noarch", "Installed: python3-pki-10.10.7-1.fc34.noarch", "Installed: autofs-1:5.1.7-18.fc34.x86_64", "Installed: perl-Text-Diff-1.45-11.fc34.noarch", "Installed: perl-IO-Compress-2.102-2.fc34.noarch", "Installed: perl-IO-Compress-Lzma-2.101-2.fc34.noarch", "Installed: policycoreutils-python-utils-3.2-1.fc34.noarch", "Installed: rpcbind-1.2.6-0.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: ecj-1:4.19-1.fc34.noarch", "Installed: apache-commons-codec-1.15-2.fc34.noarch", "Installed: words-3.0-37.fc34.noarch", "Installed: python3-qrcode-core-6.1-8.fc34.noarch", "Installed: perl-IO-Socket-IP-0.41-3.fc34.noarch", "Installed: apache-commons-daemon-1.2.4-1.fc34.x86_64", "Installed: perl-Text-ParseWords-3.30-458.fc34.noarch", "Installed: perl-IO-Socket-SSL-2.070-2.fc34.noarch", "Installed: avahi-libs-0.8-14.fc34.x86_64", "Installed: freeipa-client-4.9.6-4.fc34.x86_64", "Installed: freeipa-client-common-4.9.6-4.fc34.noarch", "Installed: libuv-1:1.43.0-2.fc34.x86_64", "Installed: apache-commons-io-1:2.8.0-3.fc34.noarch", "Installed: perl-IO-Zlib-1:1.11-2.fc34.noarch", "Installed: freeipa-common-4.9.6-4.fc34.noarch", "Installed: freeipa-healthcheck-core-0.9-2.fc34.noarch", "Installed: apache-commons-lang3-3.11-2.fc34.noarch", "Installed: freeipa-selinux-4.9.6-4.fc34.noarch", "Installed: apache-commons-logging-1.2-25.fc34.noarch", "Installed: freeipa-server-4.9.6-4.fc34.x86_64", "Installed: lcms2-2.12-1.fc34.x86_64", "Installed: freeipa-server-common-4.9.6-4.fc34.noarch", "Installed: apache-commons-net-3.6-11.fc34.noarch", "Installed: ldapjdk-4.22.0-5.fc34.noarch", "Installed: jackson-annotations-2.11.4-2.fc34.noarch", "Installed: perl-Scalar-List-Utils-4:1.56-459.fc34.x86_64", "Installed: jackson-core-2.11.4-2.fc34.noarch", "Installed: jackson-databind-2.11.4-2.fc34.noarch", "Installed: js-jquery-3.5.0-5.fc34.noarch", "Installed: jackson-jaxrs-json-provider-2.11.4-2.fc34.noarch", "Installed: jackson-jaxrs-providers-2.11.4-2.fc34.noarch", "Installed: fstrm-0.6.1-2.fc34.x86_64", "Installed: lksctp-tools-1.0.18-9.fc34.x86_64", "Installed: jackson-module-jaxb-annotations-2.11.4-2.fc34.noarch", "Installed: perl-Time-Local-2:1.300-5.fc34.noarch", "Installed: perl-Exporter-5.74-459.fc34.noarch", "Installed: slapi-nis-0.56.7-1.fc34.x86_64", "Installed: perl-Compress-Raw-Bzip2-2.101-3.fc34.x86_64", "Installed: jakarta-activation-1.2.2-2.fc34.noarch", "Installed: perl-Compress-Raw-Lzma-2.101-1.fc34.x86_64", "Installed: mod_auth_gssapi-1.6.3-3.fc34.x86_64", "Installed: perl-Compress-Raw-Zlib-2.101-3.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: perl-SelectSaver-1.02-477.fc34.noarch", "Installed: libwbclient-2:4.14.11-0.fc34.x86_64", "Installed: openldap-clients-2.4.57-6.fc34.x86_64", "Installed: openldap-compat-2.4.57-6.fc34.x86_64", "Installed: perl-Archive-Tar-2.40-1.fc34.noarch", "Installed: apr-util-1.6.1-16.fc34.x86_64", "Installed: apr-util-bdb-1.6.1-16.fc34.x86_64", "Installed: libpkgconf-1.7.3-6.fc34.x86_64", "Installed: pkgconf-1.7.3-6.fc34.x86_64", "Installed: pkgconf-m4-1.7.3-6.fc34.noarch", "Installed: pkgconf-pkg-config-1.7.3-6.fc34.x86_64", "Installed: perl-AutoLoader-5.74-477.fc34.noarch", "Installed: apr-util-openssl-1.6.1-16.fc34.x86_64", "Installed: perl-B-1.80-477.fc34.x86_64", "Installed: pki-kra-10.10.7-1.fc34.noarch", "Installed: authselect-1.2.3-1.fc34.x86_64", "Installed: mod_lookup_identity-1.0.0-13.fc34.x86_64", "Installed: resteasy-atom-provider-3.0.26-7.fc34.noarch", "Installed: resteasy-client-3.0.26-7.fc34.noarch", "Installed: resteasy-core-3.0.26-7.fc34.noarch", "Installed: authselect-libs-1.2.3-1.fc34.x86_64", "Installed: resteasy-jackson2-provider-3.0.26-7.fc34.noarch", "Installed: resteasy-jaxb-provider-3.0.26-7.fc34.noarch", "Installed: softhsm-2.6.1-5.fc34.1.x86_64", "Installed: perl-Storable-1:3.21-458.fc34.x86_64", "Installed: jss-4.8.1-2.fc34.x86_64", "Installed: perl-Class-Struct-0.66-477.fc34.noarch", "Installed: pki-server-10.10.7-1.fc34.noarch", "Installed: xalan-j2-2.7.2-7.fc34.noarch", "Installed: perl-Algorithm-Diff-1.2010-2.fc34.noarch", "Installed: keyutils-1.6.1-2.fc34.x86_64", "Installed: libpng-2:1.6.37-10.fc34.x86_64", "Installed: java-11-openjdk-headless-1:11.0.13.0.8-2.fc34.x86_64", "Installed: perl-URI-5.09-1.fc34.noarch", "Installed: python3-psutil-5.8.0-5.fc34.x86_64", "Installed: tomcat-1:9.0.56-1.fc34.noarch", "Installed: julietaula-montserrat-base-web-fonts-1:7.210-4.fc34.noarch", "Installed: tomcat-el-3.0-api-1:9.0.56-1.fc34.noarch", "Installed: julietaula-montserrat-fonts-common-1:7.210-4.fc34.noarch", "Installed: tomcat-jsp-2.3-api-1:9.0.56-1.fc34.noarch", "Installed: tomcat-lib-1:9.0.56-1.fc34.noarch", "Installed: tomcat-servlet-4.0-api-1:9.0.56-1.fc34.noarch", "Installed: perl-Devel-Peek-1.28-477.fc34.x86_64", "Installed: python3-sss-2.5.2-2.fc34.x86_64", "Installed: perl-Digest-1.20-1.fc34.noarch", "Installed: python3-sss-murmur-2.5.2-2.fc34.x86_64", "Installed: python3-sssdconfig-2.5.2-2.fc34.noarch", "Installed: perl-Net-SSLeay-1.90-2.fc34.x86_64", "Installed: perl-DynaLoader-1.47-477.fc34.x86_64", "Installed: perl-Encode-4:3.15-462.fc34.x86_64", "Installed: bind-libs-32:9.16.24-1.fc34.x86_64", "Installed: bind-license-32:9.16.24-1.fc34.noarch", "Installed: perl-Errno-1.30-477.fc34.x86_64", "Installed: python3-systemd-234-19.fc34.x86_64", "Installed: httpcomponents-client-4.5.10-6.fc34.noarch", "Installed: httpcomponents-core-4.4.12-5.fc34.noarch", "Installed: perl-File-Path-2.18-2.fc34.noarch", "Installed: python3-pyasn1-0.4.8-4.fc34.noarch", "Installed: python3-pyasn1-modules-0.4.8-4.fc34.noarch", "Installed: bind-utils-32:9.16.24-1.fc34.x86_64", "Installed: perl-Fcntl-1.13-477.fc34.x86_64", "Installed: perl-File-Basename-2.85-477.fc34.noarch", "Installed: perl-File-Find-1.37-477.fc34.noarch", "Installed: python3-mod_wsgi-4.7.1-4.fc34.x86_64", "Installed: libicu-67.1-7.fc34.x86_64", "Installed: perl-File-stat-1.09-477.fc34.noarch", "Installed: mailcap-2.1.49-3.fc34.noarch", "Installed: python3-gssapi-1.6.9-3.fc34.x86_64", "Installed: perl-FileHandle-2.03-477.fc34.noarch", "Installed: perl-Getopt-Std-1.12-477.fc34.noarch", "Installed: perl-File-Temp-1:0.231.100-2.fc34.noarch", "Installed: sssd-common-pac-2.5.2-2.fc34.x86_64", "Installed: sssd-dbus-2.5.2-2.fc34.x86_64", "Installed: alsa-lib-1.2.6.1-3.fc34.x86_64", "Installed: python3-ipaclient-4.9.6-4.fc34.noarch", "Installed: fedora-logos-httpd-34.0.4-1.fc34.noarch", "Installed: python3-ipalib-4.9.6-4.fc34.noarch", "Installed: perl-HTTP-Tiny-0.078-1.fc34.noarch", "Installed: python3-ipaserver-4.9.6-4.fc34.noarch", "Installed: sssd-ipa-2.5.2-2.fc34.x86_64", "Installed: jaxb-impl-2.3.5-1.fc34.noarch", "Installed: sssd-krb5-common-2.5.2-2.fc34.x86_64", "Installed: python3-decorator-4.4.2-4.fc34.noarch", "Installed: graphite2-1.3.14-7.fc34.x86_64", "Installed: sssd-tools-2.5.2-2.fc34.x86_64", "Installed: perl-IO-1.43-477.fc34.x86_64", "Installed: perl-IPC-Open3-1.21-477.fc34.noarch", "Installed: openssl-1:1.1.1l-2.fc34.x86_64", "Installed: libipa_hbac-2.5.2-2.fc34.x86_64", "Installed: openssl-perl-1:1.1.1l-2.fc34.x86_64", "Installed: python3-kdcproxy-1.0.0-5.fc34.noarch", "Installed: perl-Term-ANSIColor-5.01-459.fc34.noarch", "Installed: perl-Term-Cap-1.17-458.fc34.noarch", "Installed: web-assets-filesystem-5-13.fc34.noarch", "Installed: nfs-utils-1:2.5.4-2.rc3.fc34.x86_64", "Installed: tzdata-java-2021e-1.fc34.noarch", "Installed: 389-ds-base-2.0.12-1.fc34.x86_64", "Installed: perl-MIME-Base64-3.16-2.fc34.x86_64", "Installed: 389-ds-base-libs-2.0.12-1.fc34.x86_64", "Installed: perl-Mozilla-CA-20211001-1.fc34.noarch", "Installed: perl-NDBM_File-1.15-477.fc34.x86_64", "Installed: quota-1:4.06-4.fc34.x86_64", "Installed: python3-ldap-3.3.1-5.fc34.x86_64", "Installed: libjpeg-turbo-2.0.90-3.fc34.x86_64", "Installed: quota-nls-1:4.06-4.fc34.noarch", "Installed: fontawesome-fonts-1:4.7.0-11.fc34.noarch", "Installed: perl-DB_File-1.855-2.fc34.x86_64", "Installed: python3-lib389-2.0.12-1.fc34.noarch", "Installed: python3-yubico-1.3.3-5.fc34.noarch", "Installed: python3-netaddr-0.8.0-3.fc34.noarch", "Installed: javapackages-filesystem-5.3.0-15.fc34.noarch", "Installed: libkadm5-1.19.2-2.fc34.x86_64", "Installed: javapackages-tools-5.3.0-15.fc34.noarch", "Installed: python3-argcomplete-1.12.0-3.fc34.noarch", "Installed: perl-POSIX-1.94-477.fc34.x86_64", "Installed: python3-libipa_hbac-2.5.2-2.fc34.x86_64", "Installed: python3-netifaces-0.10.6-13.fc34.x86_64", "Installed: perl-Getopt-Long-1:2.52-2.fc34.noarch", "Installed: jaxb-api-2.3.3-3.fc34.noarch", "Installed: libxslt-1.1.34-5.fc34.x86_64", "Installed: perl-Data-Dumper-2.174-460.fc34.x86_64", "Installed: pki-acme-10.10.7-1.fc34.noarch", "Installed: pki-base-10.10.7-1.fc34.noarch", "Installed: pki-base-java-10.10.7-1.fc34.noarch", "Installed: pki-ca-10.10.7-1.fc34.noarch", "Installed: copy-jdk-configs-4.0-1.fc34.noarch", "Installed: perl-Socket-4:2.032-1.fc34.x86_64", "Installed: pki-symkey-10.10.7-1.fc34.x86_64", "Installed: pki-tools-10.10.7-1.fc34.x86_64", "Installed: perl-Symbol-1.08-477.fc34.noarch" ] } TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 Tuesday 01 February 2022 17:08:36 +0000 (0:03:20.589) 0:04:33.348 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: bind-dnssec-doc-32:9.16.24-1.fc34.noarch", "Installed: bind-dnssec-utils-32:9.16.24-1.fc34.x86_64", "Installed: bind-dyndb-ldap-11.9-8.fc34.x86_64", "Installed: ldns-1.8.1-3.fc34.x86_64", "Installed: opencryptoki-icsftok-3.16.0-2.fc34.x86_64", "Installed: opendnssec-2.1.9-1.fc34.x86_64", "Installed: python3-bind-32:9.16.24-1.fc34.noarch", "Installed: sqlite-3.34.1-2.fc34.x86_64", "Installed: opencryptoki-3.16.0-2.fc34.x86_64", "Installed: bind-32:9.16.24-1.fc34.x86_64", "Installed: freeipa-server-dns-4.9.6-4.fc34.noarch", "Installed: opencryptoki-libs-3.16.0-2.fc34.x86_64" ] } TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Tuesday 01 February 2022 17:08:43 +0000 (0:00:06.620) 0:04:39.968 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 Tuesday 01 February 2022 17:08:43 +0000 (0:00:00.030) 0:04:39.999 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: nftables-1:0.9.8-3.fc34.x86_64", "Installed: firewalld-0.9.4-1.fc34.noarch", "Installed: firewalld-filesystem-0.9.4-1.fc34.noarch", "Installed: python3-firewall-0.9.4-1.fc34.noarch", "Installed: libnftnl-1.1.9-2.fc34.x86_64", "Installed: iptables-nft-1.8.7-8.fc34.x86_64", "Installed: ipset-7.11-1.fc34.x86_64", "Installed: python3-gobject-base-3.40.1-1.fc34.x86_64", "Installed: ipset-libs-7.11-1.fc34.x86_64", "Installed: gobject-introspection-1.68.0-4.fc34.x86_64", "Installed: python3-nftables-1:0.9.8-3.fc34.x86_64", "Installed: python3-slip-0.6.4-22.fc34.noarch", "Installed: python3-slip-dbus-0.6.4-22.fc34.noarch" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Tuesday 01 February 2022 17:08:47 +0000 (0:00:04.161) 0:04:44.160 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target sysinit.target dbus.socket polkit.service dbus-broker.service system.slice", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "multi-user.target network-pre.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "iptables.service nftables.service ipset.service ip6tables.service shutdown.target ebtables.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [ipaserver : Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 Tuesday 01 February 2022 17:08:48 +0000 (0:00:01.107) 0:04:45.268 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Tuesday 01 February 2022 17:08:48 +0000 (0:00:00.035) 0:04:45.303 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 Tuesday 01 February 2022 17:08:48 +0000 (0:00:00.031) 0:04:45.335 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 Tuesday 01 February 2022 17:08:48 +0000 (0:00:00.029) 0:04:45.365 ****** ok: [/cache/fedora-34.qcow2] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 1039199999, "idstart": 1039000000, "ipa_python_version": 40906, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:137 Tuesday 01 February 2022 17:08:50 +0000 (0:00:01.259) 0:04:46.624 ****** changed: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:144 Tuesday 01 February 2022 17:08:51 +0000 (0:00:01.139) 0:04:47.764 ****** ok: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:152 Tuesday 01 February 2022 17:08:51 +0000 (0:00:00.027) 0:04:47.791 ****** changed: [/cache/fedora-34.qcow2] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": [ "10.0.2.3" ], "ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 Tuesday 01 February 2022 17:08:53 +0000 (0:00:02.117) 0:04:49.908 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 Tuesday 01 February 2022 17:09:03 +0000 (0:00:10.452) 0:05:00.360 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 Tuesday 01 February 2022 17:09:21 +0000 (0:00:17.600) 0:05:17.961 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 Tuesday 01 February 2022 17:09:26 +0000 (0:00:05.425) 0:05:23.387 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 Tuesday 01 February 2022 17:09:30 +0000 (0:00:04.068) 0:05:27.455 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "/cache/fedora-34.qcow2-ipa.csr"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:306 Tuesday 01 February 2022 17:11:47 +0000 (0:02:17.062) 0:07:44.518 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 Tuesday 01 February 2022 17:11:47 +0000 (0:00:00.033) 0:07:44.552 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 Tuesday 01 February 2022 17:11:50 +0000 (0:00:02.502) 0:07:47.054 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:353 Tuesday 01 February 2022 17:13:15 +0000 (0:01:25.139) 0:09:12.193 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 Tuesday 01 February 2022 17:13:15 +0000 (0:00:00.047) 0:09:12.241 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:381 Tuesday 01 February 2022 17:13:23 +0000 (0:00:08.078) 0:09:20.320 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:396 Tuesday 01 February 2022 17:13:23 +0000 (0:00:00.034) 0:09:20.354 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:413 Tuesday 01 February 2022 17:13:25 +0000 (0:00:02.094) 0:09:22.448 ****** TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Tuesday 01 February 2022 17:13:25 +0000 (0:00:00.052) 0:09:22.500 ****** ok: [/cache/fedora-34.qcow2] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => { "ansible_facts": { "ipaclient_packages": [ "ipa-client", "python3-libselinux" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:12 Tuesday 01 February 2022 17:13:25 +0000 (0:00:00.081) 0:09:22.582 ****** included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/fedora-34.qcow2 TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 Tuesday 01 February 2022 17:13:26 +0000 (0:00:00.108) 0:09:22.691 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [ipaclient : Install - Set ipaclient_servers] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 Tuesday 01 February 2022 17:13:28 +0000 (0:00:01.985) 0:09:24.676 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 Tuesday 01 February 2022 17:13:28 +0000 (0:00:00.037) 0:09:24.713 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 Tuesday 01 February 2022 17:13:28 +0000 (0:00:00.038) 0:09:24.751 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 Tuesday 01 February 2022 17:13:28 +0000 (0:00:00.036) 0:09:24.788 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 Tuesday 01 February 2022 17:13:28 +0000 (0:00:00.038) 0:09:24.826 ****** ok: [/cache/fedora-34.qcow2] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40906, "kdc": "ipaserver.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 Tuesday 01 February 2022 17:13:29 +0000 (0:00:00.889) 0:09:25.716 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 Tuesday 01 February 2022 17:13:29 +0000 (0:00:00.379) 0:09:26.096 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 Tuesday 01 February 2022 17:13:30 +0000 (0:00:00.826) 0:09:26.922 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 Tuesday 01 February 2022 17:13:30 +0000 (0:00:00.037) 0:09:26.959 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 Tuesday 01 February 2022 17:13:30 +0000 (0:00:00.034) 0:09:26.994 ****** ok: [/cache/fedora-34.qcow2] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 Tuesday 01 February 2022 17:13:31 +0000 (0:00:01.563) 0:09:28.558 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.037) 0:09:28.595 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.040) 0:09:28.635 ****** skipping: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.036) 0:09:28.672 ****** skipping: [/cache/fedora-34.qcow2] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.034) 0:09:28.707 ****** skipping: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.035) 0:09:28.742 ****** skipping: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.035) 0:09:28.778 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.036) 0:09:28.814 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.041) 0:09:28.856 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:188 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.039) 0:09:28.895 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:193 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.038) 0:09:28.934 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:215 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.041) 0:09:28.975 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:220 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.038) 0:09:29.013 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:223 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.038) 0:09:29.052 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:235 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.038) 0:09:29.091 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:244 Tuesday 01 February 2022 17:13:32 +0000 (0:00:00.039) 0:09:29.130 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:266 Tuesday 01 February 2022 17:13:33 +0000 (0:00:00.893) 0:09:30.024 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 Tuesday 01 February 2022 17:13:33 +0000 (0:00:00.042) 0:09:30.066 ****** changed: [/cache/fedora-34.qcow2] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:288 Tuesday 01 February 2022 17:13:35 +0000 (0:00:02.400) 0:09:32.467 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 Tuesday 01 February 2022 17:13:35 +0000 (0:00:00.041) 0:09:32.509 ****** changed: [/cache/fedora-34.qcow2] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:329 Tuesday 01 February 2022 17:13:40 +0000 (0:00:04.256) 0:09:36.765 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 Tuesday 01 February 2022 17:13:41 +0000 (0:00:00.918) 0:09:37.683 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:343 Tuesday 01 February 2022 17:13:41 +0000 (0:00:00.874) 0:09:38.557 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:349 Tuesday 01 February 2022 17:13:42 +0000 (0:00:00.039) 0:09:38.597 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:367 Tuesday 01 February 2022 17:13:43 +0000 (0:00:01.056) 0:09:39.653 ****** skipping: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:373 Tuesday 01 February 2022 17:13:43 +0000 (0:00:00.040) 0:09:39.693 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:16 Tuesday 01 February 2022 17:13:43 +0000 (0:00:00.391) 0:09:40.085 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2 TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 Tuesday 01 February 2022 17:13:43 +0000 (0:00:00.040) 0:09:40.125 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:435 Tuesday 01 February 2022 17:13:48 +0000 (0:00:04.573) 0:09:44.699 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:441 Tuesday 01 February 2022 17:13:48 +0000 (0:00:00.386) 0:09:45.085 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.297250", "end": "2022-02-01 17:13:48.636395", "rc": 0, "start": "2022-02-01 17:13:48.339145" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:455 Tuesday 01 February 2022 17:13:49 +0000 (0:00:00.824) 0:09:45.910 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.254233", "end": "2022-02-01 17:13:49.266489", "rc": 0, "start": "2022-02-01 17:13:49.012256" } STDOUT: success TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 Tuesday 01 February 2022 17:13:49 +0000 (0:00:00.628) 0:09:46.538 ****** ok: [/cache/fedora-34.qcow2] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [/cache/fedora-34.qcow2] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [/cache/fedora-34.qcow2] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:16 Tuesday 01 February 2022 17:13:50 +0000 (0:00:01.012) 0:09:47.550 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Issue IPA signed certificates] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_basic_ipa.yml:8 Tuesday 01 February 2022 17:13:51 +0000 (0:00:00.046) 0:09:47.597 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:13:51 +0000 (0:00:00.740) 0:09:48.337 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:13:51 +0000 (0:00:00.026) 0:09:48.363 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:13:53 +0000 (0:00:01.981) 0:09:50.345 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:13:55 +0000 (0:00:01.914) 0:09:52.260 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:13:56 +0000 (0:00:00.387) 0:09:52.648 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:13:56 +0000 (0:00:00.381) 0:09:53.029 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Tue 2022-02-01 17:11:01 UTC", "ActiveEnterTimestampMonotonic": "428826587", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "dbus.socket syslog.target basic.target system.slice dbus-broker.service systemd-journald.socket network.target sysinit.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Tue 2022-02-01 17:11:01 UTC", "AssertTimestampMonotonic": "428815160", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "33171792000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Tue 2022-02-01 17:11:01 UTC", "ConditionTimestampMonotonic": "428815158", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "16750", "ExecMainStartTimestamp": "Tue 2022-02-01 17:11:01 UTC", "ExecMainStartTimestampMonotonic": "428816456", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Tue 2022-02-01 17:11:01 UTC", "InactiveExitTimestampMonotonic": "428816918", "InvocationID": "c479768031e04e2ba79556274c4920ef", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "16750", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "2633728", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Tue 2022-02-01 17:13:45 UTC", "StateChangeTimestampMonotonic": "592489627", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:13:57 +0000 (0:00:00.803) 0:09:53.832 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificates] ***************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_basic_ipa.yml:27 Tuesday 01 February 2022 17:14:01 +0000 (0:00:04.349) 0:09:58.182 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_basic_ipa.yml:84 Tuesday 01 February 2022 17:14:02 +0000 (0:00:00.732) 0:09:58.914 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/groupcert.crt', 'key_path': '/etc/pki/tls/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:14:02 +0000 (0:00:00.039) 0:09:58.953 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:14:02 +0000 (0:00:00.015) 0:09:58.969 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:14:04 +0000 (0:00:01.931) 0:10:00.900 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:14:09 +0000 (0:00:04.694) 0:10:05.595 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 51.2 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 99.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 38.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 96.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 49.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:14:11 +0000 (0:00:02.727) 0:10:08.322 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643735639.282422, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f07761f8feccd0de5c025276fb3f56efb8f805de", "ctime": 1643735639.279422, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 145708, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643735639.279422, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "1982981089", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:14:12 +0000 (0:00:00.525) 0:10:08.848 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:14:12 +0000 (0:00:00.021) 0:10:08.869 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:14:12 +0000 (0:00:00.036) 0:10:08.906 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:14:12 +0000 (0:00:00.033) 0:10:08.939 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643735637.285422, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "35b4072e76982b6bd660eaefedee34ffb93368ed", "ctime": 1643735639.279422, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 145707, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643735639.279422, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4124647816", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:14:12 +0000 (0:00:00.370) 0:10:09.310 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:14:12 +0000 (0:00:00.021) 0:10:09.332 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:14:12 +0000 (0:00:00.035) 0:10:09.368 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.194390", "end": "2022-02-01 17:14:12.650784", "rc": 0, "start": "2022-02-01 17:14:12.456394" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "D1:90:25:A3:0A:54:FF:92:E1:96:64:A7:19:47:0B:8F:EA:78:A9:3D", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "93:1A:F4:AE:E7:59:92:AD:B0:11:EC:44:46:8C:10:3A:A6:A6:84:9E", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5B:21:E3:27:DF:BD:41:A3:99:A5:6A:07:0A:4B:DA:3D:C6:B8:5D:2F:16:6A:AD:D0:B2:FC:1A:73:D7:65:95:0C:DF:E2:E1:B0:3A:41:FC:B2:82:2C:2B:24:33:A2:B7:B4:B2:28:C5:BB:B8:45:18:90:64:97:89:BB:54:A8:48:8D:77:A3:C6:5A:BD:9D:26:6B:F5:36:C8:06:B5:7A:00:3B:B4:51:6E:8C:04:E4:7F:10:75:0F:73:E6:E1:DA:DD:66:75:5E:33:BF:54:A2:86:39:C9:CC:14:F8:C3:01:CB:8B:C5:52:23:DE:E3:48:DB:BE:1D:28:8C:07:C1:06:02:C4:37:CA:44:E0:FB:4C:EB:7A:9E:E0:C2:A9:97:E6:08:64:3A:2D:65:D8:F5:CA:82:09:A0:BE:8F:B5:7C:27:9E:66:D5:5A:EF:24:1E:AC:09:9C:5B:BA:19:20:60:C2:7F:3A:74:65:70:4B:BB:62:C9:B6:F6:ED:5F:C3:DB:B6:49:91:42:E6:58:CC:1E:D0:08:C6:97:01:DE:7C:25:06:EA:6A:F4:9B:51:7A:29:43:45:14:77:63:A5:EE:2D:BD:20:20:16:4A:02:F0:00:DD:7D:B8:68:A5:7E:03:C2:7F:BF:A1:27:C6:1D:7C:84:FD:FD:16:74:96:CC:58:64:D8:48:E5:E1:E0:F8:4E:79:2C:02:9A:73:5C:47:80:6D:79:5E:BE:A2:DF:81:77:2A:B1:1B:4D:F1:9F:FA:A2:53:E9:64:C4:1B:F9:08:09:09:E4:CE:76:70:4B:78:2C:4E:84:8E:1C:5C:4A:4E:0F:A2:19:91:09:38:68:DB:1F:99:85:BA:E6:94:4B:D1:03:4A:A2:40:FD:11:BC:7F:24:02:1D:02:AD:1A:1C:3E:4D:08:75:66:15:68:48:75:00:99:FB:D6:32:28:BF:6D:BA:74:ED:62:B7:C4:EC:B8:EC:61:93:75:F1:B1:36:8C:DF:36:55:DD:E8:57:3D:EE:B6:A9:41:8D:4F" }, "key_size": 2048, "validity": { "not_valid_after": "2024-02-02 17:13:58", "not_valid_before": "2022-02-01 17:13:58" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.556) 0:10:09.925 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "D1:90:25:A3:0A:54:FF:92:E1:96:64:A7:19:47:0B:8F:EA:78:A9:3D" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "93:1A:F4:AE:E7:59:92:AD:B0:11:EC:44:46:8C:10:3A:A6:A6:84:9E" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "5B:21:E3:27:DF:BD:41:A3:99:A5:6A:07:0A:4B:DA:3D:C6:B8:5D:2F:16:6A:AD:D0:B2:FC:1A:73:D7:65:95:0C:DF:E2:E1:B0:3A:41:FC:B2:82:2C:2B:24:33:A2:B7:B4:B2:28:C5:BB:B8:45:18:90:64:97:89:BB:54:A8:48:8D:77:A3:C6:5A:BD:9D:26:6B:F5:36:C8:06:B5:7A:00:3B:B4:51:6E:8C:04:E4:7F:10:75:0F:73:E6:E1:DA:DD:66:75:5E:33:BF:54:A2:86:39:C9:CC:14:F8:C3:01:CB:8B:C5:52:23:DE:E3:48:DB:BE:1D:28:8C:07:C1:06:02:C4:37:CA:44:E0:FB:4C:EB:7A:9E:E0:C2:A9:97:E6:08:64:3A:2D:65:D8:F5:CA:82:09:A0:BE:8F:B5:7C:27:9E:66:D5:5A:EF:24:1E:AC:09:9C:5B:BA:19:20:60:C2:7F:3A:74:65:70:4B:BB:62:C9:B6:F6:ED:5F:C3:DB:B6:49:91:42:E6:58:CC:1E:D0:08:C6:97:01:DE:7C:25:06:EA:6A:F4:9B:51:7A:29:43:45:14:77:63:A5:EE:2D:BD:20:20:16:4A:02:F0:00:DD:7D:B8:68:A5:7E:03:C2:7F:BF:A1:27:C6:1D:7C:84:FD:FD:16:74:96:CC:58:64:D8:48:E5:E1:E0:F8:4E:79:2C:02:9A:73:5C:47:80:6D:79:5E:BE:A2:DF:81:77:2A:B1:1B:4D:F1:9F:FA:A2:53:E9:64:C4:1B:F9:08:09:09:E4:CE:76:70:4B:78:2C:4E:84:8E:1C:5C:4A:4E:0F:A2:19:91:09:38:68:DB:1F:99:85:BA:E6:94:4B:D1:03:4A:A2:40:FD:11:BC:7F:24:02:1D:02:AD:1A:1C:3E:4D:08:75:66:15:68:48:75:00:99:FB:D6:32:28:BF:6D:BA:74:ED:62:B7:C4:EC:B8:EC:61:93:75:F1:B1:36:8C:DF:36:55:DD:E8:57:3D:EE:B6:A9:41:8D:4F" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-02-02 17:13:58", "not_valid_before": "2022-02-01 17:13:58" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.033) 0:10:09.958 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.032) 0:10:09.991 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.018) 0:10:10.009 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.033) 0:10:10.043 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.031) 0:10:10.074 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.030) 0:10:10.105 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.050225", "end": "2022-02-01 17:14:13.244642", "rc": 0, "start": "2022-02-01 17:14:13.194417" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.412) 0:10:10.517 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.034) 0:10:10.551 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:14:13 +0000 (0:00:00.017) 0:10:10.568 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:14:15 +0000 (0:00:01.944) 0:10:12.513 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:14:17 +0000 (0:00:01.098) 0:10:13.611 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:14:17 +0000 (0:00:00.944) 0:10:14.556 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643735640.734422, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0f1ae41557fb31b8245c375d21266fa8a0446821", "ctime": 1643735640.882422, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 145710, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643735640.730422, "nlink": 1, "path": "/etc/pki/tls/certs/groupcert.crt", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "1717830617", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:14:18 +0000 (0:00:00.378) 0:10:14.935 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:14:18 +0000 (0:00:00.022) 0:10:14.957 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:14:18 +0000 (0:00:00.039) 0:10:14.996 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:14:18 +0000 (0:00:00.036) 0:10:15.033 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643735639.948422, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bed3b135d8a9063f819c7e3816309b0123c795d5", "ctime": 1643735640.8834221, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 145709, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643735640.730422, "nlink": 1, "path": "/etc/pki/tls/private/groupcert.key", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "2625320562", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:14:18 +0000 (0:00:00.387) 0:10:15.420 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:14:18 +0000 (0:00:00.020) 0:10:15.441 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:14:18 +0000 (0:00:00.034) 0:10:15.476 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/groupcert.crt" ], "delta": "0:00:00.193554", "end": "2022-02-01 17:14:18.763749", "rc": 0, "start": "2022-02-01 17:14:18.570195" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "D1:90:25:A3:0A:54:FF:92:E1:96:64:A7:19:47:0B:8F:EA:78:A9:3D", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "1B:62:D3:40:13:1B:F1:8E:5F:1F:42:B4:46:7F:76:4D:3D:AF:F0:ED", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6A:2B:2C:FA:34:7D:2F:C7:42:D5:79:B3:29:C7:56:CC:80:38:4D:35:F6:80:EB:D2:40:A4:16:37:46:0C:F4:A7:30:82:2A:E7:1C:56:0D:B8:0D:0D:3F:2F:A9:C3:8F:BD:D6:83:54:F1:4B:D1:75:8C:D3:09:4F:56:0E:D0:6F:30:71:1D:43:5A:D5:C6:C9:F4:C6:DE:76:A6:10:C9:3B:24:79:2D:D2:23:3B:98:05:2A:EB:0D:57:7B:AE:3D:38:AD:7B:37:00:E7:8A:05:13:8A:47:F0:22:D7:9A:93:33:53:B1:4B:73:5F:CE:F9:53:9A:9C:A1:C7:67:D4:E4:14:3D:A9:0D:C3:29:FA:E7:F2:0A:F1:07:87:51:09:2D:49:4A:57:CE:61:34:96:BD:0B:CE:BC:F9:AC:A3:2E:01:C3:DC:EF:48:84:0D:02:89:C6:84:01:04:FC:BC:4E:4E:12:9A:35:17:1F:82:DB:59:1F:DC:B9:E8:46:8B:58:CA:07:49:7D:0C:29:FD:59:26:C6:06:1A:DB:7C:4A:50:28:4E:EF:2B:92:D5:10:D8:90:15:23:33:68:1A:40:3A:57:1F:17:CC:05:7D:A5:B0:15:53:23:E0:10:F1:5B:8D:07:02:D1:BD:F6:C9:7C:86:76:59:66:E9:7B:24:6A:92:12:27:E8:5C:CB:29:8A:E8:B7:45:59:2A:7B:9A:9F:48:70:52:B3:D8:9D:0D:8F:FA:88:FB:6F:EF:D0:49:7C:75:10:37:67:3A:1D:14:08:2D:DF:FB:1F:BA:01:FD:FD:8D:26:3B:61:ED:1D:01:41:28:AD:1A:2E:FB:37:9C:F8:24:DD:76:4D:6C:4F:46:F2:C2:D9:B7:46:5B:19:0F:99:68:47:42:F4:0C:0E:3F:EE:4F:3C:04:1B:E1:9B:04:DF:C7:5F:B9:EE:13:A5:8D:75:E1:2F:72:F5:8F:49:85:0E:4C:24:41:5B:45:E0:4F:ED:BF:93:21:92:D4:EA:5C:E6:F3:2D:4A:AA" }, "key_size": 2048, "validity": { "not_valid_after": "2024-02-02 17:14:00", "not_valid_before": "2022-02-01 17:14:00" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:14:19 +0000 (0:00:00.562) 0:10:16.038 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "D1:90:25:A3:0A:54:FF:92:E1:96:64:A7:19:47:0B:8F:EA:78:A9:3D" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "1B:62:D3:40:13:1B:F1:8E:5F:1F:42:B4:46:7F:76:4D:3D:AF:F0:ED" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6A:2B:2C:FA:34:7D:2F:C7:42:D5:79:B3:29:C7:56:CC:80:38:4D:35:F6:80:EB:D2:40:A4:16:37:46:0C:F4:A7:30:82:2A:E7:1C:56:0D:B8:0D:0D:3F:2F:A9:C3:8F:BD:D6:83:54:F1:4B:D1:75:8C:D3:09:4F:56:0E:D0:6F:30:71:1D:43:5A:D5:C6:C9:F4:C6:DE:76:A6:10:C9:3B:24:79:2D:D2:23:3B:98:05:2A:EB:0D:57:7B:AE:3D:38:AD:7B:37:00:E7:8A:05:13:8A:47:F0:22:D7:9A:93:33:53:B1:4B:73:5F:CE:F9:53:9A:9C:A1:C7:67:D4:E4:14:3D:A9:0D:C3:29:FA:E7:F2:0A:F1:07:87:51:09:2D:49:4A:57:CE:61:34:96:BD:0B:CE:BC:F9:AC:A3:2E:01:C3:DC:EF:48:84:0D:02:89:C6:84:01:04:FC:BC:4E:4E:12:9A:35:17:1F:82:DB:59:1F:DC:B9:E8:46:8B:58:CA:07:49:7D:0C:29:FD:59:26:C6:06:1A:DB:7C:4A:50:28:4E:EF:2B:92:D5:10:D8:90:15:23:33:68:1A:40:3A:57:1F:17:CC:05:7D:A5:B0:15:53:23:E0:10:F1:5B:8D:07:02:D1:BD:F6:C9:7C:86:76:59:66:E9:7B:24:6A:92:12:27:E8:5C:CB:29:8A:E8:B7:45:59:2A:7B:9A:9F:48:70:52:B3:D8:9D:0D:8F:FA:88:FB:6F:EF:D0:49:7C:75:10:37:67:3A:1D:14:08:2D:DF:FB:1F:BA:01:FD:FD:8D:26:3B:61:ED:1D:01:41:28:AD:1A:2E:FB:37:9C:F8:24:DD:76:4D:6C:4F:46:F2:C2:D9:B7:46:5B:19:0F:99:68:47:42:F4:0C:0E:3F:EE:4F:3C:04:1B:E1:9B:04:DF:C7:5F:B9:EE:13:A5:8D:75:E1:2F:72:F5:8F:49:85:0E:4C:24:41:5B:45:E0:4F:ED:BF:93:21:92:D4:EA:5C:E6:F3:2D:4A:AA" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-02-02 17:14:00", "not_valid_before": "2022-02-01 17:14:00" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:14:19 +0000 (0:00:00.034) 0:10:16.072 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:14:19 +0000 (0:00:00.035) 0:10:16.108 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:14:19 +0000 (0:00:00.021) 0:10:16.130 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:14:19 +0000 (0:00:00.032) 0:10:16.162 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:14:19 +0000 (0:00:00.031) 0:10:16.193 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:14:19 +0000 (0:00:00.033) 0:10:16.226 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/groupcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.049555", "end": "2022-02-01 17:14:19.362546", "rc": 0, "start": "2022-02-01 17:14:19.312991" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:14:20 +0000 (0:00:00.418) 0:10:16.645 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=98 changed=32 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 Tuesday 01 February 2022 17:14:20 +0000 (0:00:00.040) 0:10:16.686 ****** =============================================================================== ipaserver : Install - Ensure that IPA server packages are installed --- 200.59s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 ------------------------- ipaserver : Install - Setup CA ---------------------------------------- 137.06s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 ----------------------- ipaserver : Install - Setup HTTP --------------------------------------- 85.14s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 ----------------------- ensure hostname package is installed ----------------------------------- 64.59s /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:33 --------------------------------- ipaserver : Install - Setup DS ----------------------------------------- 17.60s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 ----------------------- ipaserver : Install - Setup NTP ---------------------------------------- 10.45s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 ----------------------- ipaserver : Install - Setup DNS ----------------------------------------- 8.08s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 ----------------------- ipaserver : Install - Ensure that IPA server packages for dns are installed --- 6.62s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 ------------------------ ipaserver : Install - Setup KRB ----------------------------------------- 5.43s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 ----------------------- Install the package, force upgrade -------------------------------------- 4.69s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- ipaserver : Install - Enable IPA ---------------------------------------- 4.57s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 ----------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 4.35s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 ipaclient : Install - Create IPA NSS database --------------------------- 4.26s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 ----------------------- ipaserver : Install - Ensure that firewall packages installed ----------- 4.16s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 ------------------------ ipaserver : Install - Setup custodia ------------------------------------ 4.07s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 ----------------------- Ensure nss package is up-to-date ---------------------------------------- 3.41s /tmp/tmpcwl050ue/tests/tasks/setup_ipa.yml:42 --------------------------------- Install certreader ------------------------------------------------------ 2.73s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- ipaserver : Install - Setup otpd ---------------------------------------- 2.50s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 ----------------------- ipaclient : Install - IPA API calls for remaining enrollment parts ------ 2.40s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 ----------------------- ipaserver : Install - Server preparation -------------------------------- 2.12s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:152 ----------------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_basic_self_signed.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:14:34 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:14:34 +0000 (0:00:00.017) 0:00:00.029 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:14:34 +0000 (0:00:00.018) 0:00:00.047 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_basic_self_signed.yml:2 Tuesday 01 February 2022 17:14:34 +0000 (0:00:00.017) 0:00:00.064 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:14:35 +0000 (0:00:01.029) 0:00:01.094 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:14:35 +0000 (0:00:00.034) 0:00:01.129 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:15:42 +0000 (0:01:07.735) 0:01:08.864 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:15:47 +0000 (0:00:04.642) 0:01:13.507 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:15:48 +0000 (0:00:00.542) 0:01:14.050 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:15:48 +0000 (0:00:00.373) 0:01:14.423 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket dbus.socket sysinit.target network.target syslog.target basic.target dbus-broker.service system.slice", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:15:49 +0000 (0:00:00.959) 0:01:15.383 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_basic_self_signed.yml:13 Tuesday 01 February 2022 17:15:50 +0000 (0:00:00.889) 0:01:16.272 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_basic_self_signed.yml:27 Tuesday 01 February 2022 17:15:51 +0000 (0:00:00.730) 0:01:17.003 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:15:51 +0000 (0:00:00.030) 0:01:17.034 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:15:51 +0000 (0:00:00.016) 0:01:17.051 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:15:53 +0000 (0:00:01.889) 0:01:18.940 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:15:57 +0000 (0:00:04.621) 0:01:23.562 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 52.9 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 83.3 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 108.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 39.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:16:00 +0000 (0:00:02.664) 0:01:26.227 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643735749.4700468, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "59448c20a3926645530af40421ca0ffa28d10230", "ctime": 1643735749.4680467, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643735749.4680467, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "537731793", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:16:00 +0000 (0:00:00.499) 0:01:26.726 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:16:00 +0000 (0:00:00.021) 0:01:26.747 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:16:00 +0000 (0:00:00.035) 0:01:26.783 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:16:00 +0000 (0:00:00.033) 0:01:26.817 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643735749.4250467, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b5d15f1eac791359179e818aa92ff9e2c6eed3e7", "ctime": 1643735749.4680467, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643735749.4680467, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1918892777", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:16:01 +0000 (0:00:00.344) 0:01:27.161 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:16:01 +0000 (0:00:00.021) 0:01:27.183 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:16:01 +0000 (0:00:00.036) 0:01:27.220 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.198683", "end": "2022-02-01 17:16:01.167735", "rc": 0, "start": "2022-02-01 17:16:00.969052" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "BC:12:3B:AB:1B:AE:C4:92:1A:66:28:F2:F3:57:E9:EB:0F:23:EA:C3", "critical": false }, "authorityKeyIdentifier": { "value": "72:99:D6:FB:4A:BD:E4:A9:5F:D6:ED:A9:7E:1A:86:82:AD:B4:DC:C5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "D5:C8:31:0C:1C:42:00:E7:1E:92:53:B2:23:42:2B:88:CA:CB:4F:CD:C9:23:DE:EA:DB:58:AC:03:DA:D2:05:8F:36:87:86:17:F1:85:C5:50:F7:D4:14:49:49:E7:AE:47:A2:66:DF:E5:09:6E:A8:C4:E4:23:48:0F:FB:E5:92:38:60:4A:AB:35:CF:DE:6B:BF:E0:6E:50:8E:3C:E2:BC:BF:F0:89:43:41:7B:35:30:63:92:68:87:08:A9:5F:E2:2D:90:DD:1B:E1:A8:95:EA:DD:96:D9:1C:46:34:49:D4:CF:7D:F8:1A:A6:AA:60:90:64:B0:0F:2E:CE:36:1B:B5:69:8B:ED:B7:B6:67:0E:38:62:C1:A6:C6:51:33:B4:4A:DD:40:F3:43:90:FB:88:55:BD:F0:04:70:BA:FD:7C:B5:FD:58:1C:7B:48:BD:FC:E4:9C:3C:FA:13:51:F2:8B:A7:89:58:D4:AD:59:75:43:71:16:44:FA:47:03:41:BA:DD:4C:FF:93:84:98:7D:74:D7:57:B2:E1:A8:CD:37:A6:59:43:00:A5:02:07:7F:8A:1B:C6:43:2A:CE:CA:1E:F9:71:04:27:C2:36:40:0B:34:94:54:C9:30:4B:EC:55:B2:32:56:9C:53:4B:4B:95:EC:09:15:70:2E:44:C8:E7:64:72:73" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:15:48", "not_valid_before": "2022-02-01 17:15:49" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:16:01 +0000 (0:00:00.684) 0:01:27.904 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "72:99:D6:FB:4A:BD:E4:A9:5F:D6:ED:A9:7E:1A:86:82:AD:B4:DC:C5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "BC:12:3B:AB:1B:AE:C4:92:1A:66:28:F2:F3:57:E9:EB:0F:23:EA:C3" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "D5:C8:31:0C:1C:42:00:E7:1E:92:53:B2:23:42:2B:88:CA:CB:4F:CD:C9:23:DE:EA:DB:58:AC:03:DA:D2:05:8F:36:87:86:17:F1:85:C5:50:F7:D4:14:49:49:E7:AE:47:A2:66:DF:E5:09:6E:A8:C4:E4:23:48:0F:FB:E5:92:38:60:4A:AB:35:CF:DE:6B:BF:E0:6E:50:8E:3C:E2:BC:BF:F0:89:43:41:7B:35:30:63:92:68:87:08:A9:5F:E2:2D:90:DD:1B:E1:A8:95:EA:DD:96:D9:1C:46:34:49:D4:CF:7D:F8:1A:A6:AA:60:90:64:B0:0F:2E:CE:36:1B:B5:69:8B:ED:B7:B6:67:0E:38:62:C1:A6:C6:51:33:B4:4A:DD:40:F3:43:90:FB:88:55:BD:F0:04:70:BA:FD:7C:B5:FD:58:1C:7B:48:BD:FC:E4:9C:3C:FA:13:51:F2:8B:A7:89:58:D4:AD:59:75:43:71:16:44:FA:47:03:41:BA:DD:4C:FF:93:84:98:7D:74:D7:57:B2:E1:A8:CD:37:A6:59:43:00:A5:02:07:7F:8A:1B:C6:43:2A:CE:CA:1E:F9:71:04:27:C2:36:40:0B:34:94:54:C9:30:4B:EC:55:B2:32:56:9C:53:4B:4B:95:EC:09:15:70:2E:44:C8:E7:64:72:73" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:15:48", "not_valid_before": "2022-02-01 17:15:49" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:16:02 +0000 (0:00:00.032) 0:01:27.937 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:16:02 +0000 (0:00:00.035) 0:01:27.972 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:16:02 +0000 (0:00:00.020) 0:01:27.993 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:16:02 +0000 (0:00:00.034) 0:01:28.028 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:16:02 +0000 (0:00:00.071) 0:01:28.099 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:16:02 +0000 (0:00:00.034) 0:01:28.133 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039254", "end": "2022-02-01 17:16:01.786287", "rc": 0, "start": "2022-02-01 17:16:01.747033" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:16:02 +0000 (0:00:00.398) 0:01:28.532 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:16:02 +0000 (0:00:00.039) 0:01:28.571 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 67.74s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - linux-system-roles.certificate : Ensure provider packages are installed --- 4.64s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install the package, force upgrade -------------------------------------- 4.62s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 2.66s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 1.89s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmpcwl050ue/tests/tests_basic_self_signed.yml:2 -------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.96s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.89s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpcwl050ue/tests/tests_basic_self_signed.yml:13 ------------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.37s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.34s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate Key Usage -------------------------------------------- 0.07s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 ------------ Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 ------------- Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 ------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_default.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:16:16 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:16:16 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:16:16 +0000 (0:00:00.018) 0:00:00.046 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmpcwl050ue/tests/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_default.yml:3 Tuesday 01 February 2022 17:16:16 +0000 (0:00:00.015) 0:00:00.062 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:16:17 +0000 (0:00:01.044) 0:00:01.106 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:16:17 +0000 (0:00:00.027) 0:00:01.134 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:17:27 +0000 (0:01:09.979) 0:01:11.114 ****** TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:17:27 +0000 (0:00:00.030) 0:01:11.145 ****** TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:17:27 +0000 (0:00:00.028) 0:01:11.173 ****** TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:17:27 +0000 (0:00:00.028) 0:01:11.201 ****** TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:17:27 +0000 (0:00:00.030) 0:01:11.231 ****** META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=4 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Tuesday 01 February 2022 17:17:27 +0000 (0:00:00.024) 0:01:11.256 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 69.98s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpcwl050ue/tests/tests_default.yml:3 ------------------------------------ linux-system-roles.certificate : Ensure provider packages are installed --- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - linux-system-roles.certificate : Ensure provider service is running ----- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - linux-system-roles.certificate : Set version specific variables --------- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- linux-system-roles.certificate : Ensure certificate requests ------------ 0.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_dns_ip_email.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:17:40 +0000 (0:00:00.010) 0:00:00.010 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:17:40 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:17:40 +0000 (0:00:00.018) 0:00:00.046 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_dns_ip_email.yml:2 Tuesday 01 February 2022 17:17:40 +0000 (0:00:00.018) 0:00:00.064 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:17:42 +0000 (0:00:01.078) 0:00:01.143 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:17:42 +0000 (0:00:00.025) 0:00:01.169 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:18:42 +0000 (0:01:00.479) 0:01:01.648 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:18:51 +0000 (0:00:08.912) 0:01:10.561 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:18:52 +0000 (0:00:00.558) 0:01:11.120 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:18:52 +0000 (0:00:00.412) 0:01:11.532 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target system.slice systemd-journald.socket sysinit.target basic.target dbus-broker.service dbus.socket network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:18:53 +0000 (0:00:01.017) 0:01:12.550 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "My Certificate with SAN", "dns": [ "sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com" ], "email": [ "sysadmin@example.com", "support@example.com" ], "ip": [ "192.0.2.12", "198.51.100.65", "2001:db8::2:1" ], "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_dns_ip_email.yml:24 Tuesday 01 February 2022 17:18:54 +0000 (0:00:00.905) 0:01:13.455 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_dns_ip_email.yml:54 Tuesday 01 February 2022 17:18:55 +0000 (0:00:00.738) 0:01:14.194 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'My Certificate with SAN'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'sub1.example.com'}, {'name': 'DNS', 'value': 'www.example.com'}, {'name': 'DNS', 'value': 'sub2.example.com'}, {'name': 'DNS', 'value': 'sub3.example.com'}, {'name': 'email', 'value': 'sysadmin@example.com'}, {'name': 'email', 'value': 'support@example.com'}, {'name': 'IP Address', 'value': '192.0.2.12'}, {'name': 'IP Address', 'value': '198.51.100.65'}, {'name': 'IP Address', 'value': '2001:db8::2:1'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:18:55 +0000 (0:00:00.028) 0:01:14.222 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:18:55 +0000 (0:00:00.013) 0:01:14.236 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:18:57 +0000 (0:00:01.931) 0:01:16.167 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:19:01 +0000 (0:00:04.834) 0:01:21.002 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 46.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 82.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 106.4 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 37.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:19:04 +0000 (0:00:02.814) 0:01:23.816 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643735933.9903467, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2f7b6a903bbb4d0e2bf65b8cacb9e63c64bb4d8a", "ctime": 1643735933.9873466, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643735933.9873466, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1484, "uid": 0, "version": "1460340638", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:19:05 +0000 (0:00:00.512) 0:01:24.329 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:19:05 +0000 (0:00:00.019) 0:01:24.348 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:19:05 +0000 (0:00:00.034) 0:01:24.383 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:19:05 +0000 (0:00:00.032) 0:01:24.416 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643735933.9463465, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "019837242ad8d549627554a55cc955d0457fa1bc", "ctime": 1643735933.9873466, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643735933.9873466, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "328658839", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:19:05 +0000 (0:00:00.381) 0:01:24.797 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:19:05 +0000 (0:00:00.018) 0:01:24.816 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:19:05 +0000 (0:00:00.033) 0:01:24.849 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.210322", "end": "2022-02-01 17:19:06.140569", "rc": 0, "start": "2022-02-01 17:19:05.930247" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "EE:B5:90:91:B8:0E:1C:4F:78:E4:DD:09:AE:A7:3E:A1:C2:3C:06:37", "critical": false }, "authorityKeyIdentifier": { "value": "A5:D5:11:51:71:6C:8A:68:1B:FC:E3:A5:7F:0F:E8:31:EF:6D:12:10", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1C:CE:2B:5A:58:00:3B:5B:8B:BD:4A:54:60:56:A7:B6:F5:22:D9:88:27:2B:CE:F6:C3:CB:67:0C:08:BB:28:E5:81:A9:0C:CF:B6:19:D4:F1:09:EA:76:73:89:DC:0F:32:B6:68:90:0A:D6:2A:AC:37:7A:76:7C:18:7A:4D:5E:6B:51:2C:CA:20:4D:DC:E7:94:22:D2:D9:34:FF:63:46:46:8C:C2:8B:58:AF:C4:00:C5:E7:8C:3F:E9:CD:C9:61:6A:FF:4B:99:F3:51:7B:24:CA:ED:EB:10:93:3F:93:1C:26:60:D9:96:05:5F:18:83:1B:08:25:FE:B4:F4:06:DB:62:B9:5A:9D:BE:28:53:02:8E:79:15:BE:5C:40:8A:A7:5E:08:4E:3E:18:54:FE:55:12:0B:DD:59:4E:97:9E:13:9F:52:41:A1:71:6F:91:86:B6:42:6C:60:6D:25:5B:60:A0:9C:19:90:8D:5F:B4:D8:77:08:EB:5D:77:27:2A:BA:BB:3B:91:05:14:4E:30:64:C9:68:EC:14:8A:75:C7:56:17:63:D6:0F:21:88:71:71:A0:81:E9:F9:88:9D:96:93:F7:B9:92:20:F3:89:AA:0D:16:80:24:1C:BE:B5:52:B4:D6:C9:2C:F6:52:B6:D5:B1:EE:06:C2:A7:68:C0:24:1A:ED" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:18:53", "not_valid_before": "2022-02-01 17:18:53" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:19:06 +0000 (0:00:00.675) 0:01:25.525 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "A5:D5:11:51:71:6C:8A:68:1B:FC:E3:A5:7F:0F:E8:31:EF:6D:12:10" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "EE:B5:90:91:B8:0E:1C:4F:78:E4:DD:09:AE:A7:3E:A1:C2:3C:06:37" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1C:CE:2B:5A:58:00:3B:5B:8B:BD:4A:54:60:56:A7:B6:F5:22:D9:88:27:2B:CE:F6:C3:CB:67:0C:08:BB:28:E5:81:A9:0C:CF:B6:19:D4:F1:09:EA:76:73:89:DC:0F:32:B6:68:90:0A:D6:2A:AC:37:7A:76:7C:18:7A:4D:5E:6B:51:2C:CA:20:4D:DC:E7:94:22:D2:D9:34:FF:63:46:46:8C:C2:8B:58:AF:C4:00:C5:E7:8C:3F:E9:CD:C9:61:6A:FF:4B:99:F3:51:7B:24:CA:ED:EB:10:93:3F:93:1C:26:60:D9:96:05:5F:18:83:1B:08:25:FE:B4:F4:06:DB:62:B9:5A:9D:BE:28:53:02:8E:79:15:BE:5C:40:8A:A7:5E:08:4E:3E:18:54:FE:55:12:0B:DD:59:4E:97:9E:13:9F:52:41:A1:71:6F:91:86:B6:42:6C:60:6D:25:5B:60:A0:9C:19:90:8D:5F:B4:D8:77:08:EB:5D:77:27:2A:BA:BB:3B:91:05:14:4E:30:64:C9:68:EC:14:8A:75:C7:56:17:63:D6:0F:21:88:71:71:A0:81:E9:F9:88:9D:96:93:F7:B9:92:20:F3:89:AA:0D:16:80:24:1C:BE:B5:52:B4:D6:C9:2C:F6:52:B6:D5:B1:EE:06:C2:A7:68:C0:24:1A:ED" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "validity": { "not_valid_after": "2023-02-01 17:18:53", "not_valid_before": "2022-02-01 17:18:53" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:19:06 +0000 (0:00:00.030) 0:01:25.555 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:19:06 +0000 (0:00:00.030) 0:01:25.586 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:19:06 +0000 (0:00:00.021) 0:01:25.608 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:19:06 +0000 (0:00:00.034) 0:01:25.643 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:19:06 +0000 (0:00:00.035) 0:01:25.678 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:19:06 +0000 (0:00:00.033) 0:01:25.712 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.050244", "end": "2022-02-01 17:19:06.772608", "rc": 0, "start": "2022-02-01 17:19:06.722364" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:19:07 +0000 (0:00:00.438) 0:01:26.150 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:19:07 +0000 (0:00:00.036) 0:01:26.186 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 60.48s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - linux-system-roles.certificate : Ensure provider packages are installed --- 8.91s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install the package, force upgrade -------------------------------------- 4.83s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 2.81s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 1.93s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.08s /tmp/tmpcwl050ue/tests/tests_dns_ip_email.yml:2 ------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.91s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmpcwl050ue/tests/tests_dns_ip_email.yml:24 ------------------------------ Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.44s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate Key Usage -------------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 ------------ Verify key size --------------------------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 ------------ Verify certificate file owner and group --------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify certificate Extended Key Usage ----------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 ------------ + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:19:21 +0000 (0:00:00.010) 0:00:00.010 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:19:21 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:19:21 +0000 (0:00:00.018) 0:00:00.047 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:2 Tuesday 01 February 2022 17:19:21 +0000 (0:00:00.017) 0:00:00.065 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:5 Tuesday 01 February 2022 17:19:22 +0000 (0:00:01.134) 0:00:01.200 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:9 Tuesday 01 February 2022 17:19:23 +0000 (0:00:00.865) 0:00:02.065 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:13 Tuesday 01 February 2022 17:19:24 +0000 (0:00:00.738) 0:00:02.804 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:19:25 +0000 (0:00:00.767) 0:00:03.571 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:19:25 +0000 (0:00:00.028) 0:00:03.599 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:20:07 +0000 (0:00:42.684) 0:00:46.284 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:20:11 +0000 (0:00:04.090) 0:00:50.374 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:20:12 +0000 (0:00:00.624) 0:00:50.999 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:20:13 +0000 (0:00:00.440) 0:00:51.439 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target dbus.socket system.slice syslog.target basic.target systemd-journald.socket network.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:20:14 +0000 (0:00:01.095) 0:00:52.535 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/fedora-34.qcow2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:31 Tuesday 01 February 2022 17:20:16 +0000 (0:00:02.040) 0:00:54.575 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:60 Tuesday 01 February 2022 17:20:16 +0000 (0:00:00.775) 0:00:55.350 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'}) included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:20:16 +0000 (0:00:00.042) 0:00:55.393 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:20:16 +0000 (0:00:00.017) 0:00:55.410 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:20:19 +0000 (0:00:02.253) 0:00:57.664 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:20:24 +0000 (0:00:05.131) 0:01:02.796 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 70.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 20.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 84.8 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 32.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:20:27 +0000 (0:00:02.879) 0:01:05.675 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736014.1161149, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "429fdc96f0f5d3d8a1e1a06f85fc9395a78ebc8a", "ctime": 1643736014.262115, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 137979, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643736014.1131148, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "3110992925", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:20:27 +0000 (0:00:00.579) 0:01:06.255 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:20:27 +0000 (0:00:00.022) 0:01:06.278 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:20:27 +0000 (0:00:00.042) 0:01:06.320 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:20:27 +0000 (0:00:00.035) 0:01:06.355 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736014.068115, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6ef07be3c25037f329cb739ec7ddb5736e55bd05", "ctime": 1643736014.263115, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 137978, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643736014.1131148, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "27478606", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:20:28 +0000 (0:00:00.401) 0:01:06.756 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:20:28 +0000 (0:00:00.022) 0:01:06.779 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:20:28 +0000 (0:00:00.040) 0:01:06.819 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.207447", "end": "2022-02-01 17:20:28.352081", "rc": 0, "start": "2022-02-01 17:20:28.144634" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "D3:CD:6A:34:D7:54:E7:EC:49:F9:85:B6:5F:FC:18:47:0E:4F:E6:A0", "critical": false }, "authorityKeyIdentifier": { "value": "C5:37:8D:98:38:EB:13:1C:35:87:65:3C:4C:26:08:85:8D:E6:97:01", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "38:12:92:0F:57:B1:7C:DE:FA:A3:55:7E:B4:2F:2A:5D:4D:52:8A:2F:1C:1D:B6:1F:17:C5:02:BC:05:68:FA:FA:9B:33:36:3A:B6:76:BF:45:15:30:B0:45:42:23:D4:35:93:1D:14:A6:EC:1A:62:4A:0B:75:38:7B:7D:F4:A3:56:A0:BB:18:50:CF:99:65:FD:2F:BA:EA:19:A9:A2:4C:AA:BC:F7:87:A9:06:DA:5D:F3:3B:04:CA:15:82:41:63:B3:45:06:6C:CC:68:D5:94:14:D9:44:1D:B1:6C:4D:87:BE:D5:3B:AA:6D:BD:10:11:E4:A4:14:5D:9C:06:01:3C:27:3A:D2:41:79:93:6D:1A:F6:AA:3F:2B:11:98:B1:C6:EA:76:0D:C2:AE:D3:4D:05:DE:38:97:95:60:12:7C:14:DA:32:37:87:5F:D4:70:52:7C:F5:49:EC:BB:A9:6C:34:0D:BF:31:07:5D:EF:68:20:53:5D:E3:66:C1:46:48:A9:09:3C:85:AE:64:AB:ED:21:7C:9D:50:B2:B2:06:D4:C4:FB:67:9F:64:A0:9B:9B:7F:17:0F:E9:C5:59:B4:C8:74:10:74:7E:65:9A:8E:7C:F0:8C:3C:92:33:52:11:6C:C1:D7:A2:A4:B4:4B:66:03:85:E3:4A:BA:98:4D:E1:D6:AB:25" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:20:13", "not_valid_before": "2022-02-01 17:20:14" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.757) 0:01:07.577 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "C5:37:8D:98:38:EB:13:1C:35:87:65:3C:4C:26:08:85:8D:E6:97:01" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "D3:CD:6A:34:D7:54:E7:EC:49:F9:85:B6:5F:FC:18:47:0E:4F:E6:A0" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "38:12:92:0F:57:B1:7C:DE:FA:A3:55:7E:B4:2F:2A:5D:4D:52:8A:2F:1C:1D:B6:1F:17:C5:02:BC:05:68:FA:FA:9B:33:36:3A:B6:76:BF:45:15:30:B0:45:42:23:D4:35:93:1D:14:A6:EC:1A:62:4A:0B:75:38:7B:7D:F4:A3:56:A0:BB:18:50:CF:99:65:FD:2F:BA:EA:19:A9:A2:4C:AA:BC:F7:87:A9:06:DA:5D:F3:3B:04:CA:15:82:41:63:B3:45:06:6C:CC:68:D5:94:14:D9:44:1D:B1:6C:4D:87:BE:D5:3B:AA:6D:BD:10:11:E4:A4:14:5D:9C:06:01:3C:27:3A:D2:41:79:93:6D:1A:F6:AA:3F:2B:11:98:B1:C6:EA:76:0D:C2:AE:D3:4D:05:DE:38:97:95:60:12:7C:14:DA:32:37:87:5F:D4:70:52:7C:F5:49:EC:BB:A9:6C:34:0D:BF:31:07:5D:EF:68:20:53:5D:E3:66:C1:46:48:A9:09:3C:85:AE:64:AB:ED:21:7C:9D:50:B2:B2:06:D4:C4:FB:67:9F:64:A0:9B:9B:7F:17:0F:E9:C5:59:B4:C8:74:10:74:7E:65:9A:8E:7C:F0:8C:3C:92:33:52:11:6C:C1:D7:A2:A4:B4:4B:66:03:85:E3:4A:BA:98:4D:E1:D6:AB:25" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:20:13", "not_valid_before": "2022-02-01 17:20:14" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.044) 0:01:07.622 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.036) 0:01:07.658 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.023) 0:01:07.681 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.035) 0:01:07.717 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.035) 0:01:07.753 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.034) 0:01:07.787 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039375", "end": "2022-02-01 17:20:28.983992", "rc": 0, "start": "2022-02-01 17:20:28.944617" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.418) 0:01:08.206 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.036) 0:01:08.242 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:20:29 +0000 (0:00:00.017) 0:01:08.260 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:20:31 +0000 (0:00:02.063) 0:01:10.323 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:20:33 +0000 (0:00:01.148) 0:01:11.472 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:20:33 +0000 (0:00:00.928) 0:01:12.400 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736015.2771149, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9d3eab44f5573b69ff8078e76e856bcffd6c4cd4", "ctime": 1643736015.3231149, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 137981, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643736015.273115, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "3891559505", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:20:34 +0000 (0:00:00.374) 0:01:12.775 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:20:34 +0000 (0:00:00.019) 0:01:12.794 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:20:34 +0000 (0:00:00.038) 0:01:12.833 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:20:34 +0000 (0:00:00.041) 0:01:12.875 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736015.1921148, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "980d41ec669a92a84f5854abffef9e79f6745426", "ctime": 1643736015.3231149, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 137980, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643736015.273115, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 1040, "version": "3197153835", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:20:34 +0000 (0:00:00.396) 0:01:13.271 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:20:34 +0000 (0:00:00.022) 0:01:13.293 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:20:34 +0000 (0:00:00.043) 0:01:13.337 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.210897", "end": "2022-02-01 17:20:34.688674", "rc": 0, "start": "2022-02-01 17:20:34.477777" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "D6:0B:3A:3D:6A:54:8B:18:A9:37:40:5E:30:8B:83:0E:38:3A:9B:D6", "critical": false }, "authorityKeyIdentifier": { "value": "C5:37:8D:98:38:EB:13:1C:35:87:65:3C:4C:26:08:85:8D:E6:97:01", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "73:94:A0:7C:7C:E5:60:A8:A5:C7:55:71:03:8F:27:5B:CA:D6:93:52:5E:85:0C:99:B8:3F:C3:D1:26:4E:E8:23:B9:F8:92:EE:0D:D8:12:80:6F:EC:6B:08:40:0A:BC:4E:45:99:4A:8A:7E:2E:11:40:CA:38:6E:26:F7:9D:46:34:4F:31:30:6D:15:35:0B:1A:5E:E2:37:32:39:80:50:B1:FC:56:4C:D9:64:49:D1:6E:5C:34:15:D8:09:0B:F6:B5:EB:05:85:0D:6B:86:A8:BF:70:21:D7:CF:D4:2C:A5:4B:9E:0A:4D:55:64:C2:22:BB:9C:8C:E6:28:6A:E0:8C:8C:66:39:F0:E0:72:23:64:9B:AD:DE:E4:71:AE:0A:05:EA:86:FA:3D:50:8F:7A:63:92:00:C2:CB:47:11:A9:F4:B3:99:B6:33:1E:AF:4B:5E:4F:D5:90:31:B8:86:9A:7E:C0:DF:EB:0A:BD:83:E8:3E:D7:80:41:E4:7B:E3:25:60:34:53:13:04:4A:F7:1A:5C:8B:23:6B:11:F9:B5:89:32:CF:D3:CB:58:DF:27:29:70:F0:47:D2:A2:4F:D3:92:BD:B2:2E:C5:53:0F:BE:5C:43:41:4C:5E:3E:F7:7F:4B:CC:8A:96:01:5E:EE:42:20:2F:76:09:B6:EB:CB:E9:E7:45:95" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:20:13", "not_valid_before": "2022-02-01 17:20:15" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:20:35 +0000 (0:00:00.575) 0:01:13.913 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "C5:37:8D:98:38:EB:13:1C:35:87:65:3C:4C:26:08:85:8D:E6:97:01" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "D6:0B:3A:3D:6A:54:8B:18:A9:37:40:5E:30:8B:83:0E:38:3A:9B:D6" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "73:94:A0:7C:7C:E5:60:A8:A5:C7:55:71:03:8F:27:5B:CA:D6:93:52:5E:85:0C:99:B8:3F:C3:D1:26:4E:E8:23:B9:F8:92:EE:0D:D8:12:80:6F:EC:6B:08:40:0A:BC:4E:45:99:4A:8A:7E:2E:11:40:CA:38:6E:26:F7:9D:46:34:4F:31:30:6D:15:35:0B:1A:5E:E2:37:32:39:80:50:B1:FC:56:4C:D9:64:49:D1:6E:5C:34:15:D8:09:0B:F6:B5:EB:05:85:0D:6B:86:A8:BF:70:21:D7:CF:D4:2C:A5:4B:9E:0A:4D:55:64:C2:22:BB:9C:8C:E6:28:6A:E0:8C:8C:66:39:F0:E0:72:23:64:9B:AD:DE:E4:71:AE:0A:05:EA:86:FA:3D:50:8F:7A:63:92:00:C2:CB:47:11:A9:F4:B3:99:B6:33:1E:AF:4B:5E:4F:D5:90:31:B8:86:9A:7E:C0:DF:EB:0A:BD:83:E8:3E:D7:80:41:E4:7B:E3:25:60:34:53:13:04:4A:F7:1A:5C:8B:23:6B:11:F9:B5:89:32:CF:D3:CB:58:DF:27:29:70:F0:47:D2:A2:4F:D3:92:BD:B2:2E:C5:53:0F:BE:5C:43:41:4C:5E:3E:F7:7F:4B:CC:8A:96:01:5E:EE:42:20:2F:76:09:B6:EB:CB:E9:E7:45:95" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:20:13", "not_valid_before": "2022-02-01 17:20:15" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:20:35 +0000 (0:00:00.033) 0:01:13.947 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:20:35 +0000 (0:00:00.036) 0:01:13.984 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:20:35 +0000 (0:00:00.020) 0:01:14.004 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:20:35 +0000 (0:00:00.032) 0:01:14.037 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:20:35 +0000 (0:00:00.035) 0:01:14.072 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:20:35 +0000 (0:00:00.034) 0:01:14.107 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041499", "end": "2022-02-01 17:20:35.303565", "rc": 0, "start": "2022-02-01 17:20:35.262066" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:20:36 +0000 (0:00:00.420) 0:01:14.527 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=55 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:20:36 +0000 (0:00:00.036) 0:01:14.564 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 42.68s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 5.13s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 4.09s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.88s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 2.25s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 2.06s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure certificate requests ------------ 2.04s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Install the package, force upgrade -------------------------------------- 1.15s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- Gathering Facts --------------------------------------------------------- 1.13s /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:2 ----------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.10s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Install certreader ------------------------------------------------------ 0.93s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure user exists ------------------------------------------------------ 0.87s /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:5 ----------------------------------- Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:31 ---------------------------------- Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:13 ---------------------------------- Parse certificate ------------------------------------------------------- 0.76s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- Ensure group "somegroup" exists ----------------------------------------- 0.74s /tmp/tmpcwl050ue/tests/tests_fs_attrs.yml:9 ----------------------------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.62s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.58s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- Parse certificate ------------------------------------------------------- 0.58s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.44s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_include_vars_from_parent.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:20:49 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:20:49 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:20:49 +0000 (0:00:00.018) 0:00:00.047 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmpcwl050ue/tests/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_include_vars_from_parent.yml:1 Tuesday 01 February 2022 17:20:49 +0000 (0:00:00.010) 0:00:00.057 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmpcwl050ue/tests/tests_include_vars_from_parent.yml:3 Tuesday 01 February 2022 17:20:50 +0000 (0:00:01.115) 0:00:01.173 ****** changed: [/cache/fedora-34.qcow2 -> localhost] => (item=Fedora-34) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpcwl050ue/tests/roles/caller/vars/Fedora-34.yml", "gid": 0, "group": "root", "item": "Fedora-34", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1643736050.6326156-25914-80085676365729/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2 -> localhost] => (item=Fedora_34) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpcwl050ue/tests/roles/caller/vars/Fedora_34.yml", "gid": 0, "group": "root", "item": "Fedora_34", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1643736051.210171-25914-272160368455223/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2 -> localhost] => (item=Fedora) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpcwl050ue/tests/roles/caller/vars/Fedora.yml", "gid": 0, "group": "root", "item": "Fedora", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1643736051.5845745-25914-24492020229557/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2 -> localhost] => (item=RedHat) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpcwl050ue/tests/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1643736051.9488783-25914-226771684452040/source", "state": "file", "uid": 0 } TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmpcwl050ue/tests/roles/caller/tasks/main.yml:4 Tuesday 01 February 2022 17:20:52 +0000 (0:00:01.706) 0:00:02.880 ****** TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:20:52 +0000 (0:00:00.031) 0:00:02.911 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:20:52 +0000 (0:00:00.025) 0:00:02.937 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:21:33 +0000 (0:00:40.775) 0:00:43.712 ****** TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:21:33 +0000 (0:00:00.020) 0:00:43.732 ****** TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:21:33 +0000 (0:00:00.018) 0:00:43.751 ****** TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:21:33 +0000 (0:00:00.020) 0:00:43.771 ****** TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:21:33 +0000 (0:00:00.019) 0:00:43.791 ****** META: role_complete for /cache/fedora-34.qcow2 TASK [caller : assert] ********************************************************* task path: /tmp/tmpcwl050ue/tests/roles/caller/tasks/main.yml:7 Tuesday 01 February 2022 17:21:33 +0000 (0:00:00.019) 0:00:43.811 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=6 changed=2 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Tuesday 01 February 2022 17:21:33 +0000 (0:00:00.028) 0:00:43.840 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 40.78s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - create var file in caller that can override the one in called role ------ 1.71s /tmp/tmpcwl050ue/tests/tests_include_vars_from_parent.yml:3 ------------------- Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmpcwl050ue/tests/tests_include_vars_from_parent.yml:1 ------------------- include_role : {{ roletoinclude }} -------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/roles/caller/tasks/main.yml:4 -------------------------- caller : assert --------------------------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/roles/caller/tasks/main.yml:7 -------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- linux-system-roles.certificate : Ensure provider packages are installed --- 0.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - linux-system-roles.certificate : Ensure provider service is running ----- 0.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_key_size.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:21:47 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:21:47 +0000 (0:00:00.015) 0:00:00.026 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:21:47 +0000 (0:00:00.015) 0:00:00.042 ****** =============================================================================== debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_key_size.yml:2 Tuesday 01 February 2022 17:21:47 +0000 (0:00:00.016) 0:00:00.059 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:21:48 +0000 (0:00:01.027) 0:00:01.086 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:21:48 +0000 (0:00:00.025) 0:00:01.111 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:22:35 +0000 (0:00:46.457) 0:00:47.569 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:22:38 +0000 (0:00:03.534) 0:00:51.104 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:22:39 +0000 (0:00:00.553) 0:00:51.658 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:22:39 +0000 (0:00:00.387) 0:00:52.045 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target systemd-journald.socket dbus-broker.service sysinit.target network.target system.slice dbus.socket syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:22:40 +0000 (0:00:01.055) 0:00:53.101 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_key_size.yml:14 Tuesday 01 February 2022 17:22:43 +0000 (0:00:02.563) 0:00:55.664 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_key_size.yml:29 Tuesday 01 February 2022 17:22:44 +0000 (0:00:00.724) 0:00:56.388 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_size': 4096}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:22:44 +0000 (0:00:00.029) 0:00:56.418 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:22:44 +0000 (0:00:00.015) 0:00:56.433 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:22:46 +0000 (0:00:02.068) 0:00:58.502 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:22:51 +0000 (0:00:04.751) 0:01:03.253 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 82.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 21.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 103.1 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 37.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:22:53 +0000 (0:00:02.686) 0:01:05.940 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736163.2735503, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1115bdb5f13a19bbde86d9bddbab09e633f65091", "ctime": 1643736163.2705503, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736163.2705503, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1643, "uid": 0, "version": "2792662496", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:22:54 +0000 (0:00:00.497) 0:01:06.438 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:22:54 +0000 (0:00:00.020) 0:01:06.458 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:22:54 +0000 (0:00:00.033) 0:01:06.492 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:22:54 +0000 (0:00:00.033) 0:01:06.525 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736163.2155504, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5bee89ce1d3d96e41dc26b83cdc0e5032765aec4", "ctime": 1643736163.2705503, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736163.2705503, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3276, "uid": 0, "version": "4153249796", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:22:54 +0000 (0:00:00.352) 0:01:06.878 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:22:54 +0000 (0:00:00.018) 0:01:06.896 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:22:54 +0000 (0:00:00.033) 0:01:06.930 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.192711", "end": "2022-02-01 17:22:55.322879", "rc": 0, "start": "2022-02-01 17:22:55.130168" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "1A:C7:52:FF:96:18:A7:70:C3:4C:AE:94:8F:21:5E:7D:6F:D2:E7:14", "critical": false }, "authorityKeyIdentifier": { "value": "6B:F5:D5:3C:46:93:E3:78:DE:89:13:97:BB:73:1B:02:DF:80:7D:9D", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "02:5A:25:4A:FA:A2:F5:08:94:C8:27:17:5B:C5:25:A4:23:0A:EA:F7:D4:DC:02:23:A8:E9:A3:FC:FD:E8:A2:4F:BF:AC:D5:E9:15:69:E8:01:91:AF:42:C2:38:B7:0F:0B:D3:EF:9E:93:92:0E:0E:20:B9:AD:30:8A:B8:32:17:C0:C0:A5:34:E2:2E:A7:83:ED:61:42:E7:85:16:DE:FF:B3:6E:94:E3:16:75:7F:EB:EF:80:E6:04:47:21:35:88:10:9C:67:3F:43:C1:E2:6E:A1:8F:1C:8E:25:19:48:84:67:B9:29:36:07:AA:45:93:E1:27:B4:EB:31:93:C8:A0:DE:6B:A5:7E:85:D0:8C:2B:91:6C:66:36:69:5C:5F:56:5F:52:83:82:B3:55:D9:2A:03:CB:8C:A6:A3:C0:C2:CA:08:48:64:D0:D9:41:C9:70:50:EA:10:FE:6E:CD:EA:FA:87:E3:FA:FE:A2:E0:E8:EE:5B:85:96:EE:E0:1D:3C:69:FB:5A:03:CE:2C:A3:25:9E:AF:7A:0E:9F:51:1C:78:61:A0:84:3C:43:3B:50:44:C0:F8:54:8C:9F:55:74:3D:A8:AF:30:8F:06:13:9E:3A:8B:FC:4E:88:FD:4D:C8:D1:85:C2:DE:60:0F:23:16:E4:79:0D:F0:39:D7:65:E5:95:52:8E" }, "key_size": 4096, "validity": { "not_valid_after": "2023-02-01 17:22:40", "not_valid_before": "2022-02-01 17:22:43" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:22:55 +0000 (0:00:00.669) 0:01:07.599 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "6B:F5:D5:3C:46:93:E3:78:DE:89:13:97:BB:73:1B:02:DF:80:7D:9D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "1A:C7:52:FF:96:18:A7:70:C3:4C:AE:94:8F:21:5E:7D:6F:D2:E7:14" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "02:5A:25:4A:FA:A2:F5:08:94:C8:27:17:5B:C5:25:A4:23:0A:EA:F7:D4:DC:02:23:A8:E9:A3:FC:FD:E8:A2:4F:BF:AC:D5:E9:15:69:E8:01:91:AF:42:C2:38:B7:0F:0B:D3:EF:9E:93:92:0E:0E:20:B9:AD:30:8A:B8:32:17:C0:C0:A5:34:E2:2E:A7:83:ED:61:42:E7:85:16:DE:FF:B3:6E:94:E3:16:75:7F:EB:EF:80:E6:04:47:21:35:88:10:9C:67:3F:43:C1:E2:6E:A1:8F:1C:8E:25:19:48:84:67:B9:29:36:07:AA:45:93:E1:27:B4:EB:31:93:C8:A0:DE:6B:A5:7E:85:D0:8C:2B:91:6C:66:36:69:5C:5F:56:5F:52:83:82:B3:55:D9:2A:03:CB:8C:A6:A3:C0:C2:CA:08:48:64:D0:D9:41:C9:70:50:EA:10:FE:6E:CD:EA:FA:87:E3:FA:FE:A2:E0:E8:EE:5B:85:96:EE:E0:1D:3C:69:FB:5A:03:CE:2C:A3:25:9E:AF:7A:0E:9F:51:1C:78:61:A0:84:3C:43:3B:50:44:C0:F8:54:8C:9F:55:74:3D:A8:AF:30:8F:06:13:9E:3A:8B:FC:4E:88:FD:4D:C8:D1:85:C2:DE:60:0F:23:16:E4:79:0D:F0:39:D7:65:E5:95:52:8E" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:22:40", "not_valid_before": "2022-02-01 17:22:43" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:22:55 +0000 (0:00:00.040) 0:01:07.639 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:22:55 +0000 (0:00:00.036) 0:01:07.676 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:22:55 +0000 (0:00:00.021) 0:01:07.698 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:22:55 +0000 (0:00:00.068) 0:01:07.766 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:22:55 +0000 (0:00:00.031) 0:01:07.798 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:22:55 +0000 (0:00:00.031) 0:01:07.829 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038781", "end": "2022-02-01 17:22:55.935675", "rc": 0, "start": "2022-02-01 17:22:55.896894" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:22:56 +0000 (0:00:00.380) 0:01:08.210 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:22:56 +0000 (0:00:00.035) 0:01:08.245 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 46.46s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.75s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.53s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.69s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 2.56s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Ensure python3 is installed --------------------------------------------- 2.07s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.06s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmpcwl050ue/tests/tests_key_size.yml:2 ----------------------------------- Gathering Facts --------------------------------------------------------- 0.72s /tmp/tmpcwl050ue/tests/tests_key_size.yml:14 ---------------------------------- Parse certificate ------------------------------------------------------- 0.67s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve auto-renew flag ------------------------------------------------ 0.38s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.35s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify key size --------------------------------------------------------- 0.07s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 ------------ Load certificate YAML to cert_issued variable --------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 ------------- Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key file owner and group ----------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 ------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_key_usage_and_extended_key_usage.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:23:09 +0000 (0:00:00.010) 0:00:00.010 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:23:09 +0000 (0:00:00.015) 0:00:00.026 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:23:09 +0000 (0:00:00.014) 0:00:00.041 ****** =============================================================================== debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.01s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_key_usage_and_extended_key_usage.yml:2 Tuesday 01 February 2022 17:23:09 +0000 (0:00:00.016) 0:00:00.058 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:23:10 +0000 (0:00:01.028) 0:00:01.086 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:23:10 +0000 (0:00:00.025) 0:00:01.111 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:24:13 +0000 (0:01:03.082) 0:01:04.194 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:24:17 +0000 (0:00:03.693) 0:01:07.887 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:24:18 +0000 (0:00:00.555) 0:01:08.443 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:24:18 +0000 (0:00:00.405) 0:01:08.848 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target dbus-broker.service syslog.target systemd-journald.socket dbus.socket sysinit.target system.slice network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:24:19 +0000 (0:00:01.006) 0:01:09.854 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "extended_key_usage": [ "id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5" ], "key_usage": [ "digitalSignature", "nonRepudiation", "keyEncipherment" ], "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_key_usage_and_extended_key_usage.yml:22 Tuesday 01 February 2022 17:24:20 +0000 (0:00:00.947) 0:01:10.802 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_key_usage_and_extended_key_usage.yml:49 Tuesday 01 February 2022 17:24:21 +0000 (0:00:00.733) 0:01:11.535 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment'], 'extended_key_usage': [{'name': 'id-kp-clientAuth', 'oid': '1.3.6.1.5.5.7.3.2'}, {'name': 'id-kp-serverAuth', 'oid': '1.3.6.1.5.5.7.3.1'}, {'name': 'id-kp-ipsecTunnel', 'oid': '1.3.6.1.5.5.7.3.6'}, {'name': None, 'oid': '1.3.6.1.5.2.3.5'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:24:21 +0000 (0:00:00.029) 0:01:11.565 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:24:21 +0000 (0:00:00.013) 0:01:11.578 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:24:23 +0000 (0:00:02.104) 0:01:13.682 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:24:27 +0000 (0:00:04.587) 0:01:18.270 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 52.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 86.2 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 83.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 35.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:24:30 +0000 (0:00:02.682) 0:01:20.953 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736259.4013944, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "edf9688a0fa90186af9585a4e0f4f8c7bc47ad0b", "ctime": 1643736259.3983943, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736259.3983943, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1318, "uid": 0, "version": "2182303091", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:24:31 +0000 (0:00:00.507) 0:01:21.460 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:24:31 +0000 (0:00:00.023) 0:01:21.484 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:24:31 +0000 (0:00:00.040) 0:01:21.524 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:24:31 +0000 (0:00:00.037) 0:01:21.561 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736259.3563943, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d948e1306e5c13777f66b2ea48354caaaab09afa", "ctime": 1643736259.3983943, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736259.3983943, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3828714731", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:24:31 +0000 (0:00:00.374) 0:01:21.936 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:24:31 +0000 (0:00:00.023) 0:01:21.960 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:24:31 +0000 (0:00:00.038) 0:01:21.999 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.194692", "end": "2022-02-01 17:24:31.448058", "rc": 0, "start": "2022-02-01 17:24:31.253366" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "7B:FE:28:F5:E0:21:36:02:B1:A9:C9:26:AA:35:7B:76:16:16:31:82", "critical": false }, "authorityKeyIdentifier": { "value": "D6:5C:CA:B3:82:16:44:D2:AF:26:5F:54:8C:FA:1B:B2:91:AD:E1:96", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1B:41:F6:8C:E0:FA:71:DC:F8:5C:81:20:3C:8A:37:1F:78:60:FF:44:6A:08:1B:23:71:09:3C:8F:06:09:58:BE:2D:C8:4A:7F:4B:3F:FB:EF:48:7A:31:15:BF:D7:CD:9A:7A:58:95:54:1F:89:B7:48:12:02:C0:BD:74:56:20:9B:82:78:CF:12:CF:80:B4:3F:01:87:97:33:C6:8B:64:D8:A1:64:86:9F:30:2A:22:1F:29:28:B8:21:C7:44:6F:64:52:78:EF:5E:40:A7:BE:F3:87:5D:BC:41:17:51:AC:15:90:C7:3B:C2:4E:D4:2B:B2:D6:33:27:85:0B:BC:C9:2E:A5:4B:7F:DF:09:01:95:43:53:74:EA:F9:8C:DE:DE:83:5E:83:74:EA:40:8A:52:23:B6:E2:A6:AD:BC:00:06:C0:B8:F0:AA:9C:77:38:37:AB:E1:69:1A:32:12:16:09:1A:56:62:9C:FD:B5:AE:D9:CF:3F:B8:D9:72:D0:64:05:B7:EE:A3:39:97:DB:10:F4:D2:34:53:24:21:93:D0:3F:A0:9B:81:2C:BD:8C:71:B8:07:BF:EA:2F:70:07:EE:28:AE:E8:E1:46:63:79:E5:98:71:A6:F8:B0:AE:E6:20:15:00:CD:6B:31:1B:AD:90:81:51:E3:0A:C0:1B:B9:90:42:48" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:24:18", "not_valid_before": "2022-02-01 17:24:19" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.699) 0:01:22.698 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "D6:5C:CA:B3:82:16:44:D2:AF:26:5F:54:8C:FA:1B:B2:91:AD:E1:96" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "content_commitment", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "7B:FE:28:F5:E0:21:36:02:B1:A9:C9:26:AA:35:7B:76:16:16:31:82" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1B:41:F6:8C:E0:FA:71:DC:F8:5C:81:20:3C:8A:37:1F:78:60:FF:44:6A:08:1B:23:71:09:3C:8F:06:09:58:BE:2D:C8:4A:7F:4B:3F:FB:EF:48:7A:31:15:BF:D7:CD:9A:7A:58:95:54:1F:89:B7:48:12:02:C0:BD:74:56:20:9B:82:78:CF:12:CF:80:B4:3F:01:87:97:33:C6:8B:64:D8:A1:64:86:9F:30:2A:22:1F:29:28:B8:21:C7:44:6F:64:52:78:EF:5E:40:A7:BE:F3:87:5D:BC:41:17:51:AC:15:90:C7:3B:C2:4E:D4:2B:B2:D6:33:27:85:0B:BC:C9:2E:A5:4B:7F:DF:09:01:95:43:53:74:EA:F9:8C:DE:DE:83:5E:83:74:EA:40:8A:52:23:B6:E2:A6:AD:BC:00:06:C0:B8:F0:AA:9C:77:38:37:AB:E1:69:1A:32:12:16:09:1A:56:62:9C:FD:B5:AE:D9:CF:3F:B8:D9:72:D0:64:05:B7:EE:A3:39:97:DB:10:F4:D2:34:53:24:21:93:D0:3F:A0:9B:81:2C:BD:8C:71:B8:07:BF:EA:2F:70:07:EE:28:AE:E8:E1:46:63:79:E5:98:71:A6:F8:B0:AE:E6:20:15:00:CD:6B:31:1B:AD:90:81:51:E3:0A:C0:1B:B9:90:42:48" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:24:18", "not_valid_before": "2022-02-01 17:24:19" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.032) 0:01:22.731 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.035) 0:01:22.766 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.021) 0:01:22.788 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.031) 0:01:22.820 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.033) 0:01:22.853 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.031) 0:01:22.885 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037355", "end": "2022-02-01 17:24:32.020845", "rc": 0, "start": "2022-02-01 17:24:31.983490" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.383) 0:01:23.268 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:24:32 +0000 (0:00:00.038) 0:01:23.306 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 63.08s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.59s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.69s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.68s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 2.10s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmpcwl050ue/tests/tests_key_usage_and_extended_key_usage.yml:2 ----------- linux-system-roles.certificate : Ensure provider service is running ----- 1.01s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.95s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpcwl050ue/tests/tests_key_usage_and_extended_key_usage.yml:22 ---------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve auto-renew flag ------------------------------------------------ 0.38s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate permissions ------------------------------------------ 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 ------------- Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 ------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_many_self_signed.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:24:46 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:24:46 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:24:46 +0000 (0:00:00.017) 0:00:00.045 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmpcwl050ue/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_many_self_signed.yml:2 Tuesday 01 February 2022 17:24:46 +0000 (0:00:00.017) 0:00:00.063 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:24:47 +0000 (0:00:01.063) 0:00:01.127 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:24:47 +0000 (0:00:00.025) 0:00:01.152 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:26:34 +0000 (0:01:46.955) 0:01:48.108 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:26:40 +0000 (0:00:05.936) 0:01:54.045 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:26:41 +0000 (0:00:00.563) 0:01:54.608 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:26:41 +0000 (0:00:00.438) 0:01:55.046 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service system.slice dbus.socket systemd-journald.socket syslog.target basic.target network.target sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:26:42 +0000 (0:00:01.070) 0:01:56.117 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_many_self_signed.yml:18 Tuesday 01 February 2022 17:26:45 +0000 (0:00:02.496) 0:01:58.613 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_many_self_signed.yml:50 Tuesday 01 February 2022 17:26:45 +0000 (0:00:00.751) 0:01:59.365 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:26:45 +0000 (0:00:00.047) 0:01:59.412 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:26:45 +0000 (0:00:00.016) 0:01:59.428 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:26:47 +0000 (0:00:02.095) 0:02:01.524 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:26:52 +0000 (0:00:04.607) 0:02:06.132 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 52.7 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 89.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.9 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 103.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 37.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:26:55 +0000 (0:00:02.659) 0:02:08.791 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736402.5398166, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "db99698013f048bd60fb1578118c332f5c4dbb67", "ctime": 1643736402.5348165, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736402.5348165, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2421868020", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:26:55 +0000 (0:00:00.499) 0:02:09.291 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:26:55 +0000 (0:00:00.020) 0:02:09.312 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:26:55 +0000 (0:00:00.034) 0:02:09.346 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:26:55 +0000 (0:00:00.031) 0:02:09.377 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736402.4838166, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2627ef75d3796e58b60539417bc5c0bfb0bf1a7e", "ctime": 1643736402.5348165, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736402.5348165, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3158214160", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:26:56 +0000 (0:00:00.372) 0:02:09.750 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:26:56 +0000 (0:00:00.020) 0:02:09.771 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:26:56 +0000 (0:00:00.045) 0:02:09.816 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.199666", "end": "2022-02-01 17:26:56.242573", "rc": 0, "start": "2022-02-01 17:26:56.042907" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "3A:68:7A:37:F0:9E:B5:7E:7D:E8:A3:BA:8C:AC:69:9B:72:9C:ED:15", "critical": false }, "authorityKeyIdentifier": { "value": "20:48:17:4D:0F:9C:D7:B2:77:21:E4:71:C3:56:38:FF:73:A0:DC:5B", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2D:D5:A0:67:F7:57:A0:22:34:0B:FC:03:66:1E:5E:0C:97:3F:13:B5:CE:1D:37:C1:52:F9:6F:A7:08:B7:DC:E0:AC:53:27:3B:6D:14:8F:25:52:F7:17:27:C8:8A:4C:45:11:A3:08:00:3B:A3:3B:1A:54:69:0F:3F:58:81:66:75:22:8B:32:21:1A:89:E6:B5:01:A9:E0:D8:56:7F:A4:BD:F5:75:C3:4C:81:AE:17:2B:85:05:71:A6:ED:5C:A0:E7:0A:55:92:2B:B3:36:B1:EA:BF:70:2B:6B:9B:6E:AC:DE:2D:79:4B:CF:17:98:74:9B:81:6F:A0:E1:F4:14:F0:3E:EC:89:02:52:16:4D:E3:74:CA:06:97:A9:5A:02:7F:2B:2D:1C:CD:94:FB:5E:AD:3A:50:F8:09:92:26:70:36:E6:8A:EB:12:3B:6C:1E:E1:1D:B8:BF:7B:F9:BA:F0:33:D7:7C:CF:DE:21:CB:5D:44:87:74:FF:3D:56:7E:C5:1A:DF:9E:3B:23:A9:23:77:41:EE:16:D0:C9:AA:B4:3E:66:82:5A:57:5E:73:33:01:C1:4C:EF:68:CD:5E:7C:2C:28:B2:01:D9:68:4B:61:01:55:13:B6:58:80:72:72:3C:61:86:97:55:6A:DC:EA:E8:F7:A9:0A:51:FC:2C:E8:F6:E5:FA" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:26:41", "not_valid_before": "2022-02-01 17:26:42" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.729) 0:02:10.545 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "20:48:17:4D:0F:9C:D7:B2:77:21:E4:71:C3:56:38:FF:73:A0:DC:5B" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "3A:68:7A:37:F0:9E:B5:7E:7D:E8:A3:BA:8C:AC:69:9B:72:9C:ED:15" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "2D:D5:A0:67:F7:57:A0:22:34:0B:FC:03:66:1E:5E:0C:97:3F:13:B5:CE:1D:37:C1:52:F9:6F:A7:08:B7:DC:E0:AC:53:27:3B:6D:14:8F:25:52:F7:17:27:C8:8A:4C:45:11:A3:08:00:3B:A3:3B:1A:54:69:0F:3F:58:81:66:75:22:8B:32:21:1A:89:E6:B5:01:A9:E0:D8:56:7F:A4:BD:F5:75:C3:4C:81:AE:17:2B:85:05:71:A6:ED:5C:A0:E7:0A:55:92:2B:B3:36:B1:EA:BF:70:2B:6B:9B:6E:AC:DE:2D:79:4B:CF:17:98:74:9B:81:6F:A0:E1:F4:14:F0:3E:EC:89:02:52:16:4D:E3:74:CA:06:97:A9:5A:02:7F:2B:2D:1C:CD:94:FB:5E:AD:3A:50:F8:09:92:26:70:36:E6:8A:EB:12:3B:6C:1E:E1:1D:B8:BF:7B:F9:BA:F0:33:D7:7C:CF:DE:21:CB:5D:44:87:74:FF:3D:56:7E:C5:1A:DF:9E:3B:23:A9:23:77:41:EE:16:D0:C9:AA:B4:3E:66:82:5A:57:5E:73:33:01:C1:4C:EF:68:CD:5E:7C:2C:28:B2:01:D9:68:4B:61:01:55:13:B6:58:80:72:72:3C:61:86:97:55:6A:DC:EA:E8:F7:A9:0A:51:FC:2C:E8:F6:E5:FA" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:26:41", "not_valid_before": "2022-02-01 17:26:42" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.032) 0:02:10.577 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.032) 0:02:10.610 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.020) 0:02:10.631 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.030) 0:02:10.662 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.031) 0:02:10.693 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.031) 0:02:10.724 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043527", "end": "2022-02-01 17:26:56.883930", "rc": 0, "start": "2022-02-01 17:26:56.840403" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.457) 0:02:11.182 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.033) 0:02:11.216 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:26:57 +0000 (0:00:00.015) 0:02:11.231 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:26:59 +0000 (0:00:01.986) 0:02:13.217 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:27:00 +0000 (0:00:01.018) 0:02:14.236 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:27:01 +0000 (0:00:00.896) 0:02:15.132 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736403.3068166, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9eae595f8273885b7d9a2978e1903ec827c664c8", "ctime": 1643736403.3038166, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137977, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736403.3038166, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3515354084", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:27:01 +0000 (0:00:00.378) 0:02:15.511 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:27:02 +0000 (0:00:00.020) 0:02:15.531 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:27:02 +0000 (0:00:00.034) 0:02:15.565 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:27:02 +0000 (0:00:00.032) 0:02:15.597 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736403.2598164, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5a1f2ff3b26c6abeb3eab8a8e66f7228cf0c976b", "ctime": 1643736403.3038166, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137976, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736403.3038166, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "495243720", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:27:02 +0000 (0:00:00.367) 0:02:15.965 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:27:02 +0000 (0:00:00.020) 0:02:15.986 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:27:02 +0000 (0:00:00.034) 0:02:16.021 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.191621", "end": "2022-02-01 17:27:02.261422", "rc": 0, "start": "2022-02-01 17:27:02.069801" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "0F:ED:6A:C6:FC:FC:7B:2D:D2:4C:1D:41:D8:2E:A3:E4:48:C0:D0:F5", "critical": false }, "authorityKeyIdentifier": { "value": "20:48:17:4D:0F:9C:D7:B2:77:21:E4:71:C3:56:38:FF:73:A0:DC:5B", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "27:A5:9A:19:4D:D6:A0:6B:AE:55:C2:90:A5:9E:E8:E2:61:D7:7C:5D:BD:90:83:44:95:E1:F4:E0:00:F5:0A:FF:57:9F:84:AD:83:1F:49:B6:81:43:DF:60:C5:77:A0:E0:03:69:A4:59:AF:8A:73:95:21:F1:F5:4D:75:8B:7E:54:85:DA:58:26:63:36:6E:47:95:B3:83:EF:29:19:D5:04:76:C3:41:2D:DF:B4:96:CF:C7:F3:30:33:52:CC:01:83:2B:33:C8:D2:85:82:31:82:39:6B:B4:11:9A:81:F5:6E:AB:10:54:8E:D5:F8:1C:B3:38:41:EE:0E:CA:EE:55:74:FE:83:B2:40:77:D0:86:0F:E2:E4:26:BD:4E:41:C2:98:AF:C8:9D:AF:F0:31:04:EB:EC:93:46:62:21:0B:44:07:7B:7C:F2:30:DE:A8:24:BF:2F:F1:81:1F:D2:B1:D6:29:8D:14:1A:B2:45:1F:08:7C:A3:32:70:32:33:A3:66:3E:C6:85:73:DD:E0:52:E9:7C:C9:06:54:7A:32:30:91:0C:0D:DB:56:4B:39:58:0D:A4:5A:5E:BA:FA:F5:5F:E0:EB:F3:74:B1:81:57:F0:8D:30:19:D6:1F:94:14:C6:00:96:89:FF:3E:EB:2D:79:92:8F:A4:1A:6D:A8:56:DC:8D:1B" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:26:41", "not_valid_before": "2022-02-01 17:26:43" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.536) 0:02:16.557 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "20:48:17:4D:0F:9C:D7:B2:77:21:E4:71:C3:56:38:FF:73:A0:DC:5B" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "0F:ED:6A:C6:FC:FC:7B:2D:D2:4C:1D:41:D8:2E:A3:E4:48:C0:D0:F5" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "27:A5:9A:19:4D:D6:A0:6B:AE:55:C2:90:A5:9E:E8:E2:61:D7:7C:5D:BD:90:83:44:95:E1:F4:E0:00:F5:0A:FF:57:9F:84:AD:83:1F:49:B6:81:43:DF:60:C5:77:A0:E0:03:69:A4:59:AF:8A:73:95:21:F1:F5:4D:75:8B:7E:54:85:DA:58:26:63:36:6E:47:95:B3:83:EF:29:19:D5:04:76:C3:41:2D:DF:B4:96:CF:C7:F3:30:33:52:CC:01:83:2B:33:C8:D2:85:82:31:82:39:6B:B4:11:9A:81:F5:6E:AB:10:54:8E:D5:F8:1C:B3:38:41:EE:0E:CA:EE:55:74:FE:83:B2:40:77:D0:86:0F:E2:E4:26:BD:4E:41:C2:98:AF:C8:9D:AF:F0:31:04:EB:EC:93:46:62:21:0B:44:07:7B:7C:F2:30:DE:A8:24:BF:2F:F1:81:1F:D2:B1:D6:29:8D:14:1A:B2:45:1F:08:7C:A3:32:70:32:33:A3:66:3E:C6:85:73:DD:E0:52:E9:7C:C9:06:54:7A:32:30:91:0C:0D:DB:56:4B:39:58:0D:A4:5A:5E:BA:FA:F5:5F:E0:EB:F3:74:B1:81:57:F0:8D:30:19:D6:1F:94:14:C6:00:96:89:FF:3E:EB:2D:79:92:8F:A4:1A:6D:A8:56:DC:8D:1B" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-02-01 17:26:41", "not_valid_before": "2022-02-01 17:26:43" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.033) 0:02:16.590 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.036) 0:02:16.627 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.018) 0:02:16.646 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.030) 0:02:16.677 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.031) 0:02:16.708 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.030) 0:02:16.739 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040598", "end": "2022-02-01 17:27:02.851487", "rc": 0, "start": "2022-02-01 17:27:02.810889" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.408) 0:02:17.148 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.035) 0:02:17.183 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:27:03 +0000 (0:00:00.014) 0:02:17.198 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:27:05 +0000 (0:00:01.908) 0:02:19.107 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:27:06 +0000 (0:00:01.021) 0:02:20.129 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:27:07 +0000 (0:00:00.925) 0:02:21.054 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736404.1538165, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9b1fd48e5d819b963c01618837857831a2c45571", "ctime": 1643736404.1508164, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137979, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736404.1508164, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3032988773", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:27:07 +0000 (0:00:00.369) 0:02:21.423 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:27:07 +0000 (0:00:00.020) 0:02:21.443 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:27:07 +0000 (0:00:00.034) 0:02:21.478 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:27:07 +0000 (0:00:00.033) 0:02:21.511 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736404.1078165, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "cb9b41809fc14f387ada0b45648fbd441de916ea", "ctime": 1643736404.1508164, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137978, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736404.1508164, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2924082369", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:27:08 +0000 (0:00:00.367) 0:02:21.879 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:27:08 +0000 (0:00:00.019) 0:02:21.899 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:27:08 +0000 (0:00:00.035) 0:02:21.935 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.199194", "end": "2022-02-01 17:27:08.193487", "rc": 0, "start": "2022-02-01 17:27:07.994293" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "A0:27:44:C8:73:2E:2F:68:8F:AD:68:DB:27:49:80:C5:13:7E:F2:4D", "critical": false }, "authorityKeyIdentifier": { "value": "20:48:17:4D:0F:9C:D7:B2:77:21:E4:71:C3:56:38:FF:73:A0:DC:5B", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3E:A0:7C:CC:70:FC:D8:2F:F1:F7:75:98:5C:BE:85:FD:BD:6F:0F:0D:85:A7:97:F8:AD:00:FD:8B:0B:4D:9C:7D:AB:54:FB:F7:1A:B4:07:30:55:61:BA:E3:D4:58:5F:A6:25:40:92:87:26:F7:1E:93:A0:08:B3:0B:B3:57:13:5F:54:FE:B6:F9:0D:32:8D:8A:D1:1B:09:03:03:DB:AE:1E:44:94:F9:8D:F3:07:2F:D0:AB:8C:B0:31:87:26:67:A8:A6:12:52:60:4E:7C:4A:7D:35:9E:0B:B9:B5:68:08:B1:4B:97:65:46:A1:B7:D6:5B:BE:1E:FA:45:B5:ED:9D:DE:6A:18:52:7C:65:6E:96:25:58:D6:19:5C:09:18:17:AA:9E:BF:C7:87:22:C4:C8:55:B8:DA:B0:4D:7A:A0:EF:CB:71:12:66:3B:00:89:95:FE:67:FE:4D:BD:C0:8F:74:2D:FF:9A:F3:E6:75:43:3A:AD:CD:7B:91:DD:D6:3A:18:48:C9:F3:03:93:B0:F9:A4:90:A0:4E:D7:01:C1:88:21:83:20:03:F2:60:AD:D1:EE:28:BB:19:F6:FB:7F:F4:DF:78:78:ED:C2:FE:2F:C8:A5:E8:79:CE:5F:1B:74:B8:9F:1D:7F:67:6F:63:A8:B5:89:EE:F7:BC:E9:CC:E3:8F:1C:1F" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:26:41", "not_valid_before": "2022-02-01 17:26:44" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:27:08 +0000 (0:00:00.554) 0:02:22.489 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "20:48:17:4D:0F:9C:D7:B2:77:21:E4:71:C3:56:38:FF:73:A0:DC:5B" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A0:27:44:C8:73:2E:2F:68:8F:AD:68:DB:27:49:80:C5:13:7E:F2:4D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3E:A0:7C:CC:70:FC:D8:2F:F1:F7:75:98:5C:BE:85:FD:BD:6F:0F:0D:85:A7:97:F8:AD:00:FD:8B:0B:4D:9C:7D:AB:54:FB:F7:1A:B4:07:30:55:61:BA:E3:D4:58:5F:A6:25:40:92:87:26:F7:1E:93:A0:08:B3:0B:B3:57:13:5F:54:FE:B6:F9:0D:32:8D:8A:D1:1B:09:03:03:DB:AE:1E:44:94:F9:8D:F3:07:2F:D0:AB:8C:B0:31:87:26:67:A8:A6:12:52:60:4E:7C:4A:7D:35:9E:0B:B9:B5:68:08:B1:4B:97:65:46:A1:B7:D6:5B:BE:1E:FA:45:B5:ED:9D:DE:6A:18:52:7C:65:6E:96:25:58:D6:19:5C:09:18:17:AA:9E:BF:C7:87:22:C4:C8:55:B8:DA:B0:4D:7A:A0:EF:CB:71:12:66:3B:00:89:95:FE:67:FE:4D:BD:C0:8F:74:2D:FF:9A:F3:E6:75:43:3A:AD:CD:7B:91:DD:D6:3A:18:48:C9:F3:03:93:B0:F9:A4:90:A0:4E:D7:01:C1:88:21:83:20:03:F2:60:AD:D1:EE:28:BB:19:F6:FB:7F:F4:DF:78:78:ED:C2:FE:2F:C8:A5:E8:79:CE:5F:1B:74:B8:9F:1D:7F:67:6F:63:A8:B5:89:EE:F7:BC:E9:CC:E3:8F:1C:1F" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-02-01 17:26:41", "not_valid_before": "2022-02-01 17:26:44" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:27:08 +0000 (0:00:00.031) 0:02:22.521 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:27:09 +0000 (0:00:00.032) 0:02:22.554 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:27:09 +0000 (0:00:00.019) 0:02:22.573 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:27:09 +0000 (0:00:00.031) 0:02:22.604 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:27:09 +0000 (0:00:00.031) 0:02:22.635 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:27:09 +0000 (0:00:00.031) 0:02:22.666 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042287", "end": "2022-02-01 17:27:08.760788", "rc": 0, "start": "2022-02-01 17:27:08.718501" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:27:09 +0000 (0:00:00.389) 0:02:23.056 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=73 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:27:09 +0000 (0:00:00.037) 0:02:23.094 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed - 106.96s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - linux-system-roles.certificate : Ensure provider packages are installed --- 5.94s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install the package, force upgrade -------------------------------------- 4.61s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 2.66s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 2.50s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Ensure python3 is installed --------------------------------------------- 2.10s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 1.99s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 1.91s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.07s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 1.06s /tmp/tmpcwl050ue/tests/tests_many_self_signed.yml:2 --------------------------- Install the package, force upgrade -------------------------------------- 1.02s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install the package, force upgrade -------------------------------------- 1.02s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 0.93s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Install certreader ------------------------------------------------------ 0.90s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpcwl050ue/tests/tests_many_self_signed.yml:18 -------------------------- Parse certificate ------------------------------------------------------- 0.73s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Parse certificate ------------------------------------------------------- 0.55s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.54s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_no_auto_renew.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:27:23 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:27:23 +0000 (0:00:00.016) 0:00:00.027 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:27:23 +0000 (0:00:00.018) 0:00:00.046 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_no_auto_renew.yml:2 Tuesday 01 February 2022 17:27:23 +0000 (0:00:00.018) 0:00:00.064 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:27:24 +0000 (0:00:01.080) 0:00:01.145 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:27:24 +0000 (0:00:00.026) 0:00:01.172 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:31:12 +0000 (0:03:48.016) 0:03:49.188 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:31:16 +0000 (0:00:03.821) 0:03:53.009 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:31:16 +0000 (0:00:00.555) 0:03:53.565 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:31:17 +0000 (0:00:00.415) 0:03:53.980 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus.socket syslog.target systemd-journald.socket dbus-broker.service system.slice basic.target sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:31:18 +0000 (0:00:01.015) 0:03:54.996 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => { "ansible_loop_var": "item", "changed": true, "item": { "auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "defaultcert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_no_auto_renew.yml:17 Tuesday 01 February 2022 17:31:19 +0000 (0:00:01.537) 0:03:56.533 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_no_auto_renew.yml:42 Tuesday 01 February 2022 17:31:20 +0000 (0:00:00.755) 0:03:57.289 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': False}) included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/defaultcert.crt', 'key_path': '/etc/pki/tls/private/defaultcert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': True}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:31:20 +0000 (0:00:00.038) 0:03:57.327 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:31:20 +0000 (0:00:00.014) 0:03:57.342 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:31:22 +0000 (0:00:02.156) 0:03:59.498 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:31:27 +0000 (0:00:04.614) 0:04:04.112 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 41.9 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 104.0 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 121.0 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 40.3 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:31:29 +0000 (0:00:02.648) 0:04:06.761 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736678.5752478, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "15d8855f5079b050af0810ee8195ca6ea9fe9b17", "ctime": 1643736678.573248, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736678.573248, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "246332132", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:31:30 +0000 (0:00:00.529) 0:04:07.291 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:31:30 +0000 (0:00:00.019) 0:04:07.310 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:31:30 +0000 (0:00:00.032) 0:04:07.343 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:31:30 +0000 (0:00:00.029) 0:04:07.372 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736678.530248, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1314b565134ae1f80759c769657e1ebb49162395", "ctime": 1643736678.573248, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736678.573248, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "368746086", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:31:30 +0000 (0:00:00.356) 0:04:07.729 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:31:30 +0000 (0:00:00.021) 0:04:07.751 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:31:30 +0000 (0:00:00.033) 0:04:07.784 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.195308", "end": "2022-02-01 17:31:31.245435", "rc": 0, "start": "2022-02-01 17:31:31.050127" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "7A:51:A7:7F:0F:78:4B:98:74:E9:93:A7:46:3D:55:CA:FF:3F:AF:4D", "critical": false }, "authorityKeyIdentifier": { "value": "3E:F1:71:0F:BF:38:6F:AA:57:01:F4:C8:05:69:DC:3F:9C:B3:1B:1A", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "81:BB:49:FC:64:FA:91:20:9A:21:3B:6A:83:5E:98:B4:B9:EA:89:B2:3F:5B:B3:90:4F:E5:5C:20:1F:66:BA:97:65:C8:F6:8D:E9:5E:E2:FA:5C:5C:4D:65:EA:4B:6F:D5:97:95:09:0E:B7:65:A9:7E:84:C5:90:48:C5:54:17:41:1F:B5:B5:5B:14:0B:25:1B:3F:D5:07:15:41:E3:AA:95:64:93:60:D9:08:2D:E4:A1:8C:0A:86:51:CF:0F:7C:34:62:8D:B9:11:88:C8:E9:76:AC:08:77:3B:66:83:0D:91:9E:33:FD:EE:6D:66:C9:86:79:09:3E:8F:55:B2:F9:E7:B7:7F:D3:22:E0:0E:DF:4C:39:7F:35:66:07:C2:4A:B1:49:4E:75:DD:4F:7E:7F:3E:9A:BA:7B:7E:B1:3A:E5:F0:82:D4:B9:2F:63:CA:10:B1:C5:DF:48:72:EB:E7:CD:92:CC:78:C4:7A:36:63:23:B5:86:45:94:74:6C:69:6B:C9:3F:09:FA:68:3A:F2:38:8F:44:9C:69:32:CD:E5:BB:65:9D:2F:2C:3D:AA:5A:11:EC:CB:39:85:08:7B:24:78:B7:57:63:7F:58:81:77:77:06:57:A6:6D:E6:8B:73:29:74:3D:5A:02:3F:01:13:8C:81:EE:19:0C:99:D5:83:56:4C" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:31:17", "not_valid_before": "2022-02-01 17:31:18" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:31:31 +0000 (0:00:00.687) 0:04:08.472 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "3E:F1:71:0F:BF:38:6F:AA:57:01:F4:C8:05:69:DC:3F:9C:B3:1B:1A" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "7A:51:A7:7F:0F:78:4B:98:74:E9:93:A7:46:3D:55:CA:FF:3F:AF:4D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "81:BB:49:FC:64:FA:91:20:9A:21:3B:6A:83:5E:98:B4:B9:EA:89:B2:3F:5B:B3:90:4F:E5:5C:20:1F:66:BA:97:65:C8:F6:8D:E9:5E:E2:FA:5C:5C:4D:65:EA:4B:6F:D5:97:95:09:0E:B7:65:A9:7E:84:C5:90:48:C5:54:17:41:1F:B5:B5:5B:14:0B:25:1B:3F:D5:07:15:41:E3:AA:95:64:93:60:D9:08:2D:E4:A1:8C:0A:86:51:CF:0F:7C:34:62:8D:B9:11:88:C8:E9:76:AC:08:77:3B:66:83:0D:91:9E:33:FD:EE:6D:66:C9:86:79:09:3E:8F:55:B2:F9:E7:B7:7F:D3:22:E0:0E:DF:4C:39:7F:35:66:07:C2:4A:B1:49:4E:75:DD:4F:7E:7F:3E:9A:BA:7B:7E:B1:3A:E5:F0:82:D4:B9:2F:63:CA:10:B1:C5:DF:48:72:EB:E7:CD:92:CC:78:C4:7A:36:63:23:B5:86:45:94:74:6C:69:6B:C9:3F:09:FA:68:3A:F2:38:8F:44:9C:69:32:CD:E5:BB:65:9D:2F:2C:3D:AA:5A:11:EC:CB:39:85:08:7B:24:78:B7:57:63:7F:58:81:77:77:06:57:A6:6D:E6:8B:73:29:74:3D:5A:02:3F:01:13:8C:81:EE:19:0C:99:D5:83:56:4C" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:31:17", "not_valid_before": "2022-02-01 17:31:18" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:31:31 +0000 (0:00:00.031) 0:04:08.503 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:31:31 +0000 (0:00:00.029) 0:04:08.533 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:31:31 +0000 (0:00:00.017) 0:04:08.551 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:31:31 +0000 (0:00:00.032) 0:04:08.583 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:31:31 +0000 (0:00:00.031) 0:04:08.615 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:31:31 +0000 (0:00:00.031) 0:04:08.646 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039482", "end": "2022-02-01 17:31:31.817194", "rc": 0, "start": "2022-02-01 17:31:31.777712" } STDOUT: no TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:31:32 +0000 (0:00:00.395) 0:04:09.042 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:31:32 +0000 (0:00:00.033) 0:04:09.075 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:31:32 +0000 (0:00:00.014) 0:04:09.090 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:31:34 +0000 (0:00:01.892) 0:04:10.983 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:31:35 +0000 (0:00:00.982) 0:04:11.965 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:31:36 +0000 (0:00:00.909) 0:04:12.875 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736679.237248, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8c56f24f3ebf7117b98ec5f51cf9c252d5b9b1cd", "ctime": 1643736679.2352479, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137977, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736679.2352479, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3229244597", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:31:36 +0000 (0:00:00.366) 0:04:13.241 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:31:36 +0000 (0:00:00.020) 0:04:13.261 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:31:36 +0000 (0:00:00.034) 0:04:13.295 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:31:36 +0000 (0:00:00.031) 0:04:13.327 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736679.1922479, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "17f5f0a8fc14d379be746fe06cdecbf39eb1097e", "ctime": 1643736679.2352479, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137976, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736679.2352479, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1651024803", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:31:36 +0000 (0:00:00.362) 0:04:13.690 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:31:36 +0000 (0:00:00.019) 0:04:13.709 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:31:36 +0000 (0:00:00.033) 0:04:13.742 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt" ], "delta": "0:00:00.191228", "end": "2022-02-01 17:31:37.058608", "rc": 0, "start": "2022-02-01 17:31:36.867380" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "B6:38:7B:6D:C3:6D:93:99:74:81:90:22:FB:1B:55:F3:D2:BF:BD:38", "critical": false }, "authorityKeyIdentifier": { "value": "3E:F1:71:0F:BF:38:6F:AA:57:01:F4:C8:05:69:DC:3F:9C:B3:1B:1A", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "62:84:7D:D8:38:4E:92:21:2B:B3:B7:BA:3B:38:A7:B3:80:C9:A3:5D:92:B5:25:00:19:D3:36:26:6C:43:AF:5F:BA:54:01:CA:7F:7C:FB:98:7E:64:BD:FB:D3:CF:65:8D:54:99:68:90:92:88:D2:AD:C4:38:63:10:B1:64:3B:FB:49:35:F0:6C:1A:A1:F7:3D:B7:76:43:17:0D:F6:EA:90:3B:84:56:71:22:9A:6F:82:72:2B:58:7D:CE:35:3F:CF:CE:9E:CE:ED:89:58:05:84:0A:A5:70:7E:FA:FB:82:3E:05:EA:38:07:7C:85:BE:2C:CC:ED:E4:AF:F9:2C:4D:A1:2B:62:27:35:77:A7:38:35:FE:66:8A:EF:13:6A:7F:DC:58:FE:3D:B1:1F:75:EC:4F:AA:14:DB:0C:9F:91:0F:02:6D:8C:1F:5F:2A:0C:BC:D6:28:71:A3:25:70:70:86:62:27:1C:36:94:A6:AD:21:DC:0E:95:C5:BD:9D:0F:54:BB:F1:4A:7B:85:CB:4B:76:CF:F5:34:AB:0F:C4:8B:58:80:04:59:B4:FF:DE:7C:57:4D:CB:4C:97:74:CD:3F:F0:AB:AF:F3:BC:B0:3F:97:84:EC:EB:73:B4:17:BA:F0:EE:97:C6:8B:BC:BA:16:0E:AC:D9:DC:0A:10:16:EA:E8:A8:4B" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:31:17", "not_valid_before": "2022-02-01 17:31:19" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:31:37 +0000 (0:00:00.541) 0:04:14.284 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "3E:F1:71:0F:BF:38:6F:AA:57:01:F4:C8:05:69:DC:3F:9C:B3:1B:1A" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "B6:38:7B:6D:C3:6D:93:99:74:81:90:22:FB:1B:55:F3:D2:BF:BD:38" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "62:84:7D:D8:38:4E:92:21:2B:B3:B7:BA:3B:38:A7:B3:80:C9:A3:5D:92:B5:25:00:19:D3:36:26:6C:43:AF:5F:BA:54:01:CA:7F:7C:FB:98:7E:64:BD:FB:D3:CF:65:8D:54:99:68:90:92:88:D2:AD:C4:38:63:10:B1:64:3B:FB:49:35:F0:6C:1A:A1:F7:3D:B7:76:43:17:0D:F6:EA:90:3B:84:56:71:22:9A:6F:82:72:2B:58:7D:CE:35:3F:CF:CE:9E:CE:ED:89:58:05:84:0A:A5:70:7E:FA:FB:82:3E:05:EA:38:07:7C:85:BE:2C:CC:ED:E4:AF:F9:2C:4D:A1:2B:62:27:35:77:A7:38:35:FE:66:8A:EF:13:6A:7F:DC:58:FE:3D:B1:1F:75:EC:4F:AA:14:DB:0C:9F:91:0F:02:6D:8C:1F:5F:2A:0C:BC:D6:28:71:A3:25:70:70:86:62:27:1C:36:94:A6:AD:21:DC:0E:95:C5:BD:9D:0F:54:BB:F1:4A:7B:85:CB:4B:76:CF:F5:34:AB:0F:C4:8B:58:80:04:59:B4:FF:DE:7C:57:4D:CB:4C:97:74:CD:3F:F0:AB:AF:F3:BC:B0:3F:97:84:EC:EB:73:B4:17:BA:F0:EE:97:C6:8B:BC:BA:16:0E:AC:D9:DC:0A:10:16:EA:E8:A8:4B" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:31:17", "not_valid_before": "2022-02-01 17:31:19" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:31:37 +0000 (0:00:00.030) 0:04:14.314 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:31:37 +0000 (0:00:00.034) 0:04:14.348 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:31:37 +0000 (0:00:00.020) 0:04:14.368 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:31:37 +0000 (0:00:00.030) 0:04:14.399 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:31:37 +0000 (0:00:00.029) 0:04:14.428 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:31:37 +0000 (0:00:00.032) 0:04:14.461 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039749", "end": "2022-02-01 17:31:37.624796", "rc": 0, "start": "2022-02-01 17:31:37.585047" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:31:38 +0000 (0:00:00.385) 0:04:14.847 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=52 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:31:38 +0000 (0:00:00.035) 0:04:14.883 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed - 228.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.61s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.82s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.65s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 2.16s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 1.89s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure certificate requests ------------ 1.54s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 1.08s /tmp/tmpcwl050ue/tests/tests_no_auto_renew.yml:2 ------------------------------ linux-system-roles.certificate : Ensure provider service is running ----- 1.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Install the package, force upgrade -------------------------------------- 0.98s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 0.91s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpcwl050ue/tests/tests_no_auto_renew.yml:17 ----------------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Parse certificate ------------------------------------------------------- 0.54s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- Retrieve certificate file stats ----------------------------------------- 0.53s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.42s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve certificate file stats ----------------------------------------- 0.37s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:31:51 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:31:51 +0000 (0:00:00.015) 0:00:00.026 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:31:51 +0000 (0:00:00.015) 0:00:00.042 ****** =============================================================================== debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml:2 Tuesday 01 February 2022 17:31:51 +0000 (0:00:00.016) 0:00:00.059 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:31:52 +0000 (0:00:01.021) 0:00:01.080 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:31:52 +0000 (0:00:00.025) 0:00:01.105 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:32:35 +0000 (0:00:42.541) 0:00:43.647 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:32:38 +0000 (0:00:03.808) 0:00:47.455 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:32:39 +0000 (0:00:00.561) 0:00:48.017 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:32:39 +0000 (0:00:00.401) 0:00:48.418 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target dbus-broker.service dbus.socket systemd-journald.socket syslog.target network.target system.slice sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:32:40 +0000 (0:00:00.993) 0:00:49.411 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml:14 Tuesday 01 February 2022 17:32:41 +0000 (0:00:00.656) 0:00:50.067 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml:28 Tuesday 01 February 2022 17:32:42 +0000 (0:00:00.741) 0:00:50.809 ****** ok: [/cache/fedora-34.qcow2] => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => { "ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": { "key_path": "/etc/pki/tls/private/mycert.key", "path": "/etc/pki/tls/certs/mycert.crt", "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "subject_alt_name": [ { "name": "DNS", "value": "www.example.com" } ] }, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1294, "state": "file", "uid": 0 } TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml:34 Tuesday 01 February 2022 17:32:42 +0000 (0:00:00.514) 0:00:51.323 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:32:42 +0000 (0:00:00.031) 0:00:51.355 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:32:42 +0000 (0:00:00.014) 0:00:51.370 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:32:45 +0000 (0:00:02.178) 0:00:53.548 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:32:49 +0000 (0:00:04.659) 0:00:58.208 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 43.8 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 79.2 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 109.2 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 37.3 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:32:52 +0000 (0:00:02.710) 0:01:00.919 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736760.996335, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2ccbe6df1aaedb15e0b29dcb6630edab777ef6b1", "ctime": 1643736760.993335, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736760.993335, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "4061189174", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:32:52 +0000 (0:00:00.519) 0:01:01.438 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:32:52 +0000 (0:00:00.019) 0:01:01.458 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:32:52 +0000 (0:00:00.033) 0:01:01.491 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:32:52 +0000 (0:00:00.030) 0:01:01.522 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736760.9493349, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "548cc8c46ea7c3afb54e049be3ca0c3eeeebcb82", "ctime": 1643736760.993335, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736760.993335, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1057156353", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:32:53 +0000 (0:00:00.379) 0:01:01.901 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:32:53 +0000 (0:00:00.020) 0:01:01.921 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:32:53 +0000 (0:00:00.034) 0:01:01.955 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.201644", "end": "2022-02-01 17:32:53.405560", "rc": 0, "start": "2022-02-01 17:32:53.203916" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E2:82:D8:3B:EE:63:5B:DB:33:06:66:10:25:4E:04:8F:90:1B:58:6D", "critical": false }, "authorityKeyIdentifier": { "value": "4D:A1:31:1B:21:F5:61:C6:9D:D5:A1:DF:6B:37:DC:24:4A:BE:D5:C3", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3C:0C:B2:B9:CF:30:1D:8B:E6:B2:D2:37:51:CB:AD:CA:A6:05:3B:7F:17:F3:ED:EF:DF:54:9E:D1:7F:D5:8C:D0:90:2F:3E:A1:E8:EE:56:19:65:07:1C:D1:87:21:16:1F:7E:D0:01:5E:C7:86:D8:95:C2:39:0B:90:25:4E:AB:EA:FC:C9:EC:5D:22:E6:13:B6:EA:10:E0:C6:A7:DD:0A:02:1E:08:08:FD:CF:E7:05:92:38:19:AD:78:23:8D:E6:BB:7E:70:26:12:DB:87:1F:6C:A8:69:98:9F:35:5E:97:46:91:A3:F3:82:19:87:8D:E2:C0:0A:CF:8F:77:F1:C3:23:76:F7:74:D0:98:82:FB:FC:20:1B:7E:CF:B9:C3:5C:14:C4:4A:35:50:4D:56:F9:0C:92:B3:E3:3C:F8:87:66:02:59:60:21:5E:AB:4B:E5:29:7C:A7:38:25:00:57:9C:33:C7:A1:62:89:FB:AA:3E:C7:F3:8B:13:E9:7D:9D:88:B7:86:FD:F2:E3:49:00:09:F0:2E:A6:AC:CD:73:73:B6:DB:71:14:55:80:FC:6C:48:C2:07:1A:64:72:45:9D:DC:45:2D:5D:F5:33:70:9E:03:9D:27:93:96:80:8F:D6:AA:A4:47:59:60:E9:1B:CB:41:A4:45:98:F6:FC:CC:91:42:47" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:32:40", "not_valid_before": "2022-02-01 17:32:40" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.699) 0:01:02.655 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "4D:A1:31:1B:21:F5:61:C6:9D:D5:A1:DF:6B:37:DC:24:4A:BE:D5:C3" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E2:82:D8:3B:EE:63:5B:DB:33:06:66:10:25:4E:04:8F:90:1B:58:6D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "3C:0C:B2:B9:CF:30:1D:8B:E6:B2:D2:37:51:CB:AD:CA:A6:05:3B:7F:17:F3:ED:EF:DF:54:9E:D1:7F:D5:8C:D0:90:2F:3E:A1:E8:EE:56:19:65:07:1C:D1:87:21:16:1F:7E:D0:01:5E:C7:86:D8:95:C2:39:0B:90:25:4E:AB:EA:FC:C9:EC:5D:22:E6:13:B6:EA:10:E0:C6:A7:DD:0A:02:1E:08:08:FD:CF:E7:05:92:38:19:AD:78:23:8D:E6:BB:7E:70:26:12:DB:87:1F:6C:A8:69:98:9F:35:5E:97:46:91:A3:F3:82:19:87:8D:E2:C0:0A:CF:8F:77:F1:C3:23:76:F7:74:D0:98:82:FB:FC:20:1B:7E:CF:B9:C3:5C:14:C4:4A:35:50:4D:56:F9:0C:92:B3:E3:3C:F8:87:66:02:59:60:21:5E:AB:4B:E5:29:7C:A7:38:25:00:57:9C:33:C7:A1:62:89:FB:AA:3E:C7:F3:8B:13:E9:7D:9D:88:B7:86:FD:F2:E3:49:00:09:F0:2E:A6:AC:CD:73:73:B6:DB:71:14:55:80:FC:6C:48:C2:07:1A:64:72:45:9D:DC:45:2D:5D:F5:33:70:9E:03:9D:27:93:96:80:8F:D6:AA:A4:47:59:60:E9:1B:CB:41:A4:45:98:F6:FC:CC:91:42:47" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:32:40", "not_valid_before": "2022-02-01 17:32:40" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.031) 0:01:02.687 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.034) 0:01:02.721 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.020) 0:01:02.742 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.031) 0:01:02.773 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.032) 0:01:02.805 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.032) 0:01:02.837 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039233", "end": "2022-02-01 17:32:53.982954", "rc": 0, "start": "2022-02-01 17:32:53.943721" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.388) 0:01:03.226 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=32 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:32:54 +0000 (0:00:00.039) 0:01:03.265 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 42.54s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.66s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.81s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.71s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 2.18s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.02s /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml:2 -------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.99s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml:14 ------------------------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.66s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- Wait for certificate ---------------------------------------------------- 0.51s /tmp/tmpcwl050ue/tests/tests_not_wait_for_cert.yml:28 ------------------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate subject ---------------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 ------------- Verify key file owner and group ----------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate file owner and group --------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 ------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_principal.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:33:08 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:33:08 +0000 (0:00:00.015) 0:00:00.026 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:33:08 +0000 (0:00:00.015) 0:00:00.042 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmpcwl050ue/tests/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_principal.yml:2 Tuesday 01 February 2022 17:33:08 +0000 (0:00:00.024) 0:00:00.066 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:33:09 +0000 (0:00:01.013) 0:00:01.080 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:33:09 +0000 (0:00:00.027) 0:00:01.107 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:34:40 +0000 (0:01:30.962) 0:01:32.070 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:34:44 +0000 (0:00:04.024) 0:01:36.094 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:34:45 +0000 (0:00:00.569) 0:01:36.663 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:34:45 +0000 (0:00:00.401) 0:01:37.065 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice dbus-broker.service systemd-journald.socket syslog.target dbus.socket network.target basic.target sysinit.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:34:46 +0000 (0:00:01.067) 0:01:38.132 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "principal": "HTTP/www.example.com@EXAMPLE.COM" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_principal.yml:13 Tuesday 01 February 2022 17:34:47 +0000 (0:00:00.958) 0:01:39.090 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_principal.yml:33 Tuesday 01 February 2022 17:34:48 +0000 (0:00:00.772) 0:01:39.863 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}, {'name': 'Universal Principal Name (UPN)', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.4.1.311.20.2.3'}, {'name': 'Kerberos principalname', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.5.2.2'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:34:48 +0000 (0:00:00.027) 0:01:39.891 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:34:48 +0000 (0:00:00.014) 0:01:39.905 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:34:50 +0000 (0:00:02.076) 0:01:41.982 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:34:55 +0000 (0:00:04.869) 0:01:46.852 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 86.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 22.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 101.0 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 43.7 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:34:58 +0000 (0:00:02.739) 0:01:49.591 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736887.153134, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8874506ca35de025e128c1df38274eb540030dae", "ctime": 1643736887.150134, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736887.150134, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1456, "uid": 0, "version": "231486500", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:34:58 +0000 (0:00:00.508) 0:01:50.099 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:34:58 +0000 (0:00:00.018) 0:01:50.118 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:34:58 +0000 (0:00:00.033) 0:01:50.152 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:34:59 +0000 (0:00:00.033) 0:01:50.186 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643736887.108134, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a932d17f171656a363e144a7781c5880b22a6a98", "ctime": 1643736887.150134, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643736887.150134, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "3698756610", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:34:59 +0000 (0:00:00.376) 0:01:50.562 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:34:59 +0000 (0:00:00.020) 0:01:50.582 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:34:59 +0000 (0:00:00.036) 0:01:50.619 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.212100", "end": "2022-02-01 17:34:59.563061", "rc": 0, "start": "2022-02-01 17:34:59.350961" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.5.2.2" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "F5:B7:CF:B8:5A:02:A2:DA:9F:6E:30:B5:85:E3:2F:59:34:12:7C:90", "critical": false }, "authorityKeyIdentifier": { "value": "26:FD:3F:73:F6:84:86:F2:45:AB:C8:F2:3F:0C:AE:9D:C7:80:3C:BF", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "83:F8:E2:A0:91:89:BD:5F:AD:F3:B4:11:4E:34:A6:DC:B7:AC:C7:A9:AA:77:EC:E0:8C:36:42:EC:8E:76:27:E0:42:F2:32:8A:13:06:F9:77:92:86:00:35:FD:14:B0:F6:B2:74:93:DF:6C:6D:4C:E9:30:DD:3E:19:D2:B5:5B:F7:7E:C7:96:9D:4D:3B:92:DF:4D:E0:14:9E:3F:53:AC:49:6E:93:56:85:0F:9E:91:D1:48:E2:E5:9A:1A:EC:B6:2C:AC:D3:39:99:85:18:E4:42:B6:5C:32:09:35:26:C1:C4:01:BC:99:1D:BC:58:10:9F:FC:F1:B8:6B:3D:58:FC:6F:C3:17:62:85:68:55:80:61:DE:6C:A2:0D:23:B3:3F:87:86:D9:02:FE:E1:73:D1:04:29:2D:41:FE:C9:51:1F:00:07:D1:55:2D:3C:0D:45:00:4C:04:92:85:35:79:B7:17:BB:B7:C1:3B:C8:39:91:CB:67:71:8B:2F:DD:E0:17:80:97:C3:AD:85:15:3D:0A:20:10:38:36:27:25:7C:66:A6:64:33:A0:1B:91:69:4D:DE:4D:DB:5D:4D:37:55:66:1B:75:10:9F:E6:E5:57:B5:74:E5:71:D9:04:AD:92:0C:75:07:C1:92:AB:E8:B7:D8:7F:01:5A:16:D3:DF:3A:1C:AD" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:34:46", "not_valid_before": "2022-02-01 17:34:47" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.725) 0:01:51.345 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "26:FD:3F:73:F6:84:86:F2:45:AB:C8:F2:3F:0C:AE:9D:C7:80:3C:BF" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "F5:B7:CF:B8:5A:02:A2:DA:9F:6E:30:B5:85:E3:2F:59:34:12:7C:90" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "83:F8:E2:A0:91:89:BD:5F:AD:F3:B4:11:4E:34:A6:DC:B7:AC:C7:A9:AA:77:EC:E0:8C:36:42:EC:8E:76:27:E0:42:F2:32:8A:13:06:F9:77:92:86:00:35:FD:14:B0:F6:B2:74:93:DF:6C:6D:4C:E9:30:DD:3E:19:D2:B5:5B:F7:7E:C7:96:9D:4D:3B:92:DF:4D:E0:14:9E:3F:53:AC:49:6E:93:56:85:0F:9E:91:D1:48:E2:E5:9A:1A:EC:B6:2C:AC:D3:39:99:85:18:E4:42:B6:5C:32:09:35:26:C1:C4:01:BC:99:1D:BC:58:10:9F:FC:F1:B8:6B:3D:58:FC:6F:C3:17:62:85:68:55:80:61:DE:6C:A2:0D:23:B3:3F:87:86:D9:02:FE:E1:73:D1:04:29:2D:41:FE:C9:51:1F:00:07:D1:55:2D:3C:0D:45:00:4C:04:92:85:35:79:B7:17:BB:B7:C1:3B:C8:39:91:CB:67:71:8B:2F:DD:E0:17:80:97:C3:AD:85:15:3D:0A:20:10:38:36:27:25:7C:66:A6:64:33:A0:1B:91:69:4D:DE:4D:DB:5D:4D:37:55:66:1B:75:10:9F:E6:E5:57:B5:74:E5:71:D9:04:AD:92:0C:75:07:C1:92:AB:E8:B7:D8:7F:01:5A:16:D3:DF:3A:1C:AD" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:34:46", "not_valid_before": "2022-02-01 17:34:47" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.033) 0:01:51.378 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.033) 0:01:51.412 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.021) 0:01:51.434 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.032) 0:01:51.467 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.032) 0:01:51.500 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.033) 0:01:51.533 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041871", "end": "2022-02-01 17:35:00.157049", "rc": 0, "start": "2022-02-01 17:35:00.115178" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.404) 0:01:51.937 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_principal.yml:40 Tuesday 01 February 2022 17:35:00 +0000 (0:00:00.044) 0:01:51.981 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:35:01 +0000 (0:00:00.788) 0:01:52.769 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:35:01 +0000 (0:00:00.028) 0:01:52.798 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:35:03 +0000 (0:00:02.072) 0:01:54.870 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:35:05 +0000 (0:00:01.934) 0:01:56.804 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:35:06 +0000 (0:00:00.400) 0:01:57.204 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:35:06 +0000 (0:00:00.406) 0:01:57.611 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Tue 2022-02-01 17:34:46 UTC", "ActiveEnterTimestampMonotonic": "108591472", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "syslog.target systemd-journald.socket basic.target dbus-broker.service dbus.socket system.slice network.target sysinit.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Tue 2022-02-01 17:34:46 UTC", "AssertTimestampMonotonic": "108580262", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "402845000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Tue 2022-02-01 17:34:46 UTC", "ConditionTimestampMonotonic": "108580260", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6525", "ExecMainStartTimestamp": "Tue 2022-02-01 17:34:46 UTC", "ExecMainStartTimestampMonotonic": "108581455", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Tue 2022-02-01 17:34:46 UTC] ; stop_time=[n/a] ; pid=6525 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Tue 2022-02-01 17:34:46 UTC] ; stop_time=[n/a] ; pid=6525 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Tue 2022-02-01 17:34:46 UTC", "InactiveExitTimestampMonotonic": "108581824", "InvocationID": "67d1464315a3432ba10d8989ef15b06c", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6525", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "1474560", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Tue 2022-02-01 17:34:46 UTC", "StateChangeTimestampMonotonic": "108591472", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:35:06 +0000 (0:00:00.533) 0:01:58.144 ****** failed: [/cache/fedora-34.qcow2] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc" } } MSG: Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM' TASK [assert...] *************************************************************** task path: /tmp/tmpcwl050ue/tests/tests_principal.yml:59 Tuesday 01 February 2022 17:35:07 +0000 (0:00:00.456) 0:01:58.601 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=39 changed=8 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0 Tuesday 01 February 2022 17:35:07 +0000 (0:00:00.024) 0:01:58.625 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 90.96s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.87s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 4.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.74s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 2.08s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.07s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - linux-system-roles.certificate : Ensure provider packages are installed --- 1.93s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - linux-system-roles.certificate : Ensure provider service is running ----- 1.07s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 1.01s /tmp/tmpcwl050ue/tests/tests_principal.yml:2 ---------------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.96s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.79s /tmp/tmpcwl050ue/tests/tests_principal.yml:40 --------------------------------- Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpcwl050ue/tests/tests_principal.yml:13 --------------------------------- Parse certificate ------------------------------------------------------- 0.73s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.57s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - linux-system-roles.certificate : Ensure provider service is running ----- 0.53s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.46s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_provider.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:35:21 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:35:21 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:35:21 +0000 (0:00:00.021) 0:00:00.050 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_provider.yml:2 Tuesday 01 February 2022 17:35:21 +0000 (0:00:00.030) 0:00:00.081 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:35:22 +0000 (0:00:01.072) 0:00:01.153 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:35:22 +0000 (0:00:00.026) 0:00:01.180 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:36:42 +0000 (0:01:19.711) 0:01:20.892 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:36:45 +0000 (0:00:03.636) 0:01:24.529 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:36:46 +0000 (0:00:00.552) 0:01:25.081 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:36:46 +0000 (0:00:00.400) 0:01:25.482 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket dbus-broker.service basic.target sysinit.target systemd-journald.socket system.slice syslog.target network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:36:47 +0000 (0:00:00.957) 0:01:26.439 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "certmonger" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_provider.yml:13 Tuesday 01 February 2022 17:36:48 +0000 (0:00:00.760) 0:01:27.200 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_provider.yml:27 Tuesday 01 February 2022 17:36:49 +0000 (0:00:00.717) 0:01:27.918 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:36:49 +0000 (0:00:00.028) 0:01:27.947 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:36:49 +0000 (0:00:00.016) 0:01:27.963 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:36:51 +0000 (0:00:01.889) 0:01:29.853 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:36:55 +0000 (0:00:04.689) 0:01:34.542 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.2 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 94.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 30.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 91.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 41.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:36:58 +0000 (0:00:02.671) 0:01:37.214 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737008.4232004, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "226407e6f7686cf705c941662e203a0a8ae541ce", "ctime": 1643737008.4212003, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737008.4212003, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "4132634247", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:36:59 +0000 (0:00:00.488) 0:01:37.702 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:36:59 +0000 (0:00:00.019) 0:01:37.721 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:36:59 +0000 (0:00:00.036) 0:01:37.758 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:36:59 +0000 (0:00:00.032) 0:01:37.790 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737008.3802001, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "49a0ba207d508327a9951fbcd2ab71da5c9ac9d7", "ctime": 1643737008.4212003, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737008.4212003, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2106434373", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:36:59 +0000 (0:00:00.386) 0:01:38.177 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:36:59 +0000 (0:00:00.018) 0:01:38.196 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:36:59 +0000 (0:00:00.032) 0:01:38.229 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.192992", "end": "2022-02-01 17:37:00.151420", "rc": 0, "start": "2022-02-01 17:36:59.958428" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E9:B9:28:14:05:BA:3A:F7:45:6E:90:38:DF:6E:69:A6:97:27:22:D5", "critical": false }, "authorityKeyIdentifier": { "value": "3B:D6:8D:5F:35:7F:EE:A4:D7:9A:38:4E:D3:48:9D:D4:13:9A:70:E9", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4C:0A:17:36:67:89:80:BB:FE:A7:3F:20:16:33:88:33:14:FD:D8:36:FB:4E:22:44:E3:E0:7A:0F:CE:8D:4D:1A:59:38:10:02:87:D8:12:01:51:8F:91:77:C2:C2:2F:A1:DA:22:E8:0B:8E:4C:31:BD:77:D1:BA:A0:98:AB:8D:73:17:4D:95:32:E1:5F:00:E7:DB:61:7D:FD:65:A4:44:02:D2:7C:CE:F4:63:32:A1:29:E5:A2:0A:5E:B8:7F:A5:F5:AF:92:2F:70:44:C8:E8:9E:9E:25:60:A3:77:E1:CD:57:D4:42:C6:D9:0C:CC:21:B9:02:C7:E5:A3:64:2F:03:00:5F:D1:11:4A:F3:24:C7:E7:29:26:C3:1B:1A:93:DA:D8:1B:F3:4F:03:84:CB:73:A4:FA:F7:70:C7:70:69:25:03:A8:4A:CD:8D:B7:8F:37:F3:53:FE:C8:18:41:FC:64:B3:8A:AC:6A:05:48:EE:DF:7F:A4:F9:55:18:C8:49:78:DA:C1:9D:D8:BA:81:8B:42:BD:22:87:F8:1E:3F:28:B0:21:25:BC:69:B3:EB:60:0A:85:27:F5:BC:F3:37:81:0D:96:61:03:1F:9C:62:82:B9:B7:05:0B:FE:A4:D7:0E:37:D2:9C:50:69:FF:43:18:0E:77:80:07:E7:7A:C5:8E:EB:41" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:36:47", "not_valid_before": "2022-02-01 17:36:48" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.631) 0:01:38.860 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "3B:D6:8D:5F:35:7F:EE:A4:D7:9A:38:4E:D3:48:9D:D4:13:9A:70:E9" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E9:B9:28:14:05:BA:3A:F7:45:6E:90:38:DF:6E:69:A6:97:27:22:D5" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4C:0A:17:36:67:89:80:BB:FE:A7:3F:20:16:33:88:33:14:FD:D8:36:FB:4E:22:44:E3:E0:7A:0F:CE:8D:4D:1A:59:38:10:02:87:D8:12:01:51:8F:91:77:C2:C2:2F:A1:DA:22:E8:0B:8E:4C:31:BD:77:D1:BA:A0:98:AB:8D:73:17:4D:95:32:E1:5F:00:E7:DB:61:7D:FD:65:A4:44:02:D2:7C:CE:F4:63:32:A1:29:E5:A2:0A:5E:B8:7F:A5:F5:AF:92:2F:70:44:C8:E8:9E:9E:25:60:A3:77:E1:CD:57:D4:42:C6:D9:0C:CC:21:B9:02:C7:E5:A3:64:2F:03:00:5F:D1:11:4A:F3:24:C7:E7:29:26:C3:1B:1A:93:DA:D8:1B:F3:4F:03:84:CB:73:A4:FA:F7:70:C7:70:69:25:03:A8:4A:CD:8D:B7:8F:37:F3:53:FE:C8:18:41:FC:64:B3:8A:AC:6A:05:48:EE:DF:7F:A4:F9:55:18:C8:49:78:DA:C1:9D:D8:BA:81:8B:42:BD:22:87:F8:1E:3F:28:B0:21:25:BC:69:B3:EB:60:0A:85:27:F5:BC:F3:37:81:0D:96:61:03:1F:9C:62:82:B9:B7:05:0B:FE:A4:D7:0E:37:D2:9C:50:69:FF:43:18:0E:77:80:07:E7:7A:C5:8E:EB:41" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:36:47", "not_valid_before": "2022-02-01 17:36:48" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.035) 0:01:38.896 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.035) 0:01:38.931 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.020) 0:01:38.952 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.031) 0:01:38.983 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.034) 0:01:39.018 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.040) 0:01:39.058 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041114", "end": "2022-02-01 17:37:00.786915", "rc": 0, "start": "2022-02-01 17:37:00.745801" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.435) 0:01:39.493 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:37:00 +0000 (0:00:00.040) 0:01:39.533 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 79.71s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.69s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.64s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.67s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 1.89s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.07s /tmp/tmpcwl050ue/tests/tests_provider.yml:2 ----------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.96s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.76s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.72s /tmp/tmpcwl050ue/tests/tests_provider.yml:13 ---------------------------------- Parse certificate ------------------------------------------------------- 0.63s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.44s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 ------------ Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 ------------- Load certificate YAML to cert_issued variable --------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 ------------- Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 ------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_run_hooks.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:37:14 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:37:14 +0000 (0:00:00.016) 0:00:00.027 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:37:14 +0000 (0:00:00.015) 0:00:00.043 ****** =============================================================================== debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:2 Tuesday 01 February 2022 17:37:14 +0000 (0:00:00.018) 0:00:00.061 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:37:15 +0000 (0:00:01.037) 0:00:01.099 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:37:15 +0000 (0:00:00.027) 0:00:01.126 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:42:52 +0000 (0:05:36.676) 0:05:37.803 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:43:00 +0000 (0:00:08.046) 0:05:45.849 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:43:00 +0000 (0:00:00.548) 0:05:46.397 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:43:01 +0000 (0:00:00.408) 0:05:46.805 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket network.target system.slice systemd-journald.socket sysinit.target dbus-broker.service basic.target syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:43:02 +0000 (0:00:00.998) 0:05:47.804 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n" } } MSG: Certificate requested (new). Pre/Post run hooks updated. META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:17 Tuesday 01 February 2022 17:43:03 +0000 (0:00:00.920) 0:05:48.724 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:31 Tuesday 01 February 2022 17:43:03 +0000 (0:00:00.764) 0:05:49.489 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:43:03 +0000 (0:00:00.033) 0:05:49.523 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:43:04 +0000 (0:00:00.017) 0:05:49.540 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:43:05 +0000 (0:00:01.917) 0:05:51.458 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:43:10 +0000 (0:00:04.663) 0:05:56.121 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 48.9 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 89.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 26.0 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 111.0 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 44.3 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:43:13 +0000 (0:00:02.719) 0:05:58.840 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737382.281797, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3b1d91ddcb634691a6fa2cfbf3e1f6adce6f5f1f", "ctime": 1643737382.279797, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137978, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737382.279797, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2054918556", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:43:13 +0000 (0:00:00.518) 0:05:59.359 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:43:13 +0000 (0:00:00.019) 0:05:59.379 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:43:13 +0000 (0:00:00.033) 0:05:59.412 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:43:13 +0000 (0:00:00.030) 0:05:59.443 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737382.230797, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e8a023849f3792b396b14241026280d08c898f7c", "ctime": 1643737382.279797, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137976, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737382.279797, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1578447214", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:43:14 +0000 (0:00:00.377) 0:05:59.821 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:43:14 +0000 (0:00:00.021) 0:05:59.842 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:43:14 +0000 (0:00:00.036) 0:05:59.879 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.200816", "end": "2022-02-01 17:43:14.313158", "rc": 0, "start": "2022-02-01 17:43:14.112342" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "56:AF:65:04:E2:6B:60:F1:2E:BA:07:FB:8C:52:44:99:B1:5F:7F:45", "critical": false }, "authorityKeyIdentifier": { "value": "41:35:9A:CC:1B:53:97:6B:1A:DE:E7:48:12:23:A9:91:D9:25:F2:F6", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "69:05:B3:65:D5:7F:29:96:0E:0C:97:11:95:47:39:55:A8:5D:45:0C:F1:1C:E7:7C:4B:00:4D:84:4A:BD:D2:EA:84:E2:EB:15:40:C4:59:7E:AD:62:01:28:8B:1B:10:8C:A3:93:1B:16:CA:BB:2D:23:9C:4D:BB:6F:56:CF:A4:F6:4B:D1:56:FE:D2:3D:ED:24:EF:AC:26:CB:F5:5E:51:49:0D:D7:D7:81:26:3C:E0:3C:60:82:25:B6:4B:B0:23:60:67:57:37:E2:7F:3C:2F:05:72:63:99:EC:95:93:E3:7F:9E:9D:D4:F4:CA:B4:06:6F:7C:83:6E:6C:84:2C:59:7B:37:A0:B8:C6:8D:88:C3:7F:A7:AD:C7:90:38:56:03:DE:FF:92:7A:0C:4E:62:30:6C:A9:E1:D7:1C:26:2C:18:FD:15:E4:11:70:5B:91:82:24:6D:E5:C2:AE:2E:D5:09:F0:ED:7E:C6:58:EB:A7:37:1E:AA:65:4B:23:4E:19:DC:5A:FA:4A:75:FC:26:77:69:C4:30:5C:8E:93:B6:DB:00:B0:43:72:9E:D4:A5:91:F3:3B:9E:D9:8C:F8:CA:12:3C:37:AC:5E:22:65:D5:CF:5C:7B:7F:01:80:C0:33:23:B8:4D:A1:B6:CE:12:68:87:78:37:B3:B1:71:89:94:D0:4A:26" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:43:01", "not_valid_before": "2022-02-01 17:43:02" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.704) 0:06:00.584 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "41:35:9A:CC:1B:53:97:6B:1A:DE:E7:48:12:23:A9:91:D9:25:F2:F6" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "56:AF:65:04:E2:6B:60:F1:2E:BA:07:FB:8C:52:44:99:B1:5F:7F:45" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "69:05:B3:65:D5:7F:29:96:0E:0C:97:11:95:47:39:55:A8:5D:45:0C:F1:1C:E7:7C:4B:00:4D:84:4A:BD:D2:EA:84:E2:EB:15:40:C4:59:7E:AD:62:01:28:8B:1B:10:8C:A3:93:1B:16:CA:BB:2D:23:9C:4D:BB:6F:56:CF:A4:F6:4B:D1:56:FE:D2:3D:ED:24:EF:AC:26:CB:F5:5E:51:49:0D:D7:D7:81:26:3C:E0:3C:60:82:25:B6:4B:B0:23:60:67:57:37:E2:7F:3C:2F:05:72:63:99:EC:95:93:E3:7F:9E:9D:D4:F4:CA:B4:06:6F:7C:83:6E:6C:84:2C:59:7B:37:A0:B8:C6:8D:88:C3:7F:A7:AD:C7:90:38:56:03:DE:FF:92:7A:0C:4E:62:30:6C:A9:E1:D7:1C:26:2C:18:FD:15:E4:11:70:5B:91:82:24:6D:E5:C2:AE:2E:D5:09:F0:ED:7E:C6:58:EB:A7:37:1E:AA:65:4B:23:4E:19:DC:5A:FA:4A:75:FC:26:77:69:C4:30:5C:8E:93:B6:DB:00:B0:43:72:9E:D4:A5:91:F3:3B:9E:D9:8C:F8:CA:12:3C:37:AC:5E:22:65:D5:CF:5C:7B:7F:01:80:C0:33:23:B8:4D:A1:B6:CE:12:68:87:78:37:B3:B1:71:89:94:D0:4A:26" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 17:43:01", "not_valid_before": "2022-02-01 17:43:02" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.034) 0:06:00.618 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.036) 0:06:00.654 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.022) 0:06:00.677 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.040) 0:06:00.717 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.040) 0:06:00.757 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.033) 0:06:00.791 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041824", "end": "2022-02-01 17:43:14.960597", "rc": 0, "start": "2022-02-01 17:43:14.918773" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.423) 0:06:01.214 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:39 Tuesday 01 February 2022 17:43:15 +0000 (0:00:00.037) 0:06:01.252 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737382.281797, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3b1d91ddcb634691a6fa2cfbf3e1f6adce6f5f1f", "ctime": 1643737382.279797, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137978, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737382.279797, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2054918556", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:43 Tuesday 01 February 2022 17:43:16 +0000 (0:00:00.376) 0:06:01.628 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737382.277797, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1643737382.277797, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137977, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1643737382.277797, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "3923392121", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:47 Tuesday 01 February 2022 17:43:16 +0000 (0:00:00.384) 0:06:02.013 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737382.313797, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1643737382.313797, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137979, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1643737382.313797, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "874556646", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Assert file created before cert] ***************************************** task path: /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:51 Tuesday 01 February 2022 17:43:16 +0000 (0:00:00.369) 0:06:02.383 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Assert file created after cert] ****************************************** task path: /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:58 Tuesday 01 February 2022 17:43:16 +0000 (0:00:00.019) 0:06:02.402 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=36 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:43:16 +0000 (0:00:00.026) 0:06:02.428 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed - 336.68s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - linux-system-roles.certificate : Ensure provider packages are installed --- 8.05s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install the package, force upgrade -------------------------------------- 4.66s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 2.72s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 1.92s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:2 ---------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.00s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.92s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:17 --------------------------------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Get pre-run file timestamp ---------------------------------------------- 0.38s /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:43 --------------------------------- Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Get certificate timestamp ----------------------------------------------- 0.38s /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:39 --------------------------------- Get post-run file timestamp --------------------------------------------- 0.37s /tmp/tmpcwl050ue/tests/tests_run_hooks.yml:47 --------------------------------- Verify certificate Key Usage -------------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 ------------ Verify key size --------------------------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 ------------ + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_subject.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:43:30 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:43:30 +0000 (0:00:00.016) 0:00:00.027 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:43:30 +0000 (0:00:00.017) 0:00:00.045 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_subject.yml:2 Tuesday 01 February 2022 17:43:30 +0000 (0:00:00.017) 0:00:00.062 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:43:31 +0000 (0:00:01.050) 0:00:01.113 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:43:31 +0000 (0:00:00.025) 0:00:01.139 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:44:21 +0000 (0:00:49.759) 0:00:50.899 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:44:25 +0000 (0:00:03.904) 0:00:54.803 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:44:26 +0000 (0:00:00.543) 0:00:55.347 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:44:26 +0000 (0:00:00.388) 0:00:55.735 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket sysinit.target system.slice dbus-broker.service network.target basic.target syslog.target dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:44:27 +0000 (0:00:00.945) 0:00:56.681 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_subject.yml:19 Tuesday 01 February 2022 17:44:28 +0000 (0:00:00.781) 0:00:57.462 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_subject.yml:48 Tuesday 01 February 2022 17:44:28 +0000 (0:00:00.713) 0:00:58.176 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'countryName', 'oid': '2.5.4.6', 'value': 'US'}, {'name': 'stateOrProvinceName', 'oid': '2.5.4.8', 'value': 'NC'}, {'name': 'localityName', 'oid': '2.5.4.7', 'value': 'Raleigh'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'Red Hat'}, {'name': 'organizationalUnitName', 'oid': '2.5.4.11', 'value': 'Linux'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': 'Some other common name'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:44:28 +0000 (0:00:00.027) 0:00:58.204 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:44:28 +0000 (0:00:00.013) 0:00:58.217 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:44:30 +0000 (0:00:01.942) 0:01:00.160 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:44:35 +0000 (0:00:04.639) 0:01:04.799 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 48.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 86.2 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 91.9 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 41.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:44:38 +0000 (0:00:02.720) 0:01:07.519 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737467.6205132, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "459dacaa39327260e4fdb83f3423fc4ca828a6aa", "ctime": 1643737467.6175132, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737467.6175132, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1411, "uid": 0, "version": "836492709", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:44:38 +0000 (0:00:00.513) 0:01:08.033 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:44:38 +0000 (0:00:00.019) 0:01:08.053 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:44:38 +0000 (0:00:00.033) 0:01:08.086 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:44:38 +0000 (0:00:00.029) 0:01:08.116 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737467.5745132, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "74b18980872fce08d7037a6edf4029679c9dcee5", "ctime": 1643737467.6175132, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737467.6175132, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2716681572", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:44:39 +0000 (0:00:00.384) 0:01:08.500 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:44:39 +0000 (0:00:00.019) 0:01:08.520 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:44:39 +0000 (0:00:00.033) 0:01:08.553 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.202770", "end": "2022-02-01 17:44:39.459929", "rc": 0, "start": "2022-02-01 17:44:39.257159" } STDOUT: { "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "03:C0:BA:2D:52:03:C6:22:78:F5:BA:CF:8B:62:F4:0B:F4:F4:15:67", "critical": false }, "authorityKeyIdentifier": { "value": "83:47:F9:CA:D7:19:B2:13:57:86:46:8D:4C:C5:50:0D:38:FE:8C:2C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "69:63:31:F6:5A:DA:0C:5E:58:F2:A7:48:C1:36:60:8B:B9:49:D7:D9:F8:F5:D2:92:27:38:90:31:51:3A:57:69:87:1B:EE:03:35:DD:5A:CB:D7:7F:7D:02:FE:20:36:38:DD:8A:47:1D:D6:E7:C1:7C:E1:E7:44:C7:A0:5C:E0:F6:38:46:A3:B6:38:F6:19:22:3C:35:94:52:DB:AA:C8:24:6B:55:81:B9:3E:A6:DE:70:40:69:65:A6:BC:4E:49:D8:E4:86:9A:75:A7:29:C8:E1:30:C8:92:64:BA:E4:30:F3:F5:A7:B6:F0:14:1C:86:C2:B7:E0:32:81:90:AA:89:B7:DD:DF:60:69:4A:D2:8F:B6:A2:44:15:17:08:1E:AF:C3:36:5E:0B:0D:F0:20:84:4D:58:3D:93:FA:66:6A:A6:38:59:8D:D2:A2:F3:14:B5:1F:22:7B:21:AA:02:D9:27:D6:D9:0E:92:13:56:A0:17:F9:2F:33:85:EC:89:6C:22:0A:C3:74:EA:5C:B8:FC:1A:4C:DA:60:96:C0:CF:68:03:28:7D:0A:B4:5E:9B:5C:B8:61:61:3D:98:C3:7D:56:5C:57:2F:7A:D6:D7:F8:67:AC:47:0B:04:1E:03:85:77:99:36:0D:86:44:AF:1F:59:12:1A:67:92:84:44:36:BE:A9:1F" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:44:27", "not_valid_before": "2022-02-01 17:44:27" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:44:39 +0000 (0:00:00.682) 0:01:09.236 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "83:47:F9:CA:D7:19:B2:13:57:86:46:8D:4C:C5:50:0D:38:FE:8C:2C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "03:C0:BA:2D:52:03:C6:22:78:F5:BA:CF:8B:62:F4:0B:F4:F4:15:67" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "69:63:31:F6:5A:DA:0C:5E:58:F2:A7:48:C1:36:60:8B:B9:49:D7:D9:F8:F5:D2:92:27:38:90:31:51:3A:57:69:87:1B:EE:03:35:DD:5A:CB:D7:7F:7D:02:FE:20:36:38:DD:8A:47:1D:D6:E7:C1:7C:E1:E7:44:C7:A0:5C:E0:F6:38:46:A3:B6:38:F6:19:22:3C:35:94:52:DB:AA:C8:24:6B:55:81:B9:3E:A6:DE:70:40:69:65:A6:BC:4E:49:D8:E4:86:9A:75:A7:29:C8:E1:30:C8:92:64:BA:E4:30:F3:F5:A7:B6:F0:14:1C:86:C2:B7:E0:32:81:90:AA:89:B7:DD:DF:60:69:4A:D2:8F:B6:A2:44:15:17:08:1E:AF:C3:36:5E:0B:0D:F0:20:84:4D:58:3D:93:FA:66:6A:A6:38:59:8D:D2:A2:F3:14:B5:1F:22:7B:21:AA:02:D9:27:D6:D9:0E:92:13:56:A0:17:F9:2F:33:85:EC:89:6C:22:0A:C3:74:EA:5C:B8:FC:1A:4C:DA:60:96:C0:CF:68:03:28:7D:0A:B4:5E:9B:5C:B8:61:61:3D:98:C3:7D:56:5C:57:2F:7A:D6:D7:F8:67:AC:47:0B:04:1E:03:85:77:99:36:0D:86:44:AF:1F:59:12:1A:67:92:84:44:36:BE:A9:1F" }, "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "validity": { "not_valid_after": "2023-02-01 17:44:27", "not_valid_before": "2022-02-01 17:44:27" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:44:40 +0000 (0:00:00.031) 0:01:09.268 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:44:40 +0000 (0:00:00.034) 0:01:09.302 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:44:40 +0000 (0:00:00.020) 0:01:09.323 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:44:40 +0000 (0:00:00.034) 0:01:09.357 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:44:40 +0000 (0:00:00.033) 0:01:09.391 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:44:40 +0000 (0:00:00.033) 0:01:09.425 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039458", "end": "2022-02-01 17:44:40.044016", "rc": 0, "start": "2022-02-01 17:44:40.004558" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:44:40 +0000 (0:00:00.400) 0:01:09.825 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:44:40 +0000 (0:00:00.045) 0:01:09.871 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 49.76s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.64s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.90s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.72s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 1.94s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.05s /tmp/tmpcwl050ue/tests/tests_subject.yml:2 ------------------------------------ linux-system-roles.certificate : Ensure provider service is running ----- 0.95s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.78s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.71s /tmp/tmpcwl050ue/tests/tests_subject.yml:19 ----------------------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate auto-renew flag -------------------------------------- 0.05s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify key size --------------------------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 ------------ Verify certificate subject ---------------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 ------------- Verify certificate Key Usage -------------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 ------------ Verify key file owner and group ----------------------------------------- 0.03s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 ------------- + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_subject_complex.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:44:54 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:44:54 +0000 (0:00:00.017) 0:00:00.029 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:44:54 +0000 (0:00:00.017) 0:00:00.047 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmpcwl050ue/tests/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_subject_complex.yml:2 Tuesday 01 February 2022 17:44:54 +0000 (0:00:00.018) 0:00:00.065 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:44:55 +0000 (0:00:01.027) 0:00:01.092 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:44:55 +0000 (0:00:00.026) 0:00:01.119 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:48:53 +0000 (0:03:57.799) 0:03:58.918 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:48:58 +0000 (0:00:04.483) 0:04:03.402 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:48:58 +0000 (0:00:00.547) 0:04:03.949 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:48:58 +0000 (0:00:00.404) 0:04:04.354 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target syslog.target systemd-journald.socket network.target sysinit.target system.slice dbus-broker.service dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:49:00 +0000 (0:00:01.017) 0:04:05.371 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_subject_complex.yml:16 Tuesday 01 February 2022 17:49:00 +0000 (0:00:00.939) 0:04:06.311 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpcwl050ue/tests/tests_subject_complex.yml:36 Tuesday 01 February 2022 17:49:01 +0000 (0:00:00.744) 0:04:07.056 ****** included: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'emailAddress', 'oid': '1.2.840.113549.1.9.1', 'value': 'admin@example.com'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': '# \\\\Every"thing+that,ne;edsing\\0 '}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:49:01 +0000 (0:00:00.030) 0:04:07.086 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:49:01 +0000 (0:00:00.018) 0:04:07.105 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:49:03 +0000 (0:00:01.891) 0:04:08.996 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:49:08 +0000 (0:00:04.762) 0:04:13.758 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 47.8 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 87.3 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.9 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 97.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 47.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:49:11 +0000 (0:00:02.722) 0:04:16.481 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737740.3792877, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3bc7f6b4f79ef21b14d8bb0fe9f55717d7412826", "ctime": 1643737740.3762877, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737740.3762877, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1375, "uid": 0, "version": "949374821", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:49:11 +0000 (0:00:00.515) 0:04:16.996 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:49:11 +0000 (0:00:00.025) 0:04:17.021 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 Tuesday 01 February 2022 17:49:11 +0000 (0:00:00.038) 0:04:17.060 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 Tuesday 01 February 2022 17:49:11 +0000 (0:00:00.040) 0:04:17.101 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643737740.3342876, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fe18b75e2536873be8c8fc6531d42c1b5fcfb59a", "ctime": 1643737740.3762877, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643737740.3762877, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2199270988", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:60 Tuesday 01 February 2022 17:49:12 +0000 (0:00:00.380) 0:04:17.481 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 Tuesday 01 February 2022 17:49:12 +0000 (0:00:00.022) 0:04:17.504 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 Tuesday 01 February 2022 17:49:12 +0000 (0:00:00.084) 0:04:17.588 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.217216", "end": "2022-02-01 17:49:12.515055", "rc": 0, "start": "2022-02-01 17:49:12.297839" } STDOUT: { "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "58:05:68:E9:D5:4F:68:01:A2:C0:BB:F5:03:90:EE:BF:5A:A5:80:83", "critical": false }, "authorityKeyIdentifier": { "value": "AC:8D:5E:B2:47:42:44:83:FC:AA:98:1A:E5:88:39:EB:7B:57:CE:64", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7C:A3:04:54:09:3F:A8:67:C7:FB:11:06:F4:DC:A8:20:A3:2D:88:BB:92:56:89:BF:D6:E0:86:E9:CB:BC:E6:87:18:9B:CD:49:04:89:74:01:9A:3E:B3:33:25:EA:EA:41:A9:2C:FB:18:1C:2F:BB:09:EB:A0:DF:56:65:4B:75:94:E0:9E:A3:76:25:E2:AC:FF:26:50:89:6E:42:38:37:20:F9:EA:A8:AB:88:3A:6A:1E:4C:14:95:9C:42:A6:08:EF:DB:0F:1D:4A:E0:8C:97:76:D3:E2:4C:9C:78:2F:92:DE:5A:C4:B4:5C:FD:E5:6C:27:AF:F5:83:E0:D5:4E:EB:07:2C:48:55:C3:58:58:FF:EB:9C:56:ED:DC:19:24:2C:75:C6:CC:90:89:29:7C:68:51:81:68:40:82:3B:90:CF:0D:59:2C:FD:79:43:D1:45:93:33:99:04:0D:5F:0A:A4:0A:F9:F1:5F:20:B4:2D:9B:00:57:89:6B:67:49:D8:10:6B:B5:E1:0E:30:F4:B3:6B:17:53:84:CF:6E:1B:90:D7:96:94:0E:E7:ED:B5:E5:99:F4:9D:2E:8C:42:D9:5F:65:A0:3C:C3:9D:16:D5:8F:40:94:6C:FD:E1:98:31:BE:7C:D6:B4:DA:E5:3F:D5:5B:9A:D3:B7:20:78:5F:D3:A7:82:93" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 17:48:59", "not_valid_before": "2022-02-01 17:49:00" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:49:12 +0000 (0:00:00.687) 0:04:18.275 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "AC:8D:5E:B2:47:42:44:83:FC:AA:98:1A:E5:88:39:EB:7B:57:CE:64" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "58:05:68:E9:D5:4F:68:01:A2:C0:BB:F5:03:90:EE:BF:5A:A5:80:83" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7C:A3:04:54:09:3F:A8:67:C7:FB:11:06:F4:DC:A8:20:A3:2D:88:BB:92:56:89:BF:D6:E0:86:E9:CB:BC:E6:87:18:9B:CD:49:04:89:74:01:9A:3E:B3:33:25:EA:EA:41:A9:2C:FB:18:1C:2F:BB:09:EB:A0:DF:56:65:4B:75:94:E0:9E:A3:76:25:E2:AC:FF:26:50:89:6E:42:38:37:20:F9:EA:A8:AB:88:3A:6A:1E:4C:14:95:9C:42:A6:08:EF:DB:0F:1D:4A:E0:8C:97:76:D3:E2:4C:9C:78:2F:92:DE:5A:C4:B4:5C:FD:E5:6C:27:AF:F5:83:E0:D5:4E:EB:07:2C:48:55:C3:58:58:FF:EB:9C:56:ED:DC:19:24:2C:75:C6:CC:90:89:29:7C:68:51:81:68:40:82:3B:90:CF:0D:59:2C:FD:79:43:D1:45:93:33:99:04:0D:5F:0A:A4:0A:F9:F1:5F:20:B4:2D:9B:00:57:89:6B:67:49:D8:10:6B:B5:E1:0E:30:F4:B3:6B:17:53:84:CF:6E:1B:90:D7:96:94:0E:E7:ED:B5:E5:99:F4:9D:2E:8C:42:D9:5F:65:A0:3C:C3:9D:16:D5:8F:40:94:6C:FD:E1:98:31:BE:7C:D6:B4:DA:E5:3F:D5:5B:9A:D3:B7:20:78:5F:D3:A7:82:93" }, "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "validity": { "not_valid_after": "2023-02-01 17:48:59", "not_valid_before": "2022-02-01 17:49:00" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:87 Tuesday 01 February 2022 17:49:12 +0000 (0:00:00.036) 0:04:18.312 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:96 Tuesday 01 February 2022 17:49:12 +0000 (0:00:00.036) 0:04:18.348 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:105 Tuesday 01 February 2022 17:49:13 +0000 (0:00:00.024) 0:04:18.372 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:112 Tuesday 01 February 2022 17:49:13 +0000 (0:00:00.035) 0:04:18.408 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 Tuesday 01 February 2022 17:49:13 +0000 (0:00:00.035) 0:04:18.443 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:49:13 +0000 (0:00:00.037) 0:04:18.481 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.056455", "end": "2022-02-01 17:49:13.151773", "rc": 0, "start": "2022-02-01 17:49:13.095318" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 Tuesday 01 February 2022 17:49:13 +0000 (0:00:00.426) 0:04:18.907 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:49:13 +0000 (0:00:00.040) 0:04:18.948 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed - 237.80s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.76s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 4.48s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 2.72s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure python3 is installed --------------------------------------------- 1.89s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmpcwl050ue/tests/tests_subject_complex.yml:2 ---------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.02s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.94s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmpcwl050ue/tests/tests_subject_complex.yml:16 --------------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.43s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify key file owner and group ----------------------------------------- 0.08s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate permissions ------------------------------------------ 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:49 ------------- Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:150 ------------ Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpcwl050ue/tests/tasks/assert_certificate_parameters.yml:125 ------------ + cd /tmp/tmpcwl050ue/tests; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpcwl050ue/tests/tests_wrong_provider.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:49:27 +0000 (0:00:00.010) 0:00:00.010 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:49:27 +0000 (0:00:00.015) 0:00:00.026 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:49:27 +0000 (0:00:00.015) 0:00:00.041 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmpcwl050ue/tests/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpcwl050ue/tests/tests_wrong_provider.yml:2 Tuesday 01 February 2022 17:49:27 +0000 (0:00:00.016) 0:00:00.058 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:49:28 +0000 (0:00:01.038) 0:00:01.097 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Tuesday 01 February 2022 17:49:28 +0000 (0:00:00.025) 0:00:01.122 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Tuesday 01 February 2022 17:50:12 +0000 (0:00:44.388) 0:00:45.511 ****** skipping: [/cache/fedora-34.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Tuesday 01 February 2022 17:50:13 +0000 (0:00:00.042) 0:00:45.553 ****** skipping: [/cache/fedora-34.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Tuesday 01 February 2022 17:50:13 +0000 (0:00:00.031) 0:00:45.584 ****** skipping: [/cache/fedora-34.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Tuesday 01 February 2022 17:50:13 +0000 (0:00:00.031) 0:00:45.615 ****** skipping: [/cache/fedora-34.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Tuesday 01 February 2022 17:50:13 +0000 (0:00:00.033) 0:00:45.649 ****** failed: [/cache/fedora-34.qcow2] (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "fake-provider" } } MSG: Chosen provider 'fake-provider' is not available. TASK [assert...] *************************************************************** task path: /tmp/tmpcwl050ue/tests/tests_wrong_provider.yml:22 Tuesday 01 February 2022 17:50:13 +0000 (0:00:00.582) 0:00:46.232 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=5 changed=1 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0 Tuesday 01 February 2022 17:50:13 +0000 (0:00:00.022) 0:00:46.254 ****** =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed -- 44.39s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpcwl050ue/tests/tests_wrong_provider.yml:2 ----------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.58s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 linux-system-roles.certificate : Ensure provider packages are installed --- 0.04s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - linux-system-roles.certificate : Ensure provider service is running ----- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - linux-system-roles.certificate : Set version specific variables --------- 0.03s /tmp/tmpcwl050ue/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- assert... --------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/tests/tests_wrong_provider.yml:22 ---------------------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_basic_ipa.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:50:27 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:50:27 +0000 (0:00:00.016) 0:00:00.027 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:50:27 +0000 (0:00:00.016) 0:00:00.043 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- statically imported: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmpd43sjho8/tests/certificate/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_basic_ipa.yml:2 Tuesday 01 February 2022 17:50:27 +0000 (0:00:00.028) 0:00:00.071 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:2 Tuesday 01 February 2022 17:50:28 +0000 (0:00:01.044) 0:00:01.116 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:6 Tuesday 01 February 2022 17:50:28 +0000 (0:00:00.036) 0:00:01.152 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:12 Tuesday 01 February 2022 17:50:28 +0000 (0:00:00.018) 0:00:01.171 ****** ok: [/cache/fedora-34.qcow2 -> 127.0.0.1] => { "after": "6c7f433135795d3ebec2ce26d6ca398301792588", "before": "6c7f433135795d3ebec2ce26d6ca398301792588", "changed": false, "remote_url_changed": false } TASK [Create role symlinks] **************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:21 Tuesday 01 February 2022 17:50:29 +0000 (0:00:00.798) 0:00:01.969 ****** changed: [/cache/fedora-34.qcow2 -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpd43sjho8/tests/certificate/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [/cache/fedora-34.qcow2 -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpd43sjho8/tests/certificate/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:33 Tuesday 01 February 2022 17:50:30 +0000 (0:00:00.499) 0:00:02.468 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Set hostname] ************************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:38 Tuesday 01 February 2022 17:51:41 +0000 (0:01:11.164) 0:01:13.633 ****** changed: [/cache/fedora-34.qcow2] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:42 Tuesday 01 February 2022 17:51:42 +0000 (0:00:00.902) 0:01:14.536 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [Include ipaserver role] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:50 Tuesday 01 February 2022 17:51:45 +0000 (0:00:03.292) 0:01:17.828 ****** TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Tuesday 01 February 2022 17:51:45 +0000 (0:00:00.026) 0:01:17.854 ****** ok: [/cache/fedora-34.qcow2] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml) => { "ansible_facts": { "ipaserver_packages": [ "freeipa-server", "python3-libselinux" ], "ipaserver_packages_adtrust": [ "freeipa-server-trust-ad" ], "ipaserver_packages_dns": [ "freeipa-server-dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:12 Tuesday 01 February 2022 17:51:45 +0000 (0:00:00.028) 0:01:17.883 ****** included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/fedora-34.qcow2 TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 Tuesday 01 February 2022 17:51:45 +0000 (0:00:00.059) 0:01:17.942 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-lxml-4.6.5-1.fc34.x86_64", "Installed: perl-Term-ReadLine-1.17-477.fc34.noarch", "Installed: python-systemd-doc-234-19.fc34.x86_64", "Installed: oddjob-0.34.7-2.fc34.x86_64", "Installed: oddjob-mkhomedir-0.34.7-2.fc34.x86_64", "Installed: logrotate-3.18.0-3.fc34.x86_64", "Installed: libev-4.33-3.fc34.x86_64", "Installed: apache-commons-cli-1.5.0-1.fc34.noarch", "Installed: perl-Text-Tabs+Wrap-2021.0726-1.fc34.noarch", "Installed: jboss-annotations-1.2-api-1.0.2-5.fc34.noarch", "Installed: python3-augeas-0.5.0-23.fc34.noarch", "Installed: xerces-j2-2.12.1-3.fc34.noarch", "Installed: perl-Tie-4.6-477.fc34.noarch", "Installed: jboss-jaxrs-2.0-api-1.0.0-14.fc34.noarch", "Installed: jboss-logging-3.4.1-6.fc34.noarch", "Installed: perl-constant-1.33-459.fc34.noarch", "Installed: jboss-logging-tools-2.2.1-4.fc34.noarch", "Installed: python3-nss-1.0.1-23.fc34.x86_64", "Installed: tomcat-native-1.2.23-4.fc34.x86_64", "Installed: lua-5.4.3-1.fc34.x86_64", "Installed: python3-dns-2.1.0-3.fc34.noarch", "Installed: perl-base-2.27-477.fc34.noarch", "Installed: apr-1.7.0-9.fc34.x86_64", "Installed: perl-debugger-1.56-477.fc34.noarch", "Installed: perl-PathTools-3.78-459.fc34.x86_64", "Installed: tomcatjss-7.6.1-2.fc34.noarch", "Installed: libdb-utils-5.3.28-49.fc34.x86_64", "Installed: perl-if-0.60.800-477.fc34.noarch", "Installed: perl-interpreter-4:5.32.1-477.fc34.x86_64", "Installed: httpd-2.4.51-1.fc34.x86_64", "Installed: httpd-filesystem-2.4.51-1.fc34.noarch", "Installed: jdeparser-2.0.3-6.fc34.noarch", "Installed: httpd-tools-2.4.51-1.fc34.x86_64", "Installed: nss-tools-3.73.0-1.fc34.x86_64", "Installed: perl-libs-4:5.32.1-477.fc34.x86_64", "Installed: lua-posix-35.0-3.fc34.x86_64", "Installed: perl-meta-notation-5.32.1-477.fc34.noarch", "Installed: perl-mro-1.23-477.fc34.x86_64", "Installed: perl-libnet-3.13-2.fc34.noarch", "Installed: perl-overload-1.31-477.fc34.noarch", "Installed: perl-overloading-0.02-477.fc34.noarch", "Installed: perl-sigtrap-1.09-477.fc34.noarch", "Installed: perl-subs-1.03-477.fc34.noarch", "Installed: perl-vars-1.05-477.fc34.noarch", "Installed: bash-completion-1:2.11-2.fc34.noarch", "Installed: harfbuzz-2.7.4-3.fc34.x86_64", "Installed: perl-parent-1:0.238-458.fc34.noarch", "Installed: krb5-pkinit-1.19.2-2.fc34.x86_64", "Installed: krb5-server-1.19.2-2.fc34.x86_64", "Installed: python3-jwcrypto-0.8-2.fc34.noarch", "Installed: krb5-workstation-1.19.2-2.fc34.x86_64", "Installed: sscg-2.6.2-5.fc34.x86_64", "Installed: perl-Pod-Escapes-1:1.07-458.fc34.noarch", "Installed: perl-podlators-1:4.14-458.fc34.noarch", "Installed: cups-libs-1:2.3.3op2-11.fc34.x86_64", "Installed: perl-Pod-Perldoc-3.28.01-459.fc34.noarch", "Installed: mod_http2-1.15.24-1.fc34.x86_64", "Installed: mod_lua-2.4.51-1.fc34.x86_64", "Installed: open-sans-fonts-1.10-14.fc34.noarch", "Installed: libverto-libev-0.3.2-1.fc34.x86_64", "Installed: perl-Carp-1.50-458.fc34.noarch", "Installed: perl-Pod-Simple-1:3.42-2.fc34.noarch", "Installed: mod_session-2.4.51-1.fc34.x86_64", "Installed: mod_ssl-1:2.4.51-1.fc34.x86_64", "Installed: perl-threads-1:2.25-458.fc34.x86_64", "Installed: perl-threads-shared-1.61-458.fc34.x86_64", "Installed: perl-Pod-Usage-4:2.01-2.fc34.noarch", "Installed: gssproxy-0.8.4-2.fc34.x86_64", "Installed: cyrus-sasl-gssapi-2.1.27-8.fc34.x86_64", "Installed: slf4j-1.7.30-8.fc34.noarch", "Installed: samba-client-libs-2:4.14.11-0.fc34.x86_64", "Installed: augeas-libs-1.13.0-1.fc34.x86_64", "Installed: slf4j-jdk14-1.7.30-8.fc34.noarch", "Installed: samba-common-2:4.14.11-0.fc34.noarch", "Installed: cyrus-sasl-md5-2.1.27-8.fc34.x86_64", "Installed: samba-common-libs-2:4.14.11-0.fc34.x86_64", "Installed: freetype-2.10.4-3.fc34.x86_64", "Installed: cyrus-sasl-plain-2.1.27-8.fc34.x86_64", "Installed: xml-commons-apis-1.4.01-33.fc34.noarch", "Installed: xml-commons-resolver-1.2-33.fc34.noarch", "Installed: publicsuffix-list-20190417-5.fc34.noarch", "Installed: perl-Digest-MD5-2.58-2.fc34.x86_64", "Installed: python3-pyusb-1.0.2-11.fc34.noarch", "Installed: python3-pki-10.10.7-1.fc34.noarch", "Installed: autofs-1:5.1.7-18.fc34.x86_64", "Installed: perl-Text-Diff-1.45-11.fc34.noarch", "Installed: perl-IO-Compress-2.102-2.fc34.noarch", "Installed: perl-IO-Compress-Lzma-2.101-2.fc34.noarch", "Installed: policycoreutils-python-utils-3.2-1.fc34.noarch", "Installed: rpcbind-1.2.6-0.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: ecj-1:4.19-1.fc34.noarch", "Installed: apache-commons-codec-1.15-2.fc34.noarch", "Installed: words-3.0-37.fc34.noarch", "Installed: python3-qrcode-core-6.1-8.fc34.noarch", "Installed: perl-IO-Socket-IP-0.41-3.fc34.noarch", "Installed: apache-commons-daemon-1.2.4-1.fc34.x86_64", "Installed: perl-Text-ParseWords-3.30-458.fc34.noarch", "Installed: perl-IO-Socket-SSL-2.070-2.fc34.noarch", "Installed: avahi-libs-0.8-14.fc34.x86_64", "Installed: freeipa-client-4.9.6-4.fc34.x86_64", "Installed: freeipa-client-common-4.9.6-4.fc34.noarch", "Installed: libuv-1:1.43.0-2.fc34.x86_64", "Installed: apache-commons-io-1:2.8.0-3.fc34.noarch", "Installed: perl-IO-Zlib-1:1.11-2.fc34.noarch", "Installed: freeipa-common-4.9.6-4.fc34.noarch", "Installed: freeipa-healthcheck-core-0.9-2.fc34.noarch", "Installed: apache-commons-lang3-3.11-2.fc34.noarch", "Installed: freeipa-selinux-4.9.6-4.fc34.noarch", "Installed: apache-commons-logging-1.2-25.fc34.noarch", "Installed: freeipa-server-4.9.6-4.fc34.x86_64", "Installed: lcms2-2.12-1.fc34.x86_64", "Installed: freeipa-server-common-4.9.6-4.fc34.noarch", "Installed: apache-commons-net-3.6-11.fc34.noarch", "Installed: ldapjdk-4.22.0-5.fc34.noarch", "Installed: jackson-annotations-2.11.4-2.fc34.noarch", "Installed: perl-Scalar-List-Utils-4:1.56-459.fc34.x86_64", "Installed: jackson-core-2.11.4-2.fc34.noarch", "Installed: jackson-databind-2.11.4-2.fc34.noarch", "Installed: js-jquery-3.5.0-5.fc34.noarch", "Installed: jackson-jaxrs-json-provider-2.11.4-2.fc34.noarch", "Installed: jackson-jaxrs-providers-2.11.4-2.fc34.noarch", "Installed: fstrm-0.6.1-2.fc34.x86_64", "Installed: lksctp-tools-1.0.18-9.fc34.x86_64", "Installed: jackson-module-jaxb-annotations-2.11.4-2.fc34.noarch", "Installed: perl-Time-Local-2:1.300-5.fc34.noarch", "Installed: perl-Exporter-5.74-459.fc34.noarch", "Installed: slapi-nis-0.56.7-1.fc34.x86_64", "Installed: perl-Compress-Raw-Bzip2-2.101-3.fc34.x86_64", "Installed: jakarta-activation-1.2.2-2.fc34.noarch", "Installed: perl-Compress-Raw-Lzma-2.101-1.fc34.x86_64", "Installed: mod_auth_gssapi-1.6.3-3.fc34.x86_64", "Installed: perl-Compress-Raw-Zlib-2.101-3.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: perl-SelectSaver-1.02-477.fc34.noarch", "Installed: libwbclient-2:4.14.11-0.fc34.x86_64", "Installed: openldap-clients-2.4.57-6.fc34.x86_64", "Installed: openldap-compat-2.4.57-6.fc34.x86_64", "Installed: perl-Archive-Tar-2.40-1.fc34.noarch", "Installed: apr-util-1.6.1-16.fc34.x86_64", "Installed: apr-util-bdb-1.6.1-16.fc34.x86_64", "Installed: libpkgconf-1.7.3-6.fc34.x86_64", "Installed: pkgconf-1.7.3-6.fc34.x86_64", "Installed: pkgconf-m4-1.7.3-6.fc34.noarch", "Installed: pkgconf-pkg-config-1.7.3-6.fc34.x86_64", "Installed: perl-AutoLoader-5.74-477.fc34.noarch", "Installed: apr-util-openssl-1.6.1-16.fc34.x86_64", "Installed: perl-B-1.80-477.fc34.x86_64", "Installed: pki-kra-10.10.7-1.fc34.noarch", "Installed: authselect-1.2.3-1.fc34.x86_64", "Installed: mod_lookup_identity-1.0.0-13.fc34.x86_64", "Installed: resteasy-atom-provider-3.0.26-7.fc34.noarch", "Installed: resteasy-client-3.0.26-7.fc34.noarch", "Installed: resteasy-core-3.0.26-7.fc34.noarch", "Installed: authselect-libs-1.2.3-1.fc34.x86_64", "Installed: resteasy-jackson2-provider-3.0.26-7.fc34.noarch", "Installed: resteasy-jaxb-provider-3.0.26-7.fc34.noarch", "Installed: softhsm-2.6.1-5.fc34.1.x86_64", "Installed: perl-Storable-1:3.21-458.fc34.x86_64", "Installed: jss-4.8.1-2.fc34.x86_64", "Installed: perl-Class-Struct-0.66-477.fc34.noarch", "Installed: pki-server-10.10.7-1.fc34.noarch", "Installed: xalan-j2-2.7.2-7.fc34.noarch", "Installed: perl-Algorithm-Diff-1.2010-2.fc34.noarch", "Installed: keyutils-1.6.1-2.fc34.x86_64", "Installed: libpng-2:1.6.37-10.fc34.x86_64", "Installed: java-11-openjdk-headless-1:11.0.13.0.8-2.fc34.x86_64", "Installed: perl-URI-5.09-1.fc34.noarch", "Installed: python3-psutil-5.8.0-5.fc34.x86_64", "Installed: tomcat-1:9.0.56-1.fc34.noarch", "Installed: julietaula-montserrat-base-web-fonts-1:7.210-4.fc34.noarch", "Installed: tomcat-el-3.0-api-1:9.0.56-1.fc34.noarch", "Installed: julietaula-montserrat-fonts-common-1:7.210-4.fc34.noarch", "Installed: tomcat-jsp-2.3-api-1:9.0.56-1.fc34.noarch", "Installed: tomcat-lib-1:9.0.56-1.fc34.noarch", "Installed: tomcat-servlet-4.0-api-1:9.0.56-1.fc34.noarch", "Installed: perl-Devel-Peek-1.28-477.fc34.x86_64", "Installed: python3-sss-2.5.2-2.fc34.x86_64", "Installed: perl-Digest-1.20-1.fc34.noarch", "Installed: python3-sss-murmur-2.5.2-2.fc34.x86_64", "Installed: python3-sssdconfig-2.5.2-2.fc34.noarch", "Installed: perl-Net-SSLeay-1.90-2.fc34.x86_64", "Installed: perl-DynaLoader-1.47-477.fc34.x86_64", "Installed: perl-Encode-4:3.15-462.fc34.x86_64", "Installed: bind-libs-32:9.16.24-1.fc34.x86_64", "Installed: bind-license-32:9.16.24-1.fc34.noarch", "Installed: perl-Errno-1.30-477.fc34.x86_64", "Installed: python3-systemd-234-19.fc34.x86_64", "Installed: httpcomponents-client-4.5.10-6.fc34.noarch", "Installed: httpcomponents-core-4.4.12-5.fc34.noarch", "Installed: perl-File-Path-2.18-2.fc34.noarch", "Installed: python3-pyasn1-0.4.8-4.fc34.noarch", "Installed: python3-pyasn1-modules-0.4.8-4.fc34.noarch", "Installed: bind-utils-32:9.16.24-1.fc34.x86_64", "Installed: perl-Fcntl-1.13-477.fc34.x86_64", "Installed: perl-File-Basename-2.85-477.fc34.noarch", "Installed: perl-File-Find-1.37-477.fc34.noarch", "Installed: python3-mod_wsgi-4.7.1-4.fc34.x86_64", "Installed: libicu-67.1-7.fc34.x86_64", "Installed: perl-File-stat-1.09-477.fc34.noarch", "Installed: mailcap-2.1.49-3.fc34.noarch", "Installed: python3-gssapi-1.6.9-3.fc34.x86_64", "Installed: perl-FileHandle-2.03-477.fc34.noarch", "Installed: perl-Getopt-Std-1.12-477.fc34.noarch", "Installed: perl-File-Temp-1:0.231.100-2.fc34.noarch", "Installed: sssd-common-pac-2.5.2-2.fc34.x86_64", "Installed: sssd-dbus-2.5.2-2.fc34.x86_64", "Installed: alsa-lib-1.2.6.1-3.fc34.x86_64", "Installed: python3-ipaclient-4.9.6-4.fc34.noarch", "Installed: fedora-logos-httpd-34.0.4-1.fc34.noarch", "Installed: python3-ipalib-4.9.6-4.fc34.noarch", "Installed: perl-HTTP-Tiny-0.078-1.fc34.noarch", "Installed: python3-ipaserver-4.9.6-4.fc34.noarch", "Installed: sssd-ipa-2.5.2-2.fc34.x86_64", "Installed: jaxb-impl-2.3.5-1.fc34.noarch", "Installed: sssd-krb5-common-2.5.2-2.fc34.x86_64", "Installed: python3-decorator-4.4.2-4.fc34.noarch", "Installed: graphite2-1.3.14-7.fc34.x86_64", "Installed: sssd-tools-2.5.2-2.fc34.x86_64", "Installed: perl-IO-1.43-477.fc34.x86_64", "Installed: perl-IPC-Open3-1.21-477.fc34.noarch", "Installed: openssl-1:1.1.1l-2.fc34.x86_64", "Installed: libipa_hbac-2.5.2-2.fc34.x86_64", "Installed: openssl-perl-1:1.1.1l-2.fc34.x86_64", "Installed: python3-kdcproxy-1.0.0-5.fc34.noarch", "Installed: perl-Term-ANSIColor-5.01-459.fc34.noarch", "Installed: perl-Term-Cap-1.17-458.fc34.noarch", "Installed: web-assets-filesystem-5-13.fc34.noarch", "Installed: nfs-utils-1:2.5.4-2.rc3.fc34.x86_64", "Installed: tzdata-java-2021e-1.fc34.noarch", "Installed: 389-ds-base-2.0.12-1.fc34.x86_64", "Installed: perl-MIME-Base64-3.16-2.fc34.x86_64", "Installed: 389-ds-base-libs-2.0.12-1.fc34.x86_64", "Installed: perl-Mozilla-CA-20211001-1.fc34.noarch", "Installed: perl-NDBM_File-1.15-477.fc34.x86_64", "Installed: quota-1:4.06-4.fc34.x86_64", "Installed: python3-ldap-3.3.1-5.fc34.x86_64", "Installed: libjpeg-turbo-2.0.90-3.fc34.x86_64", "Installed: quota-nls-1:4.06-4.fc34.noarch", "Installed: fontawesome-fonts-1:4.7.0-11.fc34.noarch", "Installed: perl-DB_File-1.855-2.fc34.x86_64", "Installed: python3-lib389-2.0.12-1.fc34.noarch", "Installed: python3-yubico-1.3.3-5.fc34.noarch", "Installed: python3-netaddr-0.8.0-3.fc34.noarch", "Installed: javapackages-filesystem-5.3.0-15.fc34.noarch", "Installed: libkadm5-1.19.2-2.fc34.x86_64", "Installed: javapackages-tools-5.3.0-15.fc34.noarch", "Installed: python3-argcomplete-1.12.0-3.fc34.noarch", "Installed: perl-POSIX-1.94-477.fc34.x86_64", "Installed: python3-libipa_hbac-2.5.2-2.fc34.x86_64", "Installed: python3-netifaces-0.10.6-13.fc34.x86_64", "Installed: perl-Getopt-Long-1:2.52-2.fc34.noarch", "Installed: jaxb-api-2.3.3-3.fc34.noarch", "Installed: libxslt-1.1.34-5.fc34.x86_64", "Installed: perl-Data-Dumper-2.174-460.fc34.x86_64", "Installed: pki-acme-10.10.7-1.fc34.noarch", "Installed: pki-base-10.10.7-1.fc34.noarch", "Installed: pki-base-java-10.10.7-1.fc34.noarch", "Installed: pki-ca-10.10.7-1.fc34.noarch", "Installed: copy-jdk-configs-4.0-1.fc34.noarch", "Installed: perl-Socket-4:2.032-1.fc34.x86_64", "Installed: pki-symkey-10.10.7-1.fc34.x86_64", "Installed: pki-tools-10.10.7-1.fc34.x86_64", "Installed: perl-Symbol-1.08-477.fc34.noarch" ] } TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 Tuesday 01 February 2022 17:52:25 +0000 (0:00:39.817) 0:01:57.759 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: bind-dnssec-doc-32:9.16.24-1.fc34.noarch", "Installed: bind-dnssec-utils-32:9.16.24-1.fc34.x86_64", "Installed: bind-dyndb-ldap-11.9-8.fc34.x86_64", "Installed: ldns-1.8.1-3.fc34.x86_64", "Installed: opencryptoki-icsftok-3.16.0-2.fc34.x86_64", "Installed: opendnssec-2.1.9-1.fc34.x86_64", "Installed: python3-bind-32:9.16.24-1.fc34.noarch", "Installed: sqlite-3.34.1-2.fc34.x86_64", "Installed: opencryptoki-3.16.0-2.fc34.x86_64", "Installed: bind-32:9.16.24-1.fc34.x86_64", "Installed: freeipa-server-dns-4.9.6-4.fc34.noarch", "Installed: opencryptoki-libs-3.16.0-2.fc34.x86_64" ] } TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Tuesday 01 February 2022 17:52:31 +0000 (0:00:06.088) 0:02:03.848 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 Tuesday 01 February 2022 17:52:31 +0000 (0:00:00.032) 0:02:03.880 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: nftables-1:0.9.8-3.fc34.x86_64", "Installed: firewalld-0.9.4-1.fc34.noarch", "Installed: firewalld-filesystem-0.9.4-1.fc34.noarch", "Installed: python3-firewall-0.9.4-1.fc34.noarch", "Installed: libnftnl-1.1.9-2.fc34.x86_64", "Installed: iptables-nft-1.8.7-8.fc34.x86_64", "Installed: ipset-7.11-1.fc34.x86_64", "Installed: python3-gobject-base-3.40.1-1.fc34.x86_64", "Installed: ipset-libs-7.11-1.fc34.x86_64", "Installed: gobject-introspection-1.68.0-4.fc34.x86_64", "Installed: python3-nftables-1:0.9.8-3.fc34.x86_64", "Installed: python3-slip-0.6.4-22.fc34.noarch", "Installed: python3-slip-dbus-0.6.4-22.fc34.noarch" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Tuesday 01 February 2022 17:52:35 +0000 (0:00:03.897) 0:02:07.778 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket dbus-broker.service polkit.service system.slice sysinit.target basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "ebtables.service ipset.service ip6tables.service shutdown.target iptables.service nftables.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [ipaserver : Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 Tuesday 01 February 2022 17:52:36 +0000 (0:00:01.090) 0:02:08.868 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Tuesday 01 February 2022 17:52:36 +0000 (0:00:00.033) 0:02:08.901 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 Tuesday 01 February 2022 17:52:36 +0000 (0:00:00.030) 0:02:08.932 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 Tuesday 01 February 2022 17:52:36 +0000 (0:00:00.030) 0:02:08.962 ****** ok: [/cache/fedora-34.qcow2] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 384599999, "idstart": 384400000, "ipa_python_version": 40906, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:137 Tuesday 01 February 2022 17:52:38 +0000 (0:00:01.226) 0:02:10.189 ****** changed: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:144 Tuesday 01 February 2022 17:52:39 +0000 (0:00:01.147) 0:02:11.336 ****** ok: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:152 Tuesday 01 February 2022 17:52:39 +0000 (0:00:00.032) 0:02:11.369 ****** changed: [/cache/fedora-34.qcow2] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": [ "10.0.2.3" ], "ip_addresses": [ "10.0.2.15", "fec0::5054:ff:fe12:3456" ], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 Tuesday 01 February 2022 17:52:41 +0000 (0:00:02.098) 0:02:13.467 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 Tuesday 01 February 2022 17:52:51 +0000 (0:00:10.426) 0:02:23.893 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 Tuesday 01 February 2022 17:53:08 +0000 (0:00:16.836) 0:02:40.730 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 Tuesday 01 February 2022 17:53:14 +0000 (0:00:05.469) 0:02:46.199 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 Tuesday 01 February 2022 17:53:17 +0000 (0:00:03.768) 0:02:49.967 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "/cache/fedora-34.qcow2-ipa.csr"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:306 Tuesday 01 February 2022 17:55:33 +0000 (0:02:15.523) 0:05:05.491 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 Tuesday 01 February 2022 17:55:33 +0000 (0:00:00.038) 0:05:05.529 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 Tuesday 01 February 2022 17:55:35 +0000 (0:00:02.619) 0:05:08.149 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:353 Tuesday 01 February 2022 17:57:00 +0000 (0:01:24.930) 0:06:33.080 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 Tuesday 01 February 2022 17:57:00 +0000 (0:00:00.043) 0:06:33.124 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:381 Tuesday 01 February 2022 17:57:08 +0000 (0:00:07.734) 0:06:40.858 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:396 Tuesday 01 February 2022 17:57:08 +0000 (0:00:00.035) 0:06:40.894 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:413 Tuesday 01 February 2022 17:57:11 +0000 (0:00:02.332) 0:06:43.227 ****** TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Tuesday 01 February 2022 17:57:11 +0000 (0:00:00.051) 0:06:43.279 ****** ok: [/cache/fedora-34.qcow2] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => { "ansible_facts": { "ipaclient_packages": [ "ipa-client", "python3-libselinux" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:12 Tuesday 01 February 2022 17:57:11 +0000 (0:00:00.093) 0:06:43.372 ****** included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/fedora-34.qcow2 TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 Tuesday 01 February 2022 17:57:11 +0000 (0:00:00.063) 0:06:43.435 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [ipaclient : Install - Set ipaclient_servers] ***************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 Tuesday 01 February 2022 17:57:13 +0000 (0:00:02.163) 0:06:45.599 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set ipaclient_servers from cluster inventory] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 Tuesday 01 February 2022 17:57:13 +0000 (0:00:00.035) 0:06:45.635 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 Tuesday 01 February 2022 17:57:13 +0000 (0:00:00.033) 0:06:45.668 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 Tuesday 01 February 2022 17:57:13 +0000 (0:00:00.032) 0:06:45.701 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 Tuesday 01 February 2022 17:57:13 +0000 (0:00:00.034) 0:06:45.735 ****** ok: [/cache/fedora-34.qcow2] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40906, "kdc": "ipaserver.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 Tuesday 01 February 2022 17:57:14 +0000 (0:00:00.898) 0:06:46.634 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 Tuesday 01 February 2022 17:57:14 +0000 (0:00:00.395) 0:06:47.030 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 Tuesday 01 February 2022 17:57:15 +0000 (0:00:00.864) 0:06:47.895 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 Tuesday 01 February 2022 17:57:15 +0000 (0:00:00.039) 0:06:47.934 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 Tuesday 01 February 2022 17:57:15 +0000 (0:00:00.037) 0:06:47.972 ****** ok: [/cache/fedora-34.qcow2] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 Tuesday 01 February 2022 17:57:17 +0000 (0:00:01.620) 0:06:49.593 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.039) 0:06:49.633 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.051) 0:06:49.685 ****** skipping: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.040) 0:06:49.725 ****** skipping: [/cache/fedora-34.qcow2] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.037) 0:06:49.763 ****** skipping: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.045) 0:06:49.808 ****** skipping: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.037) 0:06:49.846 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.050) 0:06:49.896 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.044) 0:06:49.940 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:188 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.038) 0:06:49.979 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:193 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.038) 0:06:50.018 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:215 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.036) 0:06:50.055 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:220 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.038) 0:06:50.094 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:223 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.038) 0:06:50.132 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:235 Tuesday 01 February 2022 17:57:17 +0000 (0:00:00.038) 0:06:50.171 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:244 Tuesday 01 February 2022 17:57:18 +0000 (0:00:00.040) 0:06:50.211 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:266 Tuesday 01 February 2022 17:57:18 +0000 (0:00:00.891) 0:06:51.103 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 Tuesday 01 February 2022 17:57:18 +0000 (0:00:00.047) 0:06:51.150 ****** changed: [/cache/fedora-34.qcow2] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:288 Tuesday 01 February 2022 17:57:21 +0000 (0:00:02.103) 0:06:53.253 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 Tuesday 01 February 2022 17:57:21 +0000 (0:00:00.043) 0:06:53.297 ****** changed: [/cache/fedora-34.qcow2] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:329 Tuesday 01 February 2022 17:57:25 +0000 (0:00:04.516) 0:06:57.813 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 Tuesday 01 February 2022 17:57:26 +0000 (0:00:00.935) 0:06:58.749 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:343 Tuesday 01 February 2022 17:57:27 +0000 (0:00:00.887) 0:06:59.637 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:349 Tuesday 01 February 2022 17:57:27 +0000 (0:00:00.040) 0:06:59.677 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:367 Tuesday 01 February 2022 17:57:28 +0000 (0:00:01.064) 0:07:00.742 ****** skipping: [/cache/fedora-34.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:373 Tuesday 01 February 2022 17:57:28 +0000 (0:00:00.040) 0:07:00.783 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:16 Tuesday 01 February 2022 17:57:29 +0000 (0:00:00.433) 0:07:01.216 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2 TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 Tuesday 01 February 2022 17:57:29 +0000 (0:00:00.039) 0:07:01.256 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true } TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:435 Tuesday 01 February 2022 17:57:33 +0000 (0:00:04.685) 0:07:05.941 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:441 Tuesday 01 February 2022 17:57:34 +0000 (0:00:00.406) 0:07:06.347 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.298438", "end": "2022-02-01 17:57:34.496319", "rc": 0, "start": "2022-02-01 17:57:34.197881" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:455 Tuesday 01 February 2022 17:57:35 +0000 (0:00:00.845) 0:07:07.193 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.257135", "end": "2022-02-01 17:57:35.143952", "rc": 0, "start": "2022-02-01 17:57:34.886817" } STDOUT: success TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 Tuesday 01 February 2022 17:57:35 +0000 (0:00:00.647) 0:07:07.840 ****** ok: [/cache/fedora-34.qcow2] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [/cache/fedora-34.qcow2] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [/cache/fedora-34.qcow2] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:16 Tuesday 01 February 2022 17:57:36 +0000 (0:00:01.108) 0:07:08.949 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Issue IPA signed certificates] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_basic_ipa.yml:8 Tuesday 01 February 2022 17:57:36 +0000 (0:00:00.047) 0:07:08.996 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:57:37 +0000 (0:00:00.773) 0:07:09.770 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 17:57:37 +0000 (0:00:00.026) 0:07:09.796 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 17:57:39 +0000 (0:00:01.951) 0:07:11.747 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 17:57:41 +0000 (0:00:02.026) 0:07:13.774 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 17:57:42 +0000 (0:00:00.408) 0:07:14.182 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 17:57:42 +0000 (0:00:00.394) 0:07:14.577 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Tue 2022-02-01 17:54:47 UTC", "ActiveEnterTimestampMonotonic": "270601785", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "sysinit.target basic.target network.target syslog.target dbus-broker.service dbus.socket system.slice systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Tue 2022-02-01 17:54:47 UTC", "AssertTimestampMonotonic": "270590346", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "32732920000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Tue 2022-02-01 17:54:47 UTC", "ConditionTimestampMonotonic": "270590344", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "16587", "ExecMainStartTimestamp": "Tue 2022-02-01 17:54:47 UTC", "ExecMainStartTimestampMonotonic": "270592079", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Tue 2022-02-01 17:54:47 UTC", "InactiveExitTimestampMonotonic": "270592386", "InvocationID": "215b90e666fb4adbbaef9329d53dc1a6", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "16587", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "2629632", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Tue 2022-02-01 17:57:31 UTC", "StateChangeTimestampMonotonic": "434392955", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 17:57:43 +0000 (0:00:00.836) 0:07:15.413 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2] => (item={'name': 'groupcert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa', 'group': 'ftp'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificates] ***************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_basic_ipa.yml:27 Tuesday 01 February 2022 17:57:47 +0000 (0:00:04.513) 0:07:19.927 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_basic_ipa.yml:84 Tuesday 01 February 2022 17:57:48 +0000 (0:00:00.760) 0:07:20.687 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/groupcert.crt', 'key_path': '/etc/pki/tls/private/groupcert.key', 'owner': 'root', 'group': 'ftp', 'mode': '0640', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'ipaserver.test.local'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'TEST.LOCAL'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'ipaserver.test.local'}, {'name': 'Universal Principal Name (UPN)', 'oid': '1.3.6.1.4.1.311.20.2.3', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}, {'name': 'Kerberos principalname', 'oid': '1.3.6.1.5.2.2', 'value': 'HTTP/ipaserver.test.local@TEST.LOCAL'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment', 'data_encipherment']}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:57:48 +0000 (0:00:00.039) 0:07:20.727 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:57:48 +0000 (0:00:00.017) 0:07:20.744 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:57:50 +0000 (0:00:02.143) 0:07:22.888 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:57:55 +0000 (0:00:04.684) 0:07:27.572 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 54.1 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 93.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 30.3 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 124.5 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 41.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:57:58 +0000 (0:00:02.699) 0:07:30.272 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738265.5493665, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "23294efd8091b1807dc845e896d883a85b35aea6", "ctime": 1643738265.5453663, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 146003, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738265.5453663, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "1304063810", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:57:58 +0000 (0:00:00.517) 0:07:30.790 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:57:58 +0000 (0:00:00.020) 0:07:30.810 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 17:57:58 +0000 (0:00:00.033) 0:07:30.843 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 17:57:58 +0000 (0:00:00.030) 0:07:30.874 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738263.4693663, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "02ce218a7d8f1e14125aa86119062f0afe9502ec", "ctime": 1643738265.5453663, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 146002, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738265.5453663, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2437952019", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.361) 0:07:31.236 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.021) 0:07:31.257 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.035) 0:07:31.293 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.195549", "end": "2022-02-01 17:57:59.148148", "rc": 0, "start": "2022-02-01 17:57:58.952599" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "1A:20:3C:2B:E4:9A:C6:AD:4F:C8:17:0D:F3:78:1B:4F:4E:B0:4A:FA", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "92:DD:B4:49:24:2F:6E:76:04:3E:2F:2F:D5:D0:16:3F:FB:50:0A:D1", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "86:BA:29:72:D3:C1:8B:50:82:69:82:64:C9:51:FF:EA:9C:D0:D0:5C:C4:6C:E0:72:5F:06:52:CD:84:92:57:E6:D4:5A:64:36:73:28:D5:13:2B:58:22:E0:92:CD:D2:E8:AC:A2:47:75:5B:9A:C1:12:74:A0:D4:78:C9:12:75:31:84:38:69:7C:6F:D6:2E:6B:38:F6:2A:34:4C:9A:0A:F0:ED:50:AF:E6:BB:2A:32:47:48:87:AA:08:FA:15:7B:42:2C:25:CD:E0:0D:6F:1E:D4:24:20:74:8F:5F:48:B3:1D:CD:07:CA:61:71:76:76:2B:4F:56:A1:E4:4C:CA:58:03:AB:43:91:BD:09:48:03:9F:F6:1A:AA:C0:E2:44:60:C2:A8:29:3D:CB:A5:22:8E:A7:FD:71:E0:B3:44:70:E7:82:1A:05:27:4B:FB:A8:83:7C:95:98:95:FB:1E:9A:66:06:EF:7E:80:5F:05:08:F7:44:69:F7:16:E3:DD:FB:F6:1F:6C:3A:97:07:D5:49:2E:58:16:0A:7C:E5:E2:6E:88:04:A1:BF:2A:EE:32:FE:74:08:69:F3:C6:5D:27:41:22:21:65:CF:9D:0D:DD:97:5C:01:B7:46:D0:2B:63:FC:6C:98:C6:64:91:9C:E7:A1:5E:09:66:BF:7E:2B:A2:3F:5B:F9:55:3F:37:62:73:F5:E7:2A:EE:83:D0:B0:E5:E0:9C:F2:D1:E3:4A:1D:2A:DA:F8:71:DB:7D:A5:37:1C:72:77:EA:A3:F8:AB:EB:CF:9A:F1:19:20:1E:1B:0D:99:D0:75:A1:50:17:61:0B:A7:BC:AE:D5:11:BE:4A:6E:D4:56:81:FD:C0:20:45:18:C5:EF:24:65:E8:AD:61:89:AF:CD:9B:08:00:C4:17:CD:57:6D:6E:0B:EC:1F:72:D9:A8:7D:3E:35:45:CE:84:5A:00:D4:A9:E2:9E:B8:D7:52:4D:F6:6F:9A:EE:E4:6D:88:63:DE:2F:39:C7:57:22:07:74:36:D9:20" }, "key_size": 2048, "validity": { "not_valid_after": "2024-02-02 17:57:45", "not_valid_before": "2022-02-01 17:57:45" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.552) 0:07:31.845 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "1A:20:3C:2B:E4:9A:C6:AD:4F:C8:17:0D:F3:78:1B:4F:4E:B0:4A:FA" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "92:DD:B4:49:24:2F:6E:76:04:3E:2F:2F:D5:D0:16:3F:FB:50:0A:D1" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "86:BA:29:72:D3:C1:8B:50:82:69:82:64:C9:51:FF:EA:9C:D0:D0:5C:C4:6C:E0:72:5F:06:52:CD:84:92:57:E6:D4:5A:64:36:73:28:D5:13:2B:58:22:E0:92:CD:D2:E8:AC:A2:47:75:5B:9A:C1:12:74:A0:D4:78:C9:12:75:31:84:38:69:7C:6F:D6:2E:6B:38:F6:2A:34:4C:9A:0A:F0:ED:50:AF:E6:BB:2A:32:47:48:87:AA:08:FA:15:7B:42:2C:25:CD:E0:0D:6F:1E:D4:24:20:74:8F:5F:48:B3:1D:CD:07:CA:61:71:76:76:2B:4F:56:A1:E4:4C:CA:58:03:AB:43:91:BD:09:48:03:9F:F6:1A:AA:C0:E2:44:60:C2:A8:29:3D:CB:A5:22:8E:A7:FD:71:E0:B3:44:70:E7:82:1A:05:27:4B:FB:A8:83:7C:95:98:95:FB:1E:9A:66:06:EF:7E:80:5F:05:08:F7:44:69:F7:16:E3:DD:FB:F6:1F:6C:3A:97:07:D5:49:2E:58:16:0A:7C:E5:E2:6E:88:04:A1:BF:2A:EE:32:FE:74:08:69:F3:C6:5D:27:41:22:21:65:CF:9D:0D:DD:97:5C:01:B7:46:D0:2B:63:FC:6C:98:C6:64:91:9C:E7:A1:5E:09:66:BF:7E:2B:A2:3F:5B:F9:55:3F:37:62:73:F5:E7:2A:EE:83:D0:B0:E5:E0:9C:F2:D1:E3:4A:1D:2A:DA:F8:71:DB:7D:A5:37:1C:72:77:EA:A3:F8:AB:EB:CF:9A:F1:19:20:1E:1B:0D:99:D0:75:A1:50:17:61:0B:A7:BC:AE:D5:11:BE:4A:6E:D4:56:81:FD:C0:20:45:18:C5:EF:24:65:E8:AD:61:89:AF:CD:9B:08:00:C4:17:CD:57:6D:6E:0B:EC:1F:72:D9:A8:7D:3E:35:45:CE:84:5A:00:D4:A9:E2:9E:B8:D7:52:4D:F6:6F:9A:EE:E4:6D:88:63:DE:2F:39:C7:57:22:07:74:36:D9:20" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-02-02 17:57:45", "not_valid_before": "2022-02-01 17:57:45" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.033) 0:07:31.879 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.033) 0:07:31.912 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.020) 0:07:31.933 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.032) 0:07:31.965 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.032) 0:07:31.998 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 17:57:59 +0000 (0:00:00.032) 0:07:32.031 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.053487", "end": "2022-02-01 17:57:59.735566", "rc": 0, "start": "2022-02-01 17:57:59.682079" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:58:00 +0000 (0:00:00.398) 0:07:32.429 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 17:58:00 +0000 (0:00:00.034) 0:07:32.464 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 17:58:00 +0000 (0:00:00.017) 0:07:32.481 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 17:58:02 +0000 (0:00:01.967) 0:07:34.448 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 17:58:03 +0000 (0:00:01.015) 0:07:35.464 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 17:58:04 +0000 (0:00:00.967) 0:07:36.432 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738267.0463665, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "29ef08a71806adf9f0d903761d8c4f6e5b9d40fe", "ctime": 1643738267.1943665, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 146005, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643738267.0433664, "nlink": 1, "path": "/etc/pki/tls/certs/groupcert.crt", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "975200892", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 17:58:04 +0000 (0:00:00.377) 0:07:36.809 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 17:58:04 +0000 (0:00:00.021) 0:07:36.831 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 17:58:04 +0000 (0:00:00.035) 0:07:36.866 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 17:58:04 +0000 (0:00:00.032) 0:07:36.899 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738266.2353663, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "90ed9845b828c2ad62e065ca2b9f30cc8e1884dd", "ctime": 1643738267.1943665, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 146004, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643738267.0433664, "nlink": 1, "path": "/etc/pki/tls/private/groupcert.key", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1192909437", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.378) 0:07:37.278 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.022) 0:07:37.300 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.034) 0:07:37.335 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/groupcert.crt" ], "delta": "0:00:00.206542", "end": "2022-02-01 17:58:05.211899", "rc": 0, "start": "2022-02-01 17:58:05.005357" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "1A:20:3C:2B:E4:9A:C6:AD:4F:C8:17:0D:F3:78:1B:4F:4E:B0:4A:FA", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "BF:F9:6D:68:AA:1D:14:59:CE:46:9F:08:C6:31:76:72:F1:F4:13:43", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "74:71:E3:84:75:9F:19:7B:1B:EA:20:C4:40:99:17:50:82:2D:1D:0C:12:84:0D:DE:88:F9:29:1F:E1:0E:36:4C:FE:38:4B:FC:9C:F8:4B:3F:1A:6E:F7:C6:34:5E:DB:D6:E9:C0:BF:CB:CF:B7:53:70:C0:10:78:F6:8D:BC:0A:5F:04:5E:E1:87:73:C5:C9:14:23:F6:A9:E6:D7:32:B0:FE:08:61:B9:18:DE:30:92:AA:9F:4B:82:D8:F6:0F:27:27:1B:0D:63:B7:22:3C:4A:0C:4A:D1:AC:8B:CE:5F:0F:F4:EA:D9:4C:07:03:5B:7E:4B:CC:DA:3E:77:BC:BC:1F:15:EF:97:15:6E:B8:14:AE:52:1F:44:5B:16:5D:30:87:F8:8C:EB:7B:46:F7:EA:16:FC:E3:05:9C:B0:A7:86:8F:C1:15:0D:29:4F:06:E6:1A:D1:41:A4:20:42:2A:2B:06:CA:61:1E:F2:00:7B:AE:7C:58:AC:31:FE:C6:F9:0F:6D:62:AE:69:A4:41:B5:86:56:59:14:93:FF:4B:09:60:6D:6C:EF:B3:06:06:31:AA:D3:4D:8A:40:82:D6:7D:2D:EC:67:51:26:68:6F:32:A7:CC:98:3E:1A:55:18:E5:2C:05:0F:23:A4:53:E2:1E:3E:F0:E7:C1:1F:73:AA:CA:44:09:1C:6F:30:06:07:3A:16:AA:9D:13:F6:CB:DC:15:6F:0E:32:93:F6:BE:25:C5:79:B5:08:C6:DB:74:E6:56:C1:AA:6B:37:2A:EF:AF:6F:79:4B:32:01:1C:EF:4B:C9:AB:25:50:5A:1E:55:E8:2C:43:B4:87:8F:64:32:A0:09:3E:80:05:34:CD:7A:54:B8:2B:F7:67:EA:C6:D9:F2:A3:EA:1E:4C:A2:33:26:9D:33:F7:E4:98:BB:CE:0B:28:8E:A5:12:CA:34:4D:92:51:5A:EA:EA:8E:5C:8B:AB:02:27:95:1A:86:C7:19:BE:17:6B:23:37:52:6E:BC:03:63:2C:8E:95:5E" }, "key_size": 2048, "validity": { "not_valid_after": "2024-02-02 17:57:46", "not_valid_before": "2022-02-01 17:57:46" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.576) 0:07:37.911 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "1A:20:3C:2B:E4:9A:C6:AD:4F:C8:17:0D:F3:78:1B:4F:4E:B0:4A:FA" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "BF:F9:6D:68:AA:1D:14:59:CE:46:9F:08:C6:31:76:72:F1:F4:13:43" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "74:71:E3:84:75:9F:19:7B:1B:EA:20:C4:40:99:17:50:82:2D:1D:0C:12:84:0D:DE:88:F9:29:1F:E1:0E:36:4C:FE:38:4B:FC:9C:F8:4B:3F:1A:6E:F7:C6:34:5E:DB:D6:E9:C0:BF:CB:CF:B7:53:70:C0:10:78:F6:8D:BC:0A:5F:04:5E:E1:87:73:C5:C9:14:23:F6:A9:E6:D7:32:B0:FE:08:61:B9:18:DE:30:92:AA:9F:4B:82:D8:F6:0F:27:27:1B:0D:63:B7:22:3C:4A:0C:4A:D1:AC:8B:CE:5F:0F:F4:EA:D9:4C:07:03:5B:7E:4B:CC:DA:3E:77:BC:BC:1F:15:EF:97:15:6E:B8:14:AE:52:1F:44:5B:16:5D:30:87:F8:8C:EB:7B:46:F7:EA:16:FC:E3:05:9C:B0:A7:86:8F:C1:15:0D:29:4F:06:E6:1A:D1:41:A4:20:42:2A:2B:06:CA:61:1E:F2:00:7B:AE:7C:58:AC:31:FE:C6:F9:0F:6D:62:AE:69:A4:41:B5:86:56:59:14:93:FF:4B:09:60:6D:6C:EF:B3:06:06:31:AA:D3:4D:8A:40:82:D6:7D:2D:EC:67:51:26:68:6F:32:A7:CC:98:3E:1A:55:18:E5:2C:05:0F:23:A4:53:E2:1E:3E:F0:E7:C1:1F:73:AA:CA:44:09:1C:6F:30:06:07:3A:16:AA:9D:13:F6:CB:DC:15:6F:0E:32:93:F6:BE:25:C5:79:B5:08:C6:DB:74:E6:56:C1:AA:6B:37:2A:EF:AF:6F:79:4B:32:01:1C:EF:4B:C9:AB:25:50:5A:1E:55:E8:2C:43:B4:87:8F:64:32:A0:09:3E:80:05:34:CD:7A:54:B8:2B:F7:67:EA:C6:D9:F2:A3:EA:1E:4C:A2:33:26:9D:33:F7:E4:98:BB:CE:0B:28:8E:A5:12:CA:34:4D:92:51:5A:EA:EA:8E:5C:8B:AB:02:27:95:1A:86:C7:19:BE:17:6B:23:37:52:6E:BC:03:63:2C:8E:95:5E" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-02-02 17:57:46", "not_valid_before": "2022-02-01 17:57:46" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.033) 0:07:37.945 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.037) 0:07:37.982 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.021) 0:07:38.004 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.033) 0:07:38.037 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.033) 0:07:38.071 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 17:58:05 +0000 (0:00:00.031) 0:07:38.102 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/groupcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.050152", "end": "2022-02-01 17:58:05.811943", "rc": 0, "start": "2022-02-01 17:58:05.761791" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 17:58:06 +0000 (0:00:00.407) 0:07:38.510 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=98 changed=32 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 Tuesday 01 February 2022 17:58:06 +0000 (0:00:00.036) 0:07:38.546 ****** =============================================================================== ipaserver : Install - Setup CA ---------------------------------------- 135.52s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 ----------------------- ipaserver : Install - Setup HTTP --------------------------------------- 84.93s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 ----------------------- ensure hostname package is installed ----------------------------------- 71.16s /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:33 --------------------- ipaserver : Install - Ensure that IPA server packages are installed ---- 39.82s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 ------------------------- ipaserver : Install - Setup DS ----------------------------------------- 16.84s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 ----------------------- ipaserver : Install - Setup NTP ---------------------------------------- 10.43s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 ----------------------- ipaserver : Install - Setup DNS ----------------------------------------- 7.73s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 ----------------------- ipaserver : Install - Ensure that IPA server packages for dns are installed --- 6.09s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 ------------------------ ipaserver : Install - Setup KRB ----------------------------------------- 5.47s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 ----------------------- ipaserver : Install - Enable IPA ---------------------------------------- 4.69s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 ----------------------- Install the package, force upgrade -------------------------------------- 4.68s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - ipaclient : Install - Create IPA NSS database --------------------------- 4.52s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 ----------------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 4.51s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 ipaserver : Install - Ensure that firewall packages installed ----------- 3.90s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 ------------------------ ipaserver : Install - Setup custodia ------------------------------------ 3.77s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 ----------------------- Ensure nss package is up-to-date ---------------------------------------- 3.29s /tmp/tmpd43sjho8/tests/certificate/tasks/setup_ipa.yml:42 --------------------- Install certreader ------------------------------------------------------ 2.70s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - ipaserver : Install - Setup otpd ---------------------------------------- 2.62s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 ----------------------- ipaserver : Install - Set DS password ----------------------------------- 2.33s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:396 ----------------------- ipaclient : Install - Ensure that IPA client packages are installed ----- 2.16s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 ------------------------- + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_basic_self_signed.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 17:58:20 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 17:58:20 +0000 (0:00:00.016) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 17:58:20 +0000 (0:00:00.018) 0:00:00.046 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_basic_self_signed.yml:2 Tuesday 01 February 2022 17:58:20 +0000 (0:00:00.021) 0:00:00.067 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 17:58:21 +0000 (0:00:01.008) 0:00:01.075 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 17:58:21 +0000 (0:00:00.025) 0:00:01.101 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:00:34 +0000 (0:02:13.506) 0:02:14.607 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:00:39 +0000 (0:00:04.433) 0:02:19.040 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:00:39 +0000 (0:00:00.569) 0:02:19.609 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:00:40 +0000 (0:00:00.407) 0:02:20.017 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target dbus-broker.service network.target basic.target syslog.target system.slice systemd-journald.socket dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:00:41 +0000 (0:00:00.997) 0:02:21.015 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_basic_self_signed.yml:13 Tuesday 01 February 2022 18:00:41 +0000 (0:00:00.924) 0:02:21.940 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_basic_self_signed.yml:27 Tuesday 01 February 2022 18:00:42 +0000 (0:00:00.736) 0:02:22.676 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:00:42 +0000 (0:00:00.031) 0:02:22.708 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:00:42 +0000 (0:00:00.013) 0:02:22.722 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:00:44 +0000 (0:00:01.862) 0:02:24.584 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:00:49 +0000 (0:00:04.683) 0:02:29.267 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.4 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 85.3 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 26.8 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 97.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 31.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:00:51 +0000 (0:00:02.651) 0:02:31.919 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738441.7101626, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a6a39d802b1b160aaf64ef83e31e3dc9a36a169b", "ctime": 1643738441.7071629, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738441.7071629, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "71717757", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:00:52 +0000 (0:00:00.521) 0:02:32.440 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:00:52 +0000 (0:00:00.020) 0:02:32.461 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:00:52 +0000 (0:00:00.033) 0:02:32.495 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:00:52 +0000 (0:00:00.032) 0:02:32.527 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738441.6641629, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9983bfee38122fcbd0a5796dc0316b5cf8c9094e", "ctime": 1643738441.7071629, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738441.7071629, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1086099689", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:00:52 +0000 (0:00:00.378) 0:02:32.906 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:00:52 +0000 (0:00:00.018) 0:02:32.925 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:00:52 +0000 (0:00:00.033) 0:02:32.958 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.193359", "end": "2022-02-01 18:00:53.564339", "rc": 0, "start": "2022-02-01 18:00:53.370980" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "B3:C2:33:6C:C3:60:6B:9B:04:02:4B:E0:62:8B:C1:25:5D:5B:CD:76", "critical": false }, "authorityKeyIdentifier": { "value": "4F:C9:EA:6C:AC:CC:1C:51:7C:DE:35:49:85:A4:14:9F:A5:57:7A:7F", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "23:9F:E2:14:13:FB:14:2A:56:AD:45:D7:4D:A2:A1:76:DD:A2:60:9D:12:CE:DF:F4:E4:33:D4:D1:3F:13:75:19:25:6F:EE:B6:F4:90:0E:A8:5E:26:43:53:F3:DB:88:E6:7B:E3:7A:66:D6:E3:7B:B6:A3:E6:6C:B7:8E:B4:58:DD:F9:BC:2A:07:40:BE:3C:D0:32:9E:33:E2:CD:43:47:9B:A5:69:67:45:A4:47:4C:4F:3A:D3:29:40:0A:BB:D1:89:E5:25:ED:0D:49:0E:94:48:CF:70:07:61:D0:97:07:64:93:68:0A:AA:FE:0A:79:AF:BA:22:BF:E1:27:1F:19:73:E6:CA:93:94:EC:74:DE:10:BD:49:B0:ED:47:71:E9:BD:D4:48:59:25:F5:17:24:68:0D:78:F2:14:92:18:CE:1E:12:76:83:B8:33:75:AC:91:E8:29:B2:52:37:19:DB:E4:CA:3E:DB:95:31:65:F7:93:15:1E:92:10:6E:12:07:81:41:AB:69:FB:18:60:64:4B:D4:68:AF:57:2C:6C:62:4B:A1:97:5F:48:6F:08:0B:C0:0A:01:17:DF:FB:F8:4A:83:B8:3D:4D:34:83:6A:4A:9D:08:84:DB:3A:67:C6:AA:4E:DF:3C:A4:59:1E:CA:21:95:EE:9F:05:29:89:72:9E:7E" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:00:41", "not_valid_before": "2022-02-01 18:00:41" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:00:53 +0000 (0:00:00.681) 0:02:33.639 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "4F:C9:EA:6C:AC:CC:1C:51:7C:DE:35:49:85:A4:14:9F:A5:57:7A:7F" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "B3:C2:33:6C:C3:60:6B:9B:04:02:4B:E0:62:8B:C1:25:5D:5B:CD:76" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "23:9F:E2:14:13:FB:14:2A:56:AD:45:D7:4D:A2:A1:76:DD:A2:60:9D:12:CE:DF:F4:E4:33:D4:D1:3F:13:75:19:25:6F:EE:B6:F4:90:0E:A8:5E:26:43:53:F3:DB:88:E6:7B:E3:7A:66:D6:E3:7B:B6:A3:E6:6C:B7:8E:B4:58:DD:F9:BC:2A:07:40:BE:3C:D0:32:9E:33:E2:CD:43:47:9B:A5:69:67:45:A4:47:4C:4F:3A:D3:29:40:0A:BB:D1:89:E5:25:ED:0D:49:0E:94:48:CF:70:07:61:D0:97:07:64:93:68:0A:AA:FE:0A:79:AF:BA:22:BF:E1:27:1F:19:73:E6:CA:93:94:EC:74:DE:10:BD:49:B0:ED:47:71:E9:BD:D4:48:59:25:F5:17:24:68:0D:78:F2:14:92:18:CE:1E:12:76:83:B8:33:75:AC:91:E8:29:B2:52:37:19:DB:E4:CA:3E:DB:95:31:65:F7:93:15:1E:92:10:6E:12:07:81:41:AB:69:FB:18:60:64:4B:D4:68:AF:57:2C:6C:62:4B:A1:97:5F:48:6F:08:0B:C0:0A:01:17:DF:FB:F8:4A:83:B8:3D:4D:34:83:6A:4A:9D:08:84:DB:3A:67:C6:AA:4E:DF:3C:A4:59:1E:CA:21:95:EE:9F:05:29:89:72:9E:7E" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:00:41", "not_valid_before": "2022-02-01 18:00:41" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:00:53 +0000 (0:00:00.030) 0:02:33.670 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:00:53 +0000 (0:00:00.031) 0:02:33.701 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:00:53 +0000 (0:00:00.018) 0:02:33.719 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:00:53 +0000 (0:00:00.029) 0:02:33.749 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:00:53 +0000 (0:00:00.031) 0:02:33.780 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:00:53 +0000 (0:00:00.032) 0:02:33.813 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040082", "end": "2022-02-01 18:00:54.130096", "rc": 0, "start": "2022-02-01 18:00:54.090014" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:00:54 +0000 (0:00:00.390) 0:02:34.204 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:00:54 +0000 (0:00:00.036) 0:02:34.240 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed - 133.51s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.68s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 4.43s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install certreader ------------------------------------------------------ 2.65s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 1.86s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.01s /tmp/tmpd43sjho8/tests/certificate/tests_basic_self_signed.yml:2 -------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.00s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.92s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmpd43sjho8/tests/certificate/tests_basic_self_signed.yml:13 ------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.57s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate file owner and group --------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify key file owner and group ----------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate permissions ------------------------------------------ 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 - Verify certificate Extended Key Usage ----------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_default.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:01:08 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:01:08 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:01:08 +0000 (0:00:00.017) 0:00:00.045 ****** =============================================================================== debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmpd43sjho8/tests/certificate/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_default.yml:3 Tuesday 01 February 2022 18:01:08 +0000 (0:00:00.018) 0:00:00.063 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:01:09 +0000 (0:00:01.072) 0:00:01.136 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:01:09 +0000 (0:00:00.026) 0:00:01.163 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:01:53 +0000 (0:00:43.895) 0:00:45.059 ****** TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:01:53 +0000 (0:00:00.033) 0:00:45.092 ****** TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:01:53 +0000 (0:00:00.028) 0:00:45.121 ****** TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:01:53 +0000 (0:00:00.029) 0:00:45.151 ****** TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:01:53 +0000 (0:00:00.029) 0:00:45.180 ****** META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=4 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Tuesday 01 February 2022 18:01:53 +0000 (0:00:00.021) 0:00:45.202 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 43.90s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Gathering Facts --------------------------------------------------------- 1.07s /tmp/tmpd43sjho8/tests/certificate/tests_default.yml:3 ------------------------ fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.03s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.03s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.03s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.03s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 fedora.linux_system_roles.certificate : Set version specific variables --- 0.03s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.02s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_dns_ip_email.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:02:07 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:02:07 +0000 (0:00:00.016) 0:00:00.027 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:02:07 +0000 (0:00:00.016) 0:00:00.044 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_dns_ip_email.yml:2 Tuesday 01 February 2022 18:02:07 +0000 (0:00:00.021) 0:00:00.065 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:02:08 +0000 (0:00:01.045) 0:00:01.111 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:02:08 +0000 (0:00:00.029) 0:00:01.140 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:02:48 +0000 (0:00:39.502) 0:00:40.642 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:02:53 +0000 (0:00:05.042) 0:00:45.685 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:02:53 +0000 (0:00:00.536) 0:00:46.222 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:02:54 +0000 (0:00:00.409) 0:00:46.632 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket systemd-journald.socket system.slice network.target sysinit.target basic.target dbus-broker.service syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:02:55 +0000 (0:00:00.966) 0:00:47.599 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "My Certificate with SAN", "dns": [ "sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com" ], "email": [ "sysadmin@example.com", "support@example.com" ], "ip": [ "192.0.2.12", "198.51.100.65", "2001:db8::2:1" ], "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_dns_ip_email.yml:24 Tuesday 01 February 2022 18:02:56 +0000 (0:00:00.891) 0:00:48.490 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_dns_ip_email.yml:54 Tuesday 01 February 2022 18:02:56 +0000 (0:00:00.743) 0:00:49.234 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'My Certificate with SAN'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'sub1.example.com'}, {'name': 'DNS', 'value': 'www.example.com'}, {'name': 'DNS', 'value': 'sub2.example.com'}, {'name': 'DNS', 'value': 'sub3.example.com'}, {'name': 'email', 'value': 'sysadmin@example.com'}, {'name': 'email', 'value': 'support@example.com'}, {'name': 'IP Address', 'value': '192.0.2.12'}, {'name': 'IP Address', 'value': '198.51.100.65'}, {'name': 'IP Address', 'value': '2001:db8::2:1'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:02:56 +0000 (0:00:00.031) 0:00:49.265 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:02:56 +0000 (0:00:00.014) 0:00:49.279 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:02:58 +0000 (0:00:01.964) 0:00:51.243 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:03:03 +0000 (0:00:04.574) 0:00:55.818 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 51.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 31.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 22.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 94.8 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:03:06 +0000 (0:00:02.770) 0:00:58.589 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738575.0203333, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "56f226cfae5bbe809191e00f8f9997ee368eb492", "ctime": 1643738575.016333, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738575.016333, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1484, "uid": 0, "version": "253738961", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:03:06 +0000 (0:00:00.507) 0:00:59.096 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:03:06 +0000 (0:00:00.019) 0:00:59.115 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:03:06 +0000 (0:00:00.033) 0:00:59.149 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:03:06 +0000 (0:00:00.032) 0:00:59.182 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738574.9743333, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bd7abe5ee0e255352d4521ef481ceb05fc753747", "ctime": 1643738575.016333, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738575.016333, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "1063160265", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.379) 0:00:59.561 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.021) 0:00:59.582 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.034) 0:00:59.617 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.202946", "end": "2022-02-01 18:03:07.019127", "rc": 0, "start": "2022-02-01 18:03:06.816181" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "4A:EA:7A:77:BC:BE:B7:94:B8:5F:9D:BF:71:04:29:A1:F0:FA:8B:C3", "critical": false }, "authorityKeyIdentifier": { "value": "DA:A6:12:C1:BD:8D:02:B6:F7:E0:FD:EC:A0:F8:28:17:FA:54:2F:2A", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "01:F7:BA:E1:89:2A:E9:24:6C:C0:7C:F0:71:1E:FD:91:C0:5A:26:C2:17:3F:F3:60:DC:3E:02:66:AF:58:EE:C2:AD:84:0C:86:2B:6D:06:F4:69:6D:E7:75:A6:A5:25:1F:B3:67:4A:E9:42:F2:D7:3B:8B:97:9C:BB:C2:EC:E1:80:31:23:A8:02:88:4E:2E:16:A0:E0:6B:2C:D3:77:3E:34:CB:D1:DE:92:3A:16:99:4A:29:96:45:FA:10:FC:AA:83:76:C2:7E:6E:86:57:B9:D4:07:0F:EE:52:97:2A:39:8E:F7:2C:53:97:7B:F6:3B:0C:8A:E3:77:BD:5A:1E:0A:8B:3C:B5:23:0F:1C:EF:3D:B7:44:52:B0:A6:E9:8E:59:C7:BB:00:26:6E:57:42:FC:A0:91:8B:20:37:14:69:8C:A2:8D:06:B2:A7:AB:BE:36:E9:DF:7C:79:88:5E:57:45:D0:D7:CA:9F:E4:77:48:CD:F7:02:3F:8E:4D:3C:9C:BD:AC:FE:9C:44:E8:12:39:16:5B:71:05:9F:69:AD:A0:40:2D:95:02:8A:32:C8:28:7B:5F:B8:31:91:92:D6:56:21:C3:64:81:D1:26:10:30:70:B3:25:E9:8C:D3:0E:31:52:52:7F:DF:15:51:D7:4E:C1:A7:7B:3D:99:8F:5E:30:3D:10" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:02:54", "not_valid_before": "2022-02-01 18:02:55" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.695) 0:01:00.313 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "DA:A6:12:C1:BD:8D:02:B6:F7:E0:FD:EC:A0:F8:28:17:FA:54:2F:2A" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "4A:EA:7A:77:BC:BE:B7:94:B8:5F:9D:BF:71:04:29:A1:F0:FA:8B:C3" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "01:F7:BA:E1:89:2A:E9:24:6C:C0:7C:F0:71:1E:FD:91:C0:5A:26:C2:17:3F:F3:60:DC:3E:02:66:AF:58:EE:C2:AD:84:0C:86:2B:6D:06:F4:69:6D:E7:75:A6:A5:25:1F:B3:67:4A:E9:42:F2:D7:3B:8B:97:9C:BB:C2:EC:E1:80:31:23:A8:02:88:4E:2E:16:A0:E0:6B:2C:D3:77:3E:34:CB:D1:DE:92:3A:16:99:4A:29:96:45:FA:10:FC:AA:83:76:C2:7E:6E:86:57:B9:D4:07:0F:EE:52:97:2A:39:8E:F7:2C:53:97:7B:F6:3B:0C:8A:E3:77:BD:5A:1E:0A:8B:3C:B5:23:0F:1C:EF:3D:B7:44:52:B0:A6:E9:8E:59:C7:BB:00:26:6E:57:42:FC:A0:91:8B:20:37:14:69:8C:A2:8D:06:B2:A7:AB:BE:36:E9:DF:7C:79:88:5E:57:45:D0:D7:CA:9F:E4:77:48:CD:F7:02:3F:8E:4D:3C:9C:BD:AC:FE:9C:44:E8:12:39:16:5B:71:05:9F:69:AD:A0:40:2D:95:02:8A:32:C8:28:7B:5F:B8:31:91:92:D6:56:21:C3:64:81:D1:26:10:30:70:B3:25:E9:8C:D3:0E:31:52:52:7F:DF:15:51:D7:4E:C1:A7:7B:3D:99:8F:5E:30:3D:10" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "validity": { "not_valid_after": "2023-02-01 18:02:54", "not_valid_before": "2022-02-01 18:02:55" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.032) 0:01:00.345 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.032) 0:01:00.378 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.020) 0:01:00.398 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.033) 0:01:00.431 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:03:07 +0000 (0:00:00.034) 0:01:00.466 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:03:08 +0000 (0:00:00.035) 0:01:00.501 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039632", "end": "2022-02-01 18:03:07.602164", "rc": 0, "start": "2022-02-01 18:03:07.562532" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:03:08 +0000 (0:00:00.392) 0:01:00.894 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:03:08 +0000 (0:00:00.037) 0:01:00.932 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 39.50s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 5.04s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install the package, force upgrade -------------------------------------- 4.57s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 2.77s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 1.96s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.05s /tmp/tmpd43sjho8/tests/certificate/tests_dns_ip_email.yml:2 ------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.97s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.89s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmpd43sjho8/tests/certificate/tests_dns_ip_email.yml:24 ------------------ Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.41s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.38s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Verify certificate Key Usage -------------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Verify key file owner and group ----------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate file owner and group --------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 - + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:03:21 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:03:21 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:03:21 +0000 (0:00:00.018) 0:00:00.047 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:2 Tuesday 01 February 2022 18:03:21 +0000 (0:00:00.021) 0:00:00.068 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:5 Tuesday 01 February 2022 18:03:22 +0000 (0:00:01.037) 0:00:01.106 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:9 Tuesday 01 February 2022 18:03:23 +0000 (0:00:00.773) 0:00:01.880 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:13 Tuesday 01 February 2022 18:03:24 +0000 (0:00:00.688) 0:00:02.568 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:03:25 +0000 (0:00:00.735) 0:00:03.303 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:03:25 +0000 (0:00:00.028) 0:00:03.332 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:04:33 +0000 (0:01:08.648) 0:01:11.980 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:04:38 +0000 (0:00:04.315) 0:01:16.296 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:04:38 +0000 (0:00:00.545) 0:01:16.842 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:04:39 +0000 (0:00:00.398) 0:01:17.240 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target sysinit.target basic.target dbus.socket network.target systemd-journald.socket system.slice dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:04:39 +0000 (0:00:00.962) 0:01:18.203 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/fedora-34.qcow2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:31 Tuesday 01 February 2022 18:04:41 +0000 (0:00:01.623) 0:01:19.826 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:60 Tuesday 01 February 2022 18:04:42 +0000 (0:00:00.710) 0:01:20.537 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'}) included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:04:42 +0000 (0:00:00.034) 0:01:20.572 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:04:42 +0000 (0:00:00.013) 0:01:20.585 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:04:44 +0000 (0:00:01.838) 0:01:22.424 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:04:48 +0000 (0:00:04.649) 0:01:27.073 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 49.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 93.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.8 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 106.1 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 41.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:04:51 +0000 (0:00:02.772) 0:01:29.846 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738680.7203324, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "66fdc523a4ff1238689b9a839f1c6441bbfb9df3", "ctime": 1643738680.8113322, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 137979, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643738680.7173324, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "4086469294", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:04:52 +0000 (0:00:00.501) 0:01:30.348 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:04:52 +0000 (0:00:00.020) 0:01:30.369 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:04:52 +0000 (0:00:00.034) 0:01:30.403 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:04:52 +0000 (0:00:00.032) 0:01:30.436 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738680.6733322, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "222a98d6a98d3950d3145a79f1992bb7214c51e8", "ctime": 1643738680.8113322, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 137978, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643738680.7173324, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "600867252", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:04:52 +0000 (0:00:00.374) 0:01:30.811 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:04:52 +0000 (0:00:00.019) 0:01:30.830 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:04:52 +0000 (0:00:00.033) 0:01:30.863 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.200362", "end": "2022-02-01 18:04:53.274403", "rc": 0, "start": "2022-02-01 18:04:53.074041" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "B1:1E:B3:E0:87:12:72:4C:28:F5:CF:F3:74:6E:38:67:23:2D:A0:1E", "critical": false }, "authorityKeyIdentifier": { "value": "45:71:B4:DA:12:61:AE:10:B9:7A:34:E2:90:5E:24:A0:53:0C:20:2E", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "D0:76:10:43:4D:A6:2D:66:69:35:C0:AC:72:2D:61:78:4A:44:07:01:B0:0A:0D:7C:6C:83:8F:07:35:5D:84:D6:F2:63:94:DE:0D:2F:CE:D6:4C:D8:53:11:69:C2:78:8E:47:B3:26:A4:FA:DC:D9:0B:78:CA:69:89:5B:76:11:2C:C9:86:E3:D1:F2:97:3C:66:19:75:74:9E:FF:18:52:54:39:A6:43:45:6C:1C:D8:62:A3:7B:AD:80:B1:94:AB:EF:8B:74:AC:5D:64:13:8F:B5:47:82:D7:CE:33:BF:6A:E7:81:B2:43:82:1D:AA:BB:5C:8F:54:A0:3A:36:7D:7B:0B:2B:DD:68:BB:AC:FE:E3:77:AF:32:C2:8F:68:EB:50:08:40:BE:CA:4E:72:60:BA:07:C9:44:FC:E0:B2:5C:62:E6:61:4D:4B:1A:66:B9:9D:56:CD:7A:C0:AA:01:34:5E:AD:D8:D9:53:BE:6E:E3:1A:43:22:14:72:96:00:48:A9:33:02:C4:F5:CD:79:95:FD:F7:33:35:E0:45:AF:A6:B9:D8:CC:A8:6F:AE:C7:AD:90:70:6D:94:72:21:DB:18:43:CF:0F:6F:A6:7A:8C:8F:13:85:CD:7F:04:8C:4B:D5:2F:D9:5B:3E:72:78:C4:6D:49:D6:C5:18:E5:8F:CE:5B:0D:60" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:04:39", "not_valid_before": "2022-02-01 18:04:40" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.678) 0:01:31.542 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "45:71:B4:DA:12:61:AE:10:B9:7A:34:E2:90:5E:24:A0:53:0C:20:2E" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "B1:1E:B3:E0:87:12:72:4C:28:F5:CF:F3:74:6E:38:67:23:2D:A0:1E" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "D0:76:10:43:4D:A6:2D:66:69:35:C0:AC:72:2D:61:78:4A:44:07:01:B0:0A:0D:7C:6C:83:8F:07:35:5D:84:D6:F2:63:94:DE:0D:2F:CE:D6:4C:D8:53:11:69:C2:78:8E:47:B3:26:A4:FA:DC:D9:0B:78:CA:69:89:5B:76:11:2C:C9:86:E3:D1:F2:97:3C:66:19:75:74:9E:FF:18:52:54:39:A6:43:45:6C:1C:D8:62:A3:7B:AD:80:B1:94:AB:EF:8B:74:AC:5D:64:13:8F:B5:47:82:D7:CE:33:BF:6A:E7:81:B2:43:82:1D:AA:BB:5C:8F:54:A0:3A:36:7D:7B:0B:2B:DD:68:BB:AC:FE:E3:77:AF:32:C2:8F:68:EB:50:08:40:BE:CA:4E:72:60:BA:07:C9:44:FC:E0:B2:5C:62:E6:61:4D:4B:1A:66:B9:9D:56:CD:7A:C0:AA:01:34:5E:AD:D8:D9:53:BE:6E:E3:1A:43:22:14:72:96:00:48:A9:33:02:C4:F5:CD:79:95:FD:F7:33:35:E0:45:AF:A6:B9:D8:CC:A8:6F:AE:C7:AD:90:70:6D:94:72:21:DB:18:43:CF:0F:6F:A6:7A:8C:8F:13:85:CD:7F:04:8C:4B:D5:2F:D9:5B:3E:72:78:C4:6D:49:D6:C5:18:E5:8F:CE:5B:0D:60" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:04:39", "not_valid_before": "2022-02-01 18:04:40" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.030) 0:01:31.572 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.034) 0:01:31.607 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.018) 0:01:31.626 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.029) 0:01:31.655 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.029) 0:01:31.685 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.029) 0:01:31.715 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040029", "end": "2022-02-01 18:04:53.826885", "rc": 0, "start": "2022-02-01 18:04:53.786856" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.376) 0:01:32.091 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.032) 0:01:32.124 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:04:53 +0000 (0:00:00.014) 0:01:32.138 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:04:55 +0000 (0:00:01.867) 0:01:34.005 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:04:56 +0000 (0:00:01.036) 0:01:35.042 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:04:57 +0000 (0:00:00.916) 0:01:35.958 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738681.4323323, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "72051126547fb3ecd10b82f73766da536e6b4c07", "ctime": 1643738681.5333323, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 137981, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643738681.4283323, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "2065706204", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:04:58 +0000 (0:00:00.384) 0:01:36.342 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:04:58 +0000 (0:00:00.021) 0:01:36.363 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:04:58 +0000 (0:00:00.036) 0:01:36.400 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:04:58 +0000 (0:00:00.045) 0:01:36.445 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738681.3843322, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "26011a4292f2b08d181e6a2d9b540025a140f607", "ctime": 1643738681.5333323, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 137980, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1643738681.4283323, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "3893670409", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:04:58 +0000 (0:00:00.374) 0:01:36.820 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:04:58 +0000 (0:00:00.020) 0:01:36.841 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:04:58 +0000 (0:00:00.033) 0:01:36.874 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.196433", "end": "2022-02-01 18:04:59.168754", "rc": 0, "start": "2022-02-01 18:04:58.972321" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "F3:D2:EF:98:C6:13:95:F8:6A:C8:95:8E:9C:4F:EA:EB:47:31:21:1B", "critical": false }, "authorityKeyIdentifier": { "value": "45:71:B4:DA:12:61:AE:10:B9:7A:34:E2:90:5E:24:A0:53:0C:20:2E", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1D:F3:3B:45:41:63:46:8C:EE:03:9B:68:B9:73:B1:38:B2:20:DE:7F:5C:D6:A8:0F:3C:CF:B6:97:89:81:86:4E:DA:4B:86:8B:24:26:B9:F3:B6:BE:39:78:36:E5:82:4E:FF:4F:56:3F:65:CA:6B:F6:A8:14:44:09:24:E0:58:3E:BF:44:61:10:95:6B:0D:2D:9D:CC:7D:F2:CB:B6:13:2F:4E:72:52:79:52:DA:68:5C:E6:0E:A2:E7:7E:58:4F:7C:CB:C2:02:1B:8C:04:E7:1E:9D:99:41:08:D8:B0:DB:6C:4A:AE:DF:7B:12:92:30:75:77:CF:6C:34:11:E2:14:DC:20:09:22:6B:1B:22:DF:00:40:60:A0:E4:C8:36:2D:81:74:1D:9B:56:A2:9B:D1:8C:B3:D8:1C:90:FD:31:44:33:A1:7D:A2:A0:1B:69:54:E0:67:51:2C:96:BA:93:B2:08:B1:64:20:B7:5B:38:23:C6:DB:E2:89:81:5E:B9:F9:41:5E:44:C4:FA:9A:BD:AC:EA:60:70:89:99:BB:6B:00:9D:4B:5C:B5:73:4C:76:59:32:77:A9:7A:57:B3:F1:23:46:83:E2:EC:7A:32:94:46:B0:C1:14:F6:0E:47:F0:6C:DA:F9:6D:E7:8B:A0:AC:8A:AF:DB:EA:07:0E:D4:D4:0D:22" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:04:39", "not_valid_before": "2022-02-01 18:04:41" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.563) 0:01:37.437 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "45:71:B4:DA:12:61:AE:10:B9:7A:34:E2:90:5E:24:A0:53:0C:20:2E" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "F3:D2:EF:98:C6:13:95:F8:6A:C8:95:8E:9C:4F:EA:EB:47:31:21:1B" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "1D:F3:3B:45:41:63:46:8C:EE:03:9B:68:B9:73:B1:38:B2:20:DE:7F:5C:D6:A8:0F:3C:CF:B6:97:89:81:86:4E:DA:4B:86:8B:24:26:B9:F3:B6:BE:39:78:36:E5:82:4E:FF:4F:56:3F:65:CA:6B:F6:A8:14:44:09:24:E0:58:3E:BF:44:61:10:95:6B:0D:2D:9D:CC:7D:F2:CB:B6:13:2F:4E:72:52:79:52:DA:68:5C:E6:0E:A2:E7:7E:58:4F:7C:CB:C2:02:1B:8C:04:E7:1E:9D:99:41:08:D8:B0:DB:6C:4A:AE:DF:7B:12:92:30:75:77:CF:6C:34:11:E2:14:DC:20:09:22:6B:1B:22:DF:00:40:60:A0:E4:C8:36:2D:81:74:1D:9B:56:A2:9B:D1:8C:B3:D8:1C:90:FD:31:44:33:A1:7D:A2:A0:1B:69:54:E0:67:51:2C:96:BA:93:B2:08:B1:64:20:B7:5B:38:23:C6:DB:E2:89:81:5E:B9:F9:41:5E:44:C4:FA:9A:BD:AC:EA:60:70:89:99:BB:6B:00:9D:4B:5C:B5:73:4C:76:59:32:77:A9:7A:57:B3:F1:23:46:83:E2:EC:7A:32:94:46:B0:C1:14:F6:0E:47:F0:6C:DA:F9:6D:E7:8B:A0:AC:8A:AF:DB:EA:07:0E:D4:D4:0D:22" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:04:39", "not_valid_before": "2022-02-01 18:04:41" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.032) 0:01:37.469 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.031) 0:01:37.501 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.019) 0:01:37.521 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.033) 0:01:37.554 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.033) 0:01:37.588 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.033) 0:01:37.621 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039585", "end": "2022-02-01 18:04:59.768928", "rc": 0, "start": "2022-02-01 18:04:59.729343" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.415) 0:01:38.037 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=55 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:04:59 +0000 (0:00:00.039) 0:01:38.077 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 68.65s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.65s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 4.32s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install certreader ------------------------------------------------------ 2.77s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 1.87s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 1.84s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.62s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:2 ----------------------- Install the package, force upgrade -------------------------------------- 1.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.96s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Install certreader ------------------------------------------------------ 0.92s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure user exists ------------------------------------------------------ 0.77s /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:5 ----------------------- Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:13 ---------------------- Gathering Facts --------------------------------------------------------- 0.71s /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:31 ---------------------- Ensure group "somegroup" exists ----------------------------------------- 0.69s /tmp/tmpd43sjho8/tests/certificate/tests_fs_attrs.yml:9 ----------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.56s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.50s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_include_vars_from_parent.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:05:13 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:05:13 +0000 (0:00:00.017) 0:00:00.029 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:05:13 +0000 (0:00:00.017) 0:00:00.047 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmpd43sjho8/tests/certificate/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_include_vars_from_parent.yml:1 Tuesday 01 February 2022 18:05:13 +0000 (0:00:00.010) 0:00:00.057 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmpd43sjho8/tests/certificate/tests_include_vars_from_parent.yml:3 Tuesday 01 February 2022 18:05:14 +0000 (0:00:01.099) 0:00:01.157 ****** changed: [/cache/fedora-34.qcow2 -> localhost] => (item=Fedora-34) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpd43sjho8/tests/certificate/roles/caller/vars/Fedora-34.yml", "gid": 0, "group": "root", "item": "Fedora-34", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1643738714.8107135-33677-90818858051774/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2 -> localhost] => (item=Fedora_34) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpd43sjho8/tests/certificate/roles/caller/vars/Fedora_34.yml", "gid": 0, "group": "root", "item": "Fedora_34", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1643738715.3997533-33677-218870611491401/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2 -> localhost] => (item=Fedora) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpd43sjho8/tests/certificate/roles/caller/vars/Fedora.yml", "gid": 0, "group": "root", "item": "Fedora", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1643738715.7678652-33677-136351644628720/source", "state": "file", "uid": 0 } changed: [/cache/fedora-34.qcow2 -> localhost] => (item=RedHat) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpd43sjho8/tests/certificate/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1643738716.1205385-33677-243514593233727/source", "state": "file", "uid": 0 } TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/roles/caller/tasks/main.yml:4 Tuesday 01 February 2022 18:05:16 +0000 (0:00:01.689) 0:00:02.846 ****** TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:05:16 +0000 (0:00:00.033) 0:00:02.879 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:05:16 +0000 (0:00:00.026) 0:00:02.906 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:06:35 +0000 (0:01:19.294) 0:01:22.201 ****** TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:06:35 +0000 (0:00:00.021) 0:01:22.222 ****** TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:06:35 +0000 (0:00:00.015) 0:01:22.238 ****** TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:06:35 +0000 (0:00:00.017) 0:01:22.255 ****** TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:06:35 +0000 (0:00:00.017) 0:01:22.273 ****** META: role_complete for /cache/fedora-34.qcow2 TASK [caller : assert] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/roles/caller/tasks/main.yml:7 Tuesday 01 February 2022 18:06:35 +0000 (0:00:00.017) 0:01:22.290 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=6 changed=2 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Tuesday 01 February 2022 18:06:35 +0000 (0:00:00.026) 0:01:22.317 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 79.29s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 create var file in caller that can override the one in called role ------ 1.69s /tmp/tmpd43sjho8/tests/certificate/tests_include_vars_from_parent.yml:3 ------- Gathering Facts --------------------------------------------------------- 1.10s /tmp/tmpd43sjho8/tests/certificate/tests_include_vars_from_parent.yml:1 ------- include_role : {{ roletoinclude }} -------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/roles/caller/tasks/main.yml:4 -------------- fedora.linux_system_roles.certificate : Set version specific variables --- 0.03s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 caller : assert --------------------------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/roles/caller/tasks/main.yml:7 -------------- fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.02s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.02s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.02s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.02s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_key_size.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:06:49 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:06:49 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:06:49 +0000 (0:00:00.017) 0:00:00.046 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_key_size.yml:2 Tuesday 01 February 2022 18:06:49 +0000 (0:00:00.019) 0:00:00.065 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:06:50 +0000 (0:00:01.044) 0:00:01.110 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:06:50 +0000 (0:00:00.028) 0:00:01.139 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:07:39 +0000 (0:00:48.475) 0:00:49.615 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:07:45 +0000 (0:00:06.680) 0:00:56.296 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:07:46 +0000 (0:00:00.562) 0:00:56.858 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:07:46 +0000 (0:00:00.394) 0:00:57.253 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target basic.target systemd-journald.socket system.slice network.target syslog.target dbus-broker.service dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:07:47 +0000 (0:00:00.968) 0:00:58.221 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_key_size.yml:14 Tuesday 01 February 2022 18:07:49 +0000 (0:00:01.891) 0:01:00.112 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_key_size.yml:29 Tuesday 01 February 2022 18:07:50 +0000 (0:00:00.746) 0:01:00.859 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_size': 4096}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:07:50 +0000 (0:00:00.030) 0:01:00.890 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:07:50 +0000 (0:00:00.016) 0:01:00.906 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:07:52 +0000 (0:00:02.113) 0:01:03.019 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:07:57 +0000 (0:00:04.678) 0:01:07.697 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 51.8 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 86.9 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 25.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 101.9 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 39.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:07:59 +0000 (0:00:02.724) 0:01:10.422 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738868.76344, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9546fe98927a1159be9e6c3cc8bf68f80381abb0", "ctime": 1643738868.7604399, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738868.7604399, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1639, "uid": 0, "version": "1919080504", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:08:00 +0000 (0:00:00.511) 0:01:10.933 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:08:00 +0000 (0:00:00.022) 0:01:10.955 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:08:00 +0000 (0:00:00.039) 0:01:10.995 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:08:00 +0000 (0:00:00.035) 0:01:11.030 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738868.70644, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "992dbe94e7e05ef395020a8760789e310c6b6e2b", "ctime": 1643738868.7604399, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738868.7604399, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "2922823222", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:08:00 +0000 (0:00:00.366) 0:01:11.397 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:08:00 +0000 (0:00:00.020) 0:01:11.417 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:08:00 +0000 (0:00:00.035) 0:01:11.453 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.195310", "end": "2022-02-01 18:08:00.877239", "rc": 0, "start": "2022-02-01 18:08:00.681929" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "DE:11:A5:A8:BE:C9:51:E4:3E:C3:77:51:86:56:CC:0B:AD:28:06:44", "critical": false }, "authorityKeyIdentifier": { "value": "1E:8B:DF:1A:2D:E7:F5:AC:8A:67:E1:22:04:FF:E1:99:D1:F2:93:F6", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "05:C3:51:53:EE:60:12:EF:11:24:EF:93:E7:EE:67:7A:3C:67:60:54:29:FD:12:D6:D6:6A:4A:57:C6:26:77:D9:C6:42:CA:A7:03:99:BE:F4:D0:00:D7:98:F6:E4:B2:66:42:13:61:89:60:F9:92:82:55:10:B3:85:5B:DE:AA:86:71:83:81:36:7D:F4:A4:B6:D5:27:1F:F4:0D:AA:89:06:8B:AA:FE:DE:77:08:F9:F9:1F:2C:28:10:65:B6:3D:37:37:88:11:CA:0A:CE:F5:A6:81:7A:F7:B5:0A:F4:15:D8:74:A8:DD:53:F3:44:12:E6:1C:05:1B:A0:98:DB:69:FA:74:FC:B0:B5:D1:C2:A4:5B:35:2B:C4:C5:CB:05:A8:52:09:F6:D0:CF:A3:82:D4:75:72:34:E9:8B:F4:F4:34:4D:4D:BD:5B:40:0A:86:8B:15:CA:CC:2A:B6:5D:20:8E:65:03:4D:A0:AB:AC:FA:27:1E:28:DB:3D:CA:59:CD:5B:8B:20:5D:83:2D:8E:38:C5:35:62:56:E9:D4:BA:54:4B:C9:EE:46:E7:6F:94:B4:CD:77:BA:7B:3A:D7:77:53:A8:F2:03:34:84:A4:F8:83:D0:80:A5:E0:86:34:05:99:4C:AB:3C:EE:47:85:93:E0:16:65:79:A6:0B:F1:6B:96:6F:AD" }, "key_size": 4096, "validity": { "not_valid_after": "2023-02-01 18:07:47", "not_valid_before": "2022-02-01 18:07:48" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:08:01 +0000 (0:00:00.686) 0:01:12.140 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "1E:8B:DF:1A:2D:E7:F5:AC:8A:67:E1:22:04:FF:E1:99:D1:F2:93:F6" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "DE:11:A5:A8:BE:C9:51:E4:3E:C3:77:51:86:56:CC:0B:AD:28:06:44" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "05:C3:51:53:EE:60:12:EF:11:24:EF:93:E7:EE:67:7A:3C:67:60:54:29:FD:12:D6:D6:6A:4A:57:C6:26:77:D9:C6:42:CA:A7:03:99:BE:F4:D0:00:D7:98:F6:E4:B2:66:42:13:61:89:60:F9:92:82:55:10:B3:85:5B:DE:AA:86:71:83:81:36:7D:F4:A4:B6:D5:27:1F:F4:0D:AA:89:06:8B:AA:FE:DE:77:08:F9:F9:1F:2C:28:10:65:B6:3D:37:37:88:11:CA:0A:CE:F5:A6:81:7A:F7:B5:0A:F4:15:D8:74:A8:DD:53:F3:44:12:E6:1C:05:1B:A0:98:DB:69:FA:74:FC:B0:B5:D1:C2:A4:5B:35:2B:C4:C5:CB:05:A8:52:09:F6:D0:CF:A3:82:D4:75:72:34:E9:8B:F4:F4:34:4D:4D:BD:5B:40:0A:86:8B:15:CA:CC:2A:B6:5D:20:8E:65:03:4D:A0:AB:AC:FA:27:1E:28:DB:3D:CA:59:CD:5B:8B:20:5D:83:2D:8E:38:C5:35:62:56:E9:D4:BA:54:4B:C9:EE:46:E7:6F:94:B4:CD:77:BA:7B:3A:D7:77:53:A8:F2:03:34:84:A4:F8:83:D0:80:A5:E0:86:34:05:99:4C:AB:3C:EE:47:85:93:E0:16:65:79:A6:0B:F1:6B:96:6F:AD" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:07:47", "not_valid_before": "2022-02-01 18:07:48" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:08:01 +0000 (0:00:00.033) 0:01:12.174 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:08:01 +0000 (0:00:00.035) 0:01:12.209 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:08:01 +0000 (0:00:00.021) 0:01:12.231 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:08:01 +0000 (0:00:00.033) 0:01:12.265 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:08:01 +0000 (0:00:00.034) 0:01:12.300 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:08:01 +0000 (0:00:00.036) 0:01:12.336 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039792", "end": "2022-02-01 18:08:01.474789", "rc": 0, "start": "2022-02-01 18:08:01.434997" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:08:02 +0000 (0:00:00.400) 0:01:12.737 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:08:02 +0000 (0:00:00.038) 0:01:12.775 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 48.48s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 6.68s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install the package, force upgrade -------------------------------------- 4.68s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 2.72s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.11s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.89s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpd43sjho8/tests/certificate/tests_key_size.yml:2 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.97s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpd43sjho8/tests/certificate/tests_key_size.yml:14 ---------------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 - + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_key_usage_and_extended_key_usage.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:08:16 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:08:16 +0000 (0:00:00.015) 0:00:00.026 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:08:16 +0000 (0:00:00.015) 0:00:00.041 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_key_usage_and_extended_key_usage.yml:2 Tuesday 01 February 2022 18:08:16 +0000 (0:00:00.019) 0:00:00.061 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:08:17 +0000 (0:00:01.030) 0:00:01.091 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:08:17 +0000 (0:00:00.026) 0:00:01.118 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:08:59 +0000 (0:00:42.161) 0:00:43.279 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:09:03 +0000 (0:00:03.624) 0:00:46.904 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:09:03 +0000 (0:00:00.535) 0:00:47.440 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:09:04 +0000 (0:00:00.393) 0:00:47.833 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus.socket sysinit.target basic.target system.slice dbus-broker.service systemd-journald.socket syslog.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:09:05 +0000 (0:00:01.009) 0:00:48.843 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "extended_key_usage": [ "id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5" ], "key_usage": [ "digitalSignature", "nonRepudiation", "keyEncipherment" ], "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_key_usage_and_extended_key_usage.yml:22 Tuesday 01 February 2022 18:09:06 +0000 (0:00:01.058) 0:00:49.901 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_key_usage_and_extended_key_usage.yml:49 Tuesday 01 February 2022 18:09:06 +0000 (0:00:00.734) 0:00:50.636 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_usage': ['digital_signature', 'content_commitment', 'key_encipherment'], 'extended_key_usage': [{'name': 'id-kp-clientAuth', 'oid': '1.3.6.1.5.5.7.3.2'}, {'name': 'id-kp-serverAuth', 'oid': '1.3.6.1.5.5.7.3.1'}, {'name': 'id-kp-ipsecTunnel', 'oid': '1.3.6.1.5.5.7.3.6'}, {'name': None, 'oid': '1.3.6.1.5.2.3.5'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:09:06 +0000 (0:00:00.033) 0:00:50.669 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:09:06 +0000 (0:00:00.016) 0:00:50.686 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:09:08 +0000 (0:00:01.892) 0:00:52.579 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:09:13 +0000 (0:00:04.572) 0:00:57.151 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 48.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 86.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 109.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 42.0 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:09:16 +0000 (0:00:02.675) 0:00:59.827 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738945.9896905, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e78c1184e38e32b45d5d934fc98c7f4c75ff4e85", "ctime": 1643738945.9876904, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738945.9876904, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1318, "uid": 0, "version": "3761967390", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:09:16 +0000 (0:00:00.563) 0:01:00.391 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:09:16 +0000 (0:00:00.021) 0:01:00.413 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:09:16 +0000 (0:00:00.036) 0:01:00.449 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:09:16 +0000 (0:00:00.033) 0:01:00.482 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643738945.9446905, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d1aa8f6f5afa0e84613ffbda928f7ee2fb1d58c2", "ctime": 1643738945.9866905, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643738945.9866905, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "767946223", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.371) 0:01:00.853 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.023) 0:01:00.877 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.034) 0:01:00.912 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.198460", "end": "2022-02-01 18:09:17.819685", "rc": 0, "start": "2022-02-01 18:09:17.621225" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "91:E4:2D:34:51:B6:F3:9A:3C:7D:73:BD:87:03:C4:DA:04:C7:63:DF", "critical": false }, "authorityKeyIdentifier": { "value": "B3:4F:42:F6:24:C5:2F:26:23:C8:31:71:F4:B5:52:0D:99:32:EB:1C", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "0A:2B:25:D5:3F:FB:58:65:9D:74:0D:AE:4F:F5:9F:CD:93:D9:15:6E:F7:94:E3:39:0A:D1:B9:7C:88:EE:23:42:E3:BE:DD:80:5C:E1:D4:D4:F1:06:20:5C:28:B0:1E:0F:68:8F:54:5E:24:A9:97:D7:8A:8E:30:03:89:66:2C:42:EA:41:E6:41:83:0A:1A:E5:78:01:CF:7F:99:06:88:3B:66:11:D1:FD:3A:10:FB:74:55:7C:F4:84:A2:C9:21:93:1C:BC:13:9A:77:05:86:F1:CF:39:89:64:46:69:09:48:A7:6E:DE:63:17:D6:47:8F:5D:67:96:11:CB:A7:DF:0A:15:9C:EF:4F:49:0C:4A:70:79:0C:32:E6:C2:38:3D:8E:45:BC:92:1E:7F:46:04:AE:9C:3A:19:3D:7D:99:0B:FC:D0:5F:EA:B2:17:4D:A7:22:5E:50:4E:8C:A2:3C:FF:0C:D1:25:4E:C5:C5:9B:4B:09:03:11:AA:63:23:16:40:38:D1:E7:53:10:66:E4:10:92:8E:78:71:68:57:69:51:5D:40:C4:2F:65:C5:92:4F:ED:FA:29:9B:C0:02:34:A5:26:76:05:9E:7D:0D:F6:91:FE:7A:71:32:1D:66:DB:5C:0D:57:E4:25:3D:0C:4A:54:88:97:16:25:64:16:3B:B8:3D" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:09:05", "not_valid_before": "2022-02-01 18:09:05" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.684) 0:01:01.596 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "B3:4F:42:F6:24:C5:2F:26:23:C8:31:71:F4:B5:52:0D:99:32:EB:1C" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "content_commitment", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "91:E4:2D:34:51:B6:F3:9A:3C:7D:73:BD:87:03:C4:DA:04:C7:63:DF" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "0A:2B:25:D5:3F:FB:58:65:9D:74:0D:AE:4F:F5:9F:CD:93:D9:15:6E:F7:94:E3:39:0A:D1:B9:7C:88:EE:23:42:E3:BE:DD:80:5C:E1:D4:D4:F1:06:20:5C:28:B0:1E:0F:68:8F:54:5E:24:A9:97:D7:8A:8E:30:03:89:66:2C:42:EA:41:E6:41:83:0A:1A:E5:78:01:CF:7F:99:06:88:3B:66:11:D1:FD:3A:10:FB:74:55:7C:F4:84:A2:C9:21:93:1C:BC:13:9A:77:05:86:F1:CF:39:89:64:46:69:09:48:A7:6E:DE:63:17:D6:47:8F:5D:67:96:11:CB:A7:DF:0A:15:9C:EF:4F:49:0C:4A:70:79:0C:32:E6:C2:38:3D:8E:45:BC:92:1E:7F:46:04:AE:9C:3A:19:3D:7D:99:0B:FC:D0:5F:EA:B2:17:4D:A7:22:5E:50:4E:8C:A2:3C:FF:0C:D1:25:4E:C5:C5:9B:4B:09:03:11:AA:63:23:16:40:38:D1:E7:53:10:66:E4:10:92:8E:78:71:68:57:69:51:5D:40:C4:2F:65:C5:92:4F:ED:FA:29:9B:C0:02:34:A5:26:76:05:9E:7D:0D:F6:91:FE:7A:71:32:1D:66:DB:5C:0D:57:E4:25:3D:0C:4A:54:88:97:16:25:64:16:3B:B8:3D" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:09:05", "not_valid_before": "2022-02-01 18:09:05" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.033) 0:01:01.629 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.035) 0:01:01.665 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.021) 0:01:01.686 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.033) 0:01:01.720 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.033) 0:01:01.754 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:09:17 +0000 (0:00:00.031) 0:01:01.785 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037004", "end": "2022-02-01 18:09:18.405233", "rc": 0, "start": "2022-02-01 18:09:18.368229" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:09:18 +0000 (0:00:00.393) 0:01:02.179 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:09:18 +0000 (0:00:00.038) 0:01:02.218 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 42.16s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.57s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.62s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install certreader ------------------------------------------------------ 2.68s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 1.89s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.06s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmpd43sjho8/tests/certificate/tests_key_usage_and_extended_key_usage.yml:2 fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.01s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpd43sjho8/tests/certificate/tests_key_usage_and_extended_key_usage.yml:22 Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Retrieve certificate file stats ----------------------------------------- 0.56s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve key file stats ------------------------------------------------- 0.37s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate file owner and group --------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 - Verify key file owner and group ----------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify key size --------------------------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 - + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_many_self_signed.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:09:32 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:09:32 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:09:32 +0000 (0:00:00.017) 0:00:00.045 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_many_self_signed.yml:2 Tuesday 01 February 2022 18:09:32 +0000 (0:00:00.020) 0:00:00.066 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:09:33 +0000 (0:00:01.036) 0:00:01.102 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:09:33 +0000 (0:00:00.028) 0:00:01.131 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:10:14 +0000 (0:00:40.464) 0:00:41.596 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:10:17 +0000 (0:00:03.945) 0:00:45.542 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:10:18 +0000 (0:00:00.540) 0:00:46.082 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:10:18 +0000 (0:00:00.390) 0:00:46.473 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice network.target systemd-journald.socket sysinit.target dbus-broker.service dbus.socket syslog.target basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:10:19 +0000 (0:00:00.975) 0:00:47.449 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_many_self_signed.yml:18 Tuesday 01 February 2022 18:10:22 +0000 (0:00:02.642) 0:00:50.092 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_many_self_signed.yml:50 Tuesday 01 February 2022 18:10:23 +0000 (0:00:00.737) 0:00:50.829 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/other-cert.crt', 'key_path': '/etc/pki/tls/private/other-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.org'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.org'}]}) included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/another-cert.crt', 'key_path': '/etc/pki/tls/private/another-cert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.net'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.net'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:10:23 +0000 (0:00:00.044) 0:00:50.874 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:10:23 +0000 (0:00:00.014) 0:00:50.888 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:10:25 +0000 (0:00:02.078) 0:00:52.966 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:10:30 +0000 (0:00:04.692) 0:00:57.659 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 52.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 94.1 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 38.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 110.1 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 42.6 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:10:32 +0000 (0:00:02.614) 0:01:00.273 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739020.521335, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "cc24af3cc2b09037fdb8fda44730fefb97e199d0", "ctime": 1643739020.5183349, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739020.5183349, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3330845310", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:10:33 +0000 (0:00:00.488) 0:01:00.761 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:10:33 +0000 (0:00:00.020) 0:01:00.781 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:10:33 +0000 (0:00:00.033) 0:01:00.816 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:10:33 +0000 (0:00:00.031) 0:01:00.847 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739020.4743347, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "baf16b41d1e1eb0222c9db3aa687583455f1dbda", "ctime": 1643739020.5183349, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739020.5183349, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "150448833", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:10:33 +0000 (0:00:00.353) 0:01:01.200 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:10:33 +0000 (0:00:00.019) 0:01:01.220 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:10:33 +0000 (0:00:00.034) 0:01:01.254 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.189028", "end": "2022-02-01 18:10:34.165030", "rc": 0, "start": "2022-02-01 18:10:33.976002" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "B6:AD:73:21:40:F1:31:12:69:AF:76:AF:1E:7E:86:F5:D2:8E:F7:57", "critical": false }, "authorityKeyIdentifier": { "value": "7B:5A:05:7F:20:9E:92:52:13:4A:DA:D1:C7:4A:4A:84:C2:B0:C2:25", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "B3:A9:4B:B3:4A:86:D1:9E:F5:1D:52:F6:1C:21:2D:14:EE:74:28:41:2C:30:B7:5D:EE:15:50:A9:63:92:ED:FE:11:8D:2E:83:BA:7B:74:2D:D9:AC:C3:49:9A:3D:D8:40:EB:75:9A:F3:5D:23:BE:E1:08:FF:CE:04:23:49:C7:50:8C:C1:D2:12:39:55:C9:8D:75:FB:E3:6D:97:09:A0:DB:64:77:25:9E:B1:43:BA:73:24:FC:B1:F5:B9:A2:0A:2B:C6:41:2D:6C:EB:C8:7B:93:87:E5:31:A9:EF:9A:76:05:48:EF:69:40:C7:25:31:71:01:A5:0C:53:4B:9D:B3:92:61:5D:5F:97:EF:F5:3C:53:D0:2D:E4:40:E0:55:AE:C0:3C:29:77:F2:42:CF:EA:DA:0E:3B:9C:69:CB:A0:6E:5A:09:22:30:3A:F7:07:0D:03:0F:4C:98:65:11:1D:0A:4E:D7:2D:82:92:1F:BB:CB:51:18:49:25:53:34:7B:A1:71:A2:83:1C:E6:73:66:06:9E:BB:B6:01:1A:06:ED:BA:57:3C:A9:5E:E8:17:13:B3:1D:20:CC:F3:95:AB:6C:6B:23:23:8B:D1:1B:B5:CA:FB:5C:DD:B7:77:82:C0:77:68:85:74:0B:68:28:DA:42:7F:A8:5A:80:5C:05:3E:57:23:03" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:10:19", "not_valid_before": "2022-02-01 18:10:20" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.661) 0:01:01.916 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "7B:5A:05:7F:20:9E:92:52:13:4A:DA:D1:C7:4A:4A:84:C2:B0:C2:25" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "B6:AD:73:21:40:F1:31:12:69:AF:76:AF:1E:7E:86:F5:D2:8E:F7:57" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "B3:A9:4B:B3:4A:86:D1:9E:F5:1D:52:F6:1C:21:2D:14:EE:74:28:41:2C:30:B7:5D:EE:15:50:A9:63:92:ED:FE:11:8D:2E:83:BA:7B:74:2D:D9:AC:C3:49:9A:3D:D8:40:EB:75:9A:F3:5D:23:BE:E1:08:FF:CE:04:23:49:C7:50:8C:C1:D2:12:39:55:C9:8D:75:FB:E3:6D:97:09:A0:DB:64:77:25:9E:B1:43:BA:73:24:FC:B1:F5:B9:A2:0A:2B:C6:41:2D:6C:EB:C8:7B:93:87:E5:31:A9:EF:9A:76:05:48:EF:69:40:C7:25:31:71:01:A5:0C:53:4B:9D:B3:92:61:5D:5F:97:EF:F5:3C:53:D0:2D:E4:40:E0:55:AE:C0:3C:29:77:F2:42:CF:EA:DA:0E:3B:9C:69:CB:A0:6E:5A:09:22:30:3A:F7:07:0D:03:0F:4C:98:65:11:1D:0A:4E:D7:2D:82:92:1F:BB:CB:51:18:49:25:53:34:7B:A1:71:A2:83:1C:E6:73:66:06:9E:BB:B6:01:1A:06:ED:BA:57:3C:A9:5E:E8:17:13:B3:1D:20:CC:F3:95:AB:6C:6B:23:23:8B:D1:1B:B5:CA:FB:5C:DD:B7:77:82:C0:77:68:85:74:0B:68:28:DA:42:7F:A8:5A:80:5C:05:3E:57:23:03" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:10:19", "not_valid_before": "2022-02-01 18:10:20" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.030) 0:01:01.947 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.031) 0:01:01.978 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.019) 0:01:01.997 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.031) 0:01:02.029 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.031) 0:01:02.061 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.032) 0:01:02.093 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041578", "end": "2022-02-01 18:10:34.727636", "rc": 0, "start": "2022-02-01 18:10:34.686058" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.381) 0:01:02.475 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.033) 0:01:02.508 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:10:34 +0000 (0:00:00.014) 0:01:02.522 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:10:36 +0000 (0:00:01.960) 0:01:04.483 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:10:37 +0000 (0:00:01.007) 0:01:05.491 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:10:38 +0000 (0:00:00.904) 0:01:06.395 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739021.1553347, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bfee3cbbf3949b061b5de0d68697540ac6374610", "ctime": 1643739021.1523347, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137977, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739021.1523347, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3903804648", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:10:39 +0000 (0:00:00.362) 0:01:06.758 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:10:39 +0000 (0:00:00.021) 0:01:06.779 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:10:39 +0000 (0:00:00.034) 0:01:06.814 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:10:39 +0000 (0:00:00.032) 0:01:06.847 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739021.0913348, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3a45c42251b03db7e45397eb466af348cba70ec4", "ctime": 1643739021.1523347, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137976, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739021.1523347, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "54662300", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:10:39 +0000 (0:00:00.352) 0:01:07.200 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:10:39 +0000 (0:00:00.019) 0:01:07.219 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:10:39 +0000 (0:00:00.035) 0:01:07.255 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.202245", "end": "2022-02-01 18:10:40.054020", "rc": 0, "start": "2022-02-01 18:10:39.851775" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "87:4A:3A:85:C4:FC:5B:9D:53:13:AC:98:86:5C:B5:06:DB:0F:6E:9B", "critical": false }, "authorityKeyIdentifier": { "value": "7B:5A:05:7F:20:9E:92:52:13:4A:DA:D1:C7:4A:4A:84:C2:B0:C2:25", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "39:28:C4:2F:32:B7:A0:8F:DB:DC:6C:F3:54:01:BB:9B:0F:96:22:1D:D6:2A:F9:D7:C2:3C:46:C3:1E:C5:90:0E:54:88:E9:62:4B:E0:5A:78:11:2E:E1:D9:69:24:CD:EF:2A:91:53:CD:A1:B7:09:41:E5:8E:8F:28:39:7C:6B:48:3D:CA:CE:C1:35:C4:AB:11:51:7A:07:83:09:C2:24:EA:23:F7:5A:0F:3D:41:35:EF:E2:91:D5:69:ED:F9:0D:55:9F:B9:4E:FF:17:03:7A:04:C1:89:D9:CF:3E:9A:43:B4:1D:AF:75:98:91:74:63:D0:90:06:BB:BB:C1:90:D0:3F:AC:FC:66:89:29:7A:56:6A:70:EC:C0:83:3C:F8:3E:E5:3A:F9:CF:11:1D:7B:C5:BE:1C:98:6D:C8:87:3F:D1:09:3C:B0:10:66:E9:D1:7D:4A:43:82:44:97:FA:81:00:A3:21:71:F7:99:2F:7A:0E:44:DA:6F:8C:F6:57:88:D1:EC:8C:FE:E0:12:25:03:E4:20:48:E6:A7:79:E3:DB:D6:47:E2:34:65:FE:C7:DC:1D:28:34:E6:80:0A:4C:F9:05:0C:43:7B:34:C7:63:BB:BA:86:31:93:E4:A0:D0:65:74:7C:2D:E2:3D:92:04:C0:77:7D:B5:14:CA:49:54:67:00:BC" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:10:19", "not_valid_before": "2022-02-01 18:10:21" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.551) 0:01:07.806 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "7B:5A:05:7F:20:9E:92:52:13:4A:DA:D1:C7:4A:4A:84:C2:B0:C2:25" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "87:4A:3A:85:C4:FC:5B:9D:53:13:AC:98:86:5C:B5:06:DB:0F:6E:9B" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "39:28:C4:2F:32:B7:A0:8F:DB:DC:6C:F3:54:01:BB:9B:0F:96:22:1D:D6:2A:F9:D7:C2:3C:46:C3:1E:C5:90:0E:54:88:E9:62:4B:E0:5A:78:11:2E:E1:D9:69:24:CD:EF:2A:91:53:CD:A1:B7:09:41:E5:8E:8F:28:39:7C:6B:48:3D:CA:CE:C1:35:C4:AB:11:51:7A:07:83:09:C2:24:EA:23:F7:5A:0F:3D:41:35:EF:E2:91:D5:69:ED:F9:0D:55:9F:B9:4E:FF:17:03:7A:04:C1:89:D9:CF:3E:9A:43:B4:1D:AF:75:98:91:74:63:D0:90:06:BB:BB:C1:90:D0:3F:AC:FC:66:89:29:7A:56:6A:70:EC:C0:83:3C:F8:3E:E5:3A:F9:CF:11:1D:7B:C5:BE:1C:98:6D:C8:87:3F:D1:09:3C:B0:10:66:E9:D1:7D:4A:43:82:44:97:FA:81:00:A3:21:71:F7:99:2F:7A:0E:44:DA:6F:8C:F6:57:88:D1:EC:8C:FE:E0:12:25:03:E4:20:48:E6:A7:79:E3:DB:D6:47:E2:34:65:FE:C7:DC:1D:28:34:E6:80:0A:4C:F9:05:0C:43:7B:34:C7:63:BB:BA:86:31:93:E4:A0:D0:65:74:7C:2D:E2:3D:92:04:C0:77:7D:B5:14:CA:49:54:67:00:BC" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-02-01 18:10:19", "not_valid_before": "2022-02-01 18:10:21" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.031) 0:01:07.838 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.032) 0:01:07.870 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.020) 0:01:07.891 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.032) 0:01:07.923 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.035) 0:01:07.958 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.032) 0:01:07.991 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040212", "end": "2022-02-01 18:10:40.619250", "rc": 0, "start": "2022-02-01 18:10:40.579038" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.381) 0:01:08.372 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.037) 0:01:08.409 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:10:40 +0000 (0:00:00.018) 0:01:08.427 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:10:42 +0000 (0:00:01.841) 0:01:10.268 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:10:43 +0000 (0:00:00.951) 0:01:11.220 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:10:44 +0000 (0:00:00.887) 0:01:12.108 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739022.2163348, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "67beb86a372584ff240306d00043ae84e9801da1", "ctime": 1643739022.2143347, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137979, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739022.2143347, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3957725574", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:10:44 +0000 (0:00:00.363) 0:01:12.472 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:10:44 +0000 (0:00:00.019) 0:01:12.492 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:10:44 +0000 (0:00:00.034) 0:01:12.526 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:10:44 +0000 (0:00:00.032) 0:01:12.558 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739022.1713347, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9cf3584011e1cb01dbd920d47a6d1c81f24ec62a", "ctime": 1643739022.2143347, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137978, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739022.2143347, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "3178367948", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:10:45 +0000 (0:00:00.373) 0:01:12.932 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:10:45 +0000 (0:00:00.019) 0:01:12.951 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:10:45 +0000 (0:00:00.037) 0:01:12.989 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.198729", "end": "2022-02-01 18:10:45.792646", "rc": 0, "start": "2022-02-01 18:10:45.593917" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "0C:7D:17:E1:A6:0D:2F:01:6C:07:FC:FA:3A:09:4C:64:34:49:AB:C2", "critical": false }, "authorityKeyIdentifier": { "value": "7B:5A:05:7F:20:9E:92:52:13:4A:DA:D1:C7:4A:4A:84:C2:B0:C2:25", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "D0:90:AE:8B:C4:2C:1B:32:51:76:32:63:C1:77:9D:2C:58:E5:0D:A6:98:E5:11:F6:82:59:F0:15:D7:26:45:4C:A3:AD:36:AD:5F:D4:56:9D:FD:C3:48:C5:76:2E:F1:E5:4E:ED:E2:47:67:C2:01:4D:02:C5:66:43:CC:1A:1F:83:3C:B9:F7:D8:D4:1E:C9:BD:0F:ED:D0:78:AC:C4:1D:BD:E3:05:F0:19:26:A1:A9:5B:47:BA:B0:E2:68:AB:AA:A2:50:FB:9E:17:5A:6D:84:64:C0:D7:4F:93:92:0B:07:39:FC:64:65:A3:E6:6A:C8:77:8B:50:A9:07:7A:6E:CF:A6:53:13:54:29:7A:4B:1A:CE:D8:53:26:EF:8B:A3:03:40:85:ED:8E:A7:51:84:30:88:02:9B:65:A4:C5:62:29:36:B0:CD:96:C7:60:25:D5:0C:55:BD:78:A6:CD:C5:19:17:14:B7:86:E2:75:04:AE:98:9C:14:BF:9E:96:B6:E2:81:89:DF:2B:79:D7:37:7D:92:05:E3:8A:24:DD:B0:B9:B3:7E:49:B5:6A:71:F9:EF:2D:AA:32:51:31:19:CD:60:60:1B:E0:A8:2A:E4:4D:E0:D1:0C:5A:16:B5:77:33:11:60:EB:6E:FD:3C:73:F2:94:1E:FB:0F:92:68:FC:46:9C:D1" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:10:19", "not_valid_before": "2022-02-01 18:10:22" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:10:45 +0000 (0:00:00.558) 0:01:13.548 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "7B:5A:05:7F:20:9E:92:52:13:4A:DA:D1:C7:4A:4A:84:C2:B0:C2:25" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "0C:7D:17:E1:A6:0D:2F:01:6C:07:FC:FA:3A:09:4C:64:34:49:AB:C2" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "D0:90:AE:8B:C4:2C:1B:32:51:76:32:63:C1:77:9D:2C:58:E5:0D:A6:98:E5:11:F6:82:59:F0:15:D7:26:45:4C:A3:AD:36:AD:5F:D4:56:9D:FD:C3:48:C5:76:2E:F1:E5:4E:ED:E2:47:67:C2:01:4D:02:C5:66:43:CC:1A:1F:83:3C:B9:F7:D8:D4:1E:C9:BD:0F:ED:D0:78:AC:C4:1D:BD:E3:05:F0:19:26:A1:A9:5B:47:BA:B0:E2:68:AB:AA:A2:50:FB:9E:17:5A:6D:84:64:C0:D7:4F:93:92:0B:07:39:FC:64:65:A3:E6:6A:C8:77:8B:50:A9:07:7A:6E:CF:A6:53:13:54:29:7A:4B:1A:CE:D8:53:26:EF:8B:A3:03:40:85:ED:8E:A7:51:84:30:88:02:9B:65:A4:C5:62:29:36:B0:CD:96:C7:60:25:D5:0C:55:BD:78:A6:CD:C5:19:17:14:B7:86:E2:75:04:AE:98:9C:14:BF:9E:96:B6:E2:81:89:DF:2B:79:D7:37:7D:92:05:E3:8A:24:DD:B0:B9:B3:7E:49:B5:6A:71:F9:EF:2D:AA:32:51:31:19:CD:60:60:1B:E0:A8:2A:E4:4D:E0:D1:0C:5A:16:B5:77:33:11:60:EB:6E:FD:3C:73:F2:94:1E:FB:0F:92:68:FC:46:9C:D1" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-02-01 18:10:19", "not_valid_before": "2022-02-01 18:10:22" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:10:46 +0000 (0:00:00.035) 0:01:13.583 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:10:46 +0000 (0:00:00.034) 0:01:13.618 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:10:46 +0000 (0:00:00.020) 0:01:13.639 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:10:46 +0000 (0:00:00.032) 0:01:13.672 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:10:46 +0000 (0:00:00.034) 0:01:13.706 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:10:46 +0000 (0:00:00.033) 0:01:13.739 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.041844", "end": "2022-02-01 18:10:46.398448", "rc": 0, "start": "2022-02-01 18:10:46.356604" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:10:46 +0000 (0:00:00.414) 0:01:14.154 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=73 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:10:46 +0000 (0:00:00.038) 0:01:14.192 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 40.46s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.69s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.95s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 2.64s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Install certreader ------------------------------------------------------ 2.61s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.08s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 1.96s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 1.84s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpd43sjho8/tests/certificate/tests_many_self_signed.yml:2 --------------- Install the package, force upgrade -------------------------------------- 1.01s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.98s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Install the package, force upgrade -------------------------------------- 0.95s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 0.90s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install certreader ------------------------------------------------------ 0.89s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmpd43sjho8/tests/certificate/tests_many_self_signed.yml:18 -------------- Parse certificate ------------------------------------------------------- 0.66s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.56s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.55s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.54s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_no_auto_renew.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:11:00 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:11:00 +0000 (0:00:00.015) 0:00:00.027 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:11:00 +0000 (0:00:00.015) 0:00:00.042 ****** =============================================================================== debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_no_auto_renew.yml:2 Tuesday 01 February 2022 18:11:00 +0000 (0:00:00.019) 0:00:00.062 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:11:01 +0000 (0:00:01.038) 0:00:01.100 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:11:01 +0000 (0:00:00.028) 0:00:01.129 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:14:37 +0000 (0:03:36.562) 0:03:37.691 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:14:42 +0000 (0:00:04.383) 0:03:42.075 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:14:42 +0000 (0:00:00.519) 0:03:42.594 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:14:43 +0000 (0:00:00.389) 0:03:42.984 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus-broker.service systemd-journald.socket sysinit.target dbus.socket network.target basic.target syslog.target system.slice", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:14:44 +0000 (0:00:00.971) 0:03:43.956 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => { "ansible_loop_var": "item", "changed": true, "item": { "auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). changed: [/cache/fedora-34.qcow2] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "defaultcert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_no_auto_renew.yml:17 Tuesday 01 February 2022 18:14:45 +0000 (0:00:01.786) 0:03:45.743 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_no_auto_renew.yml:42 Tuesday 01 February 2022 18:14:46 +0000 (0:00:00.741) 0:03:46.484 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': False}) included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/defaultcert.crt', 'key_path': '/etc/pki/tls/private/defaultcert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'auto_renew': True}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:14:46 +0000 (0:00:00.039) 0:03:46.523 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:14:46 +0000 (0:00:00.015) 0:03:46.539 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:14:48 +0000 (0:00:01.854) 0:03:48.394 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:14:53 +0000 (0:00:04.613) 0:03:53.007 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 84.6 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 23.4 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 98.1 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 41.9 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:14:55 +0000 (0:00:02.635) 0:03:55.643 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739284.3471043, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "51da64405d4db8fa8444dcda98e898a253700136", "ctime": 1643739284.3451042, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739284.3451042, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "290254606", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:14:56 +0000 (0:00:00.494) 0:03:56.138 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:14:56 +0000 (0:00:00.021) 0:03:56.159 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:14:56 +0000 (0:00:00.036) 0:03:56.195 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:14:56 +0000 (0:00:00.034) 0:03:56.230 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739284.3031042, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "00dcf4ecf3575e705466510ddea729ef3eb31266", "ctime": 1643739284.3451042, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739284.3451042, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "735476213", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:14:56 +0000 (0:00:00.362) 0:03:56.593 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:14:56 +0000 (0:00:00.020) 0:03:56.613 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:14:56 +0000 (0:00:00.037) 0:03:56.651 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.196444", "end": "2022-02-01 18:14:56.907866", "rc": 0, "start": "2022-02-01 18:14:56.711422" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "69:BB:DA:4E:40:85:21:5F:43:7C:84:27:36:CF:3C:22:80:BB:4C:DF", "critical": false }, "authorityKeyIdentifier": { "value": "B5:B8:5A:CB:92:6E:76:29:64:A9:79:1A:0F:45:B1:C9:B9:57:CD:5F", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6A:0B:5E:0C:C6:8C:4A:60:6F:DD:A4:54:BF:43:15:2D:50:5B:86:33:A6:46:B0:CE:74:81:C1:43:1E:23:17:30:A1:FA:BF:42:2F:8C:73:93:AC:43:FA:9A:81:C5:2F:F3:C4:ED:01:83:D7:BD:03:CF:C4:D6:0E:FB:56:51:5B:AE:52:8F:F2:80:96:D9:E4:1E:E9:DB:D2:1D:1D:6E:1F:5C:18:4A:65:1C:2A:6F:1E:43:F8:16:64:50:D1:BD:A9:CE:C9:FA:F5:40:65:40:9D:92:2B:2B:9C:9D:59:34:7B:E2:AC:91:89:F6:84:E4:B1:83:74:A9:5D:D4:B2:36:5F:48:CB:DD:24:5E:54:19:52:EE:14:CD:46:A5:81:07:02:93:7F:65:11:78:F8:D2:9B:68:C7:FF:DB:AC:C3:10:C9:C7:7E:F7:4F:97:B3:EE:C8:57:B3:0D:B2:54:9F:8D:29:22:97:33:AC:FE:BC:C5:2C:22:43:8D:92:79:02:EB:8A:DB:D8:31:DB:5E:4C:68:AF:1D:38:95:40:45:F5:5E:2A:2F:B4:46:B8:82:8B:A2:C2:4A:64:7E:5C:48:D5:40:8F:02:59:C3:20:95:9A:A2:E7:2B:FC:4F:C6:03:C9:1C:A2:26:DD:EC:D3:07:FF:46:70:20:28:B2:AC:3C:7A:81:04:71" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:14:43", "not_valid_before": "2022-02-01 18:14:44" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:14:57 +0000 (0:00:00.686) 0:03:57.338 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "B5:B8:5A:CB:92:6E:76:29:64:A9:79:1A:0F:45:B1:C9:B9:57:CD:5F" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "69:BB:DA:4E:40:85:21:5F:43:7C:84:27:36:CF:3C:22:80:BB:4C:DF" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6A:0B:5E:0C:C6:8C:4A:60:6F:DD:A4:54:BF:43:15:2D:50:5B:86:33:A6:46:B0:CE:74:81:C1:43:1E:23:17:30:A1:FA:BF:42:2F:8C:73:93:AC:43:FA:9A:81:C5:2F:F3:C4:ED:01:83:D7:BD:03:CF:C4:D6:0E:FB:56:51:5B:AE:52:8F:F2:80:96:D9:E4:1E:E9:DB:D2:1D:1D:6E:1F:5C:18:4A:65:1C:2A:6F:1E:43:F8:16:64:50:D1:BD:A9:CE:C9:FA:F5:40:65:40:9D:92:2B:2B:9C:9D:59:34:7B:E2:AC:91:89:F6:84:E4:B1:83:74:A9:5D:D4:B2:36:5F:48:CB:DD:24:5E:54:19:52:EE:14:CD:46:A5:81:07:02:93:7F:65:11:78:F8:D2:9B:68:C7:FF:DB:AC:C3:10:C9:C7:7E:F7:4F:97:B3:EE:C8:57:B3:0D:B2:54:9F:8D:29:22:97:33:AC:FE:BC:C5:2C:22:43:8D:92:79:02:EB:8A:DB:D8:31:DB:5E:4C:68:AF:1D:38:95:40:45:F5:5E:2A:2F:B4:46:B8:82:8B:A2:C2:4A:64:7E:5C:48:D5:40:8F:02:59:C3:20:95:9A:A2:E7:2B:FC:4F:C6:03:C9:1C:A2:26:DD:EC:D3:07:FF:46:70:20:28:B2:AC:3C:7A:81:04:71" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:14:43", "not_valid_before": "2022-02-01 18:14:44" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:14:57 +0000 (0:00:00.031) 0:03:57.369 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:14:57 +0000 (0:00:00.029) 0:03:57.399 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:14:57 +0000 (0:00:00.024) 0:03:57.423 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:14:57 +0000 (0:00:00.033) 0:03:57.457 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:14:57 +0000 (0:00:00.032) 0:03:57.490 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:14:57 +0000 (0:00:00.032) 0:03:57.522 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042007", "end": "2022-02-01 18:14:57.496794", "rc": 0, "start": "2022-02-01 18:14:57.454787" } STDOUT: no TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:14:58 +0000 (0:00:00.410) 0:03:57.932 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:14:58 +0000 (0:00:00.033) 0:03:57.966 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:14:58 +0000 (0:00:00.016) 0:03:57.982 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:15:00 +0000 (0:00:01.942) 0:03:59.924 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (22.0.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:15:00 +0000 (0:00:00.986) 0:04:00.910 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.9/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.9/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.9/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.9/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.9/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:15:01 +0000 (0:00:00.883) 0:04:01.794 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739285.2571042, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7e2f9cbe09056387ee86e2e268f73962e2f48bb8", "ctime": 1643739285.2541044, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137977, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739285.2541044, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2781623246", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:15:02 +0000 (0:00:00.369) 0:04:02.164 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:15:02 +0000 (0:00:00.056) 0:04:02.220 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:15:02 +0000 (0:00:00.033) 0:04:02.254 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:15:02 +0000 (0:00:00.030) 0:04:02.285 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739285.2121043, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e8d5956a1b7fe7f1f3f8c7315034afcacb8a652c", "ctime": 1643739285.2541044, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137976, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739285.2541044, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "4181167996", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:15:02 +0000 (0:00:00.366) 0:04:02.651 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:15:02 +0000 (0:00:00.019) 0:04:02.671 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:15:02 +0000 (0:00:00.041) 0:04:02.712 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt" ], "delta": "0:00:00.203083", "end": "2022-02-01 18:15:02.852356", "rc": 0, "start": "2022-02-01 18:15:02.649273" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "12:41:B7:A0:9F:5E:4F:B8:CF:15:0C:BF:08:95:05:26:A7:4C:DA:EE", "critical": false }, "authorityKeyIdentifier": { "value": "B5:B8:5A:CB:92:6E:76:29:64:A9:79:1A:0F:45:B1:C9:B9:57:CD:5F", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "14:69:7A:BC:98:FD:9D:B8:94:4E:C0:F7:2F:F4:D4:2C:C4:07:46:B0:DF:63:35:B2:CD:5E:12:39:02:BC:8F:EF:04:69:B1:47:2C:56:44:DF:A7:B4:F9:FF:A0:64:23:9C:E0:B3:7D:FE:D1:79:42:60:23:00:D6:85:E6:A2:FE:5F:96:3C:BD:AF:92:D1:3A:47:1E:DA:71:6F:BD:21:FF:0E:4A:F0:0C:61:94:BF:16:33:E2:DE:C8:1C:99:D4:E7:0C:90:AA:A8:94:D6:72:ED:E1:9E:FD:D9:E3:0E:3E:82:71:ED:7D:FA:C3:74:18:50:47:2E:FB:1C:F7:39:BC:F1:A9:0F:FB:18:70:C8:6F:E2:F3:B0:B6:6B:41:CE:D3:E4:83:BF:59:96:8B:A4:FF:DE:F4:22:22:E0:35:A0:55:FA:A1:A5:24:52:82:43:28:EB:A0:C7:B7:D1:76:D2:70:DA:4B:D2:7F:47:7B:38:3F:DA:FE:F3:5D:9A:E9:AE:38:A0:EA:8E:1E:C7:42:AD:97:E9:40:0B:98:5E:FF:30:44:C1:A9:27:B4:7A:3F:9F:56:17:D9:5F:0F:F4:66:31:40:16:15:02:01:A4:F6:9E:A3:A0:EE:D8:F6:AF:F0:C5:A0:2F:E4:C2:29:18:CF:64:13:02:01:C3:57:A2:F0:79:46:9A:70" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:14:43", "not_valid_before": "2022-02-01 18:14:45" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.566) 0:04:03.279 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "B5:B8:5A:CB:92:6E:76:29:64:A9:79:1A:0F:45:B1:C9:B9:57:CD:5F" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "12:41:B7:A0:9F:5E:4F:B8:CF:15:0C:BF:08:95:05:26:A7:4C:DA:EE" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "14:69:7A:BC:98:FD:9D:B8:94:4E:C0:F7:2F:F4:D4:2C:C4:07:46:B0:DF:63:35:B2:CD:5E:12:39:02:BC:8F:EF:04:69:B1:47:2C:56:44:DF:A7:B4:F9:FF:A0:64:23:9C:E0:B3:7D:FE:D1:79:42:60:23:00:D6:85:E6:A2:FE:5F:96:3C:BD:AF:92:D1:3A:47:1E:DA:71:6F:BD:21:FF:0E:4A:F0:0C:61:94:BF:16:33:E2:DE:C8:1C:99:D4:E7:0C:90:AA:A8:94:D6:72:ED:E1:9E:FD:D9:E3:0E:3E:82:71:ED:7D:FA:C3:74:18:50:47:2E:FB:1C:F7:39:BC:F1:A9:0F:FB:18:70:C8:6F:E2:F3:B0:B6:6B:41:CE:D3:E4:83:BF:59:96:8B:A4:FF:DE:F4:22:22:E0:35:A0:55:FA:A1:A5:24:52:82:43:28:EB:A0:C7:B7:D1:76:D2:70:DA:4B:D2:7F:47:7B:38:3F:DA:FE:F3:5D:9A:E9:AE:38:A0:EA:8E:1E:C7:42:AD:97:E9:40:0B:98:5E:FF:30:44:C1:A9:27:B4:7A:3F:9F:56:17:D9:5F:0F:F4:66:31:40:16:15:02:01:A4:F6:9E:A3:A0:EE:D8:F6:AF:F0:C5:A0:2F:E4:C2:29:18:CF:64:13:02:01:C3:57:A2:F0:79:46:9A:70" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:14:43", "not_valid_before": "2022-02-01 18:14:45" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.030) 0:04:03.310 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.034) 0:04:03.344 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.021) 0:04:03.366 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.035) 0:04:03.401 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.033) 0:04:03.435 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.033) 0:04:03.469 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038374", "end": "2022-02-01 18:15:03.434115", "rc": 0, "start": "2022-02-01 18:15:03.395741" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.391) 0:04:03.860 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=52 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:15:03 +0000 (0:00:00.038) 0:04:03.899 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed - 216.56s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.61s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 4.38s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install certreader ------------------------------------------------------ 2.64s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 1.94s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 1.85s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.79s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpd43sjho8/tests/certificate/tests_no_auto_renew.yml:2 ------------------ Install the package, force upgrade -------------------------------------- 0.99s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.97s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Install certreader ------------------------------------------------------ 0.88s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmpd43sjho8/tests/certificate/tests_no_auto_renew.yml:17 ----------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Parse certificate ------------------------------------------------------- 0.57s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.41s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve certificate file stats ----------------------------------------- 0.37s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:15:17 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:15:17 +0000 (0:00:00.015) 0:00:00.026 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:15:17 +0000 (0:00:00.015) 0:00:00.042 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml:2 Tuesday 01 February 2022 18:15:17 +0000 (0:00:00.022) 0:00:00.065 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:15:18 +0000 (0:00:01.047) 0:00:01.112 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:15:18 +0000 (0:00:00.028) 0:00:01.141 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:17:57 +0000 (0:02:38.886) 0:02:40.027 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:18:01 +0000 (0:00:03.912) 0:02:43.940 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:18:01 +0000 (0:00:00.545) 0:02:44.485 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:18:02 +0000 (0:00:00.396) 0:02:44.882 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket system.slice systemd-journald.socket network.target sysinit.target dbus-broker.service syslog.target basic.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:18:03 +0000 (0:00:00.969) 0:02:45.852 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml:14 Tuesday 01 February 2022 18:18:03 +0000 (0:00:00.664) 0:02:46.516 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml:28 Tuesday 01 February 2022 18:18:04 +0000 (0:00:00.762) 0:02:47.279 ****** ok: [/cache/fedora-34.qcow2] => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => { "ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": { "key_path": "/etc/pki/tls/private/mycert.key", "path": "/etc/pki/tls/certs/mycert.crt", "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "subject_alt_name": [ { "name": "DNS", "value": "www.example.com" } ] }, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1294, "state": "file", "uid": 0 } TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml:34 Tuesday 01 February 2022 18:18:05 +0000 (0:00:00.512) 0:02:47.792 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:18:05 +0000 (0:00:00.028) 0:02:47.820 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:18:05 +0000 (0:00:00.013) 0:02:47.834 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:18:07 +0000 (0:00:01.939) 0:02:49.774 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:18:11 +0000 (0:00:04.604) 0:02:54.378 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 52.6 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 93.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 110.1 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 35.7 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:18:14 +0000 (0:00:02.756) 0:02:57.134 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739483.394575, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "98f24a17938c1023660de9404c8a7f16b61496a4", "ctime": 1643739483.392575, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739483.392575, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "4155593614", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:18:15 +0000 (0:00:00.482) 0:02:57.617 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:18:15 +0000 (0:00:00.019) 0:02:57.636 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:18:15 +0000 (0:00:00.033) 0:02:57.669 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:18:15 +0000 (0:00:00.036) 0:02:57.705 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739483.350575, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ae57b611ca5db7f7ae80308107d23c10d6890d76", "ctime": 1643739483.392575, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739483.392575, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2003183819", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:18:15 +0000 (0:00:00.410) 0:02:58.115 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:18:15 +0000 (0:00:00.019) 0:02:58.135 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:18:15 +0000 (0:00:00.035) 0:02:58.170 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.201264", "end": "2022-02-01 18:18:15.680898", "rc": 0, "start": "2022-02-01 18:18:15.479634" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "7A:1D:8C:3B:B4:35:E2:01:06:7D:80:74:D2:CD:66:C3:F3:80:CB:6E", "critical": false }, "authorityKeyIdentifier": { "value": "D6:DE:2A:F8:2F:AE:9E:73:3F:A0:A8:63:9C:41:86:7B:87:E1:A9:BF", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A3:5A:03:6D:A5:C3:EF:2D:F2:02:E9:B4:7B:2E:C6:1E:17:23:FB:55:66:5A:EC:4C:F4:D2:A8:E7:91:BD:D7:F5:34:F4:B9:46:78:D9:F3:6E:C5:41:2C:66:B3:A5:FE:3F:10:46:66:DC:EB:D1:6B:28:AA:8F:C0:1D:1E:4B:5C:2B:AB:C3:8B:9A:38:6C:83:48:09:F8:4E:A1:BE:F3:DB:83:E6:F4:37:D1:75:08:CE:DA:28:36:5F:77:43:D7:A9:8D:28:6C:D4:AD:B9:44:27:DC:3B:45:E6:46:8C:4E:B5:96:E9:6D:F6:0A:92:B1:50:56:40:E0:11:73:96:81:53:E0:B2:5D:82:17:D7:F4:A2:36:32:AB:0A:A1:A3:6B:1C:8D:D3:27:EA:46:31:33:34:D6:C4:54:03:C0:44:80:2D:9F:E4:4A:9B:0D:BE:EC:1C:98:BA:45:8F:BC:28:52:45:14:E7:E1:28:77:11:CE:D2:72:B5:44:0E:70:4E:DA:9C:77:BB:84:D5:66:5E:1B:B6:7A:05:C7:09:0C:FF:85:72:52:26:D0:54:5A:98:DB:96:87:B5:27:B0:A9:10:C7:46:C1:E4:83:99:49:E1:98:BE:F3:CF:B6:03:B8:BA:3F:74:BA:D5:A2:BA:05:35:44:59:BC:49:BB:5C:0E:40:C3:48:C5" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:18:02", "not_valid_before": "2022-02-01 18:18:03" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.712) 0:02:58.882 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "D6:DE:2A:F8:2F:AE:9E:73:3F:A0:A8:63:9C:41:86:7B:87:E1:A9:BF" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "7A:1D:8C:3B:B4:35:E2:01:06:7D:80:74:D2:CD:66:C3:F3:80:CB:6E" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A3:5A:03:6D:A5:C3:EF:2D:F2:02:E9:B4:7B:2E:C6:1E:17:23:FB:55:66:5A:EC:4C:F4:D2:A8:E7:91:BD:D7:F5:34:F4:B9:46:78:D9:F3:6E:C5:41:2C:66:B3:A5:FE:3F:10:46:66:DC:EB:D1:6B:28:AA:8F:C0:1D:1E:4B:5C:2B:AB:C3:8B:9A:38:6C:83:48:09:F8:4E:A1:BE:F3:DB:83:E6:F4:37:D1:75:08:CE:DA:28:36:5F:77:43:D7:A9:8D:28:6C:D4:AD:B9:44:27:DC:3B:45:E6:46:8C:4E:B5:96:E9:6D:F6:0A:92:B1:50:56:40:E0:11:73:96:81:53:E0:B2:5D:82:17:D7:F4:A2:36:32:AB:0A:A1:A3:6B:1C:8D:D3:27:EA:46:31:33:34:D6:C4:54:03:C0:44:80:2D:9F:E4:4A:9B:0D:BE:EC:1C:98:BA:45:8F:BC:28:52:45:14:E7:E1:28:77:11:CE:D2:72:B5:44:0E:70:4E:DA:9C:77:BB:84:D5:66:5E:1B:B6:7A:05:C7:09:0C:FF:85:72:52:26:D0:54:5A:98:DB:96:87:B5:27:B0:A9:10:C7:46:C1:E4:83:99:49:E1:98:BE:F3:CF:B6:03:B8:BA:3F:74:BA:D5:A2:BA:05:35:44:59:BC:49:BB:5C:0E:40:C3:48:C5" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:18:02", "not_valid_before": "2022-02-01 18:18:03" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.030) 0:02:58.913 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.031) 0:02:58.945 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.022) 0:02:58.967 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.034) 0:02:59.002 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.035) 0:02:59.038 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.039) 0:02:59.078 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038611", "end": "2022-02-01 18:18:16.286412", "rc": 0, "start": "2022-02-01 18:18:16.247801" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.411) 0:02:59.489 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=32 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:18:16 +0000 (0:00:00.040) 0:02:59.529 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed - 158.89s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.60s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.91s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install certreader ------------------------------------------------------ 2.76s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 1.94s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.05s /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml:2 -------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.97s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Gathering Facts --------------------------------------------------------- 0.76s /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml:14 ------------- Parse certificate ------------------------------------------------------- 0.71s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.66s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Wait for certificate ---------------------------------------------------- 0.51s /tmp/tmpd43sjho8/tests/certificate/tests_not_wait_for_cert.yml:28 ------------- Retrieve certificate file stats ----------------------------------------- 0.48s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.41s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.41s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Verify certificate permissions ------------------------------------------ 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 - Verify certificate Key Usage -------------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:18:31 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:18:31 +0000 (0:00:00.019) 0:00:00.030 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:18:31 +0000 (0:00:00.025) 0:00:00.056 ****** =============================================================================== fail -------------------------------------------------------------------- 0.03s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml:2 Tuesday 01 February 2022 18:18:31 +0000 (0:00:00.034) 0:00:00.090 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:18:32 +0000 (0:00:01.164) 0:00:01.255 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:18:32 +0000 (0:00:00.033) 0:00:01.288 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:19:12 +0000 (0:00:40.302) 0:00:41.591 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:19:20 +0000 (0:00:07.971) 0:00:49.563 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:19:21 +0000 (0:00:00.594) 0:00:50.157 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:19:21 +0000 (0:00:00.466) 0:00:50.623 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target systemd-journald.socket dbus-broker.service dbus.socket system.slice sysinit.target syslog.target network.target", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:19:22 +0000 (0:00:01.159) 0:00:51.782 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "principal": "HTTP/www.example.com@EXAMPLE.COM" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml:13 Tuesday 01 February 2022 18:19:24 +0000 (0:00:01.084) 0:00:52.867 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml:33 Tuesday 01 February 2022 18:19:24 +0000 (0:00:00.817) 0:00:53.685 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}, {'name': 'Universal Principal Name (UPN)', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.4.1.311.20.2.3'}, {'name': 'Kerberos principalname', 'value': 'HTTP/www.example.com@EXAMPLE.COM', 'oid': '1.3.6.1.5.2.2'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:19:24 +0000 (0:00:00.037) 0:00:53.723 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:19:24 +0000 (0:00:00.017) 0:00:53.741 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:19:27 +0000 (0:00:02.450) 0:00:56.192 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:19:32 +0000 (0:00:04.926) 0:01:01.119 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 92.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 104.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 36.2 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:19:35 +0000 (0:00:02.984) 0:01:04.103 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739563.15273, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5cebc1f1582ae934c0395d5b63d28348984306a6", "ctime": 1643739563.1477299, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739563.1477299, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1456, "uid": 0, "version": "3766489379", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:19:35 +0000 (0:00:00.603) 0:01:04.706 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:19:35 +0000 (0:00:00.022) 0:01:04.728 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:19:35 +0000 (0:00:00.037) 0:01:04.766 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:19:35 +0000 (0:00:00.037) 0:01:04.803 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739563.0787299, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f7412b2622cd5c238ad957ddc53ed3237cd07403", "ctime": 1643739563.1477299, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739563.1477299, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2582572342", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:19:36 +0000 (0:00:00.382) 0:01:05.185 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:19:36 +0000 (0:00:00.022) 0:01:05.208 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:19:36 +0000 (0:00:00.037) 0:01:05.246 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.204799", "end": "2022-02-01 18:19:36.371036", "rc": 0, "start": "2022-02-01 18:19:36.166237" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.5.2.2" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "A3:16:9F:D3:D4:1E:E4:51:94:22:10:5C:DE:3F:C2:98:FD:B5:F4:F7", "critical": false }, "authorityKeyIdentifier": { "value": "D1:5F:3C:82:77:09:E7:10:60:09:FB:BD:2C:C8:62:1E:57:9A:F5:23", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "01:16:F5:1C:DD:0C:F2:D1:CC:ED:6D:A9:52:F7:52:3C:CD:D9:6A:D1:D4:87:AE:4F:01:27:0C:60:B1:35:07:18:6B:C7:00:93:54:A5:C3:1F:5C:C8:1E:E6:20:A5:AF:01:BF:BA:B7:79:DA:E6:68:6D:2F:CC:91:21:A1:65:93:BA:5F:1C:A7:9B:CB:02:91:0B:66:ED:54:9E:DD:1F:9D:74:0F:83:BB:66:FE:6B:5F:96:E9:4E:D9:81:86:35:D8:16:8D:BF:C0:69:B3:CA:C2:02:B2:54:A4:29:B3:F2:50:97:EF:A6:8F:D2:80:18:52:56:AA:DB:52:2C:12:FD:AF:A9:D4:2B:AC:12:33:70:93:11:0D:52:BA:1D:AB:8C:6E:81:73:95:93:92:AA:7C:62:24:82:4A:E5:90:33:76:15:48:63:70:3B:79:83:53:13:4C:20:1A:11:B9:0E:8B:1D:56:20:21:63:25:EB:C0:AD:50:89:74:E3:D1:EF:F9:B7:D1:97:F7:D4:94:5A:1F:1D:0E:6E:41:96:3B:2A:33:EE:7C:3E:A9:E6:38:B5:CB:27:BA:C7:1F:82:C1:C8:7D:1F:7F:65:F6:91:08:5F:B8:2A:D8:21:77:8C:3D:58:11:B9:46:C9:93:FA:B5:2A:9C:33:E8:B4:27:0B:2A:AC:D2:DA:4D" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:19:22", "not_valid_before": "2022-02-01 18:19:23" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.704) 0:01:05.950 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "D1:5F:3C:82:77:09:E7:10:60:09:FB:BD:2C:C8:62:1E:57:9A:F5:23" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "A3:16:9F:D3:D4:1E:E4:51:94:22:10:5C:DE:3F:C2:98:FD:B5:F4:F7" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "01:16:F5:1C:DD:0C:F2:D1:CC:ED:6D:A9:52:F7:52:3C:CD:D9:6A:D1:D4:87:AE:4F:01:27:0C:60:B1:35:07:18:6B:C7:00:93:54:A5:C3:1F:5C:C8:1E:E6:20:A5:AF:01:BF:BA:B7:79:DA:E6:68:6D:2F:CC:91:21:A1:65:93:BA:5F:1C:A7:9B:CB:02:91:0B:66:ED:54:9E:DD:1F:9D:74:0F:83:BB:66:FE:6B:5F:96:E9:4E:D9:81:86:35:D8:16:8D:BF:C0:69:B3:CA:C2:02:B2:54:A4:29:B3:F2:50:97:EF:A6:8F:D2:80:18:52:56:AA:DB:52:2C:12:FD:AF:A9:D4:2B:AC:12:33:70:93:11:0D:52:BA:1D:AB:8C:6E:81:73:95:93:92:AA:7C:62:24:82:4A:E5:90:33:76:15:48:63:70:3B:79:83:53:13:4C:20:1A:11:B9:0E:8B:1D:56:20:21:63:25:EB:C0:AD:50:89:74:E3:D1:EF:F9:B7:D1:97:F7:D4:94:5A:1F:1D:0E:6E:41:96:3B:2A:33:EE:7C:3E:A9:E6:38:B5:CB:27:BA:C7:1F:82:C1:C8:7D:1F:7F:65:F6:91:08:5F:B8:2A:D8:21:77:8C:3D:58:11:B9:46:C9:93:FA:B5:2A:9C:33:E8:B4:27:0B:2A:AC:D2:DA:4D" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:19:22", "not_valid_before": "2022-02-01 18:19:23" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.033) 0:01:05.984 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.035) 0:01:06.019 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.023) 0:01:06.043 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.034) 0:01:06.078 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.034) 0:01:06.112 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.033) 0:01:06.146 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042667", "end": "2022-02-01 18:19:36.978457", "rc": 0, "start": "2022-02-01 18:19:36.935790" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.423) 0:01:06.570 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml:40 Tuesday 01 February 2022 18:19:37 +0000 (0:00:00.074) 0:01:06.644 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:19:38 +0000 (0:00:00.806) 0:01:07.450 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:19:38 +0000 (0:00:00.032) 0:01:07.483 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:19:40 +0000 (0:00:02.055) 0:01:09.539 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:19:42 +0000 (0:00:02.005) 0:01:11.544 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:19:43 +0000 (0:00:00.395) 0:01:11.939 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:19:43 +0000 (0:00:00.453) 0:01:12.393 ****** ok: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Tue 2022-02-01 18:19:22 UTC", "ActiveEnterTimestampMonotonic": "62355017", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice syslog.target sysinit.target dbus-broker.service network.target basic.target dbus.socket systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Tue 2022-02-01 18:19:22 UTC", "AssertTimestampMonotonic": "62341110", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "587516000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Tue 2022-02-01 18:19:22 UTC", "ConditionTimestampMonotonic": "62341107", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6804", "ExecMainStartTimestamp": "Tue 2022-02-01 18:19:22 UTC", "ExecMainStartTimestampMonotonic": "62342557", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Tue 2022-02-01 18:19:22 UTC] ; stop_time=[n/a] ; pid=6804 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Tue 2022-02-01 18:19:22 UTC] ; stop_time=[n/a] ; pid=6804 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Tue 2022-02-01 18:19:22 UTC", "InactiveExitTimestampMonotonic": "62342950", "InvocationID": "2ab5c7d5b9cd4214a3a6d0cb3ca3fbf9", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6804", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "1474560", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Tue 2022-02-01 18:19:22 UTC", "StateChangeTimestampMonotonic": "62355017", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:19:44 +0000 (0:00:00.537) 0:01:12.930 ****** failed: [/cache/fedora-34.qcow2] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc" } } MSG: Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM' TASK [assert...] *************************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml:59 Tuesday 01 February 2022 18:19:44 +0000 (0:00:00.474) 0:01:13.405 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=39 changed=8 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0 Tuesday 01 February 2022 18:19:44 +0000 (0:00:00.029) 0:01:13.435 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 40.30s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 7.97s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install the package, force upgrade -------------------------------------- 4.93s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 2.98s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.45s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 2.06s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 2.01s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Gathering Facts --------------------------------------------------------- 1.16s /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml:2 ---------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.16s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.08s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 0.82s /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml:13 --------------------- Gathering Facts --------------------------------------------------------- 0.81s /tmp/tmpd43sjho8/tests/certificate/tests_principal.yml:40 --------------------- Parse certificate ------------------------------------------------------- 0.70s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Retrieve certificate file stats ----------------------------------------- 0.60s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.59s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.54s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.47s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.47s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.45s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve auto-renew flag ------------------------------------------------ 0.42s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_provider.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:19:58 +0000 (0:00:00.010) 0:00:00.010 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:19:58 +0000 (0:00:00.015) 0:00:00.026 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:19:58 +0000 (0:00:00.015) 0:00:00.041 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_provider.yml:2 Tuesday 01 February 2022 18:19:58 +0000 (0:00:00.018) 0:00:00.060 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:19:59 +0000 (0:00:01.034) 0:00:01.094 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:20:00 +0000 (0:00:00.025) 0:00:01.120 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:24:48 +0000 (0:04:48.111) 0:04:49.231 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:24:52 +0000 (0:00:04.063) 0:04:53.295 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:24:52 +0000 (0:00:00.552) 0:04:53.847 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:24:53 +0000 (0:00:00.401) 0:04:54.249 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice sysinit.target syslog.target network.target dbus.socket dbus-broker.service basic.target systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:24:54 +0000 (0:00:00.967) 0:04:55.216 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "certmonger" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_provider.yml:13 Tuesday 01 February 2022 18:24:55 +0000 (0:00:00.901) 0:04:56.118 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_provider.yml:27 Tuesday 01 February 2022 18:24:55 +0000 (0:00:00.732) 0:04:56.850 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:24:55 +0000 (0:00:00.030) 0:04:56.880 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:24:55 +0000 (0:00:00.014) 0:04:56.894 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:24:57 +0000 (0:00:02.100) 0:04:58.995 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:25:02 +0000 (0:00:04.826) 0:05:03.821 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 48.0 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 80.0 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.1 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 91.7 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 35.4 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:25:05 +0000 (0:00:02.724) 0:05:06.545 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739894.1425622, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b5aa19191050498e99ccb38d00bdbd3b97333b9b", "ctime": 1643739894.1395621, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739894.1395621, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "4067377009", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:25:05 +0000 (0:00:00.491) 0:05:07.037 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:25:05 +0000 (0:00:00.018) 0:05:07.056 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:25:05 +0000 (0:00:00.031) 0:05:07.087 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:25:06 +0000 (0:00:00.028) 0:05:07.115 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643739894.097562, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7a840857c1a6c33f8f1eebb6e823041eca75bfcd", "ctime": 1643739894.1395621, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643739894.1395621, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3227726998", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:25:06 +0000 (0:00:00.351) 0:05:07.467 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:25:06 +0000 (0:00:00.018) 0:05:07.486 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:25:06 +0000 (0:00:00.035) 0:05:07.521 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.194430", "end": "2022-02-01 18:25:06.396832", "rc": 0, "start": "2022-02-01 18:25:06.202402" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "3A:13:32:2F:DF:DB:59:2E:AD:A1:F6:9D:32:1E:7E:29:89:93:A4:A4", "critical": false }, "authorityKeyIdentifier": { "value": "70:5F:45:DC:EB:BE:38:99:FC:06:32:60:1B:84:05:E4:55:3E:B9:CE", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "78:9F:CB:D9:05:F6:25:8A:9F:87:B4:66:CF:5C:8E:AB:C7:37:F8:CD:3A:8D:73:43:B5:19:5E:0D:0B:3B:5C:33:54:95:B8:8F:60:FA:EB:6A:99:B9:B2:E9:4A:6F:23:A2:68:B1:FF:BE:C2:21:1D:41:BB:56:7C:DC:DC:DF:3C:6D:26:CB:86:5B:B2:AD:D4:EA:BA:A1:99:44:9E:23:9F:C8:F8:E8:2A:72:FD:69:F4:5A:68:F0:77:FE:10:D2:D7:88:A6:9D:19:9D:24:FB:BE:84:50:62:1C:B7:C3:68:54:B1:7D:05:EC:EE:84:AD:8B:86:BE:4A:B1:09:7E:A4:F7:7E:40:DA:EB:00:5A:55:41:11:2D:22:09:B1:FB:EE:6D:C1:32:30:40:15:C7:F4:EF:C7:9A:71:4D:A3:1F:90:E9:4E:3C:57:50:46:C8:3D:9D:E3:ED:6B:FB:17:23:BA:02:C6:B2:47:B1:4C:F4:66:53:1C:DA:9B:50:46:80:FB:D3:3E:6A:F5:D4:C9:5C:0A:4E:B1:08:2E:ED:32:B6:83:64:A4:EE:A4:53:01:98:45:6D:49:68:04:CA:60:8F:9B:4B:25:EB:22:C9:B8:6E:D6:E7:A5:39:45:FF:27:43:61:3F:95:98:37:4B:C0:82:F8:5F:89:6D:9C:BB:0A:5F:8F:99:B8" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:24:53", "not_valid_before": "2022-02-01 18:24:54" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.678) 0:05:08.200 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "70:5F:45:DC:EB:BE:38:99:FC:06:32:60:1B:84:05:E4:55:3E:B9:CE" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "3A:13:32:2F:DF:DB:59:2E:AD:A1:F6:9D:32:1E:7E:29:89:93:A4:A4" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "78:9F:CB:D9:05:F6:25:8A:9F:87:B4:66:CF:5C:8E:AB:C7:37:F8:CD:3A:8D:73:43:B5:19:5E:0D:0B:3B:5C:33:54:95:B8:8F:60:FA:EB:6A:99:B9:B2:E9:4A:6F:23:A2:68:B1:FF:BE:C2:21:1D:41:BB:56:7C:DC:DC:DF:3C:6D:26:CB:86:5B:B2:AD:D4:EA:BA:A1:99:44:9E:23:9F:C8:F8:E8:2A:72:FD:69:F4:5A:68:F0:77:FE:10:D2:D7:88:A6:9D:19:9D:24:FB:BE:84:50:62:1C:B7:C3:68:54:B1:7D:05:EC:EE:84:AD:8B:86:BE:4A:B1:09:7E:A4:F7:7E:40:DA:EB:00:5A:55:41:11:2D:22:09:B1:FB:EE:6D:C1:32:30:40:15:C7:F4:EF:C7:9A:71:4D:A3:1F:90:E9:4E:3C:57:50:46:C8:3D:9D:E3:ED:6B:FB:17:23:BA:02:C6:B2:47:B1:4C:F4:66:53:1C:DA:9B:50:46:80:FB:D3:3E:6A:F5:D4:C9:5C:0A:4E:B1:08:2E:ED:32:B6:83:64:A4:EE:A4:53:01:98:45:6D:49:68:04:CA:60:8F:9B:4B:25:EB:22:C9:B8:6E:D6:E7:A5:39:45:FF:27:43:61:3F:95:98:37:4B:C0:82:F8:5F:89:6D:9C:BB:0A:5F:8F:99:B8" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:24:53", "not_valid_before": "2022-02-01 18:24:54" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.031) 0:05:08.232 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.029) 0:05:08.262 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.017) 0:05:08.279 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.029) 0:05:08.308 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.029) 0:05:08.338 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.029) 0:05:08.367 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.044213", "end": "2022-02-01 18:25:06.960070", "rc": 0, "start": "2022-02-01 18:25:06.915857" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.395) 0:05:08.762 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:25:07 +0000 (0:00:00.035) 0:05:08.798 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed - 288.11s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.83s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 4.06s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install certreader ------------------------------------------------------ 2.72s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.10s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmpd43sjho8/tests/certificate/tests_provider.yml:2 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.97s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.90s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpd43sjho8/tests/certificate/tests_provider.yml:13 ---------------------- Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.55s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.35s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Load certificate YAML to cert_issued variable --------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 - Verify certificate file owner and group --------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 - Verify each certificate ------------------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tests_provider.yml:27 ---------------------- + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:25:21 +0000 (0:00:00.011) 0:00:00.011 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:25:21 +0000 (0:00:00.017) 0:00:00.029 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:25:21 +0000 (0:00:00.017) 0:00:00.046 ****** =============================================================================== debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:2 Tuesday 01 February 2022 18:25:21 +0000 (0:00:00.023) 0:00:00.069 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:25:22 +0000 (0:00:01.035) 0:00:01.105 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:25:22 +0000 (0:00:00.029) 0:00:01.135 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:28:30 +0000 (0:03:07.815) 0:03:08.950 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:28:33 +0000 (0:00:03.774) 0:03:12.724 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:28:34 +0000 (0:00:00.533) 0:03:13.258 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:28:34 +0000 (0:00:00.400) 0:03:13.658 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus-broker.service system.slice sysinit.target syslog.target systemd-journald.socket basic.target dbus.socket", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:28:35 +0000 (0:00:00.974) 0:03:14.633 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n" } } MSG: Certificate requested (new). Pre/Post run hooks updated. META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:17 Tuesday 01 February 2022 18:28:36 +0000 (0:00:00.904) 0:03:15.537 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:31 Tuesday 01 February 2022 18:28:37 +0000 (0:00:00.718) 0:03:16.256 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:28:37 +0000 (0:00:00.027) 0:03:16.284 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:28:37 +0000 (0:00:00.014) 0:03:16.298 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:28:39 +0000 (0:00:01.923) 0:03:18.221 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:28:44 +0000 (0:00:04.911) 0:03:23.132 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 46.5 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 92.4 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.2 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 96.6 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 41.8 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:28:47 +0000 (0:00:02.660) 0:03:25.793 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740116.1330085, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0df53c0988bbb2be354f1de6a18f9cca4dd076b1", "ctime": 1643740116.1300085, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137978, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643740116.1300085, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2215823113", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:28:47 +0000 (0:00:00.480) 0:03:26.273 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:28:47 +0000 (0:00:00.019) 0:03:26.293 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:28:47 +0000 (0:00:00.034) 0:03:26.327 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:28:47 +0000 (0:00:00.031) 0:03:26.358 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740116.0830083, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e2033bb4ea484afa09f2e90dac2b6aac5a2b006a", "ctime": 1643740116.1300085, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137976, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643740116.1300085, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1358449975", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:28:47 +0000 (0:00:00.346) 0:03:26.704 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:28:47 +0000 (0:00:00.019) 0:03:26.724 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:28:47 +0000 (0:00:00.034) 0:03:26.758 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.191465", "end": "2022-02-01 18:28:48.124898", "rc": 0, "start": "2022-02-01 18:28:47.933433" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "47:13:68:F5:F6:F1:94:66:33:7A:DA:F3:1E:10:A4:52:34:86:02:E6", "critical": false }, "authorityKeyIdentifier": { "value": "B9:15:9B:52:EB:30:BA:02:FB:E9:16:AF:C3:41:8B:20:1B:F1:62:26", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "87:F8:9F:83:57:5A:D8:7E:D5:7B:D5:D1:20:C9:52:A5:68:00:2B:50:4E:9C:C5:53:B6:10:A6:6C:D6:DE:70:28:72:4A:F9:D5:DA:8B:B5:C2:CA:22:11:6D:4C:CB:8E:04:BE:BC:BC:E3:A7:C3:76:C8:21:77:6E:12:87:B4:99:37:F1:16:A7:F0:65:56:17:92:92:37:5B:16:15:36:BD:E7:64:D6:56:70:00:A9:C7:A1:9E:1C:76:94:31:7A:29:8E:82:EE:AD:F4:BC:98:53:5A:36:72:FA:99:58:16:2F:28:AF:01:20:98:3C:B1:72:29:E3:A1:91:3A:23:84:FB:99:84:78:C5:14:FE:28:69:6F:57:D1:5C:50:92:4A:C8:C6:AF:5F:28:90:3A:70:9F:5F:03:46:EF:67:6F:6D:FC:36:6D:75:17:AD:A8:B4:3A:5F:AB:59:5B:AE:C6:3E:39:4B:22:51:DF:9F:6A:F5:73:61:83:BD:02:B1:B0:2E:05:CE:B7:F9:0E:D2:0B:5D:1C:AA:0C:46:2A:95:5F:5E:D2:97:DB:FC:83:3F:B1:B0:3F:75:E2:16:7A:A4:99:BE:0D:58:BE:61:30:EA:BF:88:D7:FC:D6:92:61:92:B9:24:04:05:7D:09:C0:30:0D:24:D8:3B:CB:65:14:71:63:D1:3B:81" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:28:35", "not_valid_before": "2022-02-01 18:28:36" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:28:48 +0000 (0:00:00.659) 0:03:27.418 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "B9:15:9B:52:EB:30:BA:02:FB:E9:16:AF:C3:41:8B:20:1B:F1:62:26" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "47:13:68:F5:F6:F1:94:66:33:7A:DA:F3:1E:10:A4:52:34:86:02:E6" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "87:F8:9F:83:57:5A:D8:7E:D5:7B:D5:D1:20:C9:52:A5:68:00:2B:50:4E:9C:C5:53:B6:10:A6:6C:D6:DE:70:28:72:4A:F9:D5:DA:8B:B5:C2:CA:22:11:6D:4C:CB:8E:04:BE:BC:BC:E3:A7:C3:76:C8:21:77:6E:12:87:B4:99:37:F1:16:A7:F0:65:56:17:92:92:37:5B:16:15:36:BD:E7:64:D6:56:70:00:A9:C7:A1:9E:1C:76:94:31:7A:29:8E:82:EE:AD:F4:BC:98:53:5A:36:72:FA:99:58:16:2F:28:AF:01:20:98:3C:B1:72:29:E3:A1:91:3A:23:84:FB:99:84:78:C5:14:FE:28:69:6F:57:D1:5C:50:92:4A:C8:C6:AF:5F:28:90:3A:70:9F:5F:03:46:EF:67:6F:6D:FC:36:6D:75:17:AD:A8:B4:3A:5F:AB:59:5B:AE:C6:3E:39:4B:22:51:DF:9F:6A:F5:73:61:83:BD:02:B1:B0:2E:05:CE:B7:F9:0E:D2:0B:5D:1C:AA:0C:46:2A:95:5F:5E:D2:97:DB:FC:83:3F:B1:B0:3F:75:E2:16:7A:A4:99:BE:0D:58:BE:61:30:EA:BF:88:D7:FC:D6:92:61:92:B9:24:04:05:7D:09:C0:30:0D:24:D8:3B:CB:65:14:71:63:D1:3B:81" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-01 18:28:35", "not_valid_before": "2022-02-01 18:28:36" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:28:48 +0000 (0:00:00.030) 0:03:27.449 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:28:48 +0000 (0:00:00.030) 0:03:27.480 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:28:48 +0000 (0:00:00.018) 0:03:27.498 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:28:48 +0000 (0:00:00.030) 0:03:27.529 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:28:48 +0000 (0:00:00.030) 0:03:27.559 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:28:48 +0000 (0:00:00.030) 0:03:27.590 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037744", "end": "2022-02-01 18:28:48.675319", "rc": 0, "start": "2022-02-01 18:28:48.637575" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:28:49 +0000 (0:00:00.377) 0:03:27.968 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:39 Tuesday 01 February 2022 18:28:49 +0000 (0:00:00.032) 0:03:28.000 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740116.1330085, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0df53c0988bbb2be354f1de6a18f9cca4dd076b1", "ctime": 1643740116.1300085, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137978, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643740116.1300085, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2215823113", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:43 Tuesday 01 February 2022 18:28:49 +0000 (0:00:00.349) 0:03:28.350 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740116.1280084, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1643740116.1280084, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137977, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1643740116.1280084, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "3182172946", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:47 Tuesday 01 February 2022 18:28:49 +0000 (0:00:00.341) 0:03:28.692 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740116.1650083, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1643740116.1650083, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137979, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1643740116.1650083, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "1500361901", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Assert file created before cert] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:51 Tuesday 01 February 2022 18:28:50 +0000 (0:00:00.340) 0:03:29.032 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Assert file created after cert] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:58 Tuesday 01 February 2022 18:28:50 +0000 (0:00:00.020) 0:03:29.053 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=36 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:28:50 +0000 (0:00:00.024) 0:03:29.077 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed - 187.82s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.91s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.77s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install certreader ------------------------------------------------------ 2.66s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 1.92s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:2 ---------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.97s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.90s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 0.72s /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:17 --------------------- Parse certificate ------------------------------------------------------- 0.66s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.48s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve auto-renew flag ------------------------------------------------ 0.38s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Get certificate timestamp ----------------------------------------------- 0.35s /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:39 --------------------- Retrieve key file stats ------------------------------------------------- 0.35s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Get pre-run file timestamp ---------------------------------------------- 0.34s /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:43 --------------------- Get post-run file timestamp --------------------------------------------- 0.34s /tmp/tmpd43sjho8/tests/certificate/tests_run_hooks.yml:47 --------------------- Verify key file owner and group ----------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate file owner and group --------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 - + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_subject.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:29:03 +0000 (0:00:00.010) 0:00:00.010 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:29:03 +0000 (0:00:00.017) 0:00:00.028 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:29:03 +0000 (0:00:00.018) 0:00:00.046 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_subject.yml:2 Tuesday 01 February 2022 18:29:03 +0000 (0:00:00.020) 0:00:00.066 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:29:04 +0000 (0:00:01.040) 0:00:01.107 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:29:04 +0000 (0:00:00.025) 0:00:01.132 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:29:45 +0000 (0:00:40.383) 0:00:41.516 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:29:55 +0000 (0:00:10.132) 0:00:51.649 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:29:55 +0000 (0:00:00.520) 0:00:52.170 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:29:56 +0000 (0:00:00.396) 0:00:52.566 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket system.slice network.target syslog.target basic.target dbus.socket sysinit.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:29:57 +0000 (0:00:00.955) 0:00:53.521 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_subject.yml:19 Tuesday 01 February 2022 18:29:58 +0000 (0:00:00.916) 0:00:54.438 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_subject.yml:48 Tuesday 01 February 2022 18:29:58 +0000 (0:00:00.727) 0:00:55.165 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'countryName', 'oid': '2.5.4.6', 'value': 'US'}, {'name': 'stateOrProvinceName', 'oid': '2.5.4.8', 'value': 'NC'}, {'name': 'localityName', 'oid': '2.5.4.7', 'value': 'Raleigh'}, {'name': 'organizationName', 'oid': '2.5.4.10', 'value': 'Red Hat'}, {'name': 'organizationalUnitName', 'oid': '2.5.4.11', 'value': 'Linux'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': 'Some other common name'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:29:58 +0000 (0:00:00.031) 0:00:55.197 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:29:59 +0000 (0:00:00.014) 0:00:55.211 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:30:00 +0000 (0:00:01.864) 0:00:57.075 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:30:05 +0000 (0:00:04.527) 0:01:01.603 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 51.9 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 82.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 27.5 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 102.9 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 37.1 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:30:07 +0000 (0:00:02.593) 0:01:04.197 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740196.969606, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "55ee1fe657c1da487ec64900028182935dd875a2", "ctime": 1643740196.966606, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643740196.966606, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1407, "uid": 0, "version": "2978181893", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:30:08 +0000 (0:00:00.490) 0:01:04.688 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:30:08 +0000 (0:00:00.022) 0:01:04.710 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:30:08 +0000 (0:00:00.036) 0:01:04.746 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:30:08 +0000 (0:00:00.033) 0:01:04.780 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740196.925606, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a33e3e08adc725a1296e8d73c05d2c84fa78293e", "ctime": 1643740196.966606, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643740196.966606, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3812887630", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:30:08 +0000 (0:00:00.364) 0:01:05.145 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:30:08 +0000 (0:00:00.020) 0:01:05.166 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:30:08 +0000 (0:00:00.036) 0:01:05.202 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.191996", "end": "2022-02-01 18:30:08.573851", "rc": 0, "start": "2022-02-01 18:30:08.381855" } STDOUT: { "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "FE:84:D9:2E:10:81:D5:2C:40:6D:04:1B:11:D6:86:75:6D:D8:42:B6", "critical": false }, "authorityKeyIdentifier": { "value": "B3:D8:B2:D5:35:DA:39:A3:DA:2C:73:FE:59:D6:31:0A:BF:B7:5F:2D", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6E:F9:2E:AE:83:6D:C3:38:2E:D9:F0:BA:E5:C1:73:AE:37:EA:71:A5:DC:18:28:12:4F:22:22:F5:24:2B:24:F0:B4:9A:B3:A1:EC:B8:10:6F:FA:13:B2:6D:88:C5:60:C8:54:9C:C1:F3:EB:4B:00:52:BD:30:42:0A:1B:49:18:7D:62:D6:53:9A:B5:6B:1A:F4:6E:7C:DC:98:D0:55:2C:59:CB:39:93:A1:D9:AF:E0:A5:F8:3A:4E:1A:10:5E:1F:82:7C:E4:E7:23:2B:7B:2C:1E:37:8F:29:B8:10:EC:AB:25:63:CE:DE:45:1A:84:7D:53:C6:D2:D7:41:3B:F0:25:E3:D8:C7:56:24:B8:BD:18:FF:18:C8:54:44:45:28:FE:14:2B:92:03:7C:F1:E1:61:25:AD:E1:05:E5:46:21:83:5C:E5:6F:12:29:D0:26:70:59:BE:D6:05:1E:5A:06:E4:A3:B0:75:81:2B:D7:A5:86:21:AF:B2:04:C4:52:14:E8:D1:54:60:74:74:4D:D6:08:64:55:F4:5F:7C:69:A6:7B:59:40:22:E7:16:17:E3:06:C6:97:81:D3:50:C0:36:FE:4C:A3:09:00:DF:5F:8D:80:88:94:B8:5D:F3:41:C8:31:C0:41:BF:6C:14:EC:C6:48:32:25:4A:44:6F:29:01:8D:E0" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:29:56", "not_valid_before": "2022-02-01 18:29:56" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:30:09 +0000 (0:00:00.668) 0:01:05.870 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "B3:D8:B2:D5:35:DA:39:A3:DA:2C:73:FE:59:D6:31:0A:BF:B7:5F:2D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "FE:84:D9:2E:10:81:D5:2C:40:6D:04:1B:11:D6:86:75:6D:D8:42:B6" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6E:F9:2E:AE:83:6D:C3:38:2E:D9:F0:BA:E5:C1:73:AE:37:EA:71:A5:DC:18:28:12:4F:22:22:F5:24:2B:24:F0:B4:9A:B3:A1:EC:B8:10:6F:FA:13:B2:6D:88:C5:60:C8:54:9C:C1:F3:EB:4B:00:52:BD:30:42:0A:1B:49:18:7D:62:D6:53:9A:B5:6B:1A:F4:6E:7C:DC:98:D0:55:2C:59:CB:39:93:A1:D9:AF:E0:A5:F8:3A:4E:1A:10:5E:1F:82:7C:E4:E7:23:2B:7B:2C:1E:37:8F:29:B8:10:EC:AB:25:63:CE:DE:45:1A:84:7D:53:C6:D2:D7:41:3B:F0:25:E3:D8:C7:56:24:B8:BD:18:FF:18:C8:54:44:45:28:FE:14:2B:92:03:7C:F1:E1:61:25:AD:E1:05:E5:46:21:83:5C:E5:6F:12:29:D0:26:70:59:BE:D6:05:1E:5A:06:E4:A3:B0:75:81:2B:D7:A5:86:21:AF:B2:04:C4:52:14:E8:D1:54:60:74:74:4D:D6:08:64:55:F4:5F:7C:69:A6:7B:59:40:22:E7:16:17:E3:06:C6:97:81:D3:50:C0:36:FE:4C:A3:09:00:DF:5F:8D:80:88:94:B8:5D:F3:41:C8:31:C0:41:BF:6C:14:EC:C6:48:32:25:4A:44:6F:29:01:8D:E0" }, "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "validity": { "not_valid_after": "2023-02-01 18:29:56", "not_valid_before": "2022-02-01 18:29:56" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:30:09 +0000 (0:00:00.034) 0:01:05.905 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:30:09 +0000 (0:00:00.037) 0:01:05.942 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:30:09 +0000 (0:00:00.023) 0:01:05.965 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:30:09 +0000 (0:00:00.035) 0:01:06.001 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:30:09 +0000 (0:00:00.036) 0:01:06.037 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:30:09 +0000 (0:00:00.036) 0:01:06.074 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.036947", "end": "2022-02-01 18:30:09.160233", "rc": 0, "start": "2022-02-01 18:30:09.123286" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:30:10 +0000 (0:00:00.380) 0:01:06.454 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:30:10 +0000 (0:00:00.040) 0:01:06.494 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 40.38s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 fedora.linux_system_roles.certificate : Ensure provider packages are installed -- 10.13s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install the package, force upgrade -------------------------------------- 4.53s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 2.59s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 1.86s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpd43sjho8/tests/certificate/tests_subject.yml:2 ------------------------ fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.96s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.92s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpd43sjho8/tests/certificate/tests_subject.yml:19 ----------------------- Parse certificate ------------------------------------------------------- 0.67s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.49s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.40s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve auto-renew flag ------------------------------------------------ 0.38s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify certificate subject ---------------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 - Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate Extended Key Usage ----------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Verify certificate Key Usage -------------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_subject_complex.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:30:24 +0000 (0:00:00.010) 0:00:00.010 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:30:24 +0000 (0:00:00.014) 0:00:00.025 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:30:24 +0000 (0:00:00.014) 0:00:00.039 ****** =============================================================================== debug ------------------------------------------------------------------- 0.01s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.01s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmpd43sjho8/tests/certificate/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_subject_complex.yml:2 Tuesday 01 February 2022 18:30:24 +0000 (0:00:00.018) 0:00:00.058 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:30:25 +0000 (0:00:01.028) 0:00:01.086 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:30:25 +0000 (0:00:00.026) 0:00:01.112 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:31:08 +0000 (0:00:42.713) 0:00:43.826 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: nss-sysinit-3.73.0-1.fc34.x86_64", "Installed: nss-util-3.73.0-1.fc34.x86_64", "Installed: certmonger-0.79.14-2.fc34.x86_64", "Installed: dbus-tools-1:1.12.20-3.fc34.x86_64", "Installed: nspr-4.32.0-3.fc34.x86_64", "Installed: nss-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-3.73.0-1.fc34.x86_64", "Installed: nss-softokn-freebl-3.73.0-1.fc34.x86_64" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:31:11 +0000 (0:00:03.363) 0:00:47.189 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:31:12 +0000 (0:00:00.527) 0:00:47.717 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:31:12 +0000 (0:00:00.385) 0:00:48.103 ****** changed: [/cache/fedora-34.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice basic.target sysinit.target dbus.socket network.target systemd-journald.socket syslog.target dbus-broker.service", "AllowIsolate": "no", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15533", "LimitNPROCSoft": "15533", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15533", "LimitSIGPENDINGSoft": "15533", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4659", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "infinity" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:31:13 +0000 (0:00:01.057) 0:00:49.160 ****** changed: [/cache/fedora-34.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: role_complete for /cache/fedora-34.qcow2 META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_subject_complex.yml:16 Tuesday 01 February 2022 18:31:14 +0000 (0:00:00.905) 0:00:50.066 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_subject_complex.yml:36 Tuesday 01 February 2022 18:31:15 +0000 (0:00:00.749) 0:00:50.816 ****** included: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-34.qcow2 => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'emailAddress', 'oid': '1.2.840.113549.1.9.1', 'value': 'admin@example.com'}, {'name': 'commonName', 'oid': '2.5.4.3', 'value': '# \\\\Every"thing+that,ne;edsing\\0 '}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:2 Tuesday 01 February 2022 18:31:15 +0000 (0:00:00.036) 0:00:50.852 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 Tuesday 01 February 2022 18:31:15 +0000 (0:00:00.020) 0:00:50.872 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 Tuesday 01 February 2022 18:31:17 +0000 (0:00:02.130) 0:00:53.003 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.9/site-packages (21.0.1) Collecting pip Downloading pip-22.0.2-py3-none-any.whl (2.1 MB) Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 21.0.1 Uninstalling pip-21.0.1: Successfully uninstalled pip-21.0.1 Successfully installed pip-22.0.2 TASK [Install certreader] ****************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 Tuesday 01 February 2022 18:31:21 +0000 (0:00:04.556) 0:00:57.559 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 50.3 MB/s eta 0:00:00 Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (444 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 444.3/444.3 KB 84.8 MB/s eta 0:00:00 Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.1/77.1 KB 24.6 MB/s eta 0:00:00 Collecting pyyaml Downloading PyYAML-6.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (661 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 661.8/661.8 KB 85.3 MB/s eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 KB 29.6 MB/s eta 0:00:00 Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pyasn1, pyyaml, pycparser, cffi, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 Tuesday 01 February 2022 18:31:24 +0000 (0:00:02.672) 0:01:00.231 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740273.0787642, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "3f815913ece533de47c125ded94721c4c6e6689d", "ctime": 1643740273.0757642, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137975, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643740273.0757642, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1375, "uid": 0, "version": "4261437506", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:31 Tuesday 01 February 2022 18:31:25 +0000 (0:00:00.484) 0:01:00.716 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 Tuesday 01 February 2022 18:31:25 +0000 (0:00:00.021) 0:01:00.738 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:47 Tuesday 01 February 2022 18:31:25 +0000 (0:00:00.034) 0:01:00.772 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 Tuesday 01 February 2022 18:31:25 +0000 (0:00:00.031) 0:01:00.804 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "stat": { "atime": 1643740273.0327642, "attr_flags": "e", "attributes": [ "extents" ], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "07484155033f5a7b4edd16a772cd4cdb1917e4ba", "ctime": 1643740273.0757642, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 137974, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1643740273.0757642, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "391930102", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:58 Tuesday 01 February 2022 18:31:25 +0000 (0:00:00.348) 0:01:01.152 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 Tuesday 01 February 2022 18:31:25 +0000 (0:00:00.021) 0:01:01.173 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 Tuesday 01 February 2022 18:31:25 +0000 (0:00:00.035) 0:01:01.209 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.217243", "end": "2022-02-01 18:31:25.097779", "rc": 0, "start": "2022-02-01 18:31:24.880536" } STDOUT: { "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "DA:3E:B0:D6:6B:5A:35:1D:F0:35:FA:23:04:F2:CD:0A:E4:1F:B5:D9", "critical": false }, "authorityKeyIdentifier": { "value": "58:7B:70:54:75:AA:AA:C2:B2:33:86:B6:0F:5E:00:AB:32:38:27:9F", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "EB:91:BF:26:DE:4E:DE:60:63:0E:3C:88:0A:F2:21:F9:A2:D8:89:D8:46:A3:EF:95:85:04:AC:C1:F0:6D:73:32:01:5B:BA:B3:A8:9E:78:27:A8:2D:26:9B:FE:2F:F5:5E:7E:5A:EE:23:08:3D:7D:72:67:35:D5:10:CE:C1:7D:9F:8F:CB:D6:60:17:9A:9F:27:28:03:01:23:6C:30:0F:3E:F1:96:40:7E:78:B1:86:64:84:D3:22:A9:EF:C1:4A:5E:3A:D0:B3:36:7D:A5:E2:12:D3:61:4A:0E:B2:D9:CA:A1:9D:90:A4:62:DD:EE:F2:C9:31:6E:54:09:80:AE:B4:3A:24:BC:FB:85:DD:93:FB:06:A0:34:20:1B:72:53:02:3C:AA:D2:83:CF:A1:33:E8:F5:20:63:79:E9:34:16:DF:DF:0A:13:53:D7:3D:71:22:33:2B:5F:FB:B7:64:C6:46:E8:D0:14:0C:43:9A:3B:53:EE:CD:6B:0A:8D:A5:CB:38:38:D8:E5:D0:B1:18:5F:37:F4:AC:F2:5F:A4:1A:CA:40:5A:4E:40:99:87:53:40:C2:08:F6:2C:03:60:78:3C:FE:78:31:DE:AF:14:53:61:D3:EF:02:63:87:DE:0A:13:AF:25:16:67:1F:0F:89:CF:FA:33:FC:1A:D0:C4:06:C1:16:61" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-01 18:31:12", "not_valid_before": "2022-02-01 18:31:13" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:79 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.694) 0:01:01.903 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "58:7B:70:54:75:AA:AA:C2:B2:33:86:B6:0F:5E:00:AB:32:38:27:9F" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "DA:3E:B0:D6:6B:5A:35:1D:F0:35:FA:23:04:F2:CD:0A:E4:1F:B5:D9" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "EB:91:BF:26:DE:4E:DE:60:63:0E:3C:88:0A:F2:21:F9:A2:D8:89:D8:46:A3:EF:95:85:04:AC:C1:F0:6D:73:32:01:5B:BA:B3:A8:9E:78:27:A8:2D:26:9B:FE:2F:F5:5E:7E:5A:EE:23:08:3D:7D:72:67:35:D5:10:CE:C1:7D:9F:8F:CB:D6:60:17:9A:9F:27:28:03:01:23:6C:30:0F:3E:F1:96:40:7E:78:B1:86:64:84:D3:22:A9:EF:C1:4A:5E:3A:D0:B3:36:7D:A5:E2:12:D3:61:4A:0E:B2:D9:CA:A1:9D:90:A4:62:DD:EE:F2:C9:31:6E:54:09:80:AE:B4:3A:24:BC:FB:85:DD:93:FB:06:A0:34:20:1B:72:53:02:3C:AA:D2:83:CF:A1:33:E8:F5:20:63:79:E9:34:16:DF:DF:0A:13:53:D7:3D:71:22:33:2B:5F:FB:B7:64:C6:46:E8:D0:14:0C:43:9A:3B:53:EE:CD:6B:0A:8D:A5:CB:38:38:D8:E5:D0:B1:18:5F:37:F4:AC:F2:5F:A4:1A:CA:40:5A:4E:40:99:87:53:40:C2:08:F6:2C:03:60:78:3C:FE:78:31:DE:AF:14:53:61:D3:EF:02:63:87:DE:0A:13:AF:25:16:67:1F:0F:89:CF:FA:33:FC:1A:D0:C4:06:C1:16:61" }, "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "validity": { "not_valid_after": "2023-02-01 18:31:12", "not_valid_before": "2022-02-01 18:31:13" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:83 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.032) 0:01:01.936 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:91 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.032) 0:01:01.968 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:99 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.019) 0:01:01.988 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.033) 0:01:02.021 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:118 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.039) 0:01:02.061 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.034) 0:01:02.095 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.043134", "end": "2022-02-01 18:31:25.691266", "rc": 0, "start": "2022-02-01 18:31:25.648132" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.401) 0:01:02.496 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=31 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:31:26 +0000 (0:00:00.037) 0:01:02.534 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 42.71s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Install the package, force upgrade -------------------------------------- 4.56s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:11 - fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 3.36s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Install certreader ------------------------------------------------------ 2.67s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure python3 is installed --------------------------------------------- 2.13s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure provider service is running --- 1.06s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmpd43sjho8/tests/certificate/tests_subject_complex.yml:2 ---------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.91s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmpd43sjho8/tests/certificate/tests_subject_complex.yml:16 --------------- Parse certificate ------------------------------------------------------- 0.69s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Retrieve certificate file stats ----------------------------------------- 0.48s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:26 - Retrieve auto-renew flag ------------------------------------------------ 0.40s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.39s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Retrieve key file stats ------------------------------------------------- 0.35s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate Key Usage -------------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:106 Verify certificate auto-renew flag -------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:141 Verify each certificate ------------------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tests_subject_complex.yml:36 --------------- Verify key file owner and group ----------------------------------------- 0.04s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate file owner and group --------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tasks/assert_certificate_parameters.yml:37 - + cd /tmp/tmpd43sjho8/tests/certificate; TEST_SUBJECTS=/cache/fedora-34.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-107-f1afcb4-fedora-34-8_y33sld/artifacts ANSIBLE_COLLECTIONS_PATHS=/tmp/tmphk3f2xcz:~/.ansible/collections:/usr/share/ansible/collections ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmpcwl050ue/_setup.yml /tmp/tmpd43sjho8/tests/certificate/tests_wrong_provider.yml ansible-playbook [core 2.12.2rc1.post0] config file = None configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.8/site-packages/ansible ansible collection location = /tmp/tmphk3f2xcz:/home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible-playbook python version = 3.8.12 (default, Sep 21 2021, 00:10:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] jinja version = 2.10.3 libyaml = True No config file found; using defaults Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpcwl050ue/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpcwl050ue/_setup.yml:5 Tuesday 01 February 2022 18:31:41 +0000 (0:00:00.010) 0:00:00.010 ****** ok: [/cache/fedora-34.qcow2] => { "groups": { "all": [ "/cache/fedora-34.qcow2" ], "localhost": [ "/cache/fedora-34.qcow2" ], "subjects": [ "/cache/fedora-34.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpcwl050ue/_setup.yml:6 Tuesday 01 February 2022 18:31:41 +0000 (0:00:00.016) 0:00:00.027 ****** skipping: [/cache/fedora-34.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Tuesday 01 February 2022 18:31:41 +0000 (0:00:00.017) 0:00:00.044 ****** =============================================================================== fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmpd43sjho8/tests/certificate/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpd43sjho8/tests/certificate/tests_wrong_provider.yml:2 Tuesday 01 February 2022 18:31:41 +0000 (0:00:00.019) 0:00:00.064 ****** ok: [/cache/fedora-34.qcow2] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Tuesday 01 February 2022 18:31:42 +0000 (0:00:01.008) 0:00:01.072 ****** ok: [/cache/fedora-34.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/default.yml" ], "changed": false } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Tuesday 01 February 2022 18:31:42 +0000 (0:00:00.027) 0:00:01.100 ****** changed: [/cache/fedora-34.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.4.8-4.fc34.noarch" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 Tuesday 01 February 2022 18:32:40 +0000 (0:00:57.887) 0:00:58.987 ****** skipping: [/cache/fedora-34.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 Tuesday 01 February 2022 18:32:40 +0000 (0:00:00.043) 0:00:59.030 ****** skipping: [/cache/fedora-34.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 Tuesday 01 February 2022 18:32:40 +0000 (0:00:00.056) 0:00:59.087 ****** skipping: [/cache/fedora-34.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 Tuesday 01 February 2022 18:32:40 +0000 (0:00:00.039) 0:00:59.126 ****** skipping: [/cache/fedora-34.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 Tuesday 01 February 2022 18:32:40 +0000 (0:00:00.039) 0:00:59.165 ****** failed: [/cache/fedora-34.qcow2] (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "fake-provider" } } MSG: Chosen provider 'fake-provider' is not available. TASK [assert...] *************************************************************** task path: /tmp/tmpd43sjho8/tests/certificate/tests_wrong_provider.yml:22 Tuesday 01 February 2022 18:32:40 +0000 (0:00:00.604) 0:00:59.770 ****** ok: [/cache/fedora-34.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-34.qcow2 : ok=5 changed=1 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0 Tuesday 01 February 2022 18:32:40 +0000 (0:00:00.025) 0:00:59.795 ****** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed -- 57.89s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:15 Gathering Facts --------------------------------------------------------- 1.01s /tmp/tmpd43sjho8/tests/certificate/tests_wrong_provider.yml:2 ----------------- fedora.linux_system_roles.certificate : Ensure certificate requests ----- 0.60s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:109 fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.06s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:43 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.04s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:32 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.04s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:69 fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.04s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:98 fedora.linux_system_roles.certificate : Set version specific variables --- 0.03s /tmp/tmphk3f2xcz/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 assert... --------------------------------------------------------------- 0.03s /tmp/tmpd43sjho8/tests/certificate/tests_wrong_provider.yml:22 ---------------- fail -------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:6 ------------------------------------------------- debug ------------------------------------------------------------------- 0.02s /tmp/tmpcwl050ue/_setup.yml:5 -------------------------------------------------