+ cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_basic_ipa.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:09:09 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:09:09 +0000 (0:00:00.039) 0:00:00.062 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:09:09 +0000 (0:00:00.039) 0:00:00.101 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:09:13 +0000 (0:00:03.137) 0:00:03.239 ******* =============================================================================== set up internal repositories -------------------------------------------- 3.14s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- statically imported: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmprte76fwa/tests/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_basic_ipa.yml:2 Monday 21 February 2022 23:09:13 +0000 (0:00:00.049) 0:00:03.288 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:2 Monday 21 February 2022 23:09:14 +0000 (0:00:00.978) 0:00:04.267 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__is_beaker_env": false }, "changed": false } TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:6 Monday 21 February 2022 23:09:14 +0000 (0:00:00.051) 0:00:04.318 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:12 Monday 21 February 2022 23:09:14 +0000 (0:00:00.015) 0:00:04.334 ******* ok: [/cache/rhel-8-y.qcow2 -> 127.0.0.1] => { "after": "6c7f433135795d3ebec2ce26d6ca398301792588", "before": "6c7f433135795d3ebec2ce26d6ca398301792588", "changed": false, "remote_url_changed": false } TASK [Create role symlinks] **************************************************** task path: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:21 Monday 21 February 2022 23:09:22 +0000 (0:00:07.920) 0:00:12.254 ******* changed: [/cache/rhel-8-y.qcow2 -> 127.0.0.1] => (item=ipaserver) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmprte76fwa/tests/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0 } changed: [/cache/rhel-8-y.qcow2 -> 127.0.0.1] => (item=ipaclient) => { "ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmprte76fwa/tests/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0 } TASK [ensure hostname package is installed] ************************************ task path: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:33 Monday 21 February 2022 23:09:22 +0000 (0:00:00.493) 0:00:12.748 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Set hostname] ************************************************************ task path: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:38 Monday 21 February 2022 23:09:27 +0000 (0:00:04.519) 0:00:17.268 ******* changed: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local" }, "changed": true, "name": "ipaserver.test.local" } TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:42 Monday 21 February 2022 23:09:27 +0000 (0:00:00.845) 0:00:18.114 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [Include ipaserver role] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:50 Monday 21 February 2022 23:09:30 +0000 (0:00:02.186) 0:00:20.300 ******* TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 Monday 21 February 2022 23:09:30 +0000 (0:00:00.039) 0:00:20.340 ******* ok: [/cache/rhel-8-y.qcow2] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/RedHat-8.yml) => { "ansible_facts": { "ipaserver_packages": [ "@idm:DL1/server" ], "ipaserver_packages_adtrust": [ "@idm:DL1/adtrust" ], "ipaserver_packages_dns": [ "@idm:DL1/dns" ], "ipaserver_packages_firewalld": [ "firewalld" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaserver/vars/RedHat-8.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/RedHat-8.yml" } TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:12 Monday 21 February 2022 23:09:30 +0000 (0:00:00.055) 0:00:20.395 ******* included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/rhel-8-y.qcow2 TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 Monday 21 February 2022 23:09:30 +0000 (0:00:00.191) 0:00:20.586 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Module idm:DL1/server installed.", "Installed: sssd-ipa-2.6.2-3.el8.x86_64", "Installed: augeas-libs-1.12.0-7.el8.x86_64", "Installed: redhat-logos-ipa-84.5-1.el8.noarch", "Installed: libxslt-1.1.32-6.el8.x86_64", "Installed: sssd-krb5-common-2.6.2-3.el8.x86_64", "Installed: autofs-1:5.1.4-81.el8.x86_64", "Installed: perl-Digest-MD5-2.55-396.el8.x86_64", "Installed: perl-URI-1.73-3.el8.noarch", "Installed: sssd-tools-2.6.2-3.el8.x86_64", "Installed: lksctp-tools-1.0.18-3.el8.x86_64", "Installed: fontawesome-fonts-4.7.0-4.el8.noarch", "Installed: avahi-libs-0.7-20.el8.x86_64", "Installed: xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch", "Installed: bash-completion-1:2.7-5.el8.noarch", "Installed: ipa-client-4.9.8-6.module+el8.6.0+14224+4c38d4ea.x86_64", "Installed: ipa-client-common-4.9.8-6.module+el8.6.0+14224+4c38d4ea.noarch", "Installed: relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c.noarch", "Installed: ipa-common-4.9.8-6.module+el8.6.0+14224+4c38d4ea.noarch", "Installed: ipa-healthcheck-0.7-9.module+el8.6.0+14113+b87cb360.noarch", "Installed: resteasy-3.0.26-6.module+el8.4.0+8891+bb8828ef.noarch", "Installed: ipa-healthcheck-core-0.7-9.module+el8.6.0+14113+b87cb360.noarch", "Installed: xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch", "Installed: ipa-selinux-4.9.8-6.module+el8.6.0+14224+4c38d4ea.noarch", "Installed: ipa-server-4.9.8-6.module+el8.6.0+14224+4c38d4ea.x86_64", "Installed: ipa-server-common-4.9.8-6.module+el8.6.0+14224+4c38d4ea.noarch", "Installed: libfontenc-1.1.3-8.el8.x86_64", "Installed: xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch", "Installed: xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c.noarch", "Installed: fribidi-1.0.4-8.el8.x86_64", "Installed: xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.noarch", "Installed: fstrm-0.6.1-2.el8.x86_64", "Installed: libthai-0.1.27-2.el8.x86_64", "Installed: mailcap-2.1.48-3.el8.noarch", "Installed: libtiff-4.0.9-21.el8.x86_64", "Installed: istack-commons-runtime-2.21-9.el8+7.noarch", "Installed: jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch", "Installed: jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch", "Installed: jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch", "Installed: jackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d.noarch", "Installed: jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d.noarch", "Installed: jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch", "Installed: python3-argcomplete-1.9.3-6.el8.noarch", "Installed: xorg-x11-font-utils-1:7.5-41.el8.x86_64", "Installed: python3-augeas-0.5.0-12.el8.noarch", "Installed: python3-bind-32:9.11.36-2.el8.noarch", "Installed: jasper-libs-2.0.14-5.el8.x86_64", "Installed: java-1.8.0-openjdk-1:1.8.0.312.b02-0.1.ea.el8.x86_64", "Installed: java-1.8.0-openjdk-devel-1:1.8.0.312.b02-0.1.ea.el8.x86_64", "Installed: java-1.8.0-openjdk-headless-1:1.8.0.312.b02-0.1.ea.el8.x86_64", "Installed: xorg-x11-fonts-Type1-7.5-19.el8.noarch", "Installed: cups-libs-1:2.2.6-44.el8.x86_64", "Installed: perl-libnet-3.11-3.el8.noarch", "Installed: python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch", "Installed: cyrus-sasl-gssapi-2.1.27-5.el8.x86_64", "Installed: python3-distro-1.4.0-2.module+el8.1.0+3334+5cb623d7.noarch", "Installed: cyrus-sasl-md5-2.1.27-5.el8.x86_64", "Installed: words-3.0-28.el8.noarch", "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: cyrus-sasl-plain-2.1.27-5.el8.x86_64", "Installed: javapackages-filesystem-5.3.0-1.module+el8+2447+6f56d9a6.noarch", "Installed: javapackages-tools-5.3.0-1.module+el8+2447+6f56d9a6.noarch", "Installed: xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch", "Installed: jbigkit-libs-2.1-14.el8.x86_64", "Installed: jboss-annotations-1.2-api-1.0.0-4.el8.noarch", "Installed: python3-gssapi-1.5.1-5.el8.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-6.el8.noarch", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: graphite2-1.3.10-10.el8.x86_64", "Installed: jboss-logging-3.3.0-5.el8.noarch", "Installed: jboss-logging-tools-2.0.1-6.el8.noarch", "Installed: jdeparser-2.0.0-5.el8.noarch", "Installed: python3-html5lib-1:0.999999999-6.el8.noarch", "Installed: krb5-pkinit-1.18.2-14.el8.x86_64", "Installed: python3-ipaclient-4.9.8-6.module+el8.6.0+14224+4c38d4ea.noarch", "Installed: krb5-server-1.18.2-14.el8.x86_64", "Installed: python3-ipalib-4.9.8-6.module+el8.6.0+14224+4c38d4ea.noarch", "Installed: python3-ipaserver-4.9.8-6.module+el8.6.0+14224+4c38d4ea.noarch", "Installed: krb5-workstation-1.18.2-14.el8.x86_64", "Installed: nss-tools-3.67.0-7.el8_5.x86_64", "Installed: python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch", "Installed: python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch", "Installed: python3-ldap-3.3.1-2.el8.x86_64", "Installed: python3-lib389-1.4.3.28-6.module+el8.6.0+14129+983ceada.noarch", "Installed: openldap-clients-2.4.46-18.el8.x86_64", "Installed: jss-4.9.3-1.module+el8.6.0+14244+60d461b7.x86_64", "Installed: open-sans-fonts-1.10-6.el8.noarch", "Installed: libjpeg-turbo-1.5.3-12.el8.x86_64", "Installed: python3-lxml-4.2.3-4.el8.x86_64", "Installed: gtk-update-icon-cache-3.22.30-10.el8.x86_64", "Installed: python3-mod_wsgi-4.6.4-4.el8.x86_64", "Installed: python3-netaddr-0.7.19-8.el8.noarch", "Installed: gtk2-2.24.32-5.el8.x86_64", "Installed: openssl-perl-1:1.1.1k-5.el8_5.x86_64", "Installed: python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64", "Installed: python3-pip-9.0.3-22.el8.noarch", "Installed: python3-pki-10.12.0-2.module+el8.6.0+14115+8b467244.noarch", "Installed: perl-IO-Socket-IP-0.39-5.el8.noarch", "Installed: python3-psutil-5.4.3-11.el8.x86_64", "Installed: 389-ds-base-1.4.3.28-6.module+el8.6.0+14129+983ceada.x86_64", "Installed: 389-ds-base-libs-1.4.3.28-6.module+el8.6.0+14129+983ceada.x86_64", "Installed: perl-IO-Socket-SSL-2.066-4.module+el8.3.0+6446+594cad75.noarch", "Installed: python3-pyasn1-0.3.7-6.el8.noarch", "Installed: python3-pyasn1-modules-0.3.7-6.el8.noarch", "Installed: copy-jdk-configs-4.0-2.el8.noarch", "Installed: python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch", "Installed: python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch", "Installed: perl-Algorithm-Diff-1.1903-9.el8.noarch", "Installed: perl-Archive-Tar-2.30-1.el8.noarch", "Installed: perl-Carp-1.42-396.el8.noarch", "Installed: perl-Compress-Raw-Bzip2-2.081-1.el8.x86_64", "Installed: perl-Compress-Raw-Zlib-2.081-1.el8.x86_64", "Installed: harfbuzz-1.7.5-3.el8.x86_64", "Installed: perl-Data-Dumper-2.167-399.el8.x86_64", "Installed: perl-Encode-4:2.97-3.el8.x86_64", "Installed: perl-Errno-1.28-421.el8.x86_64", "Installed: perl-Exporter-5.72-396.el8.noarch", "Installed: perl-File-Path-2.15-2.el8.noarch", "Installed: perl-File-Temp-0.230.600-1.el8.noarch", "Installed: perl-Getopt-Long-1:2.50-4.el8.noarch", "Installed: perl-HTTP-Tiny-0.074-1.el8.noarch", "Installed: perl-IO-1.38-421.el8.x86_64", "Installed: perl-IO-Compress-2.081-1.el8.noarch", "Installed: perl-IO-Zlib-1:1.10-421.el8.noarch", "Installed: perl-MIME-Base64-3.15-396.el8.x86_64", "Installed: perl-PathTools-3.74-1.el8.x86_64", "Installed: perl-Pod-Escapes-1:1.07-395.el8.noarch", "Installed: perl-Pod-Perldoc-3.28-396.el8.noarch", "Installed: perl-Pod-Simple-1:3.35-395.el8.noarch", "Installed: perl-Pod-Usage-4:1.69-395.el8.noarch", "Installed: perl-Scalar-List-Utils-3:1.49-2.el8.x86_64", "Installed: perl-Socket-4:2.027-3.el8.x86_64", "Installed: perl-Storable-1:3.11-3.el8.x86_64", "Installed: hicolor-icon-theme-0.17-2.el8.noarch", "Installed: pango-1.42.4-8.el8.x86_64", "Installed: perl-Term-ANSIColor-4.06-396.el8.noarch", "Installed: perl-Term-Cap-1.17-395.el8.noarch", "Installed: perl-Text-Diff-1.45-2.el8.noarch", "Installed: perl-Text-ParseWords-3.30-395.el8.noarch", "Installed: perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch", "Installed: perl-Time-Local-1:1.280-1.el8.noarch", "Installed: perl-Unicode-Normalize-1.25-396.el8.x86_64", "Installed: perl-constant-1.33-396.el8.noarch", "Installed: perl-interpreter-4:5.26.3-421.el8.x86_64", "Installed: httpcomponents-client-4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch", "Installed: perl-libs-4:5.26.3-421.el8.x86_64", "Installed: perl-macros-4:5.26.3-421.el8.x86_64", "Installed: perl-parent-1:0.237-1.el8.noarch", "Installed: perl-podlators-4.11-1.el8.noarch", "Installed: perl-threads-1:2.21-2.el8.x86_64", "Installed: perl-threads-shared-1.58-2.el8.x86_64", "Installed: httpcomponents-core-4.4.10-3.module+el8+2452+b359bfcd.noarch", "Installed: alsa-lib-1.2.6.1-3.el8.x86_64", "Installed: httpd-2.4.37-47.module+el8.6.0+13996+01710940.x86_64", "Installed: httpd-filesystem-2.4.37-47.module+el8.6.0+13996+01710940.noarch", "Installed: httpd-tools-2.4.37-47.module+el8.6.0+13996+01710940.x86_64", "Installed: lua-5.3.4-12.el8.x86_64", "Installed: python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch", "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: libicu-60.3-2.el8_1.x86_64", "Installed: custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch", "Installed: pki-symkey-10.12.0-2.module+el8.6.0+14115+8b467244.x86_64", "Installed: pki-tools-10.12.0-2.module+el8.6.0+14115+8b467244.x86_64", "Installed: ldapjdk-4.23.0-1.module+el8.5.0+11983+6ba118b4.noarch", "Installed: libipa_hbac-2.6.2-3.el8.x86_64", "Installed: gdk-pixbuf2-modules-2.36.12-5.el8.x86_64", "Installed: libkadm5-1.18.2-14.el8.x86_64", "Installed: protobuf-c-1.3.0-6.el8.x86_64", "Installed: perl-Mozilla-CA-20160104-7.module+el8.3.0+6498+9eecfe51.noarch", "Installed: publicsuffix-list-20180723-1.el8.noarch", "Installed: python3-asn1crypto-0.24.0-3.el8.noarch", "Installed: pki-acme-10.12.0-2.module+el8.6.0+14115+8b467244.noarch", "Installed: pki-base-10.12.0-2.module+el8.6.0+14115+8b467244.noarch", "Installed: ant-1.10.5-1.module+el8+2438+c99a8a1e.noarch", "Installed: ant-lib-1.10.5-1.module+el8+2438+c99a8a1e.noarch", "Installed: pki-base-java-10.12.0-2.module+el8.6.0+14115+8b467244.noarch", "Installed: pki-ca-10.12.0-2.module+el8.6.0+14115+8b467244.noarch", "Installed: apache-commons-cli-1.4-4.module+el8+2452+b359bfcd.noarch", "Installed: pki-kra-10.12.0-2.module+el8.6.0+14115+8b467244.noarch", "Installed: apache-commons-codec-1.11-3.module+el8+2452+b359bfcd.noarch", "Installed: libXcomposite-0.4.4-14.el8.x86_64", "Installed: pki-server-10.12.0-2.module+el8.6.0+14115+8b467244.noarch", "Installed: pki-servlet-4.0-api-1:9.0.30-3.module+el8.5.0+11388+9e95fe00.noarch", "Installed: apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "Installed: python3-dns-1.15.0-10.el8.noarch", "Installed: libXcursor-1.1.15-3.el8.x86_64", "Installed: pki-servlet-engine-1:9.0.30-3.module+el8.5.0+11388+9e95fe00.noarch", "Installed: apache-commons-lang3-3.7-3.module+el8+2452+b359bfcd.noarch", "Installed: libXdamage-1.1.4-14.el8.x86_64", "Installed: apache-commons-logging-1.2-13.module+el8+2452+b359bfcd.noarch", "Installed: apache-commons-net-3.6-3.module+el8.3.0+6805+72837426.noarch", "Installed: giflib-5.1.4-3.el8.x86_64", "Installed: perl-Net-SSLeay-1.88-2.module+el8.6.0+13392+f0897f98.x86_64", "Installed: apr-1.6.3-12.el8.x86_64", "Installed: libXfixes-5.0.3-7.el8.x86_64", "Installed: python3-libipa_hbac-2.6.2-3.el8.x86_64", "Installed: apr-util-1.6.1-6.el8.x86_64", "Installed: apr-util-bdb-1.6.1-6.el8.x86_64", "Installed: libXft-2.3.3-1.el8.x86_64", "Installed: libXi-1.7.10-1.el8.x86_64", "Installed: apr-util-openssl-1.6.1-6.el8.x86_64", "Installed: libXinerama-1.1.4-1.el8.x86_64", "Installed: slapi-nis-0.56.6-4.module+el8.6.0+12936+736896b2.x86_64", "Installed: slf4j-1.7.25-4.module+el8+2452+b359bfcd.noarch", "Installed: tomcatjss-7.7.1-1.module+el8.6.0+13291+248751b1.noarch", "Installed: slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch", "Installed: glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch", "Installed: glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch", "Installed: glassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch", "Installed: glassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch", "Installed: glassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch", "Installed: libXrandr-1.5.2-1.el8.x86_64", "Installed: softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64", "Installed: ttmkfdir-3.0.9-54.el8.x86_64", "Installed: atk-2.28.1-1.el8.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: libXtst-1.2.3-7.el8.x86_64", "Installed: tzdata-java-2021e-1.el8.noarch", "Installed: python3-sss-2.6.2-3.el8.x86_64", "Installed: python3-sss-murmur-2.6.2-3.el8.x86_64", "Installed: python3-sssdconfig-2.6.2-3.el8.noarch", "Installed: mod_auth_gssapi-1.6.1-7.1.el8.x86_64", "Installed: mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64", "Installed: mod_lookup_identity-1.0.0-4.el8.x86_64", "Installed: mod_session-2.4.37-47.module+el8.6.0+13996+01710940.x86_64", "Installed: mod_ssl-1:2.4.37-47.module+el8.6.0+13996+01710940.x86_64", "Installed: redhat-logos-httpd-84.5-1.el8.noarch", "Installed: stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.noarch", "Installed: libsss_simpleifp-2.6.2-3.el8.x86_64", "Installed: bea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch", "Installed: bind-libs-32:9.11.36-2.el8.x86_64", "Installed: samba-client-libs-4.15.5-1.el8.x86_64", "Installed: samba-common-4.15.5-1.el8.noarch", "Installed: samba-common-libs-4.15.5-1.el8.x86_64", "Installed: bind-libs-lite-32:9.11.36-2.el8.x86_64", "Installed: bind-license-32:9.11.36-2.el8.noarch", "Installed: bind-utils-32:9.11.36-2.el8.x86_64", "Installed: perl-DB_File-1.842-1.el8.x86_64", "Installed: libdatrie-0.2.9-7.el8.x86_64", "Installed: python3-webencodings-0.5.1-6.el8.noarch", "Installed: libwbclient-4.15.5-1.el8.x86_64", "Installed: perl-Digest-1.17-395.el8.noarch", "Installed: sssd-common-pac-2.6.2-3.el8.x86_64", "Installed: sssd-dbus-2.6.2-3.el8.x86_64" ] } TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 Monday 21 February 2022 23:10:21 +0000 (0:00:51.335) 0:01:11.922 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64", "Installed: bind-pkcs11-utils-32:9.11.36-2.el8.x86_64", "Installed: sqlite-3.26.0-15.el8.x86_64", "Installed: bind-32:9.11.36-2.el8.x86_64", "Installed: ldns-1.7.0-21.el8.x86_64", "Installed: bind-dyndb-ldap-11.6-3.module+el8.6.0+13728+d9324aaf.x86_64", "Installed: ipa-server-dns-4.9.8-6.module+el8.6.0+14224+4c38d4ea.noarch", "Installed: bind-pkcs11-32:9.11.36-2.el8.x86_64", "Installed: opencryptoki-3.17.0-3.el8.x86_64", "Installed: opencryptoki-icsftok-3.17.0-3.el8.x86_64", "Installed: bind-pkcs11-libs-32:9.11.36-2.el8.x86_64", "Installed: opencryptoki-libs-3.17.0-3.el8.x86_64" ] } TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 Monday 21 February 2022 23:10:26 +0000 (0:00:04.350) 0:01:16.273 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 Monday 21 February 2022 23:10:26 +0000 (0:00:00.046) 0:01:16.319 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: iptables-1.8.4-22.el8.x86_64", "Installed: libnetfilter_conntrack-1.0.6-5.el8.x86_64", "Installed: python3-nftables-1:0.9.3-24.el8.x86_64", "Installed: libnfnetlink-1.0.1-13.el8.x86_64", "Installed: iptables-ebtables-1.8.4-22.el8.x86_64", "Installed: python3-firewall-0.9.3-11.el8.noarch", "Installed: iptables-libs-1.8.4-22.el8.x86_64", "Installed: libnftnl-1.1.5-5.el8.x86_64", "Installed: firewalld-0.9.3-11.el8.noarch", "Installed: firewalld-filesystem-0.9.3-11.el8.noarch", "Installed: nftables-1:0.9.3-24.el8.x86_64", "Installed: python3-slip-0.6.4-11.el8.noarch", "Installed: ipset-7.1-1.el8.x86_64", "Installed: python3-slip-dbus-0.6.4-11.el8.noarch", "Installed: ipset-libs-7.1-1.el8.x86_64" ] } TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 Monday 21 February 2022 23:10:29 +0000 (0:00:03.045) 0:01:19.365 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice dbus.service polkit.service basic.target sysinit.target dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "network-pre.target shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "ipset.service shutdown.target iptables.service nftables.service ebtables.service ip6tables.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "firewalld.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 Monday 21 February 2022 23:10:30 +0000 (0:00:01.096) 0:01:20.462 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 Monday 21 February 2022 23:10:30 +0000 (0:00:00.025) 0:01:20.488 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 Monday 21 February 2022 23:10:30 +0000 (0:00:00.025) 0:01:20.514 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 Monday 21 February 2022 23:10:30 +0000 (0:00:00.024) 0:01:20.539 ******* ok: [/cache/rhel-8-y.qcow2] => { "_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 1677999999, "idstart": 1677800000, "ipa_python_version": 40908, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false } TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:137 Monday 21 February 2022 23:10:31 +0000 (0:00:01.382) 0:01:21.921 ******* changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:144 Monday 21 February 2022 23:10:33 +0000 (0:00:01.271) 0:01:23.193 ******* ok: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:152 Monday 21 February 2022 23:10:33 +0000 (0:00:00.032) 0:01:23.226 ******* changed: [/cache/rhel-8-y.qcow2] => { "_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": [ "10.0.2.15" ], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": [ "10.0.2.3" ], "ip_addresses": [ "10.0.2.15" ], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL" } TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 Monday 21 February 2022 23:10:35 +0000 (0:00:02.592) 0:01:25.818 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 Monday 21 February 2022 23:10:46 +0000 (0:00:10.575) 0:01:36.393 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 Monday 21 February 2022 23:11:03 +0000 (0:00:17.735) 0:01:54.129 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 Monday 21 February 2022 23:11:10 +0000 (0:00:06.061) 0:02:00.190 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 Monday 21 February 2022 23:11:14 +0000 (0:00:04.175) 0:02:04.366 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "csr_generated": false } TASK [ipaserver : Copy /root/ipa.csr to "/cache/rhel-8-y.qcow2-ipa.csr"] ******* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:306 Monday 21 February 2022 23:13:44 +0000 (0:02:30.605) 0:04:34.971 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 Monday 21 February 2022 23:13:44 +0000 (0:00:00.026) 0:04:34.997 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 Monday 21 February 2022 23:13:47 +0000 (0:00:02.804) 0:04:37.802 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:353 Monday 21 February 2022 23:16:18 +0000 (0:02:30.473) 0:07:08.276 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 Monday 21 February 2022 23:16:18 +0000 (0:00:00.031) 0:07:08.307 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:381 Monday 21 February 2022 23:16:26 +0000 (0:00:08.823) 0:07:17.131 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:396 Monday 21 February 2022 23:16:27 +0000 (0:00:00.031) 0:07:17.163 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:413 Monday 21 February 2022 23:16:29 +0000 (0:00:02.442) 0:07:19.605 ******* TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 Monday 21 February 2022 23:16:29 +0000 (0:00:00.061) 0:07:19.667 ******* ok: [/cache/rhel-8-y.qcow2] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/RedHat-8.yml) => { "ansible_facts": { "ipaclient_packages": [ "@idm:DL1/client" ] }, "ansible_included_var_files": [ "/tmp/freeipa-repo/roles/ipaclient/vars/RedHat-8.yml" ], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/RedHat-8.yml" } TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:12 Monday 21 February 2022 23:16:29 +0000 (0:00:00.044) 0:07:19.712 ******* included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/rhel-8-y.qcow2 TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 Monday 21 February 2022 23:16:29 +0000 (0:00:00.170) 0:07:19.883 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install - Set ipaclient_servers] ***************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 Monday 21 February 2022 23:16:31 +0000 (0:00:01.636) 0:07:21.519 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [Install - Set ipaclient_servers from cluster inventory] ****************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 Monday 21 February 2022 23:16:31 +0000 (0:00:00.042) 0:07:21.562 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 Monday 21 February 2022 23:16:31 +0000 (0:00:00.055) 0:07:21.617 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 Monday 21 February 2022 23:16:31 +0000 (0:00:00.028) 0:07:21.645 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "ipaadmin_principal": "admin" }, "changed": false } TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 Monday 21 February 2022 23:16:31 +0000 (0:00:00.036) 0:07:21.682 ******* ok: [/cache/rhel-8-y.qcow2] => { "basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40908, "kdc": "ipaserver.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": [ "ipaserver.test.local" ], "sssd": true } TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 Monday 21 February 2022 23:16:32 +0000 (0:00:00.875) 0:07:22.557 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 Monday 21 February 2022 23:16:32 +0000 (0:00:00.427) 0:07:22.985 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 Monday 21 February 2022 23:16:33 +0000 (0:00:00.888) 0:07:23.873 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 Monday 21 February 2022 23:16:33 +0000 (0:00:00.034) 0:07:23.907 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 Monday 21 February 2022 23:16:33 +0000 (0:00:00.030) 0:07:23.938 ******* ok: [/cache/rhel-8-y.qcow2] => { "ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": true } TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 Monday 21 February 2022 23:16:35 +0000 (0:00:01.696) 0:07:25.634 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 Monday 21 February 2022 23:16:35 +0000 (0:00:00.031) 0:07:25.666 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 Monday 21 February 2022 23:16:35 +0000 (0:00:00.034) 0:07:25.701 ******* skipping: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 Monday 21 February 2022 23:16:35 +0000 (0:00:00.032) 0:07:25.733 ******* skipping: [/cache/rhel-8-y.qcow2] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 Monday 21 February 2022 23:16:35 +0000 (0:00:00.031) 0:07:25.765 ******* skipping: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 Monday 21 February 2022 23:16:35 +0000 (0:00:00.029) 0:07:25.794 ******* skipping: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 Monday 21 February 2022 23:16:35 +0000 (0:00:00.032) 0:07:25.826 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 Monday 21 February 2022 23:16:35 +0000 (0:00:00.030) 0:07:25.857 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 Monday 21 February 2022 23:16:35 +0000 (0:00:00.038) 0:07:25.896 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:188 Monday 21 February 2022 23:16:35 +0000 (0:00:00.029) 0:07:25.925 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:193 Monday 21 February 2022 23:16:35 +0000 (0:00:00.030) 0:07:25.956 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:215 Monday 21 February 2022 23:16:35 +0000 (0:00:00.029) 0:07:25.985 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:220 Monday 21 February 2022 23:16:35 +0000 (0:00:00.031) 0:07:26.017 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:223 Monday 21 February 2022 23:16:35 +0000 (0:00:00.031) 0:07:26.048 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:235 Monday 21 February 2022 23:16:35 +0000 (0:00:00.031) 0:07:26.080 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:244 Monday 21 February 2022 23:16:35 +0000 (0:00:00.033) 0:07:26.113 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:266 Monday 21 February 2022 23:16:36 +0000 (0:00:00.921) 0:07:27.035 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 Monday 21 February 2022 23:16:36 +0000 (0:00:00.033) 0:07:27.069 ******* changed: [/cache/rhel-8-y.qcow2] => { "ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL" } TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:288 Monday 21 February 2022 23:16:39 +0000 (0:00:02.634) 0:07:29.704 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 Monday 21 February 2022 23:16:39 +0000 (0:00:00.034) 0:07:29.738 ******* changed: [/cache/rhel-8-y.qcow2] => { "ca_enabled_ra": true, "changed": true } TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:329 Monday 21 February 2022 23:16:43 +0000 (0:00:04.025) 0:07:33.764 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 Monday 21 February 2022 23:16:44 +0000 (0:00:00.961) 0:07:34.725 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:343 Monday 21 February 2022 23:16:45 +0000 (0:00:00.861) 0:07:35.587 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:349 Monday 21 February 2022 23:16:45 +0000 (0:00:00.038) 0:07:35.625 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:367 Monday 21 February 2022 23:16:46 +0000 (0:00:01.070) 0:07:36.696 ******* skipping: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:373 Monday 21 February 2022 23:16:46 +0000 (0:00:00.033) 0:07:36.730 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent" } TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:16 Monday 21 February 2022 23:16:46 +0000 (0:00:00.397) 0:07:37.128 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 Monday 21 February 2022 23:16:47 +0000 (0:00:00.028) 0:07:37.156 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true } TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:435 Monday 21 February 2022 23:16:52 +0000 (0:00:05.102) 0:07:42.258 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "path": "/root/.ipa_cache", "state": "absent" } TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:441 Monday 21 February 2022 23:16:52 +0000 (0:00:00.397) 0:07:42.656 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.318700", "end": "2022-02-21 18:16:52.736319", "rc": 0, "start": "2022-02-21 18:16:52.417619" } STDOUT: success TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:455 Monday 21 February 2022 23:16:53 +0000 (0:00:00.883) 0:07:43.540 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp" ], "delta": "0:00:00.297800", "end": "2022-02-21 18:16:53.425551", "rc": 0, "start": "2022-02-21 18:16:53.127751" } STDOUT: success TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 Monday 21 February 2022 23:16:54 +0000 (0:00:00.689) 0:07:44.229 ******* ok: [/cache/rhel-8-y.qcow2] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent" } ok: [/cache/rhel-8-y.qcow2] => (item=/etc/ipa/.tmp_pkcs12_http) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent" } ok: [/cache/rhel-8-y.qcow2] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => { "ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent" } TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:16 Monday 21 February 2022 23:16:55 +0000 (0:00:01.145) 0:07:45.375 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Issue IPA signed certificates] ******************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_basic_ipa.yml:8 Monday 21 February 2022 23:16:55 +0000 (0:00:00.027) 0:07:45.403 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:16:55 +0000 (0:00:00.698) 0:07:46.101 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:16:56 +0000 (0:00:00.036) 0:07:46.138 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:16:57 +0000 (0:00:01.530) 0:07:47.669 ******* ok: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:16:58 +0000 (0:00:01.419) 0:07:49.089 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:16:59 +0000 (0:00:00.405) 0:07:49.495 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:16:59 +0000 (0:00:00.411) 0:07:49.906 ******* ok: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-02-21 18:12:53 EST", "ActiveEnterTimestampMonotonic": "236023285", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "network.target dbus.socket system.slice basic.target dbus.service systemd-journald.socket sysinit.target syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-02-21 18:12:53 EST", "AssertTimestampMonotonic": "236010449", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-02-21 18:12:53 EST", "ConditionTimestampMonotonic": "236010449", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "23782", "ExecMainStartTimestamp": "Mon 2022-02-21 18:12:53 EST", "ExecMainStartTimestampMonotonic": "236011889", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-02-21 18:12:53 EST", "InactiveExitTimestampMonotonic": "236011938", "InvocationID": "99de83c54014413494272465849e0ec6", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "23782", "MemoryAccounting": "yes", "MemoryCurrent": "3579904", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-02-21 18:12:53 EST", "StateChangeTimestampMonotonic": "236023285", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Mon 2022-02-21 18:12:53 EST", "WatchdogTimestampMonotonic": "236023284", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:17:00 +0000 (0:00:00.557) 0:07:50.463 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'ipa', u'name': u'mycert', u'dns': u'ipaserver.test.local', u'principal': u'HTTP/ipaserver.test.local@TEST.LOCAL'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'ipa', u'group': u'ftp', u'name': u'groupcert', u'dns': u'ipaserver.test.local', u'principal': u'HTTP/ipaserver.test.local@TEST.LOCAL'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "ipa", "dns": "ipaserver.test.local", "group": "ftp", "name": "groupcert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL" } } MSG: Certificate requested (new). File attributes updated. META: ran handlers META: ran handlers PLAY [Verify certificates] ***************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_basic_ipa.yml:27 Monday 21 February 2022 23:17:04 +0000 (0:00:04.484) 0:07:54.947 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_basic_ipa.yml:84 Monday 21 February 2022 23:17:05 +0000 (0:00:00.680) 0:07:55.628 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:17:05 +0000 (0:00:00.211) 0:07:55.840 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:17:05 +0000 (0:00:00.021) 0:07:55.862 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:17:07 +0000 (0:00:01.440) 0:07:57.303 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:17:11 +0000 (0:00:04.147) 0:08:01.451 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:17:14 +0000 (0:00:03.212) 0:08:04.663 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485422.4027686, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e1e5295067661f7438bc3fc5e0a30c213d9f1d6b", "ctime": 1645485422.3997686, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17527653, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485422.3997686, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "356342855", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:17:15 +0000 (0:00:00.536) 0:08:05.199 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:17:15 +0000 (0:00:00.025) 0:08:05.225 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:17:15 +0000 (0:00:00.029) 0:08:05.254 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:17:15 +0000 (0:00:00.025) 0:08:05.279 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485420.4217687, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "54261e4ba6449b05941392293be8d274c4769982", "ctime": 1645485422.3997686, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26763299, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485422.3997686, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2621472772", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:17:15 +0000 (0:00:00.376) 0:08:05.655 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:17:15 +0000 (0:00:00.028) 0:08:05.683 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:17:15 +0000 (0:00:00.032) 0:08:05.716 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.258489", "end": "2022-02-21 18:17:15.562321", "rc": 0, "start": "2022-02-21 18:17:15.303832" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "C8:81:83:31:54:21:49:A9:D0:C2:F6:39:67:92:13:B7:8C:59:1D:94", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "72:16:59:B2:68:90:F3:D1:7C:B4:01:F2:71:F0:76:1A:ED:26:BD:50", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "38:51:D4:5B:CE:7C:8A:6E:93:57:05:E4:B2:C8:6A:6D:17:B4:0B:25:F0:4F:E7:F1:A0:90:DD:AE:C9:75:91:D6:68:3F:89:B8:AA:EB:46:A1:C0:12:18:7C:83:05:4C:82:B9:6F:35:14:B6:5D:97:D4:4D:22:F5:E9:42:B7:6E:97:69:AB:06:95:EF:74:1B:ED:2C:B4:7F:42:2D:B9:B2:48:E1:C9:9A:26:FB:90:2D:12:9C:72:5C:D7:48:0B:E4:3E:A8:B5:D6:F1:03:60:52:01:BD:08:33:6C:6D:D8:6C:DC:6E:08:D7:78:F2:E0:56:9B:A8:8F:9D:0F:57:1E:34:6A:3A:BA:3F:AF:A8:4F:A5:54:70:40:7B:02:4C:08:A1:46:59:DF:D7:A4:BB:82:64:6D:77:B8:90:6E:5B:96:52:F9:5B:A8:3B:B4:9C:8E:D6:72:EE:F3:13:1D:57:EF:44:4C:73:2C:8B:5E:A8:5A:D6:52:CF:33:90:22:C7:D3:5D:9A:30:88:96:0C:E4:EA:10:E7:54:A4:3D:28:E1:7D:39:DE:25:F5:23:48:AC:CD:DF:A5:10:93:57:C5:CE:E5:31:42:8F:C8:E4:CE:1D:FE:B9:D6:44:32:0E:CA:63:87:E4:FA:64:B5:88:41:5E:34:5D:26:FF:6E:30:B3:C1:44:A9:EC:2C:A6:7B:BD:84:BE:F2:C2:B3:18:6E:FB:87:C2:47:05:31:CF:77:C6:41:12:4A:08:D2:66:25:99:0C:0F:65:65:CB:4C:B1:DA:EA:D1:75:3B:10:91:8A:0F:42:94:1F:F4:D0:E8:76:30:02:35:69:E8:07:67:49:C5:53:83:30:05:A7:E7:58:4B:3F:F8:1A:EC:08:06:59:38:92:22:D7:69:4E:22:72:E4:DD:E8:29:0B:A0:2C:4F:F0:0E:8A:54:C0:F6:EC:12:DF:E8:DB:8E:F7:1C:D6:45:83:A0:25:93:C3:C7:C7:52:99:04:06:EA:83:17:38:46:A5:88:25:C0:62" }, "key_size": 2048, "validity": { "not_valid_after": "2024-02-22 23:17:01", "not_valid_before": "2022-02-21 23:17:01" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:17:16 +0000 (0:00:00.642) 0:08:06.358 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "C8:81:83:31:54:21:49:A9:D0:C2:F6:39:67:92:13:B7:8C:59:1D:94" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "72:16:59:B2:68:90:F3:D1:7C:B4:01:F2:71:F0:76:1A:ED:26:BD:50" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "38:51:D4:5B:CE:7C:8A:6E:93:57:05:E4:B2:C8:6A:6D:17:B4:0B:25:F0:4F:E7:F1:A0:90:DD:AE:C9:75:91:D6:68:3F:89:B8:AA:EB:46:A1:C0:12:18:7C:83:05:4C:82:B9:6F:35:14:B6:5D:97:D4:4D:22:F5:E9:42:B7:6E:97:69:AB:06:95:EF:74:1B:ED:2C:B4:7F:42:2D:B9:B2:48:E1:C9:9A:26:FB:90:2D:12:9C:72:5C:D7:48:0B:E4:3E:A8:B5:D6:F1:03:60:52:01:BD:08:33:6C:6D:D8:6C:DC:6E:08:D7:78:F2:E0:56:9B:A8:8F:9D:0F:57:1E:34:6A:3A:BA:3F:AF:A8:4F:A5:54:70:40:7B:02:4C:08:A1:46:59:DF:D7:A4:BB:82:64:6D:77:B8:90:6E:5B:96:52:F9:5B:A8:3B:B4:9C:8E:D6:72:EE:F3:13:1D:57:EF:44:4C:73:2C:8B:5E:A8:5A:D6:52:CF:33:90:22:C7:D3:5D:9A:30:88:96:0C:E4:EA:10:E7:54:A4:3D:28:E1:7D:39:DE:25:F5:23:48:AC:CD:DF:A5:10:93:57:C5:CE:E5:31:42:8F:C8:E4:CE:1D:FE:B9:D6:44:32:0E:CA:63:87:E4:FA:64:B5:88:41:5E:34:5D:26:FF:6E:30:B3:C1:44:A9:EC:2C:A6:7B:BD:84:BE:F2:C2:B3:18:6E:FB:87:C2:47:05:31:CF:77:C6:41:12:4A:08:D2:66:25:99:0C:0F:65:65:CB:4C:B1:DA:EA:D1:75:3B:10:91:8A:0F:42:94:1F:F4:D0:E8:76:30:02:35:69:E8:07:67:49:C5:53:83:30:05:A7:E7:58:4B:3F:F8:1A:EC:08:06:59:38:92:22:D7:69:4E:22:72:E4:DD:E8:29:0B:A0:2C:4F:F0:0E:8A:54:C0:F6:EC:12:DF:E8:DB:8E:F7:1C:D6:45:83:A0:25:93:C3:C7:C7:52:99:04:06:EA:83:17:38:46:A5:88:25:C0:62" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-02-22 23:17:01", "not_valid_before": "2022-02-21 23:17:01" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:17:16 +0000 (0:00:00.027) 0:08:06.386 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:17:16 +0000 (0:00:00.026) 0:08:06.412 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:17:16 +0000 (0:00:00.026) 0:08:06.439 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:17:16 +0000 (0:00:00.028) 0:08:06.467 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:17:16 +0000 (0:00:00.027) 0:08:06.494 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:17:16 +0000 (0:00:00.027) 0:08:06.521 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.068607", "end": "2022-02-21 18:17:16.208042", "rc": 0, "start": "2022-02-21 18:17:16.139435" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:17:16 +0000 (0:00:00.479) 0:08:07.001 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:17:16 +0000 (0:00:00.027) 0:08:07.028 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:17:16 +0000 (0:00:00.019) 0:08:07.048 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:17:18 +0000 (0:00:01.367) 0:08:08.416 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:17:19 +0000 (0:00:01.022) 0:08:09.438 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:17:20 +0000 (0:00:00.901) 0:08:10.340 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485424.0297687, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "60cf94ec8fc84e353291686f75c2ce1ce7fb0f3c", "ctime": 1645485424.1237688, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 17527633, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1645485424.0267687, "nlink": 1, "path": "/etc/pki/tls/certs/groupcert.crt", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "1646793367", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:17:20 +0000 (0:00:00.422) 0:08:10.762 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:17:20 +0000 (0:00:00.028) 0:08:10.791 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:17:20 +0000 (0:00:00.033) 0:08:10.824 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:17:20 +0000 (0:00:00.028) 0:08:10.852 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485423.2307687, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9036ce8b1bbb6651cfc1dce855fce251b152ebb5", "ctime": 1645485424.1237688, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 26763285, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1645485424.0267687, "nlink": 1, "path": "/etc/pki/tls/private/groupcert.key", "pw_name": "root", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1309713674", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:17:21 +0000 (0:00:00.396) 0:08:11.249 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:17:21 +0000 (0:00:00.029) 0:08:11.278 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:17:21 +0000 (0:00:00.031) 0:08:11.309 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/groupcert.crt" ], "delta": "0:00:00.263781", "end": "2022-02-21 18:17:21.157896", "rc": 0, "start": "2022-02-21 18:17:20.894115" } STDOUT: { "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "extensions": { "authorityKeyIdentifier": { "value": "C8:81:83:31:54:21:49:A9:D0:C2:F6:39:67:92:13:B7:8C:59:1D:94", "critical": false }, "authorityInfoAccess": { "value": [ { "method": "OCSP", "location": "http://ipa-ca.test.local/ca/ocsp" } ], "critical": false }, "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ], "critical": true }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "cRLDistributionPoints": { "value": [ { "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ], "crl_issuer": [ { "organizationName": "ipaca", "commonName": "Certificate Authority" } ] } ], "critical": false }, "subjectKeyIdentifier": { "value": "F5:84:EC:1C:68:D1:82:84:3B:71:2E:11:52:B9:92:D4:79:D7:93:2B", "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/ipaserver.test.local@TEST.LOCAL", "oid": "1.3.6.1.5.2.2" } ], "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "94:70:41:28:67:C1:1E:74:0E:82:11:5F:A5:21:37:F6:2D:70:61:49:AB:8A:CE:30:87:2F:26:C9:18:E2:C1:94:0C:75:80:F1:E9:60:16:CA:73:8F:A4:52:F8:8E:5E:F5:7C:15:47:1C:E5:45:95:9B:FE:25:25:4C:C7:40:FA:C8:33:51:30:8E:A2:A9:FB:01:EA:62:10:5F:26:F5:AC:6F:A7:77:9A:12:F2:15:63:69:ED:42:0A:58:AD:2D:1B:AA:1F:27:14:C3:C6:72:AC:19:40:24:C0:73:72:E6:06:6E:07:CC:D3:B3:5A:29:77:60:04:C2:EC:EA:18:52:01:F6:82:59:A6:BD:E7:BC:27:99:BF:98:90:3A:17:79:B7:F0:92:07:ED:1E:E1:39:AC:F1:2B:D1:D3:A6:B1:25:4C:15:D4:64:B9:91:2D:3A:AC:43:AD:9B:53:39:40:A9:88:0A:3E:58:7A:E6:0C:0E:9B:A3:D3:A8:74:13:97:47:DE:C7:FD:72:93:E9:FD:56:85:5A:CB:99:B8:56:D5:9D:F9:9E:D0:9D:C5:C9:A4:7E:12:5C:42:7B:A5:EB:C1:BC:52:61:2E:11:A1:BA:B8:48:61:CF:EE:2B:A1:1D:66:D7:10:AC:4B:48:BB:DC:8D:E9:84:C7:C4:B0:84:6D:9F:99:6B:4F:90:4F:BA:A6:E8:7A:EA:28:A8:67:37:72:84:BA:AB:B0:9D:B3:70:30:B8:EC:CB:C7:09:90:8C:44:36:33:BF:B6:60:9D:5A:E9:BE:89:49:51:D0:C1:F7:09:80:A8:2A:71:4E:3E:E4:0B:6D:21:7B:F8:C2:29:72:2C:78:4C:9C:77:96:A0:92:A8:D7:B9:2C:A5:CB:7C:BC:C2:67:14:10:DD:F6:58:C8:8A:D9:A3:20:E3:B0:64:CC:7F:24:43:0F:39:F0:ED:E9:EA:79:6E:B8:75:14:39:FE:57:9B:6F:EB:85:FF:02:01:B7:9C:D8:81:56:4C:D7:BA:AC:35:D4:DD:D6" }, "key_size": 2048, "validity": { "not_valid_after": "2024-02-22 23:17:03", "not_valid_before": "2022-02-21 23:17:03" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:17:21 +0000 (0:00:00.647) 0:08:11.957 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityInfoAccess": { "critical": false, "value": [ { "location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP" } ] }, "authorityKeyIdentifier": { "critical": false, "value": "C8:81:83:31:54:21:49:A9:D0:C2:F6:39:67:92:13:B7:8C:59:1D:94" }, "cRLDistributionPoints": { "critical": false, "value": [ { "crl_issuer": [ { "commonName": "Certificate Authority", "organizationName": "ipaca" } ], "full_name": [ "http://ipa-ca.test.local/ipa/crl/MasterCRL.bin" ] } ] }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": true, "value": [ "digital_signature", "content_commitment", "key_encipherment", "data_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "ipaserver.test.local" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "F5:84:EC:1C:68:D1:82:84:3B:71:2E:11:52:B9:92:D4:79:D7:93:2B" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "94:70:41:28:67:C1:1E:74:0E:82:11:5F:A5:21:37:F6:2D:70:61:49:AB:8A:CE:30:87:2F:26:C9:18:E2:C1:94:0C:75:80:F1:E9:60:16:CA:73:8F:A4:52:F8:8E:5E:F5:7C:15:47:1C:E5:45:95:9B:FE:25:25:4C:C7:40:FA:C8:33:51:30:8E:A2:A9:FB:01:EA:62:10:5F:26:F5:AC:6F:A7:77:9A:12:F2:15:63:69:ED:42:0A:58:AD:2D:1B:AA:1F:27:14:C3:C6:72:AC:19:40:24:C0:73:72:E6:06:6E:07:CC:D3:B3:5A:29:77:60:04:C2:EC:EA:18:52:01:F6:82:59:A6:BD:E7:BC:27:99:BF:98:90:3A:17:79:B7:F0:92:07:ED:1E:E1:39:AC:F1:2B:D1:D3:A6:B1:25:4C:15:D4:64:B9:91:2D:3A:AC:43:AD:9B:53:39:40:A9:88:0A:3E:58:7A:E6:0C:0E:9B:A3:D3:A8:74:13:97:47:DE:C7:FD:72:93:E9:FD:56:85:5A:CB:99:B8:56:D5:9D:F9:9E:D0:9D:C5:C9:A4:7E:12:5C:42:7B:A5:EB:C1:BC:52:61:2E:11:A1:BA:B8:48:61:CF:EE:2B:A1:1D:66:D7:10:AC:4B:48:BB:DC:8D:E9:84:C7:C4:B0:84:6D:9F:99:6B:4F:90:4F:BA:A6:E8:7A:EA:28:A8:67:37:72:84:BA:AB:B0:9D:B3:70:30:B8:EC:CB:C7:09:90:8C:44:36:33:BF:B6:60:9D:5A:E9:BE:89:49:51:D0:C1:F7:09:80:A8:2A:71:4E:3E:E4:0B:6D:21:7B:F8:C2:29:72:2C:78:4C:9C:77:96:A0:92:A8:D7:B9:2C:A5:CB:7C:BC:C2:67:14:10:DD:F6:58:C8:8A:D9:A3:20:E3:B0:64:CC:7F:24:43:0F:39:F0:ED:E9:EA:79:6E:B8:75:14:39:FE:57:9B:6F:EB:85:FF:02:01:B7:9C:D8:81:56:4C:D7:BA:AC:35:D4:DD:D6" }, "subject": [ { "name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL" }, { "name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local" } ], "validity": { "not_valid_after": "2024-02-22 23:17:03", "not_valid_before": "2022-02-21 23:17:03" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:17:21 +0000 (0:00:00.038) 0:08:11.996 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:17:21 +0000 (0:00:00.041) 0:08:12.037 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:17:21 +0000 (0:00:00.028) 0:08:12.066 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:17:21 +0000 (0:00:00.030) 0:08:12.096 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:17:21 +0000 (0:00:00.033) 0:08:12.130 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:17:22 +0000 (0:00:00.029) 0:08:12.159 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/groupcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.070601", "end": "2022-02-21 18:17:21.824251", "rc": 0, "start": "2022-02-21 18:17:21.753650" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:17:22 +0000 (0:00:00.457) 0:08:12.617 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=99 changed=33 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 Monday 21 February 2022 23:17:22 +0000 (0:00:00.022) 0:08:12.640 ******* =============================================================================== ipaserver : Install - Setup CA ---------------------------------------- 150.61s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 ----------------------- ipaserver : Install - Setup HTTP -------------------------------------- 150.47s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 ----------------------- ipaserver : Install - Ensure that IPA server packages are installed ---- 51.34s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 ------------------------- ipaserver : Install - Setup DS ----------------------------------------- 17.74s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 ----------------------- ipaserver : Install - Setup NTP ---------------------------------------- 10.58s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 ----------------------- ipaserver : Install - Setup DNS ----------------------------------------- 8.82s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 ----------------------- Clone ansible-freeipa repo ---------------------------------------------- 7.92s /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:12 --------------------------------- ipaserver : Install - Setup KRB ----------------------------------------- 6.06s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 ----------------------- ipaserver : Install - Enable IPA ---------------------------------------- 5.10s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 ----------------------- ensure hostname package is installed ------------------------------------ 4.52s /tmp/tmprte76fwa/tests/tasks/setup_ipa.yml:33 --------------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 4.48s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 ipaserver : Install - Ensure that IPA server packages for dns are installed --- 4.35s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 ------------------------ ipaserver : Install - Setup custodia ------------------------------------ 4.18s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 ----------------------- Install the package, force upgrade -------------------------------------- 4.15s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- ipaclient : Install - Create IPA NSS database --------------------------- 4.03s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 ----------------------- Install certreader ------------------------------------------------------ 3.21s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- set up internal repositories -------------------------------------------- 3.14s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ ipaserver : Install - Ensure that firewall packages installed ----------- 3.05s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 ------------------------ ipaserver : Install - Setup otpd ---------------------------------------- 2.80s /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 ----------------------- ipaclient : Install - IPA API calls for remaining enrollment parts ------ 2.63s /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 ----------------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_basic_self_signed.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:17:37 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:17:37 +0000 (0:00:00.036) 0:00:00.060 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:17:37 +0000 (0:00:00.036) 0:00:00.096 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:17:40 +0000 (0:00:02.775) 0:00:02.871 ******* =============================================================================== set up internal repositories -------------------------------------------- 2.78s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_basic_self_signed.yml:2 Monday 21 February 2022 23:17:40 +0000 (0:00:00.019) 0:00:02.891 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:17:41 +0000 (0:00:01.221) 0:00:04.113 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:17:41 +0000 (0:00:00.060) 0:00:04.173 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:17:46 +0000 (0:00:04.839) 0:00:09.013 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:17:49 +0000 (0:00:02.862) 0:00:11.876 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:17:49 +0000 (0:00:00.575) 0:00:12.451 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:17:50 +0000 (0:00:00.425) 0:00:12.877 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target systemd-journald.socket network.target basic.target system.slice dbus.socket syslog.target dbus.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:17:51 +0000 (0:00:01.031) 0:00:13.908 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'mycert', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_basic_self_signed.yml:13 Monday 21 February 2022 23:17:52 +0000 (0:00:01.019) 0:00:14.928 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_basic_self_signed.yml:27 Monday 21 February 2022 23:17:53 +0000 (0:00:00.892) 0:00:15.820 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:17:53 +0000 (0:00:00.060) 0:00:15.880 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:17:53 +0000 (0:00:00.018) 0:00:15.899 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:17:55 +0000 (0:00:01.710) 0:00:17.609 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:17:59 +0000 (0:00:04.148) 0:00:21.758 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:18:02 +0000 (0:00:03.194) 0:00:24.953 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485472.20954, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bc324135873c92eedc1ac008bb107018a4fd1f7e", "ctime": 1645485472.2075398, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17499990, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485472.2075398, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2351962647", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:18:02 +0000 (0:00:00.548) 0:00:25.501 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:18:02 +0000 (0:00:00.045) 0:00:25.547 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:18:02 +0000 (0:00:00.056) 0:00:25.603 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:18:03 +0000 (0:00:00.047) 0:00:25.651 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485472.15354, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7afedfaf781f8015af3a33a5b30350f6b759c7b5", "ctime": 1645485472.2075398, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484949, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485472.2075398, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "244926554", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:18:03 +0000 (0:00:00.428) 0:00:26.079 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:18:03 +0000 (0:00:00.045) 0:00:26.124 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:18:03 +0000 (0:00:00.047) 0:00:26.172 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.245397", "end": "2022-02-21 18:18:04.416439", "rc": 0, "start": "2022-02-21 18:18:04.171042" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "25:A0:97:CC:42:8C:A5:14:7E:8E:9D:83:EC:CA:C3:CA:40:09:E0:30", "critical": false }, "authorityKeyIdentifier": { "value": "0E:14:6C:1E:56:89:95:A4:97:1F:EE:1F:51:42:59:92:4C:CB:D5:95", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "C7:D7:80:C1:FC:68:64:0B:96:C0:1E:EC:B0:53:9B:86:7E:88:F8:5A:88:75:D3:BD:D3:8E:76:2A:EF:A5:28:DB:56:BB:45:C8:6A:33:F8:DA:FC:9D:55:F1:6B:7F:1C:FE:05:A4:03:03:86:10:AB:D5:56:CC:6E:9F:9E:A6:14:DC:CF:2F:55:FD:55:03:64:2E:04:50:EA:26:A3:FD:24:C9:63:40:52:11:73:14:03:A9:59:93:56:44:B3:97:F9:6D:20:6F:B9:6F:24:15:CA:7A:6A:7A:4B:6E:D7:EF:0B:8D:EA:A2:7F:5E:58:F8:E1:3A:24:75:0A:5C:0B:6B:27:94:90:FD:3E:F9:C6:19:01:8A:99:0C:1B:80:A5:30:45:75:AA:33:AB:AF:14:AC:81:CA:EA:3B:8D:E4:5C:88:48:58:E4:AF:EF:EB:E0:E9:E1:FD:21:0B:94:F6:6B:90:34:5E:DE:35:10:71:20:EC:15:B5:8F:86:C5:93:92:B2:A8:0D:5D:D6:E7:63:67:27:A2:8A:B6:06:66:43:7D:96:FD:3A:E7:2B:AC:ED:51:1B:CD:7E:C9:1E:56:D9:17:7C:AD:A2:4A:26:72:51:73:A5:AA:2A:07:53:1A:4B:6B:BB:3E:79:78:C9:6C:D9:A9:FD:F7:12:2E:92:8E:30:56:1D:E4:FA" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:17:51", "not_valid_before": "2022-02-21 23:17:52" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:18:04 +0000 (0:00:00.774) 0:00:26.947 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "0E:14:6C:1E:56:89:95:A4:97:1F:EE:1F:51:42:59:92:4C:CB:D5:95" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "25:A0:97:CC:42:8C:A5:14:7E:8E:9D:83:EC:CA:C3:CA:40:09:E0:30" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "C7:D7:80:C1:FC:68:64:0B:96:C0:1E:EC:B0:53:9B:86:7E:88:F8:5A:88:75:D3:BD:D3:8E:76:2A:EF:A5:28:DB:56:BB:45:C8:6A:33:F8:DA:FC:9D:55:F1:6B:7F:1C:FE:05:A4:03:03:86:10:AB:D5:56:CC:6E:9F:9E:A6:14:DC:CF:2F:55:FD:55:03:64:2E:04:50:EA:26:A3:FD:24:C9:63:40:52:11:73:14:03:A9:59:93:56:44:B3:97:F9:6D:20:6F:B9:6F:24:15:CA:7A:6A:7A:4B:6E:D7:EF:0B:8D:EA:A2:7F:5E:58:F8:E1:3A:24:75:0A:5C:0B:6B:27:94:90:FD:3E:F9:C6:19:01:8A:99:0C:1B:80:A5:30:45:75:AA:33:AB:AF:14:AC:81:CA:EA:3B:8D:E4:5C:88:48:58:E4:AF:EF:EB:E0:E9:E1:FD:21:0B:94:F6:6B:90:34:5E:DE:35:10:71:20:EC:15:B5:8F:86:C5:93:92:B2:A8:0D:5D:D6:E7:63:67:27:A2:8A:B6:06:66:43:7D:96:FD:3A:E7:2B:AC:ED:51:1B:CD:7E:C9:1E:56:D9:17:7C:AD:A2:4A:26:72:51:73:A5:AA:2A:07:53:1A:4B:6B:BB:3E:79:78:C9:6C:D9:A9:FD:F7:12:2E:92:8E:30:56:1D:E4:FA" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:17:51", "not_valid_before": "2022-02-21 23:17:52" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:18:04 +0000 (0:00:00.095) 0:00:27.042 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:18:04 +0000 (0:00:00.047) 0:00:27.089 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:18:04 +0000 (0:00:00.044) 0:00:27.134 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:18:04 +0000 (0:00:00.044) 0:00:27.179 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:18:04 +0000 (0:00:00.045) 0:00:27.225 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:18:04 +0000 (0:00:00.047) 0:00:27.272 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.050646", "end": "2022-02-21 18:18:05.188000", "rc": 0, "start": "2022-02-21 18:18:05.137354" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:18:05 +0000 (0:00:00.448) 0:00:27.721 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=32 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:18:05 +0000 (0:00:00.040) 0:00:27.762 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.84s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.15s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.19s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.86s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - set up internal repositories -------------------------------------------- 2.78s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ Ensure python3 is installed --------------------------------------------- 1.71s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.22s /tmp/tmprte76fwa/tests/tests_basic_self_signed.yml:2 -------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.03s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 1.02s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.89s /tmp/tmprte76fwa/tests/tests_basic_self_signed.yml:13 ------------------------- Parse certificate ------------------------------------------------------- 0.77s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.58s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.55s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.45s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.43s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Load certificate YAML to cert_issued variable --------------------------- 0.10s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 ------------- linux-system-roles.certificate : Set version specific variables --------- 0.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- Verify each certificate ------------------------------------------------- 0.06s /tmp/tmprte76fwa/tests/tests_basic_self_signed.yml:27 ------------------------- Verify certificate file owner and group --------------------------------- 0.06s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 ------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_default.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:18:18 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:18:19 +0000 (0:00:00.038) 0:00:00.061 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:18:19 +0000 (0:00:00.038) 0:00:00.100 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:18:22 +0000 (0:00:03.162) 0:00:03.263 ******* =============================================================================== set up internal repositories -------------------------------------------- 3.16s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmprte76fwa/tests/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_default.yml:3 Monday 21 February 2022 23:18:22 +0000 (0:00:00.018) 0:00:03.281 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:18:23 +0000 (0:00:00.996) 0:00:04.277 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:18:23 +0000 (0:00:00.058) 0:00:04.335 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:18:28 +0000 (0:00:04.782) 0:00:09.118 ******* TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:18:28 +0000 (0:00:00.043) 0:00:09.161 ******* TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:18:28 +0000 (0:00:00.039) 0:00:09.201 ******* TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:18:28 +0000 (0:00:00.042) 0:00:09.244 ******* TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:18:28 +0000 (0:00:00.048) 0:00:09.292 ******* META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=5 changed=2 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 21 February 2022 23:18:28 +0000 (0:00:00.033) 0:00:09.325 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.78s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - set up internal repositories -------------------------------------------- 3.16s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ Gathering Facts --------------------------------------------------------- 1.00s /tmp/tmprte76fwa/tests/tests_default.yml:3 ------------------------------------ linux-system-roles.certificate : Set version specific variables --------- 0.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- linux-system-roles.certificate : Ensure provider service is running ----- 0.05s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure provider packages are installed --- 0.04s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.04s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.04s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.03s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_dns_ip_email.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:18:42 +0000 (0:00:00.024) 0:00:00.024 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:18:42 +0000 (0:00:00.037) 0:00:00.061 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:18:42 +0000 (0:00:00.038) 0:00:00.100 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:18:45 +0000 (0:00:02.998) 0:00:03.099 ******* =============================================================================== set up internal repositories -------------------------------------------- 3.00s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_dns_ip_email.yml:2 Monday 21 February 2022 23:18:45 +0000 (0:00:00.022) 0:00:03.121 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:18:46 +0000 (0:00:00.993) 0:00:04.115 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:18:46 +0000 (0:00:00.063) 0:00:04.178 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:18:51 +0000 (0:00:04.948) 0:00:09.127 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:18:54 +0000 (0:00:02.755) 0:00:11.882 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:18:55 +0000 (0:00:00.572) 0:00:12.455 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:18:55 +0000 (0:00:00.426) 0:00:12.882 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target network.target sysinit.target syslog.target systemd-journald.socket dbus.service system.slice dbus.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:18:56 +0000 (0:00:01.052) 0:00:13.935 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'name': u'mycert', u'dns': [u'sub1.example.com', u'www.example.com', u'sub2.example.com', u'sub3.example.com'], u'common_name': u'My Certificate with SAN', u'ip': [u'192.0.2.12', u'198.51.100.65', u'2001:db8::2:1'], u'ca': u'self-sign', u'email': [u'sysadmin@example.com', u'support@example.com']}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "My Certificate with SAN", "dns": [ "sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com" ], "email": [ "sysadmin@example.com", "support@example.com" ], "ip": [ "192.0.2.12", "198.51.100.65", "2001:db8::2:1" ], "name": "mycert" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_dns_ip_email.yml:24 Monday 21 February 2022 23:18:57 +0000 (0:00:01.000) 0:00:14.935 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_dns_ip_email.yml:54 Monday 21 February 2022 23:18:58 +0000 (0:00:00.701) 0:00:15.637 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:18:58 +0000 (0:00:00.061) 0:00:15.698 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:18:58 +0000 (0:00:00.018) 0:00:15.716 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:19:00 +0000 (0:00:01.758) 0:00:17.475 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:19:04 +0000 (0:00:04.468) 0:00:21.944 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:19:07 +0000 (0:00:03.224) 0:00:25.169 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485536.9284139, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1551c93bc08aa9a4c6035d6b6929019af59cccdb", "ctime": 1645485536.9254138, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17496191, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485536.9254138, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1484, "uid": 0, "version": "2411626720", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:19:08 +0000 (0:00:00.545) 0:00:25.715 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:19:08 +0000 (0:00:00.047) 0:00:25.762 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:19:08 +0000 (0:00:00.050) 0:00:25.812 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:19:08 +0000 (0:00:00.046) 0:00:25.859 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485536.874414, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f3852bdc5e71697d1e4b635c4bb3dab7b1481c5e", "ctime": 1645485536.9254138, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484938, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485536.9254138, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4064520379", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:19:09 +0000 (0:00:00.418) 0:00:26.278 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:19:09 +0000 (0:00:00.046) 0:00:26.324 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:19:09 +0000 (0:00:00.050) 0:00:26.375 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.230540", "end": "2022-02-21 18:19:09.180457", "rc": 0, "start": "2022-02-21 18:19:08.949917" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "97:D4:B9:8C:99:91:0D:A6:5D:79:9A:7C:D1:44:C0:A1:A4:3A:44:62", "critical": false }, "authorityKeyIdentifier": { "value": "E7:B5:1D:D7:77:3C:27:35:A0:D7:D4:F0:9D:2C:5E:17:D4:9A:3C:4D", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6E:20:33:B1:91:45:CA:AD:D1:62:C4:0F:2C:D9:06:AF:AF:7A:89:7C:DD:1E:13:7F:0E:4D:8C:2F:07:22:4B:EB:9D:1F:E5:2F:A5:4F:06:FA:2F:4C:A0:7B:50:39:B4:DB:7D:1B:E7:E5:36:20:7D:3A:5C:0F:A7:25:C1:5E:D8:66:D3:06:0B:8A:8D:71:3F:FB:04:1B:0A:56:27:35:95:AC:DA:76:04:39:73:A7:04:C5:F3:AE:03:DC:C8:54:26:F0:65:99:DA:3C:E6:D8:B3:8F:1B:30:F6:C3:DA:FA:E9:25:65:FE:13:B1:B8:B0:AB:B5:9E:3A:40:50:8A:2C:FC:FE:BA:85:E8:8C:2B:CA:7D:FB:8B:0C:85:A0:B3:8B:8D:1C:90:65:0C:AE:5F:78:BC:E2:27:2B:57:03:B6:BA:6E:6C:59:5E:3A:9D:ED:F5:68:20:2D:A9:04:A3:42:0D:9A:35:E0:39:4D:B3:93:05:B0:2F:75:EE:91:EF:EC:6F:7B:97:70:86:03:C6:13:AA:F3:64:E8:A7:EA:91:F6:EC:32:04:6C:F3:8E:B3:E7:D3:EC:28:C1:4F:C0:15:A8:FA:B7:94:CB:51:D6:47:0F:FE:A5:F2:0E:A2:64:0F:91:98:3F:2B:9E:14:E9:27:02:33:EA:76:B2:5D:45:CE:E8:4D:C2:B3" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:18:56", "not_valid_before": "2022-02-21 23:18:56" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:19:09 +0000 (0:00:00.749) 0:00:27.125 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E7:B5:1D:D7:77:3C:27:35:A0:D7:D4:F0:9D:2C:5E:17:D4:9A:3C:4D" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "sub1.example.com" }, { "name": "DNS", "value": "www.example.com" }, { "name": "DNS", "value": "sub2.example.com" }, { "name": "DNS", "value": "sub3.example.com" }, { "name": "email", "value": "sysadmin@example.com" }, { "name": "email", "value": "support@example.com" }, { "name": "IP Address", "value": "192.0.2.12" }, { "name": "IP Address", "value": "198.51.100.65" }, { "name": "IP Address", "value": "2001:db8::2:1" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "97:D4:B9:8C:99:91:0D:A6:5D:79:9A:7C:D1:44:C0:A1:A4:3A:44:62" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6E:20:33:B1:91:45:CA:AD:D1:62:C4:0F:2C:D9:06:AF:AF:7A:89:7C:DD:1E:13:7F:0E:4D:8C:2F:07:22:4B:EB:9D:1F:E5:2F:A5:4F:06:FA:2F:4C:A0:7B:50:39:B4:DB:7D:1B:E7:E5:36:20:7D:3A:5C:0F:A7:25:C1:5E:D8:66:D3:06:0B:8A:8D:71:3F:FB:04:1B:0A:56:27:35:95:AC:DA:76:04:39:73:A7:04:C5:F3:AE:03:DC:C8:54:26:F0:65:99:DA:3C:E6:D8:B3:8F:1B:30:F6:C3:DA:FA:E9:25:65:FE:13:B1:B8:B0:AB:B5:9E:3A:40:50:8A:2C:FC:FE:BA:85:E8:8C:2B:CA:7D:FB:8B:0C:85:A0:B3:8B:8D:1C:90:65:0C:AE:5F:78:BC:E2:27:2B:57:03:B6:BA:6E:6C:59:5E:3A:9D:ED:F5:68:20:2D:A9:04:A3:42:0D:9A:35:E0:39:4D:B3:93:05:B0:2F:75:EE:91:EF:EC:6F:7B:97:70:86:03:C6:13:AA:F3:64:E8:A7:EA:91:F6:EC:32:04:6C:F3:8E:B3:E7:D3:EC:28:C1:4F:C0:15:A8:FA:B7:94:CB:51:D6:47:0F:FE:A5:F2:0E:A2:64:0F:91:98:3F:2B:9E:14:E9:27:02:33:EA:76:B2:5D:45:CE:E8:4D:C2:B3" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN" } ], "validity": { "not_valid_after": "2023-02-21 23:18:56", "not_valid_before": "2022-02-21 23:18:56" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:19:09 +0000 (0:00:00.048) 0:00:27.173 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:19:10 +0000 (0:00:00.048) 0:00:27.221 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:19:10 +0000 (0:00:00.047) 0:00:27.269 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:19:10 +0000 (0:00:00.047) 0:00:27.317 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:19:10 +0000 (0:00:00.048) 0:00:27.366 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:19:10 +0000 (0:00:00.049) 0:00:27.415 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047464", "end": "2022-02-21 18:19:09.909877", "rc": 0, "start": "2022-02-21 18:19:09.862413" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:19:10 +0000 (0:00:00.436) 0:00:27.851 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=32 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:19:10 +0000 (0:00:00.042) 0:00:27.894 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.95s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.47s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.22s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- set up internal repositories -------------------------------------------- 3.00s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ linux-system-roles.certificate : Ensure provider packages are installed --- 2.76s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Ensure python3 is installed --------------------------------------------- 1.76s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.05s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 1.00s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 0.99s /tmp/tmprte76fwa/tests/tests_dns_ip_email.yml:2 ------------------------------- Parse certificate ------------------------------------------------------- 0.75s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.70s /tmp/tmprte76fwa/tests/tests_dns_ip_email.yml:24 ------------------------------ linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.57s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.55s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.44s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.42s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Set version specific variables --------- 0.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- Verify each certificate ------------------------------------------------- 0.06s /tmp/tmprte76fwa/tests/tests_dns_ip_email.yml:54 ------------------------------ Verify key file owner and group ----------------------------------------- 0.05s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate file owner and group --------------------------------- 0.05s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 ------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_fs_attrs.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:19:25 +0000 (0:00:00.024) 0:00:00.024 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:19:25 +0000 (0:00:00.042) 0:00:00.067 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:19:25 +0000 (0:00:00.042) 0:00:00.110 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:19:28 +0000 (0:00:03.094) 0:00:03.204 ******* =============================================================================== set up internal repositories -------------------------------------------- 3.09s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmprte76fwa/tests/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:2 Monday 21 February 2022 23:19:28 +0000 (0:00:00.020) 0:00:03.225 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:5 Monday 21 February 2022 23:19:29 +0000 (0:00:00.946) 0:00:04.172 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:9 Monday 21 February 2022 23:19:30 +0000 (0:00:00.796) 0:00:04.968 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:13 Monday 21 February 2022 23:19:30 +0000 (0:00:00.776) 0:00:05.744 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:19:31 +0000 (0:00:00.673) 0:00:06.418 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:19:31 +0000 (0:00:00.060) 0:00:06.478 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:19:36 +0000 (0:00:04.982) 0:00:11.461 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:19:39 +0000 (0:00:02.650) 0:00:14.112 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:19:39 +0000 (0:00:00.555) 0:00:14.667 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:19:40 +0000 (0:00:00.414) 0:00:15.081 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target systemd-journald.socket dbus.service sysinit.target dbus.socket network.target syslog.target system.slice", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:19:41 +0000 (0:00:00.980) 0:00:16.062 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'owner': u'ftp', u'ca': u'self-sign', u'group': u'ftp', u'name': u'mycert', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/rhel-8-y.qcow2] => (item={u'owner': 1040, u'ca': u'self-sign', u'group': 1041, u'name': u'certid', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:31 Monday 21 February 2022 23:19:42 +0000 (0:00:01.554) 0:00:17.617 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:60 Monday 21 February 2022 23:19:43 +0000 (0:00:00.713) 0:00:18.330 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:19:43 +0000 (0:00:00.082) 0:00:18.412 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:19:43 +0000 (0:00:00.020) 0:00:18.432 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:19:45 +0000 (0:00:01.649) 0:00:20.082 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:19:49 +0000 (0:00:04.483) 0:00:24.566 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:19:52 +0000 (0:00:03.156) 0:00:27.722 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485581.077988, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "752018f0a70e40f5f869bd39910ae2183b567e4e", "ctime": 1645485581.1199877, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 17496347, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1645485581.0759878, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "3259617829", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:19:53 +0000 (0:00:00.523) 0:00:28.246 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:19:53 +0000 (0:00:00.048) 0:00:28.295 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:19:53 +0000 (0:00:00.054) 0:00:28.349 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:19:53 +0000 (0:00:00.048) 0:00:28.397 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485581.028988, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4278283a412399f9c2eba2b22b244b223840cddb", "ctime": 1645485581.120988, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 26539936, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1645485581.0759878, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "3294923128", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:19:53 +0000 (0:00:00.381) 0:00:28.779 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:19:53 +0000 (0:00:00.046) 0:00:28.826 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:19:53 +0000 (0:00:00.053) 0:00:28.879 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.225570", "end": "2022-02-21 18:19:53.779161", "rc": 0, "start": "2022-02-21 18:19:53.553591" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E3:16:70:82:E1:AD:B8:A6:9D:AB:CC:80:D3:7E:A1:93:FB:40:B3:4D", "critical": false }, "authorityKeyIdentifier": { "value": "21:74:0B:DD:D0:EA:4B:38:C5:32:4D:DD:3D:CC:F1:29:EA:F8:10:83", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A8:8B:E9:11:67:DA:AB:0B:9F:47:C7:73:36:5B:7E:CB:74:0E:57:C1:A8:BC:3A:DF:25:30:81:6C:2D:E8:27:F3:44:FF:D9:7B:46:73:3F:31:1E:38:D1:C9:D3:E5:B7:E3:1E:EB:23:F3:2E:85:F7:13:8A:FD:68:5F:E3:8B:49:40:04:5A:D4:95:3E:04:EB:BB:BE:A0:F7:AD:20:CE:DA:BF:41:FF:E0:3C:D0:DD:2E:8A:A9:7F:03:A8:63:36:BC:3E:E0:94:9E:79:1B:E3:53:79:C0:D6:E9:99:2A:99:69:9B:76:CE:1F:D2:1F:BB:29:9D:0E:C7:87:40:21:ED:66:FE:DF:B4:E5:BA:E8:F4:96:A6:67:7C:D1:14:8A:D0:BE:2A:E7:52:2E:73:3B:F0:A8:F9:B3:05:D2:E3:CB:AF:77:3A:06:FF:63:D2:A5:49:BF:DD:95:81:96:92:4D:E8:AF:D1:05:8D:30:3C:39:4B:15:2B:F9:F1:EF:7E:E7:42:27:74:EE:56:97:CF:18:7F:98:09:1D:04:7B:FC:5E:E6:94:EC:89:F9:55:D7:B5:97:8A:C7:40:80:41:21:F3:7B:99:2A:85:40:65:6D:EA:88:FA:8D:57:59:D2:DD:3B:0F:92:E5:BF:93:3A:4D:15:9D:CB:D9:C9:76:F2:50:CC:1E:98:BE" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:19:40", "not_valid_before": "2022-02-21 23:19:41" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:19:54 +0000 (0:00:00.735) 0:00:29.615 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "21:74:0B:DD:D0:EA:4B:38:C5:32:4D:DD:3D:CC:F1:29:EA:F8:10:83" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E3:16:70:82:E1:AD:B8:A6:9D:AB:CC:80:D3:7E:A1:93:FB:40:B3:4D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A8:8B:E9:11:67:DA:AB:0B:9F:47:C7:73:36:5B:7E:CB:74:0E:57:C1:A8:BC:3A:DF:25:30:81:6C:2D:E8:27:F3:44:FF:D9:7B:46:73:3F:31:1E:38:D1:C9:D3:E5:B7:E3:1E:EB:23:F3:2E:85:F7:13:8A:FD:68:5F:E3:8B:49:40:04:5A:D4:95:3E:04:EB:BB:BE:A0:F7:AD:20:CE:DA:BF:41:FF:E0:3C:D0:DD:2E:8A:A9:7F:03:A8:63:36:BC:3E:E0:94:9E:79:1B:E3:53:79:C0:D6:E9:99:2A:99:69:9B:76:CE:1F:D2:1F:BB:29:9D:0E:C7:87:40:21:ED:66:FE:DF:B4:E5:BA:E8:F4:96:A6:67:7C:D1:14:8A:D0:BE:2A:E7:52:2E:73:3B:F0:A8:F9:B3:05:D2:E3:CB:AF:77:3A:06:FF:63:D2:A5:49:BF:DD:95:81:96:92:4D:E8:AF:D1:05:8D:30:3C:39:4B:15:2B:F9:F1:EF:7E:E7:42:27:74:EE:56:97:CF:18:7F:98:09:1D:04:7B:FC:5E:E6:94:EC:89:F9:55:D7:B5:97:8A:C7:40:80:41:21:F3:7B:99:2A:85:40:65:6D:EA:88:FA:8D:57:59:D2:DD:3B:0F:92:E5:BF:93:3A:4D:15:9D:CB:D9:C9:76:F2:50:CC:1E:98:BE" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:19:40", "not_valid_before": "2022-02-21 23:19:41" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:19:54 +0000 (0:00:00.048) 0:00:29.664 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:19:54 +0000 (0:00:00.049) 0:00:29.713 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:19:54 +0000 (0:00:00.051) 0:00:29.765 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:19:54 +0000 (0:00:00.049) 0:00:29.815 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:19:54 +0000 (0:00:00.052) 0:00:29.867 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:19:54 +0000 (0:00:00.048) 0:00:29.916 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047811", "end": "2022-02-21 18:19:54.517496", "rc": 0, "start": "2022-02-21 18:19:54.469685" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:19:55 +0000 (0:00:00.435) 0:00:30.352 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:19:55 +0000 (0:00:00.045) 0:00:30.397 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:19:55 +0000 (0:00:00.017) 0:00:30.415 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:19:56 +0000 (0:00:01.269) 0:00:31.685 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:19:57 +0000 (0:00:01.013) 0:00:32.699 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:19:58 +0000 (0:00:00.866) 0:00:33.566 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485581.7299879, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d54409876884f85e11fbe2465d9b1cf7a578ad06", "ctime": 1645485581.7659879, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 17496374, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1645485581.7279878, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "4130724987", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:19:59 +0000 (0:00:00.418) 0:00:33.984 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:19:59 +0000 (0:00:00.046) 0:00:34.031 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:19:59 +0000 (0:00:00.050) 0:00:34.082 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:19:59 +0000 (0:00:00.046) 0:00:34.128 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485581.6839879, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "56b8cccf032b8fc91e4329687d8fef027393c9b7", "ctime": 1645485581.7659879, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 26539961, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1645485581.7279878, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 1040, "version": "1748874367", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:19:59 +0000 (0:00:00.395) 0:00:34.523 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:19:59 +0000 (0:00:00.050) 0:00:34.574 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:19:59 +0000 (0:00:00.047) 0:00:34.622 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.227874", "end": "2022-02-21 18:19:59.408301", "rc": 0, "start": "2022-02-21 18:19:59.180427" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "1A:75:C9:78:BF:D6:2E:9B:0C:59:BE:C8:51:5E:F9:C7:CA:CD:A9:3F", "critical": false }, "authorityKeyIdentifier": { "value": "21:74:0B:DD:D0:EA:4B:38:C5:32:4D:DD:3D:CC:F1:29:EA:F8:10:83", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "8D:13:8C:E2:F4:83:2E:21:1C:84:21:2B:37:0D:05:02:35:DC:7C:39:A2:49:08:7D:AB:B4:BF:AC:16:D8:83:F0:F0:A3:24:EE:E8:3D:74:98:03:55:73:B0:F6:3F:A4:53:22:A5:AB:C4:E8:0D:5D:2E:0C:FB:89:D5:52:A6:10:34:2C:91:2F:10:CD:7D:FC:B2:6F:6D:FC:20:67:46:E8:CB:D3:63:97:D5:3D:73:EF:3D:CE:19:D9:3E:A3:9C:C0:24:0E:7D:E3:90:12:AD:04:4B:45:D7:39:69:EE:30:FC:18:6E:DC:63:E4:06:39:FA:76:5A:9B:3B:3A:32:97:22:7B:EE:22:D8:64:F1:31:F6:27:C6:DF:D2:70:83:77:37:04:B2:27:47:D2:44:99:40:4F:98:49:3B:2B:F0:69:4A:7A:95:5B:F3:FC:1A:A6:29:A6:AC:C4:66:38:F4:57:2F:F4:6F:F3:E9:5B:9D:D7:B9:9D:E6:A6:45:89:4D:4C:EA:AD:18:5A:11:65:42:07:54:5D:AC:09:D9:B7:D8:4E:5E:42:E9:A1:B1:6B:04:20:70:CC:F3:A1:CC:70:BF:EA:C9:81:05:F7:66:29:4A:C0:BB:8F:D6:97:EB:1B:A5:9D:24:B9:45:92:55:48:36:58:8B:42:16:86:11:75:30:FE:61:08" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:19:40", "not_valid_before": "2022-02-21 23:19:41" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:20:00 +0000 (0:00:00.632) 0:00:35.255 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "21:74:0B:DD:D0:EA:4B:38:C5:32:4D:DD:3D:CC:F1:29:EA:F8:10:83" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "1A:75:C9:78:BF:D6:2E:9B:0C:59:BE:C8:51:5E:F9:C7:CA:CD:A9:3F" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "8D:13:8C:E2:F4:83:2E:21:1C:84:21:2B:37:0D:05:02:35:DC:7C:39:A2:49:08:7D:AB:B4:BF:AC:16:D8:83:F0:F0:A3:24:EE:E8:3D:74:98:03:55:73:B0:F6:3F:A4:53:22:A5:AB:C4:E8:0D:5D:2E:0C:FB:89:D5:52:A6:10:34:2C:91:2F:10:CD:7D:FC:B2:6F:6D:FC:20:67:46:E8:CB:D3:63:97:D5:3D:73:EF:3D:CE:19:D9:3E:A3:9C:C0:24:0E:7D:E3:90:12:AD:04:4B:45:D7:39:69:EE:30:FC:18:6E:DC:63:E4:06:39:FA:76:5A:9B:3B:3A:32:97:22:7B:EE:22:D8:64:F1:31:F6:27:C6:DF:D2:70:83:77:37:04:B2:27:47:D2:44:99:40:4F:98:49:3B:2B:F0:69:4A:7A:95:5B:F3:FC:1A:A6:29:A6:AC:C4:66:38:F4:57:2F:F4:6F:F3:E9:5B:9D:D7:B9:9D:E6:A6:45:89:4D:4C:EA:AD:18:5A:11:65:42:07:54:5D:AC:09:D9:B7:D8:4E:5E:42:E9:A1:B1:6B:04:20:70:CC:F3:A1:CC:70:BF:EA:C9:81:05:F7:66:29:4A:C0:BB:8F:D6:97:EB:1B:A5:9D:24:B9:45:92:55:48:36:58:8B:42:16:86:11:75:30:FE:61:08" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:19:40", "not_valid_before": "2022-02-21 23:19:41" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:20:00 +0000 (0:00:00.051) 0:00:35.307 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:20:00 +0000 (0:00:00.051) 0:00:35.358 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:20:00 +0000 (0:00:00.047) 0:00:35.406 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:20:00 +0000 (0:00:00.048) 0:00:35.454 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:20:00 +0000 (0:00:00.051) 0:00:35.506 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:20:00 +0000 (0:00:00.048) 0:00:35.555 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047787", "end": "2022-02-21 18:20:00.168310", "rc": 0, "start": "2022-02-21 18:20:00.120523" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:20:01 +0000 (0:00:00.456) 0:00:36.011 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=56 changed=12 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:20:01 +0000 (0:00:00.042) 0:00:36.053 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.98s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.48s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.16s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- set up internal repositories -------------------------------------------- 3.09s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ linux-system-roles.certificate : Ensure provider packages are installed --- 2.65s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Ensure python3 is installed --------------------------------------------- 1.65s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure certificate requests ------------ 1.55s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Ensure python3 is installed --------------------------------------------- 1.27s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- Install the package, force upgrade -------------------------------------- 1.01s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.98s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.95s /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:2 ----------------------------------- Install certreader ------------------------------------------------------ 0.87s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure user exists ------------------------------------------------------ 0.80s /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:5 ----------------------------------- Ensure group "somegroup" exists ----------------------------------------- 0.78s /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:9 ----------------------------------- Parse certificate ------------------------------------------------------- 0.74s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.71s /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:31 ---------------------------------- Gathering Facts --------------------------------------------------------- 0.67s /tmp/tmprte76fwa/tests/tests_fs_attrs.yml:13 ---------------------------------- Parse certificate ------------------------------------------------------- 0.63s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_include_vars_from_parent.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:20:15 +0000 (0:00:00.024) 0:00:00.024 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:20:15 +0000 (0:00:00.038) 0:00:00.063 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:20:15 +0000 (0:00:00.043) 0:00:00.106 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:20:16 +0000 (0:00:01.444) 0:00:01.551 ******* =============================================================================== set up internal repositories -------------------------------------------- 1.44s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmprte76fwa/tests/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_include_vars_from_parent.yml:1 Monday 21 February 2022 23:20:16 +0000 (0:00:00.013) 0:00:01.564 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmprte76fwa/tests/tests_include_vars_from_parent.yml:3 Monday 21 February 2022 23:20:18 +0000 (0:00:01.926) 0:00:03.490 ******* changed: [/cache/rhel-8-y.qcow2 -> localhost] => (item=RedHat-8.7) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmprte76fwa/tests/roles/caller/vars/RedHat-8.7.yml", "gid": 0, "group": "root", "item": "RedHat-8.7", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1645485618.55-112789-73780993883445/source", "state": "file", "uid": 0 } changed: [/cache/rhel-8-y.qcow2 -> localhost] => (item=RedHat-8) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmprte76fwa/tests/roles/caller/vars/RedHat-8.yml", "gid": 0, "group": "root", "item": "RedHat-8", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1645485619.06-112789-210349097537180/source", "state": "file", "uid": 0 } changed: [/cache/rhel-8-y.qcow2 -> localhost] => (item=RedHat_8.7) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmprte76fwa/tests/roles/caller/vars/RedHat_8.7.yml", "gid": 0, "group": "root", "item": "RedHat_8.7", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1645485619.32-112789-225056383926315/source", "state": "file", "uid": 0 } changed: [/cache/rhel-8-y.qcow2 -> localhost] => (item=RedHat_8) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmprte76fwa/tests/roles/caller/vars/RedHat_8.yml", "gid": 0, "group": "root", "item": "RedHat_8", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1645485619.61-112789-274991733462689/source", "state": "file", "uid": 0 } changed: [/cache/rhel-8-y.qcow2 -> localhost] => (item=RedHat) => { "ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmprte76fwa/tests/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0600", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1645485619.9-112789-143916672067357/source", "state": "file", "uid": 0 } TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmprte76fwa/tests/roles/caller/tasks/main.yml:4 Monday 21 February 2022 23:20:20 +0000 (0:00:01.668) 0:00:05.158 ******* TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:20:20 +0000 (0:00:00.045) 0:00:05.204 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:20:20 +0000 (0:00:00.040) 0:00:05.244 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:20:25 +0000 (0:00:04.927) 0:00:10.172 ******* TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:20:25 +0000 (0:00:00.022) 0:00:10.194 ******* TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:20:25 +0000 (0:00:00.021) 0:00:10.215 ******* TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:20:25 +0000 (0:00:00.021) 0:00:10.237 ******* TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:20:25 +0000 (0:00:00.021) 0:00:10.258 ******* TASK [caller : assert] ********************************************************* task path: /tmp/tmprte76fwa/tests/roles/caller/tasks/main.yml:7 Monday 21 February 2022 23:20:25 +0000 (0:00:00.018) 0:00:10.277 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=7 changed=3 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 Monday 21 February 2022 23:20:25 +0000 (0:00:00.016) 0:00:10.294 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.93s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Gathering Facts --------------------------------------------------------- 1.93s /tmp/tmprte76fwa/tests/tests_include_vars_from_parent.yml:1 ------------------- create var file in caller that can override the one in called role ------ 1.67s /tmp/tmprte76fwa/tests/tests_include_vars_from_parent.yml:3 ------------------- set up internal repositories -------------------------------------------- 1.44s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ include_role : {{ roletoinclude }} -------------------------------------- 0.05s /tmp/tmprte76fwa/tests/roles/caller/tasks/main.yml:4 -------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.04s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- linux-system-roles.certificate : Ensure provider packages are installed --- 0.02s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.02s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.02s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - linux-system-roles.certificate : Ensure provider service is running ----- 0.02s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.02s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 caller : assert --------------------------------------------------------- 0.02s /tmp/tmprte76fwa/tests/roles/caller/tasks/main.yml:7 -------------------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_key_size.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:20:39 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:20:39 +0000 (0:00:00.040) 0:00:00.063 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:20:39 +0000 (0:00:00.045) 0:00:00.109 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:20:42 +0000 (0:00:03.226) 0:00:03.336 ******* =============================================================================== set up internal repositories -------------------------------------------- 3.23s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ fail -------------------------------------------------------------------- 0.05s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_key_size.yml:2 Monday 21 February 2022 23:20:42 +0000 (0:00:00.021) 0:00:03.357 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:20:43 +0000 (0:00:00.990) 0:00:04.348 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:20:43 +0000 (0:00:00.055) 0:00:04.403 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:20:48 +0000 (0:00:05.004) 0:00:09.408 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:20:51 +0000 (0:00:02.975) 0:00:12.384 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:20:52 +0000 (0:00:00.569) 0:00:12.953 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:20:52 +0000 (0:00:00.426) 0:00:13.380 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target sysinit.target system.slice basic.target dbus.socket network.target dbus.service systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:20:53 +0000 (0:00:01.025) 0:00:14.405 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'key_size': 4096, u'name': u'mycert', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_key_size.yml:14 Monday 21 February 2022 23:20:55 +0000 (0:00:01.097) 0:00:15.503 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_key_size.yml:29 Monday 21 February 2022 23:20:55 +0000 (0:00:00.730) 0:00:16.234 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:20:55 +0000 (0:00:00.062) 0:00:16.296 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:20:55 +0000 (0:00:00.021) 0:00:16.317 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:20:57 +0000 (0:00:01.781) 0:00:18.098 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:21:01 +0000 (0:00:04.224) 0:00:22.323 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:21:05 +0000 (0:00:03.804) 0:00:26.128 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485654.4024966, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8fa12c0095f75916c2bf60a7f70702660c08934a", "ctime": 1645485654.4004965, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 16939417, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485654.4004965, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1639, "uid": 0, "version": "1430607166", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:21:06 +0000 (0:00:00.549) 0:00:26.677 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:21:06 +0000 (0:00:00.044) 0:00:26.722 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:21:06 +0000 (0:00:00.049) 0:00:26.771 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:21:06 +0000 (0:00:00.046) 0:00:26.818 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485654.3404965, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "08e9bb5482d4cc01a71f763de3d7cb9fc395d40c", "ctime": 1645485654.4004965, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484953, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485654.4004965, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3268, "uid": 0, "version": "1567904332", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:21:06 +0000 (0:00:00.436) 0:00:27.255 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:21:06 +0000 (0:00:00.046) 0:00:27.301 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:21:06 +0000 (0:00:00.048) 0:00:27.349 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.262634", "end": "2022-02-21 18:21:07.213265", "rc": 0, "start": "2022-02-21 18:21:06.950631" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "3D:86:55:42:71:56:AA:00:DE:B2:D2:77:A7:A6:9C:CC:78:33:83:71", "critical": false }, "authorityKeyIdentifier": { "value": "FD:71:5E:FB:3B:7D:BC:D8:2A:63:4D:3F:DF:1D:92:19:F0:06:B3:BB", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A9:D3:0C:EB:7C:FA:16:97:4E:79:6B:03:78:3E:19:1F:61:90:F6:CB:11:1D:C1:7C:32:4D:90:A2:47:A9:55:EA:ED:F5:6A:28:00:C6:2C:8C:8C:42:94:DE:15:D0:89:7F:7E:24:0E:F3:BC:ED:B1:BF:30:7F:B8:72:55:38:E2:9E:40:A4:10:5E:8C:24:B0:F2:99:63:28:B2:24:7E:AC:57:56:D9:1A:16:97:E4:75:3C:6F:1C:46:33:7E:17:8C:E9:15:51:A1:1E:07:D7:69:DE:29:BB:02:E1:99:3C:E9:3A:FD:57:D3:E2:3B:7B:EE:ED:E5:0C:A0:01:7C:0F:FA:2F:9E:86:AA:D6:38:52:18:D9:29:76:98:44:20:5A:EC:6C:E9:A6:A7:E7:ED:56:0B:BD:33:02:8B:1A:63:F4:1F:F5:A0:F3:9D:8C:3F:4C:01:77:FB:0D:69:ED:D3:68:DF:BA:87:2E:67:03:6C:11:AF:E4:A6:36:F3:73:DC:2E:AD:E7:88:4E:EC:FB:4A:E1:4A:A9:16:2C:C2:44:A4:77:CB:07:8C:1C:96:50:44:F9:97:CE:A2:79:9E:C7:3D:CE:D1:05:7B:68:73:24:B0:6B:39:AE:5E:83:9D:20:CB:7E:2A:70:DE:27:06:64:37:20:47:83:0C:2F:98:8D:E6:A2:24:67" }, "key_size": 4096, "validity": { "not_valid_after": "2023-02-21 23:20:53", "not_valid_before": "2022-02-21 23:20:54" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:21:07 +0000 (0:00:00.834) 0:00:28.184 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "FD:71:5E:FB:3B:7D:BC:D8:2A:63:4D:3F:DF:1D:92:19:F0:06:B3:BB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "3D:86:55:42:71:56:AA:00:DE:B2:D2:77:A7:A6:9C:CC:78:33:83:71" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "A9:D3:0C:EB:7C:FA:16:97:4E:79:6B:03:78:3E:19:1F:61:90:F6:CB:11:1D:C1:7C:32:4D:90:A2:47:A9:55:EA:ED:F5:6A:28:00:C6:2C:8C:8C:42:94:DE:15:D0:89:7F:7E:24:0E:F3:BC:ED:B1:BF:30:7F:B8:72:55:38:E2:9E:40:A4:10:5E:8C:24:B0:F2:99:63:28:B2:24:7E:AC:57:56:D9:1A:16:97:E4:75:3C:6F:1C:46:33:7E:17:8C:E9:15:51:A1:1E:07:D7:69:DE:29:BB:02:E1:99:3C:E9:3A:FD:57:D3:E2:3B:7B:EE:ED:E5:0C:A0:01:7C:0F:FA:2F:9E:86:AA:D6:38:52:18:D9:29:76:98:44:20:5A:EC:6C:E9:A6:A7:E7:ED:56:0B:BD:33:02:8B:1A:63:F4:1F:F5:A0:F3:9D:8C:3F:4C:01:77:FB:0D:69:ED:D3:68:DF:BA:87:2E:67:03:6C:11:AF:E4:A6:36:F3:73:DC:2E:AD:E7:88:4E:EC:FB:4A:E1:4A:A9:16:2C:C2:44:A4:77:CB:07:8C:1C:96:50:44:F9:97:CE:A2:79:9E:C7:3D:CE:D1:05:7B:68:73:24:B0:6B:39:AE:5E:83:9D:20:CB:7E:2A:70:DE:27:06:64:37:20:47:83:0C:2F:98:8D:E6:A2:24:67" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:20:53", "not_valid_before": "2022-02-21 23:20:54" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:21:07 +0000 (0:00:00.045) 0:00:28.230 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:21:07 +0000 (0:00:00.046) 0:00:28.276 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:21:07 +0000 (0:00:00.046) 0:00:28.323 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:21:07 +0000 (0:00:00.048) 0:00:28.371 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:21:08 +0000 (0:00:00.076) 0:00:28.448 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:21:08 +0000 (0:00:00.048) 0:00:28.496 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.051914", "end": "2022-02-21 18:21:07.984273", "rc": 0, "start": "2022-02-21 18:21:07.932359" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:21:08 +0000 (0:00:00.459) 0:00:28.956 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=32 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:21:08 +0000 (0:00:00.038) 0:00:28.994 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 5.00s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.22s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.80s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- set up internal repositories -------------------------------------------- 3.23s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ linux-system-roles.certificate : Ensure provider packages are installed --- 2.98s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Ensure python3 is installed --------------------------------------------- 1.78s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure certificate requests ------------ 1.10s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 linux-system-roles.certificate : Ensure provider service is running ----- 1.03s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.99s /tmp/tmprte76fwa/tests/tests_key_size.yml:2 ----------------------------------- Parse certificate ------------------------------------------------------- 0.83s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmprte76fwa/tests/tests_key_size.yml:14 ---------------------------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.57s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.55s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.46s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.44s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Verify certificate Key Usage -------------------------------------------- 0.08s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 ------------ Verify each certificate ------------------------------------------------- 0.06s /tmp/tmprte76fwa/tests/tests_key_size.yml:29 ---------------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- Verify certificate file owner and group --------------------------------- 0.05s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 ------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_key_usage_and_extended_key_usage.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:21:22 +0000 (0:00:00.022) 0:00:00.022 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:21:22 +0000 (0:00:00.039) 0:00:00.062 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:21:22 +0000 (0:00:00.043) 0:00:00.105 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:21:24 +0000 (0:00:01.598) 0:00:01.704 ******* =============================================================================== set up internal repositories -------------------------------------------- 1.60s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmprte76fwa/tests/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_key_usage_and_extended_key_usage.yml:2 Monday 21 February 2022 23:21:24 +0000 (0:00:00.021) 0:00:01.725 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:21:26 +0000 (0:00:02.277) 0:00:04.003 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:21:26 +0000 (0:00:00.055) 0:00:04.058 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:21:31 +0000 (0:00:04.809) 0:00:08.867 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:21:34 +0000 (0:00:02.775) 0:00:11.643 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:21:35 +0000 (0:00:00.588) 0:00:12.231 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:21:35 +0000 (0:00:00.431) 0:00:12.663 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target network.target dbus.socket sysinit.target syslog.target system.slice dbus.service systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:21:36 +0000 (0:00:00.976) 0:00:13.640 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'key_usage': [u'digitalSignature', u'nonRepudiation', u'keyEncipherment'], u'name': u'mycert', u'dns': u'www.example.com', u'extended_key_usage': [u'id-kp-clientAuth', u'id-kp-serverAuth', u'id-kp-ipsecTunnel', u'1.3.6.1.5.2.3.5']}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "extended_key_usage": [ "id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5" ], "key_usage": [ "digitalSignature", "nonRepudiation", "keyEncipherment" ], "name": "mycert" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_key_usage_and_extended_key_usage.yml:22 Monday 21 February 2022 23:21:37 +0000 (0:00:00.897) 0:00:14.538 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_key_usage_and_extended_key_usage.yml:49 Monday 21 February 2022 23:21:38 +0000 (0:00:00.742) 0:00:15.281 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:21:38 +0000 (0:00:00.061) 0:00:15.342 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:21:38 +0000 (0:00:00.019) 0:00:15.362 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:21:40 +0000 (0:00:01.802) 0:00:17.165 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:21:44 +0000 (0:00:04.589) 0:00:21.755 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:21:47 +0000 (0:00:03.248) 0:00:25.004 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485696.9871814, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f1741b2cff710fe67be3d2d1da1a3d0fb3c15e00", "ctime": 1645485696.9841814, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17527690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485696.9841814, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1318, "uid": 0, "version": "380420338", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:21:48 +0000 (0:00:00.529) 0:00:25.533 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:21:48 +0000 (0:00:00.046) 0:00:25.579 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:21:48 +0000 (0:00:00.050) 0:00:25.630 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:21:48 +0000 (0:00:00.045) 0:00:25.676 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485696.9351814, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "dabecb13d0667e241dba2a11e8ed8aff2817fa96", "ctime": 1645485696.9841814, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484940, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485696.9841814, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4259161061", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:21:48 +0000 (0:00:00.433) 0:00:26.109 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:21:49 +0000 (0:00:00.046) 0:00:26.156 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:21:49 +0000 (0:00:00.050) 0:00:26.207 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.256003", "end": "2022-02-21 18:21:49.558069", "rc": 0, "start": "2022-02-21 18:21:49.302066" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "content_commitment", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "6B:49:B3:F5:E9:FA:FF:70:80:C1:71:FF:BD:EE:AB:E4:33:BE:3E:DA", "critical": false }, "authorityKeyIdentifier": { "value": "0A:12:82:DA:B5:42:B1:7C:3D:94:BF:6E:87:B2:78:2F:11:62:87:81", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4E:59:48:4E:89:03:9A:0F:65:D1:AB:23:A2:74:F3:35:C8:2F:07:FB:0D:33:64:A0:7B:92:B6:AB:BB:58:98:7D:74:91:34:3C:7F:5D:CC:3E:89:80:A2:57:1E:17:24:C3:93:CD:65:F9:7E:3D:3B:60:30:D2:B9:50:79:39:66:86:0D:F7:26:16:27:04:00:19:C4:10:67:A4:1A:8B:A6:44:CF:84:BC:42:16:BC:72:6A:26:15:FA:A8:CF:00:CD:FC:5C:8F:2D:8A:0F:3A:7B:CC:6A:E3:64:55:B9:FD:4F:3F:EE:DB:82:19:38:F1:E5:0D:CE:9C:6E:E7:08:E0:8D:BD:77:7B:11:14:ED:4D:E8:9A:9B:9A:19:B5:E4:D6:9F:2D:14:8C:65:9E:E8:A0:A3:CA:A9:46:6A:D5:1B:34:41:F9:9A:EC:43:68:E4:F3:FF:7D:26:84:A5:AC:C5:38:86:AA:84:12:EF:A9:00:28:21:BB:5D:69:A7:87:E2:C5:04:5E:9D:06:0D:67:F2:69:79:B7:E1:A1:A0:E1:E9:FA:5B:B8:9E:30:E5:85:34:75:6C:DB:C4:C3:59:76:5E:60:09:42:A3:16:C2:DF:AA:2B:2B:E7:E4:5B:50:04:AE:82:5D:73:E7:5E:18:60:56:8B:99:40:5E:26:65:45:87:F7:B8:EE" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:21:36", "not_valid_before": "2022-02-21 23:21:36" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:21:49 +0000 (0:00:00.828) 0:00:27.035 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "0A:12:82:DA:B5:42:B1:7C:3D:94:BF:6E:87:B2:78:2F:11:62:87:81" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" }, { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6" }, { "name": null, "oid": "1.3.6.1.5.2.3.5" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "content_commitment", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "6B:49:B3:F5:E9:FA:FF:70:80:C1:71:FF:BD:EE:AB:E4:33:BE:3E:DA" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4E:59:48:4E:89:03:9A:0F:65:D1:AB:23:A2:74:F3:35:C8:2F:07:FB:0D:33:64:A0:7B:92:B6:AB:BB:58:98:7D:74:91:34:3C:7F:5D:CC:3E:89:80:A2:57:1E:17:24:C3:93:CD:65:F9:7E:3D:3B:60:30:D2:B9:50:79:39:66:86:0D:F7:26:16:27:04:00:19:C4:10:67:A4:1A:8B:A6:44:CF:84:BC:42:16:BC:72:6A:26:15:FA:A8:CF:00:CD:FC:5C:8F:2D:8A:0F:3A:7B:CC:6A:E3:64:55:B9:FD:4F:3F:EE:DB:82:19:38:F1:E5:0D:CE:9C:6E:E7:08:E0:8D:BD:77:7B:11:14:ED:4D:E8:9A:9B:9A:19:B5:E4:D6:9F:2D:14:8C:65:9E:E8:A0:A3:CA:A9:46:6A:D5:1B:34:41:F9:9A:EC:43:68:E4:F3:FF:7D:26:84:A5:AC:C5:38:86:AA:84:12:EF:A9:00:28:21:BB:5D:69:A7:87:E2:C5:04:5E:9D:06:0D:67:F2:69:79:B7:E1:A1:A0:E1:E9:FA:5B:B8:9E:30:E5:85:34:75:6C:DB:C4:C3:59:76:5E:60:09:42:A3:16:C2:DF:AA:2B:2B:E7:E4:5B:50:04:AE:82:5D:73:E7:5E:18:60:56:8B:99:40:5E:26:65:45:87:F7:B8:EE" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:21:36", "not_valid_before": "2022-02-21 23:21:36" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:21:49 +0000 (0:00:00.047) 0:00:27.082 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:21:50 +0000 (0:00:00.047) 0:00:27.130 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:21:50 +0000 (0:00:00.045) 0:00:27.176 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:21:50 +0000 (0:00:00.045) 0:00:27.221 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:21:50 +0000 (0:00:00.045) 0:00:27.266 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:21:50 +0000 (0:00:00.047) 0:00:27.314 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.051388", "end": "2022-02-21 18:21:50.289428", "rc": 0, "start": "2022-02-21 18:21:50.238040" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:21:50 +0000 (0:00:00.443) 0:00:27.757 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=32 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:21:50 +0000 (0:00:00.042) 0:00:27.801 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.81s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.59s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.25s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.78s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Gathering Facts --------------------------------------------------------- 2.28s /tmp/tmprte76fwa/tests/tests_key_usage_and_extended_key_usage.yml:2 ----------- Ensure python3 is installed --------------------------------------------- 1.80s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- set up internal repositories -------------------------------------------- 1.60s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ linux-system-roles.certificate : Ensure provider service is running ----- 0.98s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.90s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Parse certificate ------------------------------------------------------- 0.83s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.74s /tmp/tmprte76fwa/tests/tests_key_usage_and_extended_key_usage.yml:22 ---------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.59s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.53s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.44s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.43s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Verify each certificate ------------------------------------------------- 0.06s /tmp/tmprte76fwa/tests/tests_key_usage_and_extended_key_usage.yml:49 ---------- linux-system-roles.certificate : Set version specific variables --------- 0.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- Verify key file owner and group ----------------------------------------- 0.05s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate file owner and group --------------------------------- 0.05s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 ------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_many_self_signed.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:22:05 +0000 (0:00:00.024) 0:00:00.024 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:22:05 +0000 (0:00:00.036) 0:00:00.060 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:22:05 +0000 (0:00:00.035) 0:00:00.095 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:22:08 +0000 (0:00:03.073) 0:00:03.169 ******* =============================================================================== set up internal repositories -------------------------------------------- 3.07s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmprte76fwa/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_many_self_signed.yml:2 Monday 21 February 2022 23:22:08 +0000 (0:00:00.021) 0:00:03.190 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:22:09 +0000 (0:00:01.141) 0:00:04.331 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:22:10 +0000 (0:00:00.057) 0:00:04.389 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:22:14 +0000 (0:00:04.923) 0:00:09.312 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:22:17 +0000 (0:00:02.732) 0:00:12.044 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:22:18 +0000 (0:00:00.570) 0:00:12.615 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:22:18 +0000 (0:00:00.440) 0:00:13.055 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target systemd-journald.socket dbus.socket network.target system.slice syslog.target basic.target dbus.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:22:19 +0000 (0:00:00.996) 0:00:14.051 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'mycert', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'other-cert', u'dns': u'www.example.org'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.org", "name": "other-cert" } } MSG: Certificate requested (new). changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'another-cert', u'dns': u'www.example.net'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.net", "name": "another-cert" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_many_self_signed.yml:18 Monday 21 February 2022 23:22:22 +0000 (0:00:02.983) 0:00:17.035 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_many_self_signed.yml:50 Monday 21 February 2022 23:22:23 +0000 (0:00:00.699) 0:00:17.734 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:22:23 +0000 (0:00:00.086) 0:00:17.821 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:22:23 +0000 (0:00:00.020) 0:00:17.841 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:22:25 +0000 (0:00:01.835) 0:00:19.677 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:22:29 +0000 (0:00:04.223) 0:00:23.900 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:22:32 +0000 (0:00:03.111) 0:00:27.011 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485740.3754346, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "d982b7d2f1d504dea05524614c842244554987c3", "ctime": 1645485740.3724346, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17499471, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485740.3724346, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "430090371", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:22:33 +0000 (0:00:00.579) 0:00:27.591 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:22:33 +0000 (0:00:00.043) 0:00:27.634 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:22:33 +0000 (0:00:00.050) 0:00:27.685 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:22:33 +0000 (0:00:00.047) 0:00:27.732 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485740.3144345, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "da98b05cf0f76f22e7cf9d9271cd0bfc10e16ebc", "ctime": 1645485740.3724346, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484941, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485740.3724346, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3630327545", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:22:33 +0000 (0:00:00.423) 0:00:28.156 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:22:33 +0000 (0:00:00.045) 0:00:28.202 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:22:33 +0000 (0:00:00.049) 0:00:28.251 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.251856", "end": "2022-02-21 18:22:34.378052", "rc": 0, "start": "2022-02-21 18:22:34.126196" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "6C:94:97:F7:7B:FB:95:8F:2E:D8:CE:24:EC:F6:3A:0E:52:03:91:6E", "critical": false }, "authorityKeyIdentifier": { "value": "4F:46:47:73:EA:4B:6F:52:3E:5A:46:3A:2B:7B:59:74:A6:F4:36:C4", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "9B:6E:E0:A4:CA:9B:9E:84:D3:2C:97:B9:43:32:41:90:A1:69:9A:F4:81:54:D9:14:C1:EF:B2:8A:99:E6:C4:83:CC:88:59:E4:92:DF:98:D2:1E:CE:2A:1B:D9:C5:28:BE:C1:70:D2:8F:0E:97:D0:3C:40:E0:84:98:AF:07:44:50:7A:EB:C8:23:28:CE:DB:17:16:7E:5C:A0:AD:45:4E:77:5C:A5:08:CC:10:79:07:4C:43:03:EC:73:0D:13:CE:F7:10:E4:B7:25:9E:65:87:DB:7A:CB:BF:44:6D:84:67:97:1A:A5:E6:6C:C8:5C:2A:2A:AE:9F:F3:96:FA:32:CA:0F:43:2E:17:B6:7A:21:EC:A2:99:50:07:5C:74:D9:93:92:6D:E0:8D:DF:19:FE:25:36:77:0C:5A:F3:81:C8:42:E4:92:87:8F:15:7D:0C:D6:DA:D9:FB:74:05:92:36:07:CF:47:D8:1B:FF:7A:12:EF:06:73:BA:DE:F5:9B:26:98:7A:FA:FC:3D:54:CD:0E:5A:F4:27:9E:7A:95:26:65:6A:D8:75:8E:70:4C:69:95:00:32:DD:FC:B6:F9:87:DC:DB:A8:D9:16:B0:AC:81:F0:86:EC:74:E7:71:7D:A7:70:25:94:C7:02:C2:5E:85:F7:D6:DE:F7:68:DC:23:7E:83:12:44" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:22:19", "not_valid_before": "2022-02-21 23:22:20" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:22:34 +0000 (0:00:00.794) 0:00:29.046 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "4F:46:47:73:EA:4B:6F:52:3E:5A:46:3A:2B:7B:59:74:A6:F4:36:C4" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "6C:94:97:F7:7B:FB:95:8F:2E:D8:CE:24:EC:F6:3A:0E:52:03:91:6E" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "9B:6E:E0:A4:CA:9B:9E:84:D3:2C:97:B9:43:32:41:90:A1:69:9A:F4:81:54:D9:14:C1:EF:B2:8A:99:E6:C4:83:CC:88:59:E4:92:DF:98:D2:1E:CE:2A:1B:D9:C5:28:BE:C1:70:D2:8F:0E:97:D0:3C:40:E0:84:98:AF:07:44:50:7A:EB:C8:23:28:CE:DB:17:16:7E:5C:A0:AD:45:4E:77:5C:A5:08:CC:10:79:07:4C:43:03:EC:73:0D:13:CE:F7:10:E4:B7:25:9E:65:87:DB:7A:CB:BF:44:6D:84:67:97:1A:A5:E6:6C:C8:5C:2A:2A:AE:9F:F3:96:FA:32:CA:0F:43:2E:17:B6:7A:21:EC:A2:99:50:07:5C:74:D9:93:92:6D:E0:8D:DF:19:FE:25:36:77:0C:5A:F3:81:C8:42:E4:92:87:8F:15:7D:0C:D6:DA:D9:FB:74:05:92:36:07:CF:47:D8:1B:FF:7A:12:EF:06:73:BA:DE:F5:9B:26:98:7A:FA:FC:3D:54:CD:0E:5A:F4:27:9E:7A:95:26:65:6A:D8:75:8E:70:4C:69:95:00:32:DD:FC:B6:F9:87:DC:DB:A8:D9:16:B0:AC:81:F0:86:EC:74:E7:71:7D:A7:70:25:94:C7:02:C2:5E:85:F7:D6:DE:F7:68:DC:23:7E:83:12:44" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:22:19", "not_valid_before": "2022-02-21 23:22:20" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:22:34 +0000 (0:00:00.044) 0:00:29.091 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:22:34 +0000 (0:00:00.043) 0:00:29.134 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:22:34 +0000 (0:00:00.044) 0:00:29.178 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:22:34 +0000 (0:00:00.042) 0:00:29.221 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:22:34 +0000 (0:00:00.043) 0:00:29.265 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:22:34 +0000 (0:00:00.045) 0:00:29.310 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.057159", "end": "2022-02-21 18:22:35.117906", "rc": 0, "start": "2022-02-21 18:22:35.060747" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:22:35 +0000 (0:00:00.479) 0:00:29.790 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:22:35 +0000 (0:00:00.048) 0:00:29.838 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:22:35 +0000 (0:00:00.020) 0:00:29.859 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:22:36 +0000 (0:00:01.431) 0:00:31.291 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:22:37 +0000 (0:00:01.067) 0:00:32.358 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:22:38 +0000 (0:00:00.926) 0:00:33.285 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485741.1134346, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e3ed61206a03ec86928e22b8c3eec3a34ee26de9", "ctime": 1645485741.1104345, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17499495, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485741.1104345, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1018232222", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:22:39 +0000 (0:00:00.419) 0:00:33.704 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:22:39 +0000 (0:00:00.044) 0:00:33.749 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:22:39 +0000 (0:00:00.046) 0:00:33.795 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:22:39 +0000 (0:00:00.044) 0:00:33.840 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485741.0654347, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6db8baac78cdc720a3a6975da4c3dbc37e6d821d", "ctime": 1645485741.1104345, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484969, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485741.1104345, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2674795646", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:22:39 +0000 (0:00:00.408) 0:00:34.249 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:22:39 +0000 (0:00:00.042) 0:00:34.292 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:22:39 +0000 (0:00:00.049) 0:00:34.341 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt" ], "delta": "0:00:00.229428", "end": "2022-02-21 18:22:40.295626", "rc": 0, "start": "2022-02-21 18:22:40.066198" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.org" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "94:EC:9F:F6:C1:4F:A3:EC:EE:44:15:40:50:44:44:AC:65:82:B2:F5", "critical": false }, "authorityKeyIdentifier": { "value": "4F:46:47:73:EA:4B:6F:52:3E:5A:46:3A:2B:7B:59:74:A6:F4:36:C4", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "33:16:1E:85:97:9A:0C:A9:ED:15:3A:D6:6F:C8:EE:DA:67:3F:45:AC:DC:F4:78:E7:CE:07:88:B0:83:BC:5B:BB:2D:73:DC:68:FE:8B:E6:D5:04:3A:75:24:0B:89:EF:E4:15:3F:2E:51:E6:F6:1C:4E:4C:44:E0:6F:56:EC:C9:5C:C1:B6:92:D2:15:4B:A8:18:F1:B3:75:0E:AE:14:D3:F7:59:15:9E:B9:EA:37:4C:C2:6F:B5:26:A6:4A:4B:B6:FC:78:B5:8E:00:76:6B:B4:51:BF:9E:97:0B:3A:97:2F:87:07:B7:DA:CD:6B:85:EB:3C:DF:F4:45:00:64:5C:60:5C:4A:6F:C7:4A:0B:10:88:2D:B1:3E:63:62:5B:9F:93:22:1F:B3:80:02:2E:CC:04:93:F7:3F:BF:3B:09:64:C5:6B:88:11:37:26:D7:B9:B8:1F:AC:67:81:57:06:BE:74:69:D9:98:6E:30:9F:64:3B:1B:35:80:5E:74:21:28:4B:A1:BC:C9:20:F1:11:F4:BC:CC:91:9F:28:E4:D0:9A:18:87:03:41:57:3F:8E:0C:62:DF:F4:08:FF:C0:CF:23:FF:B3:7E:E3:51:4D:2D:41:D4:DF:06:EF:B7:29:17:5B:78:73:EB:FF:CD:29:40:3E:50:1A:33:88:22:0A:50:3C:FD:94" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:22:19", "not_valid_before": "2022-02-21 23:22:21" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:22:40 +0000 (0:00:00.622) 0:00:34.964 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "4F:46:47:73:EA:4B:6F:52:3E:5A:46:3A:2B:7B:59:74:A6:F4:36:C4" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.org" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "94:EC:9F:F6:C1:4F:A3:EC:EE:44:15:40:50:44:44:AC:65:82:B2:F5" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "33:16:1E:85:97:9A:0C:A9:ED:15:3A:D6:6F:C8:EE:DA:67:3F:45:AC:DC:F4:78:E7:CE:07:88:B0:83:BC:5B:BB:2D:73:DC:68:FE:8B:E6:D5:04:3A:75:24:0B:89:EF:E4:15:3F:2E:51:E6:F6:1C:4E:4C:44:E0:6F:56:EC:C9:5C:C1:B6:92:D2:15:4B:A8:18:F1:B3:75:0E:AE:14:D3:F7:59:15:9E:B9:EA:37:4C:C2:6F:B5:26:A6:4A:4B:B6:FC:78:B5:8E:00:76:6B:B4:51:BF:9E:97:0B:3A:97:2F:87:07:B7:DA:CD:6B:85:EB:3C:DF:F4:45:00:64:5C:60:5C:4A:6F:C7:4A:0B:10:88:2D:B1:3E:63:62:5B:9F:93:22:1F:B3:80:02:2E:CC:04:93:F7:3F:BF:3B:09:64:C5:6B:88:11:37:26:D7:B9:B8:1F:AC:67:81:57:06:BE:74:69:D9:98:6E:30:9F:64:3B:1B:35:80:5E:74:21:28:4B:A1:BC:C9:20:F1:11:F4:BC:CC:91:9F:28:E4:D0:9A:18:87:03:41:57:3F:8E:0C:62:DF:F4:08:FF:C0:CF:23:FF:B3:7E:E3:51:4D:2D:41:D4:DF:06:EF:B7:29:17:5B:78:73:EB:FF:CD:29:40:3E:50:1A:33:88:22:0A:50:3C:FD:94" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.org" } ], "validity": { "not_valid_after": "2023-02-21 23:22:19", "not_valid_before": "2022-02-21 23:22:21" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:22:40 +0000 (0:00:00.046) 0:00:35.011 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:22:40 +0000 (0:00:00.048) 0:00:35.059 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:22:40 +0000 (0:00:00.046) 0:00:35.105 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:22:40 +0000 (0:00:00.051) 0:00:35.157 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:22:40 +0000 (0:00:00.056) 0:00:35.213 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:22:40 +0000 (0:00:00.049) 0:00:35.263 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.045817", "end": "2022-02-21 18:22:41.033486", "rc": 0, "start": "2022-02-21 18:22:40.987669" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:22:41 +0000 (0:00:00.437) 0:00:35.700 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:22:41 +0000 (0:00:00.052) 0:00:35.752 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:22:41 +0000 (0:00:00.022) 0:00:35.775 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:22:42 +0000 (0:00:01.280) 0:00:37.055 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:22:43 +0000 (0:00:01.113) 0:00:38.168 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:22:44 +0000 (0:00:00.896) 0:00:39.064 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485742.2114346, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1544923790b9817f98d3b97a8d4b8114c8a3ca65", "ctime": 1645485742.2084346, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17496142, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485742.2084346, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "2986507304", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:22:45 +0000 (0:00:00.418) 0:00:39.483 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:22:45 +0000 (0:00:00.044) 0:00:39.528 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:22:45 +0000 (0:00:00.051) 0:00:39.579 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:22:45 +0000 (0:00:00.046) 0:00:39.625 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485742.1614347, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "78034a499d7834b6f0b525851e6e3b70b446fb92", "ctime": 1645485742.2084346, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484972, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485742.2084346, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "3889905034", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:22:45 +0000 (0:00:00.401) 0:00:40.027 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:22:45 +0000 (0:00:00.043) 0:00:40.070 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:22:45 +0000 (0:00:00.056) 0:00:40.126 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt" ], "delta": "0:00:00.233542", "end": "2022-02-21 18:22:46.086474", "rc": 0, "start": "2022-02-21 18:22:45.852932" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.net" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "7E:B4:36:A3:33:D2:54:CF:E2:B5:9C:D4:EF:29:F8:A6:DB:29:73:33", "critical": false }, "authorityKeyIdentifier": { "value": "4F:46:47:73:EA:4B:6F:52:3E:5A:46:3A:2B:7B:59:74:A6:F4:36:C4", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "89:34:66:58:ED:16:85:A5:75:66:B8:BA:93:CD:44:60:37:CF:89:DC:74:12:88:BB:36:17:19:3D:93:BC:83:4F:64:65:3A:53:FB:98:21:77:46:65:44:52:0B:E4:7A:1E:36:99:3E:E8:E7:E7:7C:0D:DA:E8:3E:72:75:2A:3B:2E:05:22:C1:0D:A7:79:68:B0:EB:81:95:FA:08:BA:7A:66:F5:4D:61:C9:AD:A0:84:02:7A:0D:7E:8E:A6:FA:73:B2:13:6C:BE:67:47:4B:54:38:79:09:91:69:10:2F:9F:A2:46:51:AE:7E:74:80:0B:09:71:DC:A0:65:35:1D:A9:CB:B9:A1:9B:9C:47:30:56:CE:13:43:8A:25:19:26:2B:5A:23:9F:54:D5:CC:AE:F5:3A:0C:F0:26:89:91:27:05:25:A6:9C:2E:6D:0B:BB:3D:4D:D7:87:B3:D2:CE:2E:40:FA:85:63:0F:BC:A1:D9:8B:5A:E3:8A:32:5E:B0:6C:65:DB:BD:1B:2B:0A:6E:C4:03:8B:87:A8:3B:8B:E4:BB:80:67:25:21:FA:72:27:4B:85:0D:EE:E3:F9:BA:6D:32:1B:FA:28:73:39:A1:5A:FD:82:85:99:BF:C3:5A:1A:52:41:F5:1B:69:12:ED:5C:8A:6D:90:D5:A5:30:F6:33:26:6D:35" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:22:19", "not_valid_before": "2022-02-21 23:22:22" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:22:46 +0000 (0:00:00.628) 0:00:40.755 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "4F:46:47:73:EA:4B:6F:52:3E:5A:46:3A:2B:7B:59:74:A6:F4:36:C4" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.net" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "7E:B4:36:A3:33:D2:54:CF:E2:B5:9C:D4:EF:29:F8:A6:DB:29:73:33" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "89:34:66:58:ED:16:85:A5:75:66:B8:BA:93:CD:44:60:37:CF:89:DC:74:12:88:BB:36:17:19:3D:93:BC:83:4F:64:65:3A:53:FB:98:21:77:46:65:44:52:0B:E4:7A:1E:36:99:3E:E8:E7:E7:7C:0D:DA:E8:3E:72:75:2A:3B:2E:05:22:C1:0D:A7:79:68:B0:EB:81:95:FA:08:BA:7A:66:F5:4D:61:C9:AD:A0:84:02:7A:0D:7E:8E:A6:FA:73:B2:13:6C:BE:67:47:4B:54:38:79:09:91:69:10:2F:9F:A2:46:51:AE:7E:74:80:0B:09:71:DC:A0:65:35:1D:A9:CB:B9:A1:9B:9C:47:30:56:CE:13:43:8A:25:19:26:2B:5A:23:9F:54:D5:CC:AE:F5:3A:0C:F0:26:89:91:27:05:25:A6:9C:2E:6D:0B:BB:3D:4D:D7:87:B3:D2:CE:2E:40:FA:85:63:0F:BC:A1:D9:8B:5A:E3:8A:32:5E:B0:6C:65:DB:BD:1B:2B:0A:6E:C4:03:8B:87:A8:3B:8B:E4:BB:80:67:25:21:FA:72:27:4B:85:0D:EE:E3:F9:BA:6D:32:1B:FA:28:73:39:A1:5A:FD:82:85:99:BF:C3:5A:1A:52:41:F5:1B:69:12:ED:5C:8A:6D:90:D5:A5:30:F6:33:26:6D:35" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.net" } ], "validity": { "not_valid_after": "2023-02-21 23:22:19", "not_valid_before": "2022-02-21 23:22:22" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:22:46 +0000 (0:00:00.047) 0:00:40.803 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:22:46 +0000 (0:00:00.051) 0:00:40.855 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:22:46 +0000 (0:00:00.049) 0:00:40.904 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:22:46 +0000 (0:00:00.057) 0:00:40.962 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:22:46 +0000 (0:00:00.049) 0:00:41.011 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:22:46 +0000 (0:00:00.050) 0:00:41.062 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.046990", "end": "2022-02-21 18:22:46.851412", "rc": 0, "start": "2022-02-21 18:22:46.804422" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:22:47 +0000 (0:00:00.641) 0:00:41.703 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=74 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:22:47 +0000 (0:00:00.042) 0:00:41.745 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.92s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.22s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.11s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- set up internal repositories -------------------------------------------- 3.07s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ linux-system-roles.certificate : Ensure certificate requests ------------ 2.98s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 linux-system-roles.certificate : Ensure provider packages are installed --- 2.73s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Ensure python3 is installed --------------------------------------------- 1.84s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 1.43s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- Ensure python3 is installed --------------------------------------------- 1.28s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.14s /tmp/tmprte76fwa/tests/tests_many_self_signed.yml:2 --------------------------- Install the package, force upgrade -------------------------------------- 1.11s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install the package, force upgrade -------------------------------------- 1.07s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.00s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Install certreader ------------------------------------------------------ 0.93s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- Install certreader ------------------------------------------------------ 0.90s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- Parse certificate ------------------------------------------------------- 0.79s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.70s /tmp/tmprte76fwa/tests/tests_many_self_signed.yml:18 -------------------------- Retrieve auto-renew flag ------------------------------------------------ 0.64s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ Parse certificate ------------------------------------------------------- 0.63s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.62s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_no_auto_renew.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:23:01 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:23:01 +0000 (0:00:00.037) 0:00:00.060 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:23:01 +0000 (0:00:00.036) 0:00:00.096 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:23:03 +0000 (0:00:01.449) 0:00:01.546 ******* =============================================================================== set up internal repositories -------------------------------------------- 1.45s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_no_auto_renew.yml:2 Monday 21 February 2022 23:23:03 +0000 (0:00:00.021) 0:00:01.567 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:23:05 +0000 (0:00:02.344) 0:00:03.912 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:23:05 +0000 (0:00:00.057) 0:00:03.969 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:23:10 +0000 (0:00:04.895) 0:00:08.865 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:23:13 +0000 (0:00:02.699) 0:00:11.565 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:23:13 +0000 (0:00:00.583) 0:00:12.149 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:23:14 +0000 (0:00:00.428) 0:00:12.577 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target systemd-journald.socket syslog.target basic.target network.target dbus.socket system.slice dbus.service", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:23:15 +0000 (0:00:00.931) 0:00:13.508 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'mycert', u'dns': u'www.example.com', u'auto_renew': False}) => { "ansible_loop_var": "item", "changed": true, "item": { "auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'defaultcert', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "defaultcert" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_no_auto_renew.yml:17 Monday 21 February 2022 23:23:17 +0000 (0:00:01.811) 0:00:15.320 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_no_auto_renew.yml:42 Monday 21 February 2022 23:23:17 +0000 (0:00:00.713) 0:00:16.033 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:23:17 +0000 (0:00:00.077) 0:00:16.111 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:23:17 +0000 (0:00:00.021) 0:00:16.132 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:23:19 +0000 (0:00:01.777) 0:00:17.910 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:23:23 +0000 (0:00:04.184) 0:00:22.094 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:23:27 +0000 (0:00:03.225) 0:00:25.320 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485796.130611, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "07be8ce6236fdf27f243c9c9eb71eae91cb7b672", "ctime": 1645485796.127611, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17500043, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485796.127611, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "452725388", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:23:27 +0000 (0:00:00.605) 0:00:25.926 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:23:27 +0000 (0:00:00.044) 0:00:25.970 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:23:27 +0000 (0:00:00.050) 0:00:26.021 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:23:27 +0000 (0:00:00.046) 0:00:26.067 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485796.079611, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bffcb2332f8bf83cc70b4665c93f9bd7165de33e", "ctime": 1645485796.127611, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484938, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485796.127611, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3855144613", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:23:28 +0000 (0:00:00.382) 0:00:26.450 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:23:28 +0000 (0:00:00.051) 0:00:26.501 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:23:28 +0000 (0:00:00.049) 0:00:26.550 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.228185", "end": "2022-02-21 18:23:29.026345", "rc": 0, "start": "2022-02-21 18:23:28.798160" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "9E:93:37:FB:ED:E6:71:C1:9F:9B:70:62:3C:80:F7:B6:BC:17:08:1A", "critical": false }, "authorityKeyIdentifier": { "value": "16:48:AC:A7:6C:EB:5F:19:00:7D:A3:5E:CF:0C:89:5D:E9:82:73:B7", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7D:AD:38:C5:42:A5:C5:43:DA:C5:58:85:8C:D1:21:7D:50:99:7F:24:4B:21:9E:85:B3:7D:4B:6D:63:B5:06:73:A8:45:9C:AD:65:47:39:82:5E:14:BB:C3:27:B3:BF:34:AE:99:06:65:F3:3F:C7:8E:71:60:EE:85:1E:FC:20:B9:7C:7D:1C:21:A1:B7:9A:D3:24:4B:B0:9C:27:88:84:79:24:8E:04:2B:CB:09:24:61:9B:B6:9B:BA:64:14:68:64:7E:E5:C2:42:E3:3D:B2:D1:25:8C:49:BE:A2:31:10:13:81:17:E2:BC:82:CF:0A:E8:4A:91:13:DF:1D:88:76:7D:6F:42:17:2B:28:F3:DE:A4:E3:92:CA:9C:E0:10:25:C3:9D:12:BD:A1:57:95:49:C2:EE:3D:B2:0B:5C:84:A4:B6:A4:D5:9A:E4:97:59:43:05:92:EB:5A:EC:9F:FF:EA:45:04:3A:84:E9:74:07:9C:04:F5:33:2E:43:F6:8F:D1:2E:4C:41:C0:68:04:26:D4:93:19:8E:FF:CC:EE:88:94:63:CF:60:FC:71:03:46:F3:14:BB:71:EB:7A:41:5B:2A:C7:10:27:16:1F:94:E0:A6:9E:FE:1B:21:FA:DA:77:C0:C9:20:71:DD:88:DD:E8:C3:7A:FA:9B:97:38:36:96:C4:4B" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:23:15", "not_valid_before": "2022-02-21 23:23:16" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:23:29 +0000 (0:00:00.743) 0:00:27.293 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "16:48:AC:A7:6C:EB:5F:19:00:7D:A3:5E:CF:0C:89:5D:E9:82:73:B7" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "9E:93:37:FB:ED:E6:71:C1:9F:9B:70:62:3C:80:F7:B6:BC:17:08:1A" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "7D:AD:38:C5:42:A5:C5:43:DA:C5:58:85:8C:D1:21:7D:50:99:7F:24:4B:21:9E:85:B3:7D:4B:6D:63:B5:06:73:A8:45:9C:AD:65:47:39:82:5E:14:BB:C3:27:B3:BF:34:AE:99:06:65:F3:3F:C7:8E:71:60:EE:85:1E:FC:20:B9:7C:7D:1C:21:A1:B7:9A:D3:24:4B:B0:9C:27:88:84:79:24:8E:04:2B:CB:09:24:61:9B:B6:9B:BA:64:14:68:64:7E:E5:C2:42:E3:3D:B2:D1:25:8C:49:BE:A2:31:10:13:81:17:E2:BC:82:CF:0A:E8:4A:91:13:DF:1D:88:76:7D:6F:42:17:2B:28:F3:DE:A4:E3:92:CA:9C:E0:10:25:C3:9D:12:BD:A1:57:95:49:C2:EE:3D:B2:0B:5C:84:A4:B6:A4:D5:9A:E4:97:59:43:05:92:EB:5A:EC:9F:FF:EA:45:04:3A:84:E9:74:07:9C:04:F5:33:2E:43:F6:8F:D1:2E:4C:41:C0:68:04:26:D4:93:19:8E:FF:CC:EE:88:94:63:CF:60:FC:71:03:46:F3:14:BB:71:EB:7A:41:5B:2A:C7:10:27:16:1F:94:E0:A6:9E:FE:1B:21:FA:DA:77:C0:C9:20:71:DD:88:DD:E8:C3:7A:FA:9B:97:38:36:96:C4:4B" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:23:15", "not_valid_before": "2022-02-21 23:23:16" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:23:29 +0000 (0:00:00.053) 0:00:27.347 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:23:29 +0000 (0:00:00.055) 0:00:27.402 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:23:29 +0000 (0:00:00.057) 0:00:27.459 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:23:29 +0000 (0:00:00.042) 0:00:27.502 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:23:29 +0000 (0:00:00.042) 0:00:27.545 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:23:29 +0000 (0:00:00.047) 0:00:27.593 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.050749", "end": "2022-02-21 18:23:29.767963", "rc": 0, "start": "2022-02-21 18:23:29.717214" } STDOUT: no TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:23:29 +0000 (0:00:00.427) 0:00:28.021 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:23:29 +0000 (0:00:00.044) 0:00:28.066 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:23:29 +0000 (0:00:00.020) 0:00:28.086 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:23:31 +0000 (0:00:01.305) 0:00:29.392 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:23:32 +0000 (0:00:01.057) 0:00:30.449 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.0) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:23:33 +0000 (0:00:00.882) 0:00:31.331 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485796.8916109, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6189ac232849ee1fbc889281bcaf2a33201969b3", "ctime": 1645485796.889611, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17500066, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485796.889611, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "1083575973", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:23:33 +0000 (0:00:00.398) 0:00:31.730 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:23:33 +0000 (0:00:00.046) 0:00:31.776 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:23:33 +0000 (0:00:00.048) 0:00:31.825 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:23:33 +0000 (0:00:00.044) 0:00:31.870 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485796.8456109, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8a985d7a156d66a10df8557ca75f1a787be88ac6", "ctime": 1645485796.889611, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484961, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485796.889611, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1853027202", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:23:34 +0000 (0:00:00.395) 0:00:32.265 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:23:34 +0000 (0:00:00.045) 0:00:32.310 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:23:34 +0000 (0:00:00.048) 0:00:32.358 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt" ], "delta": "0:00:00.230931", "end": "2022-02-21 18:23:34.726009", "rc": 0, "start": "2022-02-21 18:23:34.495078" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "69:EA:B9:46:CF:DC:2B:AA:B3:05:07:D2:E8:FD:71:69:41:59:78:08", "critical": false }, "authorityKeyIdentifier": { "value": "16:48:AC:A7:6C:EB:5F:19:00:7D:A3:5E:CF:0C:89:5D:E9:82:73:B7", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "0E:9B:30:5A:4C:7C:3A:41:3B:00:7D:70:8B:D6:80:E0:77:6A:7F:4A:0B:89:0A:83:29:47:7A:24:94:B8:2F:1C:36:5E:A7:76:6B:42:DC:33:DC:43:88:19:48:BF:36:7B:E9:9E:2C:AF:93:FF:21:C9:ED:B4:A1:BF:77:86:7D:7C:63:9A:4B:F9:E6:05:92:44:DD:A4:A5:23:21:3F:5E:BE:2A:82:F0:CE:8B:14:18:F5:DD:08:D4:CD:12:8D:5D:89:4B:87:96:FF:FB:19:86:12:56:AB:1B:A7:15:5E:C3:F7:FE:74:03:16:90:1D:64:3A:A6:E8:B7:3F:AC:10:79:A7:05:1E:8C:62:67:2F:4B:8B:9D:F2:70:7F:1A:AD:C0:92:83:75:6F:9E:03:56:60:19:AE:75:81:E2:2D:69:FE:5F:69:81:E1:5E:97:4B:7B:F7:E0:29:7E:07:4A:57:1F:C3:F8:F2:DF:CA:62:FD:52:B2:B2:98:EB:91:2B:4A:37:36:C1:39:05:93:7F:A1:B5:C6:35:22:25:84:D7:60:D8:8F:40:CF:E1:09:01:5A:00:71:EE:15:6C:E1:4A:91:2F:41:D2:EA:84:70:73:6F:20:8B:2B:78:77:FA:86:3C:F6:CD:96:09:B2:C9:C6:ED:2A:8D:C6:48:B5:AF:DF:01:A1:72" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:23:15", "not_valid_before": "2022-02-21 23:23:16" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:23:34 +0000 (0:00:00.624) 0:00:32.983 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "16:48:AC:A7:6C:EB:5F:19:00:7D:A3:5E:CF:0C:89:5D:E9:82:73:B7" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "69:EA:B9:46:CF:DC:2B:AA:B3:05:07:D2:E8:FD:71:69:41:59:78:08" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "0E:9B:30:5A:4C:7C:3A:41:3B:00:7D:70:8B:D6:80:E0:77:6A:7F:4A:0B:89:0A:83:29:47:7A:24:94:B8:2F:1C:36:5E:A7:76:6B:42:DC:33:DC:43:88:19:48:BF:36:7B:E9:9E:2C:AF:93:FF:21:C9:ED:B4:A1:BF:77:86:7D:7C:63:9A:4B:F9:E6:05:92:44:DD:A4:A5:23:21:3F:5E:BE:2A:82:F0:CE:8B:14:18:F5:DD:08:D4:CD:12:8D:5D:89:4B:87:96:FF:FB:19:86:12:56:AB:1B:A7:15:5E:C3:F7:FE:74:03:16:90:1D:64:3A:A6:E8:B7:3F:AC:10:79:A7:05:1E:8C:62:67:2F:4B:8B:9D:F2:70:7F:1A:AD:C0:92:83:75:6F:9E:03:56:60:19:AE:75:81:E2:2D:69:FE:5F:69:81:E1:5E:97:4B:7B:F7:E0:29:7E:07:4A:57:1F:C3:F8:F2:DF:CA:62:FD:52:B2:B2:98:EB:91:2B:4A:37:36:C1:39:05:93:7F:A1:B5:C6:35:22:25:84:D7:60:D8:8F:40:CF:E1:09:01:5A:00:71:EE:15:6C:E1:4A:91:2F:41:D2:EA:84:70:73:6F:20:8B:2B:78:77:FA:86:3C:F6:CD:96:09:B2:C9:C6:ED:2A:8D:C6:48:B5:AF:DF:01:A1:72" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:23:15", "not_valid_before": "2022-02-21 23:23:16" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:23:34 +0000 (0:00:00.046) 0:00:33.030 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:23:34 +0000 (0:00:00.047) 0:00:33.078 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:23:34 +0000 (0:00:00.042) 0:00:33.120 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:23:34 +0000 (0:00:00.042) 0:00:33.162 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:23:34 +0000 (0:00:00.041) 0:00:33.204 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:23:35 +0000 (0:00:00.041) 0:00:33.246 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.049118", "end": "2022-02-21 18:23:35.425874", "rc": 0, "start": "2022-02-21 18:23:35.376756" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:23:35 +0000 (0:00:00.434) 0:00:33.680 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=53 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:23:35 +0000 (0:00:00.041) 0:00:33.721 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.90s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.18s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.23s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.70s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Gathering Facts --------------------------------------------------------- 2.34s /tmp/tmprte76fwa/tests/tests_no_auto_renew.yml:2 ------------------------------ linux-system-roles.certificate : Ensure certificate requests ------------ 1.81s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Ensure python3 is installed --------------------------------------------- 1.78s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- set up internal repositories -------------------------------------------- 1.45s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ Ensure python3 is installed --------------------------------------------- 1.31s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- Install the package, force upgrade -------------------------------------- 1.06s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.93s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Install certreader ------------------------------------------------------ 0.88s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- Parse certificate ------------------------------------------------------- 0.74s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.71s /tmp/tmprte76fwa/tests/tests_no_auto_renew.yml:17 ----------------------------- Parse certificate ------------------------------------------------------- 0.62s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Retrieve certificate file stats ----------------------------------------- 0.61s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.58s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve auto-renew flag ------------------------------------------------ 0.43s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve auto-renew flag ------------------------------------------------ 0.43s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:23:50 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:23:50 +0000 (0:00:00.039) 0:00:00.063 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:23:50 +0000 (0:00:00.038) 0:00:00.101 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:23:51 +0000 (0:00:01.546) 0:00:01.648 ******* =============================================================================== set up internal repositories -------------------------------------------- 1.55s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml:2 Monday 21 February 2022 23:23:51 +0000 (0:00:00.034) 0:00:01.682 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:23:54 +0000 (0:00:02.184) 0:00:03.867 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:23:54 +0000 (0:00:00.054) 0:00:03.922 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:23:59 +0000 (0:00:04.930) 0:00:08.852 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:24:02 +0000 (0:00:03.224) 0:00:12.076 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:24:02 +0000 (0:00:00.579) 0:00:12.655 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:24:03 +0000 (0:00:00.432) 0:00:13.088 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice syslog.target network.target sysinit.target basic.target dbus.socket dbus.service systemd-journald.socket", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:24:04 +0000 (0:00:01.045) 0:00:14.133 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'mycert', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml:14 Monday 21 February 2022 23:24:05 +0000 (0:00:00.714) 0:00:14.848 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml:28 Monday 21 February 2022 23:24:05 +0000 (0:00:00.776) 0:00:15.624 ******* ok: [/cache/rhel-8-y.qcow2] => (item={u'path': u'/etc/pki/tls/certs/mycert.crt', u'key_path': u'/etc/pki/tls/private/mycert.key', u'subject_alt_name': [{u'name': u'DNS', u'value': u'www.example.com'}], u'subject': [{u'oid': u'2.5.4.3', u'name': u'commonName', u'value': u'www.example.com'}]}) => { "ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": { "key_path": "/etc/pki/tls/private/mycert.key", "path": "/etc/pki/tls/certs/mycert.crt", "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "subject_alt_name": [ { "name": "DNS", "value": "www.example.com" } ] }, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1294, "state": "file", "uid": 0 } TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml:34 Monday 21 February 2022 23:24:06 +0000 (0:00:00.537) 0:00:16.161 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:24:06 +0000 (0:00:00.063) 0:00:16.224 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:24:06 +0000 (0:00:00.020) 0:00:16.245 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:24:08 +0000 (0:00:01.692) 0:00:17.938 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:24:12 +0000 (0:00:04.131) 0:00:22.070 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:24:15 +0000 (0:00:03.075) 0:00:25.145 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485845.3012247, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bb818af9ddeecef05bf44a2a71f6a1c60364a120", "ctime": 1645485845.2982247, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17496278, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485845.2982247, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "4272952090", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:24:15 +0000 (0:00:00.536) 0:00:25.682 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:24:15 +0000 (0:00:00.045) 0:00:25.728 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:24:15 +0000 (0:00:00.048) 0:00:25.776 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:24:15 +0000 (0:00:00.047) 0:00:25.824 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485845.2492247, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a7d2d19553aa7bd00ee741455fe4f6f6a426a67e", "ctime": 1645485845.2982247, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484952, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485845.2982247, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1920499739", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:24:16 +0000 (0:00:00.394) 0:00:26.219 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:24:16 +0000 (0:00:00.045) 0:00:26.264 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:24:16 +0000 (0:00:00.055) 0:00:26.320 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.227198", "end": "2022-02-21 18:24:17.239130", "rc": 0, "start": "2022-02-21 18:24:17.011932" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E0:36:21:44:00:F4:B2:A2:A4:D7:E6:0A:4F:D8:EF:62:4E:E7:35:C3", "critical": false }, "authorityKeyIdentifier": { "value": "C3:58:F7:62:D0:CC:A7:27:60:F7:77:D2:0E:3C:77:D9:B2:B7:FE:EB", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "9B:1E:E0:C0:3E:48:CA:F0:CB:1F:BC:5E:9F:94:F1:34:5E:3B:76:AE:F9:D4:B1:39:53:65:21:F7:A2:88:89:C4:1B:10:23:47:83:76:92:6D:7F:D3:15:65:68:B0:F4:BF:80:17:ED:30:EC:F2:74:64:85:62:0C:A6:15:CD:C9:E9:34:6B:DC:25:E7:B7:F4:09:0D:51:10:B9:88:3E:7A:06:FD:93:28:DA:40:E2:D3:CE:97:00:AA:8F:DC:A6:B0:BD:3E:0B:E4:31:8A:D9:A7:C7:F1:0E:FC:3D:4C:F6:91:78:DA:0E:75:05:9F:6F:5B:5B:78:52:4B:0E:74:1E:86:74:8E:C5:E7:71:C6:AA:56:B1:E4:F7:A1:2D:8F:8D:22:F9:F7:68:A3:84:EE:21:E1:15:01:79:19:91:CA:AD:C0:83:4C:E1:BA:56:3D:FA:AB:FB:0C:64:B3:49:72:7C:D4:62:E5:D9:41:5C:D8:59:49:FE:7E:80:68:A4:97:05:B9:80:7A:1F:A3:12:67:61:0D:44:2B:7E:DE:C7:72:28:3E:6F:2C:FD:71:09:DA:4A:64:09:87:44:F5:D9:9D:A7:D9:AC:3C:B6:EE:D9:FA:99:27:41:CE:BD:EF:A9:7E:AA:FE:64:62:53:23:79:58:02:CE:9E:C9:BB:7B:9C:5D:30:82:39" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:24:04", "not_valid_before": "2022-02-21 23:24:05" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:24:17 +0000 (0:00:00.760) 0:00:27.080 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "C3:58:F7:62:D0:CC:A7:27:60:F7:77:D2:0E:3C:77:D9:B2:B7:FE:EB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E0:36:21:44:00:F4:B2:A2:A4:D7:E6:0A:4F:D8:EF:62:4E:E7:35:C3" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "9B:1E:E0:C0:3E:48:CA:F0:CB:1F:BC:5E:9F:94:F1:34:5E:3B:76:AE:F9:D4:B1:39:53:65:21:F7:A2:88:89:C4:1B:10:23:47:83:76:92:6D:7F:D3:15:65:68:B0:F4:BF:80:17:ED:30:EC:F2:74:64:85:62:0C:A6:15:CD:C9:E9:34:6B:DC:25:E7:B7:F4:09:0D:51:10:B9:88:3E:7A:06:FD:93:28:DA:40:E2:D3:CE:97:00:AA:8F:DC:A6:B0:BD:3E:0B:E4:31:8A:D9:A7:C7:F1:0E:FC:3D:4C:F6:91:78:DA:0E:75:05:9F:6F:5B:5B:78:52:4B:0E:74:1E:86:74:8E:C5:E7:71:C6:AA:56:B1:E4:F7:A1:2D:8F:8D:22:F9:F7:68:A3:84:EE:21:E1:15:01:79:19:91:CA:AD:C0:83:4C:E1:BA:56:3D:FA:AB:FB:0C:64:B3:49:72:7C:D4:62:E5:D9:41:5C:D8:59:49:FE:7E:80:68:A4:97:05:B9:80:7A:1F:A3:12:67:61:0D:44:2B:7E:DE:C7:72:28:3E:6F:2C:FD:71:09:DA:4A:64:09:87:44:F5:D9:9D:A7:D9:AC:3C:B6:EE:D9:FA:99:27:41:CE:BD:EF:A9:7E:AA:FE:64:62:53:23:79:58:02:CE:9E:C9:BB:7B:9C:5D:30:82:39" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:24:04", "not_valid_before": "2022-02-21 23:24:05" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:24:17 +0000 (0:00:00.044) 0:00:27.125 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:24:17 +0000 (0:00:00.044) 0:00:27.169 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:24:17 +0000 (0:00:00.046) 0:00:27.216 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:24:17 +0000 (0:00:00.045) 0:00:27.261 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:24:17 +0000 (0:00:00.043) 0:00:27.305 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:24:17 +0000 (0:00:00.052) 0:00:27.357 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047417", "end": "2022-02-21 18:24:17.956192", "rc": 0, "start": "2022-02-21 18:24:17.908775" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:24:17 +0000 (0:00:00.436) 0:00:27.794 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=33 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:24:18 +0000 (0:00:00.041) 0:00:27.836 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.93s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.13s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 3.22s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Install certreader ------------------------------------------------------ 3.08s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- Gathering Facts --------------------------------------------------------- 2.18s /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml:2 -------------------------- Ensure python3 is installed --------------------------------------------- 1.69s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- set up internal repositories -------------------------------------------- 1.55s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ linux-system-roles.certificate : Ensure provider service is running ----- 1.05s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml:14 ------------------------- Parse certificate ------------------------------------------------------- 0.76s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.71s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.58s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Wait for certificate ---------------------------------------------------- 0.54s /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml:28 ------------------------- Retrieve certificate file stats ----------------------------------------- 0.54s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.44s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify each certificate ------------------------------------------------- 0.06s /tmp/tmprte76fwa/tests/tests_not_wait_for_cert.yml:34 ------------------------- Verify key file owner and group ----------------------------------------- 0.06s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 ------------- linux-system-roles.certificate : Set version specific variables --------- 0.05s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_principal.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:24:32 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:24:32 +0000 (0:00:00.038) 0:00:00.062 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:24:32 +0000 (0:00:00.038) 0:00:00.100 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:24:33 +0000 (0:00:01.715) 0:00:01.816 ******* =============================================================================== set up internal repositories -------------------------------------------- 1.72s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmprte76fwa/tests/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_principal.yml:2 Monday 21 February 2022 23:24:34 +0000 (0:00:00.032) 0:00:01.848 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:24:35 +0000 (0:00:01.953) 0:00:03.802 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:24:36 +0000 (0:00:00.056) 0:00:03.858 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:24:40 +0000 (0:00:04.809) 0:00:08.668 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:24:43 +0000 (0:00:02.673) 0:00:11.341 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:24:44 +0000 (0:00:00.558) 0:00:11.899 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:24:44 +0000 (0:00:00.430) 0:00:12.329 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target dbus.service systemd-journald.socket basic.target dbus.socket network.target system.slice syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:24:45 +0000 (0:00:00.995) 0:00:13.325 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'mycert', u'dns': u'www.example.com', u'principal': u'HTTP/www.example.com@EXAMPLE.COM'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "principal": "HTTP/www.example.com@EXAMPLE.COM" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_principal.yml:13 Monday 21 February 2022 23:24:46 +0000 (0:00:01.034) 0:00:14.360 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_principal.yml:33 Monday 21 February 2022 23:24:47 +0000 (0:00:00.734) 0:00:15.094 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:24:47 +0000 (0:00:00.065) 0:00:15.159 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:24:47 +0000 (0:00:00.021) 0:00:15.181 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:24:49 +0000 (0:00:01.785) 0:00:16.967 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:24:53 +0000 (0:00:04.119) 0:00:21.086 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:24:56 +0000 (0:00:03.125) 0:00:24.212 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485885.7922015, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bb6c7d45e668ad451fe9d8b25e6dff01170b3b21", "ctime": 1645485885.7892015, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 16939417, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485885.7892015, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1456, "uid": 0, "version": "2186162506", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:24:56 +0000 (0:00:00.577) 0:00:24.789 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:24:56 +0000 (0:00:00.045) 0:00:24.834 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:24:57 +0000 (0:00:00.046) 0:00:24.881 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:24:57 +0000 (0:00:00.047) 0:00:24.928 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485885.7422016, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "abf177f11f9b584243e48c463d0969e5261e12ba", "ctime": 1645485885.7892015, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484938, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485885.7892015, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1529024853", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:24:57 +0000 (0:00:00.408) 0:00:25.337 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:24:57 +0000 (0:00:00.045) 0:00:25.382 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:24:57 +0000 (0:00:00.048) 0:00:25.431 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.254667", "end": "2022-02-21 18:24:57.788244", "rc": 0, "start": "2022-02-21 18:24:57.533577" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.4.1.311.20.2.3" }, { "name": "Kerberos principalname", "value": "HTTP/www.example.com@EXAMPLE.COM", "oid": "1.3.6.1.5.2.2" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "D3:34:36:C2:C3:7C:04:DE:7A:9D:0F:1A:C4:2D:58:D2:80:65:89:43", "critical": false }, "authorityKeyIdentifier": { "value": "A3:18:1E:E5:06:BD:0B:03:46:91:C9:68:C6:69:21:E9:A8:BE:6C:F0", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "84:95:45:49:37:44:1F:BE:9F:F7:04:13:07:E2:E7:BD:01:7E:98:3D:B7:6E:7F:3F:5B:6D:F6:8F:C7:7C:27:0A:F8:60:9F:D3:0B:4B:0F:69:DD:06:B0:2C:41:B3:54:9D:71:C9:B0:1F:69:30:3F:98:14:6C:41:C5:27:8F:6D:CD:BF:1D:CC:3C:A6:53:04:D9:30:26:82:31:5A:43:46:F3:01:74:46:24:75:33:92:80:38:7E:F5:F4:28:79:F0:4F:BA:C4:62:5D:CA:FA:41:F5:3E:B7:45:B8:0D:90:BB:E1:E5:BB:38:EB:8E:11:FE:31:A8:14:AC:45:B4:96:40:53:2C:CA:C9:1A:9E:C0:D4:1B:BD:70:EF:FE:8F:1E:88:74:E9:79:97:4B:0A:37:84:44:A1:63:36:96:07:B0:FF:FE:9F:CB:28:20:23:03:98:04:B9:8C:76:71:2B:A3:AB:55:6F:E3:0F:04:66:95:04:BF:CE:33:9E:BD:6A:58:5B:C5:55:63:CC:1F:26:A1:7B:14:28:90:9C:F9:05:13:AB:B0:66:4D:07:46:13:B2:D6:F8:46:28:76:1D:D0:50:FC:26:D8:86:0F:C5:7C:B4:2A:7A:20:A7:4B:CB:3C:65:2C:96:D3:E0:E6:19:33:8F:EE:43:46:06:33:D8:DE:EC:E1:3C" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:24:44", "not_valid_before": "2022-02-21 23:24:45" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:24:58 +0000 (0:00:00.761) 0:00:26.193 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "A3:18:1E:E5:06:BD:0B:03:46:91:C9:68:C6:69:21:E9:A8:BE:6C:F0" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" }, { "name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM" }, { "name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "D3:34:36:C2:C3:7C:04:DE:7A:9D:0F:1A:C4:2D:58:D2:80:65:89:43" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "84:95:45:49:37:44:1F:BE:9F:F7:04:13:07:E2:E7:BD:01:7E:98:3D:B7:6E:7F:3F:5B:6D:F6:8F:C7:7C:27:0A:F8:60:9F:D3:0B:4B:0F:69:DD:06:B0:2C:41:B3:54:9D:71:C9:B0:1F:69:30:3F:98:14:6C:41:C5:27:8F:6D:CD:BF:1D:CC:3C:A6:53:04:D9:30:26:82:31:5A:43:46:F3:01:74:46:24:75:33:92:80:38:7E:F5:F4:28:79:F0:4F:BA:C4:62:5D:CA:FA:41:F5:3E:B7:45:B8:0D:90:BB:E1:E5:BB:38:EB:8E:11:FE:31:A8:14:AC:45:B4:96:40:53:2C:CA:C9:1A:9E:C0:D4:1B:BD:70:EF:FE:8F:1E:88:74:E9:79:97:4B:0A:37:84:44:A1:63:36:96:07:B0:FF:FE:9F:CB:28:20:23:03:98:04:B9:8C:76:71:2B:A3:AB:55:6F:E3:0F:04:66:95:04:BF:CE:33:9E:BD:6A:58:5B:C5:55:63:CC:1F:26:A1:7B:14:28:90:9C:F9:05:13:AB:B0:66:4D:07:46:13:B2:D6:F8:46:28:76:1D:D0:50:FC:26:D8:86:0F:C5:7C:B4:2A:7A:20:A7:4B:CB:3C:65:2C:96:D3:E0:E6:19:33:8F:EE:43:46:06:33:D8:DE:EC:E1:3C" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:24:44", "not_valid_before": "2022-02-21 23:24:45" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:24:58 +0000 (0:00:00.046) 0:00:26.240 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:24:58 +0000 (0:00:00.044) 0:00:26.284 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:24:58 +0000 (0:00:00.041) 0:00:26.326 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:24:58 +0000 (0:00:00.042) 0:00:26.368 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:24:58 +0000 (0:00:00.048) 0:00:26.417 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:24:58 +0000 (0:00:00.044) 0:00:26.461 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047600", "end": "2022-02-21 18:24:58.508210", "rc": 0, "start": "2022-02-21 18:24:58.460610" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:24:59 +0000 (0:00:00.445) 0:00:26.906 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_principal.yml:40 Monday 21 February 2022 23:24:59 +0000 (0:00:00.052) 0:00:26.959 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:24:59 +0000 (0:00:00.677) 0:00:27.637 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:24:59 +0000 (0:00:00.057) 0:00:27.694 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:25:01 +0000 (0:00:01.365) 0:00:29.059 ******* ok: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:25:02 +0000 (0:00:01.269) 0:00:30.328 ******* ok: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:25:02 +0000 (0:00:00.405) 0:00:30.734 ******* ok: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:25:03 +0000 (0:00:00.424) 0:00:31.158 ******* ok: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Mon 2022-02-21 18:24:44 EST", "ActiveEnterTimestampMonotonic": "24680687", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "syslog.target dbus.socket basic.target network.target dbus.service systemd-journald.socket system.slice sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Mon 2022-02-21 18:24:44 EST", "AssertTimestampMonotonic": "24669716", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Mon 2022-02-21 18:24:44 EST", "ConditionTimestampMonotonic": "24669716", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "11383", "ExecMainStartTimestamp": "Mon 2022-02-21 18:24:44 EST", "ExecMainStartTimestampMonotonic": "24670657", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Mon 2022-02-21 18:24:44 EST] ; stop_time=[n/a] ; pid=11383 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Mon 2022-02-21 18:24:44 EST", "InactiveExitTimestampMonotonic": "24670767", "InvocationID": "ec1c9b219cc942daa58444a3b4af7b47", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "11383", "MemoryAccounting": "yes", "MemoryCurrent": "2752512", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Mon 2022-02-21 18:24:44 EST", "StateChangeTimestampMonotonic": "24680687", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Mon 2022-02-21 18:24:44 EST", "WatchdogTimestampMonotonic": "24680687", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:25:03 +0000 (0:00:00.542) 0:00:31.701 ******* failed: [/cache/rhel-8-y.qcow2] (item={u'ca': u'self-sign', u'name': u'mycertinvalid', u'dns': u'www.example.com', u'principal': u'HTTP/abc'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc" } } MSG: Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM' TASK [assert...] *************************************************************** task path: /tmp/tmprte76fwa/tests/tests_principal.yml:59 Monday 21 February 2022 23:25:04 +0000 (0:00:00.495) 0:00:32.196 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=40 changed=10 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0 Monday 21 February 2022 23:25:04 +0000 (0:00:00.039) 0:00:32.236 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.81s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.12s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.13s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.67s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Gathering Facts --------------------------------------------------------- 1.95s /tmp/tmprte76fwa/tests/tests_principal.yml:2 ---------------------------------- Ensure python3 is installed --------------------------------------------- 1.79s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- set up internal repositories -------------------------------------------- 1.72s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.37s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - linux-system-roles.certificate : Ensure provider packages are installed --- 1.27s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - linux-system-roles.certificate : Ensure certificate requests ------------ 1.03s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 linux-system-roles.certificate : Ensure provider service is running ----- 1.00s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Parse certificate ------------------------------------------------------- 0.76s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmprte76fwa/tests/tests_principal.yml:13 --------------------------------- Gathering Facts --------------------------------------------------------- 0.68s /tmp/tmprte76fwa/tests/tests_principal.yml:40 --------------------------------- Retrieve certificate file stats ----------------------------------------- 0.58s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - linux-system-roles.certificate : Ensure provider service is running ----- 0.54s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.50s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Retrieve auto-renew flag ------------------------------------------------ 0.45s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_provider.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:25:18 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:25:18 +0000 (0:00:00.039) 0:00:00.062 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:25:18 +0000 (0:00:00.039) 0:00:00.101 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:25:20 +0000 (0:00:01.743) 0:00:01.845 ******* =============================================================================== set up internal repositories -------------------------------------------- 1.74s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_provider.yml:2 Monday 21 February 2022 23:25:20 +0000 (0:00:00.020) 0:00:01.865 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:25:22 +0000 (0:00:02.055) 0:00:03.921 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:25:22 +0000 (0:00:00.058) 0:00:03.979 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:25:27 +0000 (0:00:05.004) 0:00:08.984 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:25:30 +0000 (0:00:02.701) 0:00:11.685 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:25:31 +0000 (0:00:00.559) 0:00:12.245 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:25:31 +0000 (0:00:00.468) 0:00:12.713 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket basic.target dbus.service sysinit.target network.target system.slice dbus.socket syslog.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:25:32 +0000 (0:00:01.013) 0:00:13.726 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'ca': u'self-sign', u'name': u'mycert', u'dns': u'www.example.com', u'provider': u'certmonger'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "certmonger" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_provider.yml:13 Monday 21 February 2022 23:25:33 +0000 (0:00:01.011) 0:00:14.737 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_provider.yml:27 Monday 21 February 2022 23:25:34 +0000 (0:00:00.687) 0:00:15.424 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:25:34 +0000 (0:00:00.060) 0:00:15.485 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:25:34 +0000 (0:00:00.018) 0:00:15.504 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:25:35 +0000 (0:00:01.632) 0:00:17.137 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:25:40 +0000 (0:00:04.256) 0:00:21.393 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:25:43 +0000 (0:00:03.280) 0:00:24.674 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485933.5717678, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a168ece52417f8cd518ca144c367d86fc92aaa60", "ctime": 1645485933.5687678, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17500113, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485933.5687678, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "4059222416", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:25:44 +0000 (0:00:00.527) 0:00:25.201 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:25:44 +0000 (0:00:00.046) 0:00:25.248 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:25:44 +0000 (0:00:00.052) 0:00:25.301 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:25:44 +0000 (0:00:00.045) 0:00:25.347 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485933.5217679, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "dd466dcaca432abd9c18a04362027979b55a181e", "ctime": 1645485933.5687678, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484943, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485933.5687678, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2778995278", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:25:44 +0000 (0:00:00.391) 0:00:25.739 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:25:44 +0000 (0:00:00.047) 0:00:25.786 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:25:44 +0000 (0:00:00.050) 0:00:25.837 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.232196", "end": "2022-02-21 18:25:45.502298", "rc": 0, "start": "2022-02-21 18:25:45.270102" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "F3:EF:37:51:C1:A2:86:6C:8C:4D:45:27:90:B2:3A:C5:88:67:5C:F0", "critical": false }, "authorityKeyIdentifier": { "value": "41:F2:2B:F5:0F:C6:94:72:45:6E:FA:A4:46:37:E7:A4:6A:E5:7A:1F", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "75:D6:BD:00:8F:3D:45:38:6B:AA:4E:DD:C4:74:0D:8B:FE:1F:72:B8:93:C3:C2:E0:12:59:D5:39:9F:AE:12:5A:CB:1B:98:70:99:74:BE:C4:FF:60:B8:5B:39:C5:83:D1:22:A0:6A:C9:3C:A3:83:15:21:95:B8:D5:8D:77:3B:11:B8:8B:85:87:F3:C0:86:84:6F:79:A2:4E:3C:C8:77:F0:19:E4:63:CF:A4:FA:29:64:C5:DA:1B:03:9B:CC:B8:72:4D:C5:38:F3:07:13:AC:38:E3:B6:15:20:41:22:66:D6:25:4A:19:5A:4C:A8:DA:46:0E:4A:6B:D6:66:14:55:2D:CA:64:22:0C:B6:EF:F9:34:57:3F:A5:E7:60:E9:0B:00:11:37:12:E6:69:44:80:85:C1:3A:1A:1C:92:0D:0F:00:F4:02:1A:06:A8:10:E0:51:B8:D6:24:83:E5:C0:21:07:60:14:48:46:38:2E:CA:09:D3:E9:E5:77:7A:40:77:44:3A:15:2E:27:22:80:6F:13:0D:3C:38:A1:CA:01:E6:77:09:A4:38:D9:38:39:E4:99:51:30:88:90:D5:21:87:FF:B5:0D:A6:30:64:C3:74:C8:94:07:8E:C2:FA:1D:97:24:C6:3B:CB:0E:71:D7:D4:7D:4C:13:A8:99:B0:0A:D5:90" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:25:32", "not_valid_before": "2022-02-21 23:25:33" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:25:45 +0000 (0:00:00.741) 0:00:26.579 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "41:F2:2B:F5:0F:C6:94:72:45:6E:FA:A4:46:37:E7:A4:6A:E5:7A:1F" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "F3:EF:37:51:C1:A2:86:6C:8C:4D:45:27:90:B2:3A:C5:88:67:5C:F0" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "75:D6:BD:00:8F:3D:45:38:6B:AA:4E:DD:C4:74:0D:8B:FE:1F:72:B8:93:C3:C2:E0:12:59:D5:39:9F:AE:12:5A:CB:1B:98:70:99:74:BE:C4:FF:60:B8:5B:39:C5:83:D1:22:A0:6A:C9:3C:A3:83:15:21:95:B8:D5:8D:77:3B:11:B8:8B:85:87:F3:C0:86:84:6F:79:A2:4E:3C:C8:77:F0:19:E4:63:CF:A4:FA:29:64:C5:DA:1B:03:9B:CC:B8:72:4D:C5:38:F3:07:13:AC:38:E3:B6:15:20:41:22:66:D6:25:4A:19:5A:4C:A8:DA:46:0E:4A:6B:D6:66:14:55:2D:CA:64:22:0C:B6:EF:F9:34:57:3F:A5:E7:60:E9:0B:00:11:37:12:E6:69:44:80:85:C1:3A:1A:1C:92:0D:0F:00:F4:02:1A:06:A8:10:E0:51:B8:D6:24:83:E5:C0:21:07:60:14:48:46:38:2E:CA:09:D3:E9:E5:77:7A:40:77:44:3A:15:2E:27:22:80:6F:13:0D:3C:38:A1:CA:01:E6:77:09:A4:38:D9:38:39:E4:99:51:30:88:90:D5:21:87:FF:B5:0D:A6:30:64:C3:74:C8:94:07:8E:C2:FA:1D:97:24:C6:3B:CB:0E:71:D7:D4:7D:4C:13:A8:99:B0:0A:D5:90" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:25:32", "not_valid_before": "2022-02-21 23:25:33" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:25:45 +0000 (0:00:00.047) 0:00:26.626 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:25:45 +0000 (0:00:00.047) 0:00:26.674 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:25:45 +0000 (0:00:00.075) 0:00:26.750 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:25:45 +0000 (0:00:00.046) 0:00:26.796 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:25:45 +0000 (0:00:00.046) 0:00:26.843 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:25:45 +0000 (0:00:00.046) 0:00:26.889 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047222", "end": "2022-02-21 18:25:46.262301", "rc": 0, "start": "2022-02-21 18:25:46.215079" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:25:46 +0000 (0:00:00.450) 0:00:27.339 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=32 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:25:46 +0000 (0:00:00.041) 0:00:27.381 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 5.00s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.26s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.28s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.70s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Gathering Facts --------------------------------------------------------- 2.06s /tmp/tmprte76fwa/tests/tests_provider.yml:2 ----------------------------------- set up internal repositories -------------------------------------------- 1.74s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ Ensure python3 is installed --------------------------------------------- 1.63s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.01s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 1.01s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Parse certificate ------------------------------------------------------- 0.74s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.69s /tmp/tmprte76fwa/tests/tests_provider.yml:13 ---------------------------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.53s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.47s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve auto-renew flag ------------------------------------------------ 0.45s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.39s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate SAN -------------------------------------------------- 0.08s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 ------------- Verify each certificate ------------------------------------------------- 0.06s /tmp/tmprte76fwa/tests/tests_provider.yml:27 ---------------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- Verify certificate file owner and group --------------------------------- 0.05s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 ------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_run_hooks.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:26:00 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:26:00 +0000 (0:00:00.037) 0:00:00.061 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:26:00 +0000 (0:00:00.035) 0:00:00.097 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:26:04 +0000 (0:00:03.258) 0:00:03.356 ******* =============================================================================== set up internal repositories -------------------------------------------- 3.26s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:2 Monday 21 February 2022 23:26:04 +0000 (0:00:00.024) 0:00:03.380 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:26:05 +0000 (0:00:00.995) 0:00:04.376 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:26:05 +0000 (0:00:00.055) 0:00:04.431 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:26:10 +0000 (0:00:04.932) 0:00:09.364 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:26:12 +0000 (0:00:02.776) 0:00:12.140 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:26:13 +0000 (0:00:00.624) 0:00:12.765 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:26:13 +0000 (0:00:00.442) 0:00:13.207 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.service system.slice network.target basic.target dbus.socket syslog.target systemd-journald.socket sysinit.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:26:15 +0000 (0:00:01.094) 0:00:14.302 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'run_before': u'touch /etc/pki/before_cert.tmp\n', u'ca': u'self-sign', u'name': u'mycert', u'dns': u'www.example.com', u'run_after': u'touch /etc/pki/after_cert.tmp\n'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n" } } MSG: Certificate requested (new). Pre/Post run hooks updated. META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:17 Monday 21 February 2022 23:26:16 +0000 (0:00:01.005) 0:00:15.307 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:31 Monday 21 February 2022 23:26:16 +0000 (0:00:00.752) 0:00:16.060 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:26:16 +0000 (0:00:00.062) 0:00:16.122 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:26:16 +0000 (0:00:00.020) 0:00:16.143 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:26:18 +0000 (0:00:01.799) 0:00:17.942 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:26:23 +0000 (0:00:04.460) 0:00:22.402 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:26:26 +0000 (0:00:03.268) 0:00:25.670 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485975.1506138, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "212de13775b2b92417a6d58fa43c71c8f56526f5", "ctime": 1645485975.1476138, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 16939417, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485975.1476138, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3089982972", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:26:27 +0000 (0:00:00.573) 0:00:26.244 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:26:27 +0000 (0:00:00.048) 0:00:26.293 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:26:27 +0000 (0:00:00.046) 0:00:26.339 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:26:27 +0000 (0:00:00.044) 0:00:26.384 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485975.086614, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "27f6d3315a77264600da26ebcb776b79c4be952d", "ctime": 1645485975.1476138, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484942, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485975.1476138, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1968479884", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:26:27 +0000 (0:00:00.413) 0:00:26.797 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:26:27 +0000 (0:00:00.044) 0:00:26.841 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:26:27 +0000 (0:00:00.048) 0:00:26.890 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.240739", "end": "2022-02-21 18:26:27.638676", "rc": 0, "start": "2022-02-21 18:26:27.397937" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "0F:BB:A7:56:6D:2D:6D:8C:CB:D2:09:8D:70:0E:84:45:33:D6:D3:EA", "critical": false }, "authorityKeyIdentifier": { "value": "E8:43:D9:C6:87:F3:CE:D8:BB:72:EC:57:0D:8E:19:95:64:F6:3C:B5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4B:1D:1E:30:B3:27:62:7E:FE:5C:4E:46:F6:49:61:FF:AC:10:51:1B:2B:15:E8:37:8C:D5:20:CC:2E:1A:F9:BA:58:B5:0A:52:DD:9A:41:9F:D0:5E:E8:2C:A8:F7:86:1B:4D:1D:7B:57:0C:C0:F2:4E:08:3E:0A:77:8A:6A:8D:3E:9E:5F:4F:27:AD:0F:B9:71:54:4D:E0:AC:17:BE:B5:DC:C2:D6:05:9B:D9:75:2F:88:30:D0:C9:12:9F:1D:B6:A9:46:F4:17:36:47:39:C6:28:03:28:3C:64:4E:0A:B8:84:AA:00:0E:6D:44:CF:04:62:93:CB:BC:04:59:1C:E0:CD:15:F9:A7:8A:C6:F5:80:F5:6D:A9:9F:BC:45:B7:DE:7F:B1:C5:E9:55:38:ED:F6:06:46:5B:05:5E:AC:CA:C2:86:7B:71:9B:4D:25:7B:A1:2E:F6:1C:59:C0:97:7B:57:BC:16:DD:1A:C1:CE:D9:27:52:08:81:DA:85:B2:9A:EE:48:9A:C8:C6:08:9D:B7:91:99:EC:CC:36:0C:D3:F4:D7:B6:90:CE:17:F6:75:04:9A:89:20:FF:B7:C6:AB:37:40:89:01:8C:53:39:E2:DE:99:89:D5:DE:7C:51:59:AF:D5:5A:DA:09:71:EC:2F:46:11:06:B4:C8:E7:33:0E:2D:3A:22" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:26:14", "not_valid_before": "2022-02-21 23:26:15" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:26:28 +0000 (0:00:00.740) 0:00:27.631 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "E8:43:D9:C6:87:F3:CE:D8:BB:72:EC:57:0D:8E:19:95:64:F6:3C:B5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "0F:BB:A7:56:6D:2D:6D:8C:CB:D2:09:8D:70:0E:84:45:33:D6:D3:EA" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "4B:1D:1E:30:B3:27:62:7E:FE:5C:4E:46:F6:49:61:FF:AC:10:51:1B:2B:15:E8:37:8C:D5:20:CC:2E:1A:F9:BA:58:B5:0A:52:DD:9A:41:9F:D0:5E:E8:2C:A8:F7:86:1B:4D:1D:7B:57:0C:C0:F2:4E:08:3E:0A:77:8A:6A:8D:3E:9E:5F:4F:27:AD:0F:B9:71:54:4D:E0:AC:17:BE:B5:DC:C2:D6:05:9B:D9:75:2F:88:30:D0:C9:12:9F:1D:B6:A9:46:F4:17:36:47:39:C6:28:03:28:3C:64:4E:0A:B8:84:AA:00:0E:6D:44:CF:04:62:93:CB:BC:04:59:1C:E0:CD:15:F9:A7:8A:C6:F5:80:F5:6D:A9:9F:BC:45:B7:DE:7F:B1:C5:E9:55:38:ED:F6:06:46:5B:05:5E:AC:CA:C2:86:7B:71:9B:4D:25:7B:A1:2E:F6:1C:59:C0:97:7B:57:BC:16:DD:1A:C1:CE:D9:27:52:08:81:DA:85:B2:9A:EE:48:9A:C8:C6:08:9D:B7:91:99:EC:CC:36:0C:D3:F4:D7:B6:90:CE:17:F6:75:04:9A:89:20:FF:B7:C6:AB:37:40:89:01:8C:53:39:E2:DE:99:89:D5:DE:7C:51:59:AF:D5:5A:DA:09:71:EC:2F:46:11:06:B4:C8:E7:33:0E:2D:3A:22" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-02-21 23:26:14", "not_valid_before": "2022-02-21 23:26:15" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:26:28 +0000 (0:00:00.043) 0:00:27.674 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:26:28 +0000 (0:00:00.044) 0:00:27.719 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:26:28 +0000 (0:00:00.043) 0:00:27.763 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:26:28 +0000 (0:00:00.043) 0:00:27.806 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:26:28 +0000 (0:00:00.047) 0:00:27.854 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:26:28 +0000 (0:00:00.047) 0:00:27.901 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.051644", "end": "2022-02-21 18:26:28.390019", "rc": 0, "start": "2022-02-21 18:26:28.338375" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:26:29 +0000 (0:00:00.467) 0:00:28.369 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:39 Monday 21 February 2022 23:26:29 +0000 (0:00:00.046) 0:00:28.415 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485975.1506138, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "212de13775b2b92417a6d58fa43c71c8f56526f5", "ctime": 1645485975.1476138, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 16939417, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645485975.1476138, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1294, "uid": 0, "version": "3089982972", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:43 Monday 21 February 2022 23:26:29 +0000 (0:00:00.411) 0:00:28.826 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485975.145614, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1645485975.145614, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484945, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1645485975.145614, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "3194699786", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:47 Monday 21 February 2022 23:26:29 +0000 (0:00:00.372) 0:00:29.199 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645485975.184614, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1645485975.184614, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484949, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1645485975.184614, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "1301291855", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Assert file created before cert] ***************************************** task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:51 Monday 21 February 2022 23:26:30 +0000 (0:00:00.372) 0:00:29.572 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Assert file created after cert] ****************************************** task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:58 Monday 21 February 2022 23:26:30 +0000 (0:00:00.045) 0:00:29.617 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Get the ansible_managed comment in pre/post-scripts] ********************* task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:66 Monday 21 February 2022 23:26:30 +0000 (0:00:00.043) 0:00:29.660 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "find", "/etc/certmonger/pre-scripts", "/etc/certmonger/post-scripts", "-type", "f", "-exec", "grep", "^# Ansible managed", "{}", ";" ], "delta": "0:00:00.005622", "end": "2022-02-21 18:26:30.073839", "rc": 0, "start": "2022-02-21 18:26:30.068217" } STDOUT: # Ansible managed # Ansible managed TASK [Verify the ansible_managed comment in pre/post-scripts] ****************** task path: /tmp/tmprte76fwa/tests/tests_run_hooks.yml:72 Monday 21 February 2022 23:26:30 +0000 (0:00:00.390) 0:00:30.051 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=39 changed=11 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:26:30 +0000 (0:00:00.039) 0:00:30.090 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.93s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.46s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.27s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- set up internal repositories -------------------------------------------- 3.26s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ linux-system-roles.certificate : Ensure provider packages are installed --- 2.78s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Ensure python3 is installed --------------------------------------------- 1.80s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.09s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 1.01s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Gathering Facts --------------------------------------------------------- 1.00s /tmp/tmprte76fwa/tests/tests_run_hooks.yml:2 ---------------------------------- Gathering Facts --------------------------------------------------------- 0.75s /tmp/tmprte76fwa/tests/tests_run_hooks.yml:17 --------------------------------- Parse certificate ------------------------------------------------------- 0.74s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.62s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.57s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.47s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.44s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.41s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- Get certificate timestamp ----------------------------------------------- 0.41s /tmp/tmprte76fwa/tests/tests_run_hooks.yml:39 --------------------------------- Get the ansible_managed comment in pre/post-scripts --------------------- 0.39s /tmp/tmprte76fwa/tests/tests_run_hooks.yml:66 --------------------------------- Get post-run file timestamp --------------------------------------------- 0.37s /tmp/tmprte76fwa/tests/tests_run_hooks.yml:47 --------------------------------- Get pre-run file timestamp ---------------------------------------------- 0.37s /tmp/tmprte76fwa/tests/tests_run_hooks.yml:43 --------------------------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_subject.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:26:45 +0000 (0:00:00.023) 0:00:00.023 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:26:45 +0000 (0:00:00.039) 0:00:00.063 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:26:45 +0000 (0:00:00.039) 0:00:00.103 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:26:48 +0000 (0:00:02.310) 0:00:02.413 ******* =============================================================================== set up internal repositories -------------------------------------------- 2.31s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_subject.yml:2 Monday 21 February 2022 23:26:48 +0000 (0:00:00.021) 0:00:02.434 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:26:50 +0000 (0:00:01.892) 0:00:04.327 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:26:50 +0000 (0:00:00.055) 0:00:04.382 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:26:54 +0000 (0:00:04.793) 0:00:09.176 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:26:57 +0000 (0:00:02.833) 0:00:12.009 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:26:58 +0000 (0:00:00.557) 0:00:12.567 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:26:58 +0000 (0:00:00.444) 0:00:13.012 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket dbus.socket sysinit.target basic.target system.slice syslog.target dbus.service network.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:26:59 +0000 (0:00:01.057) 0:00:14.069 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'name': u'mycert', u'locality': u'Raleigh', u'country': u'US', u'ca': u'self-sign', u'state': u'NC', u'organizational_unit': u'Linux', u'dns': u'www.example.com', u'common_name': u'Some other common name', u'organization': u'Red Hat'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_subject.yml:19 Monday 21 February 2022 23:27:00 +0000 (0:00:01.014) 0:00:15.083 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_subject.yml:48 Monday 21 February 2022 23:27:01 +0000 (0:00:00.689) 0:00:15.773 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:27:01 +0000 (0:00:00.073) 0:00:15.846 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:27:01 +0000 (0:00:00.019) 0:00:15.866 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:27:03 +0000 (0:00:01.845) 0:00:17.711 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:27:07 +0000 (0:00:04.209) 0:00:21.921 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:27:10 +0000 (0:00:03.197) 0:00:25.119 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645486020.7584753, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "7e2feaa0ee63c1c3ccbb441535ba1c19de661625", "ctime": 1645486020.7564754, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 16939450, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645486020.7564754, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1411, "uid": 0, "version": "2007333353", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:27:11 +0000 (0:00:00.557) 0:00:25.676 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:27:11 +0000 (0:00:00.048) 0:00:25.724 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:27:11 +0000 (0:00:00.054) 0:00:25.778 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:27:11 +0000 (0:00:00.050) 0:00:25.828 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645486020.7074754, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "99fa037ecefca1454788c14e21a6e2a6040dc3ba", "ctime": 1645486020.7544754, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484938, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645486020.7544754, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2593468705", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:27:12 +0000 (0:00:00.428) 0:00:26.257 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:27:12 +0000 (0:00:00.049) 0:00:26.307 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:27:12 +0000 (0:00:00.050) 0:00:26.357 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.238720", "end": "2022-02-21 18:27:13.025907", "rc": 0, "start": "2022-02-21 18:27:12.787187" } STDOUT: { "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "0E:11:5F:82:B5:C6:39:79:B8:5D:44:D9:E7:C0:C9:6B:48:8A:CE:0D", "critical": false }, "authorityKeyIdentifier": { "value": "1B:78:FD:A8:D6:A3:9E:08:C4:21:BC:6C:39:90:8D:75:1C:D7:C5:E5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "63:64:22:90:5A:13:93:9F:E6:A5:33:E3:33:B2:F1:5A:46:6E:99:21:53:36:C8:5B:29:C0:2F:78:58:B7:AA:23:9A:BA:16:5F:4D:90:06:00:A2:07:66:DD:0A:1C:52:2A:EA:F3:7E:BB:83:10:AF:E5:35:D0:A5:F0:D0:34:EE:97:E1:29:74:A0:5B:95:B1:99:F7:5B:7E:30:92:8D:DF:43:F2:51:5F:82:EF:D3:FE:05:42:95:46:E1:B2:05:42:54:AF:83:96:AC:72:59:F9:16:73:3F:FB:0E:A2:C3:66:FA:1F:DD:8A:1F:7C:E1:1D:35:04:A9:10:A8:4C:0B:E1:E4:4E:10:B9:72:00:F0:BC:A9:96:CB:DB:AB:02:AF:1E:E2:F3:7D:51:0F:88:60:D1:46:24:16:B2:31:7C:C0:A6:69:86:B3:A1:37:0D:12:C8:4A:BB:6F:48:34:A8:68:B5:FA:38:03:B9:24:AE:EC:36:5F:69:3A:60:F2:F8:38:BA:B1:4F:5E:B5:EA:41:AA:14:CD:D5:27:58:66:40:FB:C3:11:21:82:D7:D4:20:74:A0:08:ED:84:9C:A5:FF:57:C7:F8:A6:12:1C:99:90:F5:D7:03:D8:BD:A1:38:16:DE:18:23:8C:7A:A8:91:F4:88:9D:01:1F:0C:63:A9:02:27:E6:37" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:26:59", "not_valid_before": "2022-02-21 23:27:00" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:27:12 +0000 (0:00:00.779) 0:00:27.136 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "1B:78:FD:A8:D6:A3:9E:08:C4:21:BC:6C:39:90:8D:75:1C:D7:C5:E5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "0E:11:5F:82:B5:C6:39:79:B8:5D:44:D9:E7:C0:C9:6B:48:8A:CE:0D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "63:64:22:90:5A:13:93:9F:E6:A5:33:E3:33:B2:F1:5A:46:6E:99:21:53:36:C8:5B:29:C0:2F:78:58:B7:AA:23:9A:BA:16:5F:4D:90:06:00:A2:07:66:DD:0A:1C:52:2A:EA:F3:7E:BB:83:10:AF:E5:35:D0:A5:F0:D0:34:EE:97:E1:29:74:A0:5B:95:B1:99:F7:5B:7E:30:92:8D:DF:43:F2:51:5F:82:EF:D3:FE:05:42:95:46:E1:B2:05:42:54:AF:83:96:AC:72:59:F9:16:73:3F:FB:0E:A2:C3:66:FA:1F:DD:8A:1F:7C:E1:1D:35:04:A9:10:A8:4C:0B:E1:E4:4E:10:B9:72:00:F0:BC:A9:96:CB:DB:AB:02:AF:1E:E2:F3:7D:51:0F:88:60:D1:46:24:16:B2:31:7C:C0:A6:69:86:B3:A1:37:0D:12:C8:4A:BB:6F:48:34:A8:68:B5:FA:38:03:B9:24:AE:EC:36:5F:69:3A:60:F2:F8:38:BA:B1:4F:5E:B5:EA:41:AA:14:CD:D5:27:58:66:40:FB:C3:11:21:82:D7:D4:20:74:A0:08:ED:84:9C:A5:FF:57:C7:F8:A6:12:1C:99:90:F5:D7:03:D8:BD:A1:38:16:DE:18:23:8C:7A:A8:91:F4:88:9D:01:1F:0C:63:A9:02:27:E6:37" }, "subject": [ { "name": "countryName", "oid": "2.5.4.6", "value": "US" }, { "name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC" }, { "name": "localityName", "oid": "2.5.4.7", "value": "Raleigh" }, { "name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat" }, { "name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux" }, { "name": "commonName", "oid": "2.5.4.3", "value": "Some other common name" } ], "validity": { "not_valid_after": "2023-02-21 23:26:59", "not_valid_before": "2022-02-21 23:27:00" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:27:12 +0000 (0:00:00.045) 0:00:27.182 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:27:12 +0000 (0:00:00.050) 0:00:27.233 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:27:13 +0000 (0:00:00.047) 0:00:27.280 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:27:13 +0000 (0:00:00.045) 0:00:27.326 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:27:13 +0000 (0:00:00.045) 0:00:27.371 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:27:13 +0000 (0:00:00.048) 0:00:27.419 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.047804", "end": "2022-02-21 18:27:13.783788", "rc": 0, "start": "2022-02-21 18:27:13.735984" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:27:13 +0000 (0:00:00.467) 0:00:27.887 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=32 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:27:13 +0000 (0:00:00.041) 0:00:27.928 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.79s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.21s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 3.20s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.83s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - set up internal repositories -------------------------------------------- 2.31s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ Gathering Facts --------------------------------------------------------- 1.89s /tmp/tmprte76fwa/tests/tests_subject.yml:2 ------------------------------------ Ensure python3 is installed --------------------------------------------- 1.85s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 1.01s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Parse certificate ------------------------------------------------------- 0.78s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.69s /tmp/tmprte76fwa/tests/tests_subject.yml:19 ----------------------------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.56s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.56s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.47s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.44s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.43s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify each certificate ------------------------------------------------- 0.07s /tmp/tmprte76fwa/tests/tests_subject.yml:48 ----------------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- Verify certificate file owner and group --------------------------------- 0.05s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify certificate subject ---------------------------------------------- 0.05s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 ------------- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_subject_complex.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:27:28 +0000 (0:00:00.024) 0:00:00.024 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:27:28 +0000 (0:00:00.038) 0:00:00.062 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:27:28 +0000 (0:00:00.039) 0:00:00.102 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:27:31 +0000 (0:00:03.276) 0:00:03.378 ******* =============================================================================== set up internal repositories -------------------------------------------- 3.28s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmprte76fwa/tests/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_subject_complex.yml:2 Monday 21 February 2022 23:27:31 +0000 (0:00:00.021) 0:00:03.399 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:27:32 +0000 (0:00:01.094) 0:00:04.494 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:27:32 +0000 (0:00:00.057) 0:00:04.552 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:27:37 +0000 (0:00:04.866) 0:00:09.418 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "rc": 0, "results": [ "Installed: certmonger-0.79.13-5.el8.x86_64", "Installed: nspr-4.32.0-1.el8_4.x86_64", "Installed: xmlrpc-c-1.51.0-5.el8.x86_64", "Installed: nss-3.67.0-7.el8_5.x86_64", "Installed: xmlrpc-c-client-1.51.0-5.el8.x86_64", "Installed: nss-softokn-3.67.0-7.el8_5.x86_64", "Installed: nss-softokn-freebl-3.67.0-7.el8_5.x86_64", "Installed: nss-sysinit-3.67.0-7.el8_5.x86_64", "Installed: nss-util-3.67.0-7.el8_5.x86_64" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:27:40 +0000 (0:00:02.861) 0:00:12.280 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:27:41 +0000 (0:00:00.582) 0:00:12.862 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:27:41 +0000 (0:00:00.432) 0:00:13.295 ******* changed: [/cache/rhel-8-y.qcow2] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.service syslog.target basic.target dbus.socket sysinit.target system.slice systemd-journald.socket network.target", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUAffinity": "", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "0", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "14649", "LimitNPROCSoft": "14649", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14649", "LimitSIGPENDINGSoft": "14649", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus.service", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "23438", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:27:42 +0000 (0:00:01.020) 0:00:14.315 ******* changed: [/cache/rhel-8-y.qcow2] => (item={u'common_name': u'# \\\\Every"thing+that,ne;edsing\\0 ', u'ca': u'self-sign', u'contact_email': u'admin@example.com', u'name': u'mycert', u'dns': u'www.example.com'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert" } } MSG: Certificate requested (new). META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_subject_complex.yml:16 Monday 21 February 2022 23:27:43 +0000 (0:00:00.967) 0:00:15.283 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmprte76fwa/tests/tests_subject_complex.yml:36 Monday 21 February 2022 23:27:44 +0000 (0:00:00.707) 0:00:15.990 ******* included: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml for /cache/rhel-8-y.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:2 Monday 21 February 2022 23:27:44 +0000 (0:00:00.066) 0:00:16.056 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 Monday 21 February 2022 23:27:44 +0000 (0:00:00.047) 0:00:16.104 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64", "Installed: python3-setuptools-39.2.0-6.el8.noarch", "Installed: python3-pip-9.0.3-22.el8.noarch" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 Monday 21 February 2022 23:27:46 +0000 (0:00:01.736) 0:00:17.840 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) Installing collected packages: pip Found existing installation: pip 9.0.3 Uninstalling pip-9.0.3: Successfully uninstalled pip-9.0.3 Successfully installed pip-21.3.1 STDERR: You are using pip version 21.3.1, however version 22.0.3 is available. You should consider upgrading via the 'pip install --upgrade pip' command. TASK [Install certreader] ****************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 Monday 21 February 2022 23:27:50 +0000 (0:00:04.227) 0:00:22.067 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Collecting cryptography<35 Downloading cryptography-3.4.8-cp36-abi3-manylinux_2_24_x86_64.whl (3.0 MB) Collecting certreader>=0.1.1 Downloading certreader-0.1.1.tar.gz (4.4 kB) Preparing metadata (setup.py): started Preparing metadata (setup.py): finished with status 'done' Collecting cffi>=1.12 Downloading cffi-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (405 kB) Collecting pyasn1 Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB) Collecting pyyaml Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB) Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) Using legacy 'setup.py install' for certreader, since package 'wheel' is not installed. Installing collected packages: pycparser, cffi, pyyaml, pyasn1, cryptography, certreader Running setup.py install for certreader: started Running setup.py install for certreader: finished with status 'done' Successfully installed certreader-0.1.1 cffi-1.15.0 cryptography-3.4.8 pyasn1-0.4.8 pycparser-2.21 pyyaml-6.0 TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 Monday 21 February 2022 23:27:53 +0000 (0:00:03.201) 0:00:25.269 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645486063.3110964, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e67701932b31c9573c3baa1364ae0d64fa14d9a9", "ctime": 1645486063.3080964, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 17499471, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645486063.3080964, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1375, "uid": 0, "version": "3470143391", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:31 Monday 21 February 2022 23:27:54 +0000 (0:00:00.548) 0:00:25.817 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 Monday 21 February 2022 23:27:54 +0000 (0:00:00.048) 0:00:25.866 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:49 Monday 21 February 2022 23:27:54 +0000 (0:00:00.069) 0:00:25.936 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 Monday 21 February 2022 23:27:54 +0000 (0:00:00.048) 0:00:25.984 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "stat": { "atime": 1645486063.2610965, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6fb133a40f3201ae835c4ee6e73ccceacf76d929", "ctime": 1645486063.3080964, "dev": 64515, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 26484941, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1645486063.3080964, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "4121497214", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:60 Monday 21 February 2022 23:27:54 +0000 (0:00:00.410) 0:00:26.394 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:66 Monday 21 February 2022 23:27:54 +0000 (0:00:00.049) 0:00:26.443 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 Monday 21 February 2022 23:27:54 +0000 (0:00:00.053) 0:00:26.497 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt" ], "delta": "0:00:00.235800", "end": "2022-02-21 18:27:55.464186", "rc": 0, "start": "2022-02-21 18:27:55.228386" } STDOUT: { "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "28:22:52:B5:BD:F6:C4:B1:22:8E:60:12:22:CF:F0:B7:89:6D:CD:8D", "critical": false }, "authorityKeyIdentifier": { "value": "F0:88:01:8C:63:62:B1:4D:BB:7B:65:D6:E5:0D:70:66:E7:C8:11:46", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "69:D1:A4:76:B8:FF:84:20:F2:09:68:9F:A2:74:C1:B7:9B:E5:21:0C:9B:7C:3D:1A:BA:01:A1:1F:14:CC:9E:BA:94:1C:C0:F9:75:D2:97:1E:D7:6B:72:1E:B0:CC:AE:7D:CD:DE:6A:80:50:41:B4:C3:51:A8:E4:46:91:F9:74:DB:C4:BE:9C:37:D8:CB:2E:6C:ED:5A:E5:96:AC:F6:64:CB:73:7A:68:17:43:EE:AC:45:E4:3B:07:02:5A:76:10:16:10:23:58:77:06:6E:B9:36:90:97:A8:CA:7F:5F:2A:5A:47:46:F6:0A:A6:DA:84:D9:D1:AA:A0:C5:C1:C8:56:D2:D3:63:25:AA:74:E6:3A:0A:3C:39:27:BB:6F:8E:F0:4F:80:7D:DC:06:BE:59:C5:62:50:C1:BA:8E:4C:20:C8:BF:CD:35:EA:B2:51:36:D0:3D:EC:9F:D4:88:08:36:F7:DC:D8:33:7C:2E:43:EC:32:1F:FF:76:42:D6:65:EC:5F:BF:C0:94:17:26:72:5D:79:98:07:76:F4:D7:8C:C6:10:B2:06:88:AD:67:8F:86:10:06:2D:B2:32:73:7E:91:69:3C:F3:D0:71:8A:42:7B:BF:6F:88:E6:91:BA:0E:11:5A:B7:58:1C:25:40:7E:EE:09:74:D4:51:4C:FE:46:59:93:47" }, "key_size": 2048, "validity": { "not_valid_after": "2023-02-21 23:27:42", "not_valid_before": "2022-02-21 23:27:43" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:83 Monday 21 February 2022 23:27:55 +0000 (0:00:00.772) 0:00:27.269 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "F0:88:01:8C:63:62:B1:4D:BB:7B:65:D6:E5:0D:70:66:E7:C8:11:46" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "28:22:52:B5:BD:F6:C4:B1:22:8E:60:12:22:CF:F0:B7:89:6D:CD:8D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "69:D1:A4:76:B8:FF:84:20:F2:09:68:9F:A2:74:C1:B7:9B:E5:21:0C:9B:7C:3D:1A:BA:01:A1:1F:14:CC:9E:BA:94:1C:C0:F9:75:D2:97:1E:D7:6B:72:1E:B0:CC:AE:7D:CD:DE:6A:80:50:41:B4:C3:51:A8:E4:46:91:F9:74:DB:C4:BE:9C:37:D8:CB:2E:6C:ED:5A:E5:96:AC:F6:64:CB:73:7A:68:17:43:EE:AC:45:E4:3B:07:02:5A:76:10:16:10:23:58:77:06:6E:B9:36:90:97:A8:CA:7F:5F:2A:5A:47:46:F6:0A:A6:DA:84:D9:D1:AA:A0:C5:C1:C8:56:D2:D3:63:25:AA:74:E6:3A:0A:3C:39:27:BB:6F:8E:F0:4F:80:7D:DC:06:BE:59:C5:62:50:C1:BA:8E:4C:20:C8:BF:CD:35:EA:B2:51:36:D0:3D:EC:9F:D4:88:08:36:F7:DC:D8:33:7C:2E:43:EC:32:1F:FF:76:42:D6:65:EC:5F:BF:C0:94:17:26:72:5D:79:98:07:76:F4:D7:8C:C6:10:B2:06:88:AD:67:8F:86:10:06:2D:B2:32:73:7E:91:69:3C:F3:D0:71:8A:42:7B:BF:6F:88:E6:91:BA:0E:11:5A:B7:58:1C:25:40:7E:EE:09:74:D4:51:4C:FE:46:59:93:47" }, "subject": [ { "name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com" }, { "name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 " } ], "validity": { "not_valid_after": "2023-02-21 23:27:42", "not_valid_before": "2022-02-21 23:27:43" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:87 Monday 21 February 2022 23:27:55 +0000 (0:00:00.051) 0:00:27.320 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:96 Monday 21 February 2022 23:27:55 +0000 (0:00:00.052) 0:00:27.373 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:105 Monday 21 February 2022 23:27:55 +0000 (0:00:00.051) 0:00:27.425 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 Monday 21 February 2022 23:27:55 +0000 (0:00:00.049) 0:00:27.474 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:125 Monday 21 February 2022 23:27:55 +0000 (0:00:00.125) 0:00:27.599 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 Monday 21 February 2022 23:27:55 +0000 (0:00:00.051) 0:00:27.651 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.048809", "end": "2022-02-21 18:27:56.373820", "rc": 0, "start": "2022-02-21 18:27:56.325011" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:150 Monday 21 February 2022 23:27:56 +0000 (0:00:00.519) 0:00:28.171 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=32 changed=10 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:27:56 +0000 (0:00:00.044) 0:00:28.215 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.87s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - Install the package, force upgrade -------------------------------------- 4.23s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:11 ------------- set up internal repositories -------------------------------------------- 3.28s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ Install certreader ------------------------------------------------------ 3.20s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:18 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 2.86s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - Ensure python3 is installed --------------------------------------------- 1.74s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:6 -------------- Gathering Facts --------------------------------------------------------- 1.10s /tmp/tmprte76fwa/tests/tests_subject_complex.yml:2 ---------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 1.02s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate requests ------------ 0.97s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Parse certificate ------------------------------------------------------- 0.77s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:78 ------------- Gathering Facts --------------------------------------------------------- 0.71s /tmp/tmprte76fwa/tests/tests_subject_complex.yml:16 --------------------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.58s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - Retrieve certificate file stats ----------------------------------------- 0.55s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:26 ------------- Retrieve auto-renew flag ------------------------------------------------ 0.52s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:141 ------------ linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.43s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - Retrieve key file stats ------------------------------------------------- 0.41s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:55 ------------- Verify certificate Key Usage -------------------------------------------- 0.13s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:112 ------------ Verify certificate file owner and group --------------------------------- 0.07s /tmp/tmprte76fwa/tests/tasks/assert_certificate_parameters.yml:37 ------------- Verify each certificate ------------------------------------------------- 0.07s /tmp/tmprte76fwa/tests/tests_subject_complex.yml:36 --------------------------- linux-system-roles.certificate : Set version specific variables --------- 0.06s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- + cd /tmp/tmprte76fwa/tests; TEST_SUBJECTS=/cache/rhel-8-y.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-115-ec6e2d0-rhel-8-y-juz2pivh/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 --skip-tags=tests::cleanup,tests::nvme /tmp/tmprte76fwa/_setup.yml /tmp/tmprte76fwa/tests/tests_wrong_provider.yml ansible-playbook 2.9.27 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 2.7.5 (default, Aug 13 2020, 02:51:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] Using /etc/ansible/ansible.cfg as config file [ERROR]: GNU xorriso 1.4.8 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Local character set is now assumed as: 'utf-8' Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: _setup.yml *********************************************************** 2 plays in /tmp/tmprte76fwa/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmprte76fwa/_setup.yml:5 Monday 21 February 2022 23:28:11 +0000 (0:00:00.024) 0:00:00.024 ******* ok: [/cache/rhel-8-y.qcow2] => { "groups": { "all": [ "/cache/rhel-8-y.qcow2" ], "localhost": [ "/cache/rhel-8-y.qcow2" ], "subjects": [ "/cache/rhel-8-y.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmprte76fwa/_setup.yml:7 Monday 21 February 2022 23:28:11 +0000 (0:00:00.037) 0:00:00.061 ******* skipping: [/cache/rhel-8-y.qcow2] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers META: ran handlers PLAY [Setup repos] ************************************************************* META: ran handlers TASK [set up internal repositories] ******************************************** task path: /tmp/tmprte76fwa/_setup.yml:16 Monday 21 February 2022 23:28:11 +0000 (0:00:00.037) 0:00:00.098 ******* changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => (item=None) => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } changed: [/cache/rhel-8-y.qcow2] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Monday 21 February 2022 23:28:13 +0000 (0:00:02.807) 0:00:02.906 ******* =============================================================================== set up internal repositories -------------------------------------------- 2.81s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 ------------------------------------------------- PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmprte76fwa/tests/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmprte76fwa/tests/tests_wrong_provider.yml:2 Monday 21 February 2022 23:28:13 +0000 (0:00:00.023) 0:00:02.929 ******* ok: [/cache/rhel-8-y.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Monday 21 February 2022 23:28:15 +0000 (0:00:01.221) 0:00:04.151 ******* ok: [/cache/rhel-8-y.qcow2] => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python3-pyasn1", "python3-cryptography", "python3-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/vars/default.yml" ], "changed": false } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 Monday 21 February 2022 23:28:15 +0000 (0:00:00.054) 0:00:04.205 ******* changed: [/cache/rhel-8-y.qcow2] => { "changed": true, "rc": 0, "results": [ "Installed: python3-pyasn1-0.3.7-6.el8.noarch" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 Monday 21 February 2022 23:28:20 +0000 (0:00:04.839) 0:00:09.044 ******* skipping: [/cache/rhel-8-y.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 Monday 21 February 2022 23:28:20 +0000 (0:00:00.052) 0:00:09.097 ******* skipping: [/cache/rhel-8-y.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 Monday 21 February 2022 23:28:20 +0000 (0:00:00.044) 0:00:09.142 ******* skipping: [/cache/rhel-8-y.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Monday 21 February 2022 23:28:20 +0000 (0:00:00.046) 0:00:09.188 ******* skipping: [/cache/rhel-8-y.qcow2] => (item=fake-provider) => { "__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 Monday 21 February 2022 23:28:20 +0000 (0:00:00.048) 0:00:09.236 ******* failed: [/cache/rhel-8-y.qcow2] (item={u'ca': u'self-sign', u'name': u'mycert', u'dns': u'www.example.com', u'provider': u'fake-provider'}) => { "ansible_loop_var": "item", "changed": false, "item": { "ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "fake-provider" } } MSG: Chosen provider 'fake-provider' is not available. TASK [assert...] *************************************************************** task path: /tmp/tmprte76fwa/tests/tests_wrong_provider.yml:22 Monday 21 February 2022 23:28:20 +0000 (0:00:00.693) 0:00:09.930 ******* ok: [/cache/rhel-8-y.qcow2] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/rhel-8-y.qcow2 : ok=6 changed=2 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0 Monday 21 February 2022 23:28:21 +0000 (0:00:00.041) 0:00:09.972 ******* =============================================================================== linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 4.84s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:17 - set up internal repositories -------------------------------------------- 2.81s /tmp/tmprte76fwa/_setup.yml:16 ------------------------------------------------ Gathering Facts --------------------------------------------------------- 1.22s /tmp/tmprte76fwa/tests/tests_wrong_provider.yml:2 ----------------------------- linux-system-roles.certificate : Ensure certificate requests ------------ 0.69s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:112 linux-system-roles.certificate : Set version specific variables --------- 0.05s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 -- linux-system-roles.certificate : Ensure provider packages are installed --- 0.05s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:34 - linux-system-roles.certificate : Ensure provider service is running ----- 0.05s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.05s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:71 - linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.04s /tmp/tmprte76fwa/tests/roles/linux-system-roles.certificate/tasks/main.yml:45 - assert... --------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/tests/tests_wrong_provider.yml:22 ---------------------------- debug ------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:5 ------------------------------------------------- fail -------------------------------------------------------------------- 0.04s /tmp/tmprte76fwa/_setup.yml:7 -------------------------------------------------