ansible-playbook [core 2.12.6] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpy2gf3dq8 executable location = /usr/bin/ansible-playbook python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:2 Wednesday 06 July 2022 23:22:48 +0000 (0:00:00.012) 0:00:00.012 ******** ok: [/cache/fedora-36.qcow2.snap] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:5 Wednesday 06 July 2022 23:22:49 +0000 (0:00:01.123) 0:00:01.136 ******** changed: [/cache/fedora-36.qcow2.snap] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:9 Wednesday 06 July 2022 23:22:50 +0000 (0:00:00.815) 0:00:01.951 ******** changed: [/cache/fedora-36.qcow2.snap] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:13 Wednesday 06 July 2022 23:22:50 +0000 (0:00:00.724) 0:00:02.676 ******** ok: [/cache/fedora-36.qcow2.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Wednesday 06 July 2022 23:22:51 +0000 (0:00:00.776) 0:00:03.452 ******** included: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/fedora-36.qcow2.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Wednesday 06 July 2022 23:22:51 +0000 (0:00:00.025) 0:00:03.478 ******** ok: [/cache/fedora-36.qcow2.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Wednesday 06 July 2022 23:22:52 +0000 (0:00:00.528) 0:00:04.006 ******** skipping: [/cache/fedora-36.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-36.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-36.qcow2.snap] => (item=Fedora_36.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_36.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-36.qcow2.snap] => (item=Fedora_36.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_36.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Wednesday 06 July 2022 23:22:52 +0000 (0:00:00.037) 0:00:04.044 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Wednesday 06 July 2022 23:22:54 +0000 (0:00:01.899) 0:00:05.943 ******** ok: [/cache/fedora-36.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Wednesday 06 July 2022 23:22:55 +0000 (0:00:01.801) 0:00:07.745 ******** ok: [/cache/fedora-36.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 0, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Wednesday 06 July 2022 23:22:56 +0000 (0:00:00.530) 0:00:08.275 ******** ok: [/cache/fedora-36.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 0, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Wednesday 06 July 2022 23:22:56 +0000 (0:00:00.409) 0:00:08.685 ******** ok: [/cache/fedora-36.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Wed 2022-07-06 23:17:45 UTC", "ActiveEnterTimestampMonotonic": "213660433", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "sysinit.target systemd-journald.socket basic.target dbus.socket network.target system.slice dbus-broker.service syslog.target", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Wed 2022-07-06 23:17:45 UTC", "AssertTimestampMonotonic": "213648024", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "44186133000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2022-07-06 23:17:45 UTC", "ConditionTimestampMonotonic": "213648022", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6744", "ExecMainStartTimestamp": "Wed 2022-07-06 23:17:45 UTC", "ExecMainStartTimestampMonotonic": "213649397", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2022-07-06 23:17:45 UTC", "InactiveExitTimestampMonotonic": "213649980", "InvocationID": "cb854aa806d149ff883eec765d1c0f42", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15524", "LimitNPROCSoft": "15524", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15524", "LimitSIGPENDINGSoft": "15524", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6744", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "2760704", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2022-07-06 23:21:36 UTC", "StateChangeTimestampMonotonic": "444501790", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Wednesday 06 July 2022 23:22:57 +0000 (0:00:00.798) 0:00:09.483 ******** changed: [/cache/fedora-36.qcow2.snap] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/fedora-36.qcow2.snap] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-36.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:31 Wednesday 06 July 2022 23:22:59 +0000 (0:00:02.053) 0:00:11.537 ******** ok: [/cache/fedora-36.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:60 Wednesday 06 July 2022 23:23:00 +0000 (0:00:00.804) 0:00:12.341 ******** included: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-36.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_fs_attrs.crt', 'key_path': '/etc/pki/tls/private/mycert_fs_attrs.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'}) included: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml for /cache/fedora-36.qcow2.snap => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 23:23:00 +0000 (0:00:00.048) 0:00:12.390 ******** ok: [/cache/fedora-36.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 23:23:00 +0000 (0:00:00.027) 0:00:12.418 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 23:23:02 +0000 (0:00:01.836) 0:00:14.254 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.10/site-packages (22.1.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 23:23:03 +0000 (0:00:01.176) 0:00:15.431 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.10/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.10/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.10/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.10/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.10/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.10/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 23:23:04 +0000 (0:00:00.875) 0:00:16.307 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "stat": { "atime": 1657149777.9743924, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "cb1c98c8e02155134e7222ab681fc99d8d8af739", "ctime": 1657149778.0983922, "dev": 31, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 60365, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1657149777.9713924, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "68", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 23:23:04 +0000 (0:00:00.523) 0:00:16.830 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 23:23:04 +0000 (0:00:00.031) 0:00:16.861 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 23:23:05 +0000 (0:00:00.043) 0:00:16.905 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 23:23:05 +0000 (0:00:00.041) 0:00:16.947 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "stat": { "atime": 1657149777.9133923, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f87ef0192693b535b2483b6e40fb0811850a4022", "ctime": 1657149778.0983922, "dev": 31, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 60352, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1657149777.9713924, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "68", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 23:23:05 +0000 (0:00:00.384) 0:00:17.332 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 23:23:05 +0000 (0:00:00.031) 0:00:17.363 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 23:23:05 +0000 (0:00:00.044) 0:00:17.408 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_fs_attrs.crt" ], "delta": "0:00:00.208345", "end": "2022-07-06 23:23:05.649812", "rc": 0, "start": "2022-07-06 23:23:05.441467" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "01:FE:4D:10:52:C4:5C:43:AF:FE:34:9C:07:49:C0:F4:E7:09:A2:3D", "critical": false }, "authorityKeyIdentifier": { "value": "D9:69:C3:F9:77:BD:82:02:43:29:A8:70:BD:5C:3C:FA:BB:39:29:3B", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "35:E2:24:57:BC:30:9C:39:90:D4:08:10:35:87:22:07:BC:7E:26:77:4E:2D:CB:CB:C8:C0:FC:84:05:77:C9:38:13:9C:3A:89:36:7E:A5:7B:D9:7C:2E:3A:A0:4F:C1:4A:26:BD:36:24:EC:86:AF:27:BF:9E:8B:BA:BE:B2:EE:A3:45:C5:C8:10:6E:4D:B0:1E:52:E5:5E:25:27:1B:1D:E5:BB:A7:E4:6A:58:1E:95:25:3B:FA:3D:F0:E9:F7:88:DD:3B:F8:50:02:E3:70:74:8E:BB:59:8D:8C:27:42:53:2A:FC:2F:1D:D3:82:00:18:52:09:32:75:42:92:47:ED:B6:CE:3F:2E:EE:8D:05:FA:FF:8D:28:A6:CD:C1:DC:97:13:BE:1F:04:4B:84:21:82:65:B9:AB:33:33:A1:28:03:DA:16:74:B3:5F:39:32:10:B1:58:8C:E2:84:F9:9E:7C:9D:C2:A1:2B:EA:E3:66:6C:62:A5:46:F8:0E:C7:87:18:93:D2:75:F4:E6:0C:53:27:8C:13:59:55:8E:11:C2:0B:7D:56:D6:4F:25:55:2F:A2:55:74:05:B3:F9:7B:C4:8D:8E:E2:BC:2A:7B:79:34:8D:2D:BD:4B:53:D2:43:8D:BE:40:A7:AE:AD:F2:B3:A6:3D:0F:51:D3:00:B1:AB:04:20:B8" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 23:17:45", "not_valid_before": "2022-07-06 23:22:57" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.717) 0:00:18.125 ******** ok: [/cache/fedora-36.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "D9:69:C3:F9:77:BD:82:02:43:29:A8:70:BD:5C:3C:FA:BB:39:29:3B" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "01:FE:4D:10:52:C4:5C:43:AF:FE:34:9C:07:49:C0:F4:E7:09:A2:3D" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "35:E2:24:57:BC:30:9C:39:90:D4:08:10:35:87:22:07:BC:7E:26:77:4E:2D:CB:CB:C8:C0:FC:84:05:77:C9:38:13:9C:3A:89:36:7E:A5:7B:D9:7C:2E:3A:A0:4F:C1:4A:26:BD:36:24:EC:86:AF:27:BF:9E:8B:BA:BE:B2:EE:A3:45:C5:C8:10:6E:4D:B0:1E:52:E5:5E:25:27:1B:1D:E5:BB:A7:E4:6A:58:1E:95:25:3B:FA:3D:F0:E9:F7:88:DD:3B:F8:50:02:E3:70:74:8E:BB:59:8D:8C:27:42:53:2A:FC:2F:1D:D3:82:00:18:52:09:32:75:42:92:47:ED:B6:CE:3F:2E:EE:8D:05:FA:FF:8D:28:A6:CD:C1:DC:97:13:BE:1F:04:4B:84:21:82:65:B9:AB:33:33:A1:28:03:DA:16:74:B3:5F:39:32:10:B1:58:8C:E2:84:F9:9E:7C:9D:C2:A1:2B:EA:E3:66:6C:62:A5:46:F8:0E:C7:87:18:93:D2:75:F4:E6:0C:53:27:8C:13:59:55:8E:11:C2:0B:7D:56:D6:4F:25:55:2F:A2:55:74:05:B3:F9:7B:C4:8D:8E:E2:BC:2A:7B:79:34:8D:2D:BD:4B:53:D2:43:8D:BE:40:A7:AE:AD:F2:B3:A6:3D:0F:51:D3:00:B1:AB:04:20:B8" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 23:17:45", "not_valid_before": "2022-07-06 23:22:57" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.041) 0:00:18.167 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.045) 0:00:18.212 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.031) 0:00:18.244 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.040) 0:00:18.285 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.040) 0:00:18.325 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.040) 0:00:18.366 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.056767", "end": "2022-07-06 23:23:06.333759", "rc": 0, "start": "2022-07-06 23:23:06.276992" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.436) 0:00:18.803 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.044) 0:00:18.847 ******** ok: [/cache/fedora-36.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 23:23:06 +0000 (0:00:00.025) 0:00:18.873 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 23:23:08 +0000 (0:00:01.714) 0:00:20.587 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.10/site-packages (22.1.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 23:23:09 +0000 (0:00:01.014) 0:00:21.602 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.10/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.10/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.10/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.10/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.10/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.10/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 23:23:10 +0000 (0:00:00.875) 0:00:22.478 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "stat": { "atime": 1657149778.8763924, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "02d66c9b2d549c4b7aa61881a8c8e7e8c3e2ddd9", "ctime": 1657149779.0203924, "dev": 31, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 60400, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1657149778.8733923, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "68", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 23:23:10 +0000 (0:00:00.392) 0:00:22.870 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 23:23:10 +0000 (0:00:00.033) 0:00:22.903 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 23:23:11 +0000 (0:00:00.046) 0:00:22.950 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 23:23:11 +0000 (0:00:00.041) 0:00:22.992 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "stat": { "atime": 1657149778.8153923, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "43b960cb9e49d4f8245e69fab84168c2e634c5b5", "ctime": 1657149779.0213923, "dev": 31, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 60387, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1657149778.8733923, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "68", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 23:23:11 +0000 (0:00:00.390) 0:00:23.382 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 23:23:11 +0000 (0:00:00.032) 0:00:23.415 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 23:23:11 +0000 (0:00:00.046) 0:00:23.461 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.210198", "end": "2022-07-06 23:23:11.584010", "rc": 0, "start": "2022-07-06 23:23:11.373812" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "F9:50:1E:FE:27:EB:D6:53:CC:96:20:81:4E:FC:0C:D3:31:4C:2B:BF", "critical": false }, "authorityKeyIdentifier": { "value": "D9:69:C3:F9:77:BD:82:02:43:29:A8:70:BD:5C:3C:FA:BB:39:29:3B", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "16:D2:96:85:98:19:43:C0:4F:40:0C:8C:4C:3B:03:36:FC:6F:4B:95:28:BF:A3:6B:D3:FE:48:8A:97:43:59:92:16:55:99:37:36:8F:8F:6C:D6:9F:2E:A2:D5:F4:20:5A:51:B8:05:1D:36:ED:63:6F:44:4F:C1:75:8E:B5:79:5E:46:B4:CB:E0:54:80:AF:B2:38:8B:B4:A9:0E:3D:28:90:26:BF:4F:10:B2:E3:12:7A:4C:9B:67:3F:9B:28:8E:7A:AF:F8:69:90:33:6C:16:4D:0A:FF:1C:76:8D:ED:41:6A:E7:29:1D:70:3F:AC:3A:FA:1C:86:21:4A:F3:A7:09:C6:74:8F:12:49:76:68:7F:7A:05:74:02:17:8C:92:1F:E5:4E:68:E8:0D:2E:6F:01:F6:D2:15:F8:56:67:E0:2C:ED:F1:BB:67:F0:87:82:69:E3:30:92:C0:EB:05:E1:AD:E5:1C:4E:FC:99:6B:1E:46:5D:C5:A8:08:F1:39:B2:79:9B:DD:2D:A3:D4:42:FE:89:1C:58:89:97:8A:81:6E:95:5B:C1:03:7C:C9:69:2A:D3:69:42:B3:F1:A0:99:FD:D8:56:4C:49:73:70:36:48:0C:E0:AE:11:C2:7D:87:8C:27:36:B5:16:0C:35:BD:1A:21:F4:90:6F:41:85:E6:84:4C:6C" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 23:17:45", "not_valid_before": "2022-07-06 23:22:58" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.597) 0:00:24.058 ******** ok: [/cache/fedora-36.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "D9:69:C3:F9:77:BD:82:02:43:29:A8:70:BD:5C:3C:FA:BB:39:29:3B" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "F9:50:1E:FE:27:EB:D6:53:CC:96:20:81:4E:FC:0C:D3:31:4C:2B:BF" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "16:D2:96:85:98:19:43:C0:4F:40:0C:8C:4C:3B:03:36:FC:6F:4B:95:28:BF:A3:6B:D3:FE:48:8A:97:43:59:92:16:55:99:37:36:8F:8F:6C:D6:9F:2E:A2:D5:F4:20:5A:51:B8:05:1D:36:ED:63:6F:44:4F:C1:75:8E:B5:79:5E:46:B4:CB:E0:54:80:AF:B2:38:8B:B4:A9:0E:3D:28:90:26:BF:4F:10:B2:E3:12:7A:4C:9B:67:3F:9B:28:8E:7A:AF:F8:69:90:33:6C:16:4D:0A:FF:1C:76:8D:ED:41:6A:E7:29:1D:70:3F:AC:3A:FA:1C:86:21:4A:F3:A7:09:C6:74:8F:12:49:76:68:7F:7A:05:74:02:17:8C:92:1F:E5:4E:68:E8:0D:2E:6F:01:F6:D2:15:F8:56:67:E0:2C:ED:F1:BB:67:F0:87:82:69:E3:30:92:C0:EB:05:E1:AD:E5:1C:4E:FC:99:6B:1E:46:5D:C5:A8:08:F1:39:B2:79:9B:DD:2D:A3:D4:42:FE:89:1C:58:89:97:8A:81:6E:95:5B:C1:03:7C:C9:69:2A:D3:69:42:B3:F1:A0:99:FD:D8:56:4C:49:73:70:36:48:0C:E0:AE:11:C2:7D:87:8C:27:36:B5:16:0C:35:BD:1A:21:F4:90:6F:41:85:E6:84:4C:6C" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 23:17:45", "not_valid_before": "2022-07-06 23:22:58" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.042) 0:00:24.100 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.041) 0:00:24.142 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.030) 0:00:24.173 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.042) 0:00:24.216 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.067) 0:00:24.283 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.045) 0:00:24.328 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.055927", "end": "2022-07-06 23:23:12.300717", "rc": 0, "start": "2022-07-06 23:23:12.244790" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.442) 0:00:24.771 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-36.qcow2.snap : ok=55 changed=3 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Wednesday 06 July 2022 23:23:12 +0000 (0:00:00.079) 0:00:24.850 ******** =============================================================================== linux-system-roles.certificate : Ensure certificate requests ------------ 2.05s /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.90s /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Ensure python3 is installed --------------------------------------------- 1.84s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure provider packages are installed --- 1.80s /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Ensure python3 is installed --------------------------------------------- 1.71s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:6 -------------- Install the package, force upgrade -------------------------------------- 1.18s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:11 ------------- Gathering Facts --------------------------------------------------------- 1.12s /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:2 ----------------------------------- Install the package, force upgrade -------------------------------------- 1.01s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:11 ------------- Install certreader ------------------------------------------------------ 0.88s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:18 ------------- Install certreader ------------------------------------------------------ 0.88s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:18 ------------- Ensure user exists ------------------------------------------------------ 0.82s /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:5 ----------------------------------- Gathering Facts --------------------------------------------------------- 0.80s /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:31 ---------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.80s /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Gathering Facts --------------------------------------------------------- 0.78s /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:13 ---------------------------------- Ensure group "somegroup" exists ----------------------------------------- 0.72s /tmp/tmpzvh1g0rm/tests/tests_fs_attrs.yml:9 ----------------------------------- Parse certificate ------------------------------------------------------- 0.72s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:78 ------------- Parse certificate ------------------------------------------------------- 0.60s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.53s /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.53s /tmp/tmpzvh1g0rm/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.52s /tmp/tmpzvh1g0rm/tests/tasks/assert_certificate_parameters.yml:26 ------------- ansible-playbook [core 2.12.6] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpy2gf3dq8 executable location = /usr/bin/ansible-playbook python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:2 Wednesday 06 July 2022 23:35:18 +0000 (0:00:00.012) 0:00:00.012 ******** ok: [/cache/fedora-36.qcow2.snap] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:5 Wednesday 06 July 2022 23:35:19 +0000 (0:00:01.075) 0:00:01.087 ******** changed: [/cache/fedora-36.qcow2.snap] => { "changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040 } TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:9 Wednesday 06 July 2022 23:35:20 +0000 (0:00:00.797) 0:00:01.884 ******** changed: [/cache/fedora-36.qcow2.snap] => { "changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false } META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:13 Wednesday 06 July 2022 23:35:21 +0000 (0:00:00.710) 0:00:02.595 ******** ok: [/cache/fedora-36.qcow2.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Wednesday 06 July 2022 23:35:21 +0000 (0:00:00.765) 0:00:03.361 ******** included: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/fedora-36.qcow2.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Wednesday 06 July 2022 23:35:21 +0000 (0:00:00.027) 0:00:03.388 ******** ok: [/cache/fedora-36.qcow2.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Wednesday 06 July 2022 23:35:22 +0000 (0:00:00.508) 0:00:03.897 ******** skipping: [/cache/fedora-36.qcow2.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-36.qcow2.snap] => (item=Fedora.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-36.qcow2.snap] => (item=Fedora_36.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_36.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/fedora-36.qcow2.snap] => (item=Fedora_36.yml) => { "ansible_loop_var": "item", "changed": false, "item": "Fedora_36.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Wednesday 06 July 2022 23:35:22 +0000 (0:00:00.040) 0:00:03.937 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Wednesday 06 July 2022 23:35:24 +0000 (0:00:01.882) 0:00:05.819 ******** ok: [/cache/fedora-36.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Wednesday 06 July 2022 23:35:25 +0000 (0:00:01.728) 0:00:07.548 ******** ok: [/cache/fedora-36.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 0, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Wednesday 06 July 2022 23:35:26 +0000 (0:00:00.518) 0:00:08.066 ******** ok: [/cache/fedora-36.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 0, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Wednesday 06 July 2022 23:35:26 +0000 (0:00:00.398) 0:00:08.464 ******** ok: [/cache/fedora-36.qcow2.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Wed 2022-07-06 23:30:10 UTC", "ActiveEnterTimestampMonotonic": "204468724", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice dbus.socket sysinit.target basic.target network.target syslog.target dbus-broker.service systemd-journald.socket", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Wed 2022-07-06 23:30:10 UTC", "AssertTimestampMonotonic": "204456677", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "42018964000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2022-07-06 23:30:10 UTC", "ConditionTimestampMonotonic": "204456676", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "CoredumpFilter": "0x33", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6978", "ExecMainStartTimestamp": "Wed 2022-07-06 23:30:10 UTC", "ExecMainStartTimestampMonotonic": "204457888", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2022-07-06 23:30:10 UTC", "InactiveExitTimestampMonotonic": "204458184", "InvocationID": "0603aa74b38f4c68ac63e20db89081ee", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15524", "LimitNPROCSoft": "15524", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15524", "LimitSIGPENDINGSoft": "15524", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6978", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "infinity", "MemoryCurrent": "2822144", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "PIDFile": "/run/certmonger.pid", "PartOf": "dbus-broker.service", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Wed 2022-07-06 23:34:08 UTC", "StateChangeTimestampMonotonic": "442526482", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4657", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "1min 30s", "TimeoutStopFailureMode": "terminate", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Wednesday 06 July 2022 23:35:27 +0000 (0:00:00.791) 0:00:09.256 ******** changed: [/cache/fedora-36.qcow2.snap] => (item={'name': 'mycert_fs_attrs', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert_fs_attrs", "owner": "ftp" } } MSG: Certificate requested (new). File attributes updated. changed: [/cache/fedora-36.qcow2.snap] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040 } } MSG: Certificate requested (new). File attributes updated. META: role_complete for /cache/fedora-36.qcow2.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:31 Wednesday 06 July 2022 23:35:30 +0000 (0:00:02.294) 0:00:11.551 ******** ok: [/cache/fedora-36.qcow2.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:60 Wednesday 06 July 2022 23:35:30 +0000 (0:00:00.769) 0:00:12.320 ******** included: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-36.qcow2.snap => (item={'path': '/etc/pki/tls/certs/mycert_fs_attrs.crt', 'key_path': '/etc/pki/tls/private/mycert_fs_attrs.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 'ftp', 'group': 'ftp', 'mode': '0640'}) included: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/fedora-36.qcow2.snap => (item={'path': '/etc/pki/tls/certs/certid.crt', 'key_path': '/etc/pki/tls/private/certid.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'owner': 1040, 'group': 1041, 'mode': '0640'}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 23:35:30 +0000 (0:00:00.044) 0:00:12.364 ******** ok: [/cache/fedora-36.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 23:35:30 +0000 (0:00:00.026) 0:00:12.391 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 23:35:32 +0000 (0:00:01.860) 0:00:14.251 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.10/site-packages (22.1.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 23:35:33 +0000 (0:00:01.134) 0:00:15.386 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.10/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.10/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.10/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.10/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.10/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.10/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 23:35:34 +0000 (0:00:00.854) 0:00:16.240 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "stat": { "atime": 1657150528.5573704, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "81a8c47b713a993cfd918b180c53a5481d385514", "ctime": 1657150528.7133703, "dev": 31, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 60365, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1657150528.5543704, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_fs_attrs.crt", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 14, "version": "68", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 23:35:35 +0000 (0:00:00.507) 0:00:16.748 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 23:35:35 +0000 (0:00:00.033) 0:00:16.782 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 23:35:35 +0000 (0:00:00.049) 0:00:16.831 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 23:35:35 +0000 (0:00:00.046) 0:00:16.877 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "stat": { "atime": 1657150528.4953704, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "179f8ae190ba240246529f9bb8f0da184f100201", "ctime": 1657150528.7133703, "dev": 31, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 60352, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1657150528.5543704, "nlink": 1, "path": "/etc/pki/tls/private/mycert_fs_attrs.key", "pw_name": "ftp", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1708, "uid": 14, "version": "68", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 23:35:35 +0000 (0:00:00.391) 0:00:17.268 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 23:35:35 +0000 (0:00:00.033) 0:00:17.302 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 23:35:35 +0000 (0:00:00.047) 0:00:17.349 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_fs_attrs.crt" ], "delta": "0:00:00.202926", "end": "2022-07-06 23:35:36.055116", "rc": 0, "start": "2022-07-06 23:35:35.852190" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "E1:8E:9A:15:27:08:C6:8D:D7:55:F7:C0:F7:4C:2A:49:EB:A8:B0:A5", "critical": false }, "authorityKeyIdentifier": { "value": "5E:52:CD:04:1D:A6:B4:4F:6D:84:D8:82:A2:63:74:23:0B:B0:BF:FB", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "0F:4B:40:2E:9D:13:78:37:ED:7D:46:51:87:2E:FB:A2:42:AB:D8:3D:B1:60:F5:B6:BA:F5:FE:7B:8E:1B:88:6F:91:FD:44:DC:5A:D7:A7:84:EB:22:0E:8E:9B:FA:76:76:F1:DE:E5:E0:5A:88:15:A2:08:59:C9:82:A4:C4:B7:18:B3:7C:BB:EB:B2:1B:D6:91:28:16:D8:BC:9E:50:8B:23:05:0C:42:D4:47:54:F4:B9:CF:37:E2:CC:5E:2F:88:59:4E:65:32:8C:80:44:DA:79:4D:64:5C:80:8C:82:0C:8A:66:1D:D7:60:12:A6:B3:3F:10:95:48:06:BE:4E:69:09:43:9B:F0:C6:A7:CE:C0:17:32:F5:85:3F:BB:95:C6:67:AA:04:33:07:5C:A2:3D:EE:67:F2:42:59:4C:CE:83:4B:68:D0:BC:C1:F6:E9:A8:32:A9:CD:A5:96:BA:FD:0F:C4:21:72:4F:77:07:52:8E:DE:5F:EF:D0:C9:31:94:FD:1A:5E:91:1C:A7:19:EF:97:B3:4F:49:9B:68:D9:57:54:BC:81:14:85:89:BF:8F:04:8C:05:F8:15:83:89:5D:64:D0:87:F7:94:38:C6:BE:16:38:71:27:F8:41:F4:C0:1E:E8:4C:DB:EF:DD:AD:FF:46:81:66:98:0B:D7:FE:64:81:71" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 23:30:12", "not_valid_before": "2022-07-06 23:35:28" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 23:35:36 +0000 (0:00:00.712) 0:00:18.061 ******** ok: [/cache/fedora-36.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5E:52:CD:04:1D:A6:B4:4F:6D:84:D8:82:A2:63:74:23:0B:B0:BF:FB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "E1:8E:9A:15:27:08:C6:8D:D7:55:F7:C0:F7:4C:2A:49:EB:A8:B0:A5" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "0F:4B:40:2E:9D:13:78:37:ED:7D:46:51:87:2E:FB:A2:42:AB:D8:3D:B1:60:F5:B6:BA:F5:FE:7B:8E:1B:88:6F:91:FD:44:DC:5A:D7:A7:84:EB:22:0E:8E:9B:FA:76:76:F1:DE:E5:E0:5A:88:15:A2:08:59:C9:82:A4:C4:B7:18:B3:7C:BB:EB:B2:1B:D6:91:28:16:D8:BC:9E:50:8B:23:05:0C:42:D4:47:54:F4:B9:CF:37:E2:CC:5E:2F:88:59:4E:65:32:8C:80:44:DA:79:4D:64:5C:80:8C:82:0C:8A:66:1D:D7:60:12:A6:B3:3F:10:95:48:06:BE:4E:69:09:43:9B:F0:C6:A7:CE:C0:17:32:F5:85:3F:BB:95:C6:67:AA:04:33:07:5C:A2:3D:EE:67:F2:42:59:4C:CE:83:4B:68:D0:BC:C1:F6:E9:A8:32:A9:CD:A5:96:BA:FD:0F:C4:21:72:4F:77:07:52:8E:DE:5F:EF:D0:C9:31:94:FD:1A:5E:91:1C:A7:19:EF:97:B3:4F:49:9B:68:D9:57:54:BC:81:14:85:89:BF:8F:04:8C:05:F8:15:83:89:5D:64:D0:87:F7:94:38:C6:BE:16:38:71:27:F8:41:F4:C0:1E:E8:4C:DB:EF:DD:AD:FF:46:81:66:98:0B:D7:FE:64:81:71" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 23:30:12", "not_valid_before": "2022-07-06 23:35:28" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 23:35:36 +0000 (0:00:00.044) 0:00:18.106 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 23:35:36 +0000 (0:00:00.045) 0:00:18.151 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 23:35:36 +0000 (0:00:00.033) 0:00:18.184 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 23:35:36 +0000 (0:00:00.043) 0:00:18.227 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 23:35:36 +0000 (0:00:00.043) 0:00:18.271 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 23:35:36 +0000 (0:00:00.043) 0:00:18.315 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_fs_attrs.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.053635", "end": "2022-07-06 23:35:36.733410", "rc": 0, "start": "2022-07-06 23:35:36.679775" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 23:35:37 +0000 (0:00:00.420) 0:00:18.735 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 23:35:37 +0000 (0:00:00.046) 0:00:18.782 ******** ok: [/cache/fedora-36.qcow2.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 23:35:37 +0000 (0:00:00.029) 0:00:18.811 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 23:35:38 +0000 (0:00:01.732) 0:00:20.543 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.10/site-packages (22.1.2) TASK [Install certreader] ****************************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 23:35:40 +0000 (0:00:01.061) 0:00:21.605 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip3", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.10/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.10/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.10/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.10/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.10/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.10/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 23:35:40 +0000 (0:00:00.881) 0:00:22.487 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "stat": { "atime": 1657150529.4263704, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b5e9d6f86d446a3860ad9b42251e96599ee77e6b", "ctime": 1657150529.5083704, "dev": 31, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 60400, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1657150529.4233704, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1294, "uid": 1040, "version": "68", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 23:35:41 +0000 (0:00:00.387) 0:00:22.875 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 23:35:41 +0000 (0:00:00.031) 0:00:22.906 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 23:35:41 +0000 (0:00:00.045) 0:00:22.951 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 23:35:41 +0000 (0:00:00.042) 0:00:22.994 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "stat": { "atime": 1657150529.3653705, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "65566082994e41c480d910a06817f5a232125ead", "ctime": 1657150529.5083704, "dev": 31, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 60387, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0640", "mtime": 1657150529.4233704, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": true, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "68", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 23:35:41 +0000 (0:00:00.384) 0:00:23.378 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 23:35:41 +0000 (0:00:00.030) 0:00:23.408 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 23:35:41 +0000 (0:00:00.043) 0:00:23.452 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt" ], "delta": "0:00:00.211001", "end": "2022-07-06 23:35:42.038310", "rc": 0, "start": "2022-07-06 23:35:41.827309" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "4A:CE:B1:6C:9D:4C:AE:DC:E4:BC:29:1E:27:5B:B8:20:20:F1:C3:3F", "critical": false }, "authorityKeyIdentifier": { "value": "5E:52:CD:04:1D:A6:B4:4F:6D:84:D8:82:A2:63:74:23:0B:B0:BF:FB", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "50:58:01:40:F0:66:7A:DC:BE:5F:8C:63:F6:B4:52:74:0D:A6:37:6C:89:4A:D5:59:14:55:67:51:42:EF:AB:43:56:39:C4:62:58:F1:E6:14:F1:2E:69:AA:55:28:29:3E:11:D9:DF:AB:5B:34:53:2E:26:C3:F0:5E:19:AA:67:69:22:F5:20:6A:DF:46:75:32:9D:5F:B8:11:C5:79:DD:F2:B0:31:E2:32:B6:51:E2:A0:45:68:5F:3F:FC:EF:07:EC:FB:83:86:A2:DF:60:8D:B8:E5:2C:F3:1A:27:2E:4E:14:F9:F0:92:4F:76:FD:38:B0:5D:65:D0:5D:B6:BA:6D:A2:B0:EF:5C:F2:D6:04:91:54:1B:F2:D0:34:F9:BB:BB:06:DD:B9:AD:96:E9:F6:FA:E7:88:E0:81:96:3D:B5:E0:5D:31:35:FE:E5:EB:9A:85:65:61:57:E9:C2:6A:F1:24:FE:B9:69:04:9F:2B:5F:84:2A:B4:FC:88:00:2E:B7:53:AD:FC:02:A0:62:5A:B7:85:DE:C3:19:C9:75:E7:5F:5C:DF:CF:AC:CD:FD:C0:4F:D0:DE:38:57:8B:F5:11:6F:AF:37:51:CA:A2:03:87:49:B8:1F:6B:8B:DD:8B:1C:6A:3E:E6:68:2B:96:D7:D2:53:46:C3:2C:10:A3:41:C9:E6:7F:FF" }, "key_size": 2048, "validity": { "not_valid_after": "2023-07-06 23:30:12", "not_valid_before": "2022-07-06 23:35:29" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 23:35:42 +0000 (0:00:00.592) 0:00:24.045 ******** ok: [/cache/fedora-36.qcow2.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "5E:52:CD:04:1D:A6:B4:4F:6D:84:D8:82:A2:63:74:23:0B:B0:BF:FB" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "4A:CE:B1:6C:9D:4C:AE:DC:E4:BC:29:1E:27:5B:B8:20:20:F1:C3:3F" } }, "key_size": 2048, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "50:58:01:40:F0:66:7A:DC:BE:5F:8C:63:F6:B4:52:74:0D:A6:37:6C:89:4A:D5:59:14:55:67:51:42:EF:AB:43:56:39:C4:62:58:F1:E6:14:F1:2E:69:AA:55:28:29:3E:11:D9:DF:AB:5B:34:53:2E:26:C3:F0:5E:19:AA:67:69:22:F5:20:6A:DF:46:75:32:9D:5F:B8:11:C5:79:DD:F2:B0:31:E2:32:B6:51:E2:A0:45:68:5F:3F:FC:EF:07:EC:FB:83:86:A2:DF:60:8D:B8:E5:2C:F3:1A:27:2E:4E:14:F9:F0:92:4F:76:FD:38:B0:5D:65:D0:5D:B6:BA:6D:A2:B0:EF:5C:F2:D6:04:91:54:1B:F2:D0:34:F9:BB:BB:06:DD:B9:AD:96:E9:F6:FA:E7:88:E0:81:96:3D:B5:E0:5D:31:35:FE:E5:EB:9A:85:65:61:57:E9:C2:6A:F1:24:FE:B9:69:04:9F:2B:5F:84:2A:B4:FC:88:00:2E:B7:53:AD:FC:02:A0:62:5A:B7:85:DE:C3:19:C9:75:E7:5F:5C:DF:CF:AC:CD:FD:C0:4F:D0:DE:38:57:8B:F5:11:6F:AF:37:51:CA:A2:03:87:49:B8:1F:6B:8B:DD:8B:1C:6A:3E:E6:68:2B:96:D7:D2:53:46:C3:2C:10:A3:41:C9:E6:7F:FF" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 23:30:12", "not_valid_before": "2022-07-06 23:35:29" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 23:35:42 +0000 (0:00:00.068) 0:00:24.114 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 23:35:42 +0000 (0:00:00.043) 0:00:24.157 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 23:35:42 +0000 (0:00:00.031) 0:00:24.189 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 23:35:42 +0000 (0:00:00.042) 0:00:24.231 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 23:35:42 +0000 (0:00:00.041) 0:00:24.273 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 23:35:42 +0000 (0:00:00.063) 0:00:24.337 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.054852", "end": "2022-07-06 23:35:42.792534", "rc": 0, "start": "2022-07-06 23:35:42.737682" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 23:35:43 +0000 (0:00:00.461) 0:00:24.798 ******** ok: [/cache/fedora-36.qcow2.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/fedora-36.qcow2.snap : ok=55 changed=3 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 Wednesday 06 July 2022 23:35:43 +0000 (0:00:00.051) 0:00:24.849 ******** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate requests ----- 2.29s /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.88s /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Ensure python3 is installed --------------------------------------------- 1.86s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- Ensure python3 is installed --------------------------------------------- 1.73s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 1.73s /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Install the package, force upgrade -------------------------------------- 1.13s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Gathering Facts --------------------------------------------------------- 1.08s /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:2 ----------------------- Install the package, force upgrade -------------------------------------- 1.06s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Install certreader ------------------------------------------------------ 0.88s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Install certreader ------------------------------------------------------ 0.85s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Ensure user exists ------------------------------------------------------ 0.80s /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:5 ----------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.79s /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:31 ---------------------- Gathering Facts --------------------------------------------------------- 0.77s /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:13 ---------------------- Parse certificate ------------------------------------------------------- 0.71s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Ensure group "somegroup" exists ----------------------------------------- 0.71s /tmp/tmpyv0bgwd0/tests/certificate/tests_fs_attrs.yml:9 ----------------------- Parse certificate ------------------------------------------------------- 0.59s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:74 - fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.52s /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.51s /tmp/tmpy2gf3dq8/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve certificate file stats ----------------------------------------- 0.51s /tmp/tmpyv0bgwd0/tests/certificate/tasks/assert_certificate_parameters.yml:26 -