+ cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_basic_ipa.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 statically imported: /tmp/tmpihz7fk_9/tests/tasks/setup_ipa.yml PLAYBOOK: tests_basic_ipa.yml ************************************************** 3 plays in /tmp/tmpihz7fk_9/tests/tests_basic_ipa.yml PLAY [Install IPA server] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_basic_ipa.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Set __is_beaker_env] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/setup_ipa.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__is_beaker_env": false}, "changed": false} TASK [Install ansible-freeipa] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/setup_ipa.yml:6 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Clone ansible-freeipa repo] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/setup_ipa.yml:12 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"after": "6c7f433135795d3ebec2ce26d6ca398301792588", "before": "6c7f433135795d3ebec2ce26d6ca398301792588", "changed": false, "remote_url_changed": false} TASK [Create role symlinks] **************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/setup_ipa.yml:21 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=ipaserver) => {"ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpihz7fk_9/tests/roles/ipaserver", "gid": 0, "group": "root", "item": "ipaserver", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaserver/", "state": "link", "uid": 0} changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=ipaclient) => {"ansible_loop_var": "item", "changed": true, "dest": "/tmp/tmpihz7fk_9/tests/roles/ipaclient", "gid": 0, "group": "root", "item": "ipaclient", "mode": "0777", "owner": "root", "size": 34, "src": "/tmp/freeipa-repo/roles/ipaclient/", "state": "link", "uid": 0} TASK [Set hostname] ************************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/setup_ipa.yml:33 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"ansible_domain": "test.local", "ansible_fqdn": "ipaserver.test.local", "ansible_hostname": "ipaserver", "ansible_nodename": "ipaserver.test.local"}, "changed": true, "name": "ipaserver.test.local"} TASK [Ensure nss package is up-to-date] **************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/setup_ipa.yml:37 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64"]} TASK [include_role : ipaserver] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/setup_ipa.yml:45 TASK [ipaserver : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:4 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml) => {"ansible_facts": {"ipaserver_packages": ["freeipa-server", "python3-libselinux"], "ipaserver_packages_adtrust": ["freeipa-server-trust-ad"], "ipaserver_packages_dns": ["freeipa-server-dns"], "ipaserver_packages_firewalld": ["firewalld"]}, "ansible_included_var_files": ["/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml"], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaserver/vars/Fedora.yml"} TASK [ipaserver : Install IPA server] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:12 included: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [ipaserver : Install - Ensure that IPA server packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:5 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: sssd-krb5-common-2.2.3-13.fc31.x86_64", "Installed: python3-qrcode-core-6.1-2.fc31.noarch", "Installed: perl-libnet-3.11-440.fc31.noarch", "Installed: sssd-tools-2.2.3-13.fc31.x86_64", "Installed: libkadm5-1.17-46.fc31.x86_64", "Installed: python-systemd-doc-234-9.fc31.x86_64", "Installed: libxslt-1.1.34-1.fc31.x86_64", "Installed: jboss-logging-tools-2.2.0-1.fc31.noarch", "Installed: ecj-1:4.14-2.fc31.noarch", "Installed: jdeparser-2.0.3-1.fc31.noarch", "Installed: python3-wcwidth-0.2.4-1.fc31.noarch", "Installed: perl-parent-1:0.237-439.fc31.noarch", "Installed: publicsuffix-list-20190417-2.fc31.noarch", "Installed: oddjob-0.34.6-1.fc31.x86_64", "Installed: oddjob-mkhomedir-0.34.6-1.fc31.x86_64", "Installed: perl-PathTools-3.78-439.fc31.x86_64", "Installed: perl-podlators-1:4.12-2.fc31.noarch", "Installed: python3-custodia-0.6.0-8.fc31.noarch", "Installed: xsom-0-22.20110809svn.fc31.noarch", "Installed: libicu-63.2-3.fc31.x86_64", "Installed: slf4j-1.7.25-4.module_f29+6921+ca3ed728.noarch", "Installed: python3-yubico-1.3.3-1.fc31.noarch", "Installed: perl-threads-1:2.22-439.fc31.x86_64", "Installed: perl-threads-shared-1.60-440.fc31.x86_64", "Installed: python3-argparse-manpage-1.4-1.fc31.noarch", "Installed: authselect-1.1-4.fc31.x86_64", "Installed: authselect-libs-1.1-4.fc31.x86_64", "Installed: js-jquery-3.5.0-2.fc31.noarch", "Installed: velocity-1.7-26.fc31.noarch", "Installed: python3-decorator-4.4.0-2.fc31.noarch", "Installed: jss-4.7.3-1.fc31.x86_64", "Installed: samba-client-libs-2:4.11.14-0.fc31.x86_64", "Installed: samba-common-2:4.11.14-0.fc31.noarch", "Installed: samba-common-libs-2:4.11.14-0.fc31.x86_64", "Installed: tzdata-java-2020d-1.fc31.noarch", "Installed: policycoreutils-python-utils-2.9-5.fc31.noarch", "Installed: mod_auth_gssapi-1.6.1-7.fc31.x86_64", "Installed: resteasy-atom-provider-3.0.26-1.fc31.noarch", "Installed: lksctp-tools-1.0.18-3.fc31.x86_64", "Installed: resteasy-client-3.0.26-1.fc31.noarch", "Installed: resteasy-core-3.0.26-1.fc31.noarch", "Installed: autofs-1:5.1.6-7.fc31.x86_64", "Installed: resteasy-jackson2-provider-3.0.26-1.fc31.noarch", "Installed: resteasy-jaxb-provider-3.0.26-1.fc31.noarch", "Installed: perl-Pod-Escapes-1:1.07-439.fc31.noarch", "Installed: perl-Pod-Perldoc-3.28.01-442.fc31.noarch", "Installed: python3-pyusb-1.0.2-3.fc31.noarch", "Installed: perl-Pod-Simple-1:3.39-2.fc31.noarch", "Installed: javapackages-filesystem-5.3.0-6.fc31.noarch", "Installed: mod_lookup_identity-1.0.0-10.fc31.x86_64", "Installed: javapackages-tools-5.3.0-6.fc31.noarch", "Installed: python3-jwcrypto-0.6.0-3.fc31.noarch", "Installed: perl-Algorithm-Diff-1.1903-14.fc31.noarch", "Installed: python3-kdcproxy-0.4.1-2.fc31.noarch", "Installed: perl-Text-Diff-1.45-7.fc31.noarch", "Installed: python3-packaging-20.1-1.fc31.noarch", "Installed: certmonger-0.79.11-2.fc31.x86_64", "Installed: python3-pluggy-0.12.0-2.fc31.noarch", "Installed: httpd-2.4.46-1.fc31.x86_64", "Installed: httpcomponents-client-4.5.5-4.module_f29+6921+ca3ed728.noarch", "Installed: httpd-filesystem-2.4.46-1.fc31.noarch", "Installed: gssproxy-0.8.2-5.fc31.x86_64", "Installed: httpcomponents-core-4.4.10-3.module_f29+6921+ca3ed728.noarch", "Installed: cyrus-sasl-gssapi-2.1.27-3.fc31.x86_64", "Installed: httpd-tools-2.4.46-1.fc31.x86_64", "Installed: jboss-annotations-1.2-api-1.0.2-1.fc31.noarch", "Installed: perl-Text-ParseWords-3.30-439.fc31.noarch", "Installed: cyrus-sasl-md5-2.1.27-3.fc31.x86_64", "Installed: fedora-logos-httpd-30.0.2-3.fc31.noarch", "Installed: fontawesome-fonts-4.7.0-7.fc31.noarch", "Installed: cyrus-sasl-plain-2.1.27-3.fc31.x86_64", "Installed: python3-ldap-3.1.0-5.fc31.x86_64", "Installed: perl-Text-Tabs+Wrap-2013.0523-439.fc31.noarch", "Installed: perl-HTTP-Tiny-0.076-439.fc31.noarch", "Installed: lua-5.3.5-8.fc31.x86_64", "Installed: python3-pki-10.9.4-1.fc31.noarch", "Installed: libtomcrypt-1.18.2-4.fc31.x86_64", "Installed: mailcap-2.1.48-6.fc31.noarch", "Installed: libtommath-1.0.1-10.fc31.x86_64", "Installed: open-sans-fonts-1.10-11.fc31.noarch", "Installed: libpkgconf-1.6.3-2.fc31.x86_64", "Installed: python3-argcomplete-1.10.0-1.fc31.noarch", "Installed: perl-Carp-1.50-439.fc31.noarch", "Installed: perl-Archive-Tar-2.38-1.fc31.noarch", "Installed: logrotate-3.15.1-1.fc31.x86_64", "Installed: jboss-jaxrs-2.0-api-1.0.0-9.fc31.noarch", "Installed: python3-py-1.8.2-1.fc31.noarch", "Installed: xalan-j2-2.7.1-38.module_f28+3872+5b76729e.noarch", "Installed: xerces-j2-2.11.0-34.module_f28+3872+5b76729e.noarch", "Installed: xml-commons-apis-1.4.01-25.module_f28+3872+5b76729e.noarch", "Installed: xml-commons-resolver-1.2-26.module_f28+3872+5b76729e.noarch", "Installed: perl-Compress-Raw-Lzma-2.087-2.fc31.x86_64", "Installed: perl-IO-Compress-2.087-1.fc31.noarch", "Installed: perl-IO-Compress-Lzma-2.087-1.fc31.noarch", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: pkgconf-1.6.3-2.fc31.x86_64", "Installed: 389-ds-base-1.4.2.16-1.fc31.x86_64", "Installed: jboss-logging-3.3.0-7.fc31.noarch", "Installed: pkgconf-m4-1.6.3-2.fc31.noarch", "Installed: 389-ds-base-libs-1.4.2.16-1.fc31.x86_64", "Installed: python3-pycryptodomex-3.9.8-1.fc31.x86_64", "Installed: perl-Digest-MD5-2.55-439.fc31.x86_64", "Installed: perl-DB_File-1.853-1.fc31.x86_64", "Installed: krb5-pkinit-1.17-46.fc31.x86_64", "Installed: krb5-server-1.17-46.fc31.x86_64", "Installed: perl-Data-Dumper-2.174-443.fc31.x86_64", "Installed: krb5-workstation-1.17-46.fc31.x86_64", "Installed: python3-atomicwrites-1.3.0-2.fc31.noarch", "Installed: bind-libs-32:9.11.22-1.fc31.x86_64", "Installed: python3-pyasn1-modules-0.4.4-5.fc31.noarch", "Installed: bind-libs-lite-32:9.11.22-1.fc31.x86_64", "Installed: bind-license-32:9.11.22-1.fc31.noarch", "Installed: perl-IO-Socket-IP-0.39-440.fc31.noarch", "Installed: python3-augeas-0.5.0-15.fc31.noarch", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: apache-commons-collections-3.2.2-13.fc31.noarch", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: perl-Digest-1.19-1.fc31.noarch", "Installed: bind-utils-32:9.11.22-1.fc31.x86_64", "Installed: perl-Encode-4:3.07-457.fc31.x86_64", "Installed: perl-Errno-1.30-456.fc31.x86_64", "Installed: perl-Exporter-5.74-1.fc31.noarch", "Installed: apache-commons-daemon-1.2.0-2.fc31.x86_64", "Installed: freeipa-client-4.8.6-1.fc31.x86_64", "Installed: freeipa-client-common-4.8.6-1.fc31.noarch", "Installed: words-3.0-34.fc31.noarch", "Installed: freeipa-common-4.8.6-1.fc31.noarch", "Installed: freeipa-healthcheck-core-0.6-3.fc31.noarch", "Installed: openssl-perl-1:1.1.1g-1.fc31.x86_64", "Installed: freeipa-selinux-4.8.6-1.fc31.noarch", "Installed: freeipa-server-4.8.6-1.fc31.x86_64", "Installed: freeipa-server-common-4.8.6-1.fc31.noarch", "Installed: nfs-utils-1:2.5.1-4.rc4.fc31.x86_64", "Installed: perl-File-Path-2.17-1.fc31.noarch", "Installed: perl-Getopt-Long-1:2.52-1.fc31.noarch", "Installed: pkgconf-pkg-config-1.6.3-2.fc31.x86_64", "Installed: rpcbind-1.2.5-5.rc1.fc31.x86_64", "Installed: python3-dns-1.16.0-7.fc31.noarch", "Installed: xmlstreambuffer-1.5.4-10.fc31.noarch", "Installed: python3-lxml-4.4.0-1.fc31.x86_64", "Installed: slapi-nis-0.56.5-2.fc31.x86_64", "Installed: apache-commons-cli-1.4-4.module_f29+6921+ca3ed728.noarch", "Installed: apache-commons-codec-1.11-3.module_f29+6921+ca3ed728.noarch", "Installed: perl-IO-1.40-456.fc31.x86_64", "Installed: perl-IO-Socket-SSL-2.066-7.fc31.noarch", "Installed: perl-IO-Zlib-1:1.10-456.fc31.noarch", "Installed: python3-pytest-4.6.11-1.fc31.noarch", "Installed: custodia-0.6.0-8.fc31.noarch", "Installed: perl-URI-1.76-5.fc31.noarch", "Installed: python3-ecdsa-0.13.3-1.fc31.noarch", "Installed: keyutils-1.6-3.fc31.x86_64", "Installed: apache-commons-lang-2.6-25.fc31.noarch", "Installed: apache-commons-io-1:2.6-3.module_f29+6921+ca3ed728.noarch", "Installed: perl-Unicode-Normalize-1.26-439.fc31.x86_64", "Installed: bash-completion-1:2.8-7.fc31.noarch", "Installed: apache-commons-logging-1.2-13.module_f29+6921+ca3ed728.noarch", "Installed: perl-Mozilla-CA-20200520-1.fc31.noarch", "Installed: istack-commons-runtime-2.21-11.fc31.noarch", "Installed: fstrm-0.5.0-1.fc31.x86_64", "Installed: python3-systemd-234-9.fc31.x86_64", "Installed: mod_http2-1.15.14-1.fc31.x86_64", "Installed: pki-base-10.9.4-1.fc31.noarch", "Installed: pki-base-java-10.9.4-1.fc31.noarch", "Installed: pki-ca-10.9.4-1.fc31.noarch", "Installed: pki-kra-10.9.4-1.fc31.noarch", "Installed: mod_session-2.4.46-1.fc31.x86_64", "Installed: mod_ssl-1:2.4.46-1.fc31.x86_64", "Installed: pki-server-10.9.4-1.fc31.noarch", "Installed: pki-symkey-10.9.4-1.fc31.x86_64", "Installed: pki-tools-10.9.4-1.fc31.x86_64", "Installed: relaxngDatatype-2011.1-10.fc31.noarch", "Installed: python3-pyparsing-2.4.0-2.fc31.noarch", "Installed: perl-Pod-Usage-4:2.01-1.fc31.noarch", "Installed: bea-stax-api-1.2.0-19.fc31.noarch", "Installed: ldapjdk-4.22.0-1.fc31.noarch", "Installed: python3-mod_wsgi-4.6.6-2.fc31.x86_64", "Installed: softhsm-2.6.1-3.fc31.x86_64", "Installed: perl-Scalar-List-Utils-3:1.53-439.fc31.x86_64", "Installed: lua-posix-33.3.1-14.fc31.x86_64", "Installed: perl-Compress-Raw-Bzip2-2.087-1.fc31.x86_64", "Installed: perl-Compress-Raw-Zlib-2.087-1.fc31.x86_64", "Installed: perl-Net-SSLeay-1.88-3.fc31.x86_64", "Installed: perl-Socket-4:2.030-1.fc31.x86_64", "Installed: python3-more-itertools-7.2.0-1.fc31.noarch", "Installed: perl-Storable-1:3.15-442.fc31.x86_64", "Installed: slf4j-jdk14-1.7.25-8.fc31.noarch", "Installed: libverto-libev-0.3.0-8.fc31.x86_64", "Installed: glassfish-fastinfoset-1.2.13-12.fc31.noarch", "Installed: perl-Time-Local-2:1.300-1.fc31.noarch", "Installed: openldap-clients-2.4.47-3.fc31.x86_64", "Installed: protobuf-c-1.3.1-3.fc31.x86_64", "Installed: python3-ipaclient-4.8.6-1.fc31.noarch", "Installed: python3-ipalib-4.8.6-1.fc31.noarch", "Installed: python3-ipaserver-4.8.6-1.fc31.noarch", "Installed: copy-jdk-configs-3.7-4.fc31.noarch", "Installed: jackson-annotations-2.10.0-1.fc31.noarch", "Installed: perl-Term-ANSIColor-4.06-440.fc31.noarch", "Installed: nss-tools-3.57.0-1.fc31.x86_64", "Installed: jackson-core-2.10.0-1.fc31.noarch", "Installed: perl-Term-Cap-1.17-439.fc31.noarch", "Installed: jackson-databind-2.10.0-1.fc31.noarch", "Installed: libev-4.27-1.fc31.x86_64", "Installed: perl-interpreter-4:5.30.3-456.fc31.x86_64", "Installed: apr-1.7.0-2.fc31.x86_64", "Installed: jackson-jaxrs-json-provider-2.10.0-1.fc31.noarch", "Installed: jackson-jaxrs-providers-2.10.0-1.fc31.noarch", "Installed: glassfish-jaxb-api-2.2.12-13.fc31.noarch", "Installed: perl-libs-4:5.30.3-456.fc31.x86_64", "Installed: apr-util-1.6.1-11.fc31.x86_64", "Installed: perl-macros-4:5.30.3-456.fc31.noarch", "Installed: apr-util-bdb-1.6.1-11.fc31.x86_64", "Installed: jackson-module-jaxb-annotations-2.10.0-1.fc31.noarch", "Installed: glassfish-jaxb-core-2.2.11-15.fc31.noarch", "Installed: python3-netaddr-0.7.19-17.fc31.noarch", "Installed: python3-netifaces-0.10.6-7.fc31.x86_64", "Installed: apr-util-openssl-1.6.1-11.fc31.x86_64", "Installed: python3-sss-2.2.3-13.fc31.x86_64", "Installed: jakarta-activation-1.2.1-5.fc31.noarch", "Installed: python3-sss-murmur-2.2.3-13.fc31.x86_64", "Installed: python3-sssdconfig-2.2.3-13.fc31.noarch", "Installed: glassfish-jaxb-runtime-2.2.11-15.fc31.noarch", "Installed: glassfish-jaxb-txw2-2.2.11-15.fc31.noarch", "Installed: python3-gssapi-1.6.1-1.fc31.x86_64", "Installed: perl-File-Temp-1:0.230.900-439.fc31.noarch", "Installed: libwbclient-2:4.11.14-0.fc31.x86_64", "Installed: perl-constant-1.33-440.fc31.noarch", "Installed: jakarta-commons-httpclient-1:3.1-32.fc31.noarch", "Installed: java-1.8.0-openjdk-headless-1:1.8.0.272.b10-0.fc31.x86_64", "Installed: tomcat-1:9.0.38-2.fc31.noarch", "Installed: stax-ex-1.7.7-11.fc31.noarch", "Installed: tomcat-el-3.0-api-1:9.0.38-2.fc31.noarch", "Installed: tomcat-jsp-2.3-api-1:9.0.38-2.fc31.noarch", "Installed: perl-MIME-Base64-3.15-439.fc31.x86_64", "Installed: tomcat-lib-1:9.0.38-2.fc31.noarch", "Installed: tomcat-native-1.2.23-1.fc31.x86_64", "Installed: apache-commons-net-3.6-3.module_f28+3872+5b76729e.noarch", "Installed: libipa_hbac-2.2.3-13.fc31.x86_64", "Installed: tomcat-servlet-4.0-api-1:9.0.38-2.fc31.noarch", "Installed: python3-lib389-1.4.2.16-1.fc31.noarch", "Installed: tomcatjss-7.5.0-1.fc31.noarch", "Installed: quota-1:4.05-8.fc31.x86_64", "Installed: augeas-libs-1.12.0-2.fc31.x86_64", "Installed: python3-libipa_hbac-2.2.3-13.fc31.x86_64", "Installed: quota-nls-1:4.05-8.fc31.noarch", "Installed: sscg-2.6.2-1.fc31.x86_64", "Installed: python3-nss-1.0.1-15.fc31.x86_64", "Installed: web-assets-filesystem-5-10.fc31.noarch", "Installed: sssd-common-pac-2.2.3-13.fc31.x86_64", "Installed: sssd-dbus-2.2.3-13.fc31.x86_64", "Installed: sssd-ipa-2.2.3-13.fc31.x86_64"]} TASK [ipaserver : Install - Ensure that IPA server packages for dns are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:10 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: bind-pkcs11-utils-32:9.11.22-1.fc31.x86_64", "Installed: opendnssec-1.4.14-5.fc31.x86_64", "Installed: mariadb-connector-c-3.1.10-1.fc31.x86_64", "Installed: mariadb-connector-c-config-3.1.10-1.fc31.noarch", "Installed: bind-32:9.11.22-1.fc31.x86_64", "Installed: sqlite-3.30.0-1.fc31.x86_64", "Installed: ldns-1.7.0-26.fc31.x86_64", "Installed: bind-dnssec-utils-32:9.11.22-1.fc31.x86_64", "Installed: bind-dyndb-ldap-11.2-4.fc31.x86_64", "Installed: opencryptoki-3.11.0-4.fc31.x86_64", "Installed: python3-bind-32:9.11.22-1.fc31.noarch", "Installed: freeipa-server-dns-4.8.6-1.fc31.noarch", "Installed: libitm-9.3.1-2.fc31.x86_64", "Installed: opencryptoki-icsftok-3.11.0-4.fc31.x86_64", "Installed: opencryptoki-libs-3.11.0-4.fc31.x86_64", "Installed: bind-pkcs11-32:9.11.22-1.fc31.x86_64", "Installed: bind-pkcs11-libs-32:9.11.22-1.fc31.x86_64"]} TASK [ipaserver : Install - Ensure that IPA server packages for adtrust are installed] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:16 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Ensure that firewall packages installed] *********** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:22 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: python3-slip-0.6.4-16.fc31.noarch", "Installed: iptables-1.8.3-7.fc31.x86_64", "Installed: libnfnetlink-1.0.1-16.fc31.x86_64", "Installed: python3-slip-dbus-0.6.4-16.fc31.noarch", "Installed: ipset-7.5-1.fc31.x86_64", "Installed: nftables-1:0.9.1-3.fc31.x86_64", "Installed: ipset-libs-7.5-1.fc31.x86_64", "Installed: firewalld-filesystem-0.7.5-2.fc31.noarch", "Installed: firewalld-0.7.5-2.fc31.noarch", "Installed: libnftnl-1.1.3-2.fc31.x86_64", "Installed: ebtables-legacy-2.0.10-37.fc31.x86_64", "Installed: python3-firewall-0.7.5-2.fc31.noarch", "Installed: python3-gobject-base-3.34.0-3.fc31.x86_64", "Installed: gobject-introspection-1.62.0-1.fc31.x86_64", "Installed: libnetfilter_conntrack-1.0.7-3.fc31.x86_64"]} TASK [ipaserver : Firewalld service - Ensure that firewalld is running] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:31 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "enabled": true, "name": "firewalld", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target dbus.socket sysinit.target dbus-broker.service polkit.service system.slice", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "multi-user.target shutdown.target network-pre.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "iptables.service ebtables.service ipset.service shutdown.target ip6tables.service nftables.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "man:firewalld(1)", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [Firewalld - Verify runtime zone "{{ ipaserver_firewalld_zone }}"] ******** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:37 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Firewalld - Verify permanent zone "{{ ipaserver_firewalld_zone }}"] ****** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:44 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : include_tasks] *********************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:54 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Server installation test] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:60 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"_dirsrv_ca_cert": null, "_dirsrv_pkcs12_info": null, "_hostname_overridden": true, "_http_ca_cert": null, "_http_pkcs12_info": null, "_installation_cleanup": true, "_pkinit_ca_cert": null, "_pkinit_pkcs12_info": null, "changed": false, "domain": "test.local", "domainlevel": 1, "external_ca": false, "external_ca_profile": null, "external_ca_type": null, "hostname": "ipaserver.test.local", "idmax": 129999999, "idstart": 129800000, "ipa_python_version": 40806, "no_host_dns": true, "no_pkinit": false, "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "rid_base": 1000, "secondary_rid_base": 100000000, "setup_adtrust": false, "setup_ca": true, "setup_kra": false} TASK [ipaserver : Install - Master password creation] ************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:137 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": true} TASK [ipaserver : Install - Use new master password] *************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:144 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaserver : Install - Server preparation] ******************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:152 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"_ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "_subject_base": "O=TEST.LOCAL", "adtrust_netbios_name": null, "adtrust_reset_netbios_name": false, "ca_subject": "CN=Certificate Authority,O=TEST.LOCAL", "changed": true, "dns_ip_addresses": ["fec0::5054:ff:fe12:3456", "10.0.2.15"], "dns_reverse_zones": [], "forward_policy": "only", "forwarders": ["10.0.2.3"], "ip_addresses": ["fec0::5054:ff:fe12:3456", "10.0.2.15"], "no_dnssec_validation": true, "reverse_zones": [], "subject_base": "O=TEST.LOCAL"} TASK [ipaserver : Install - Setup NTP] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:196 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup DS] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:203 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup KRB] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:232 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup custodia] ************************************ task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:259 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup CA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:265 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "csr_generated": false} TASK [ipaserver : Copy /root/ipa.csr to "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2-ipa.csr"] *** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:306 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup otpd] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:315 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup HTTP] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:321 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup KRA] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:353 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Setup DNS] ***************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:364 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaserver : Install - Setup ADTRUST] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:381 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Set DS password] *********************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:396 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [Install - Setup client] ************************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:413 TASK [ipaclient : Import variables specific to distribution] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:4 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=/tmp/freeipa-repo/roles/ipaclient/vars/default.yml) => {"ansible_facts": {"ipaclient_packages": ["ipa-client", "python3-libselinux"]}, "ansible_included_var_files": ["/tmp/freeipa-repo/roles/ipaclient/vars/default.yml"], "ansible_loop_var": "item", "changed": false, "item": "/tmp/freeipa-repo/roles/ipaclient/vars/default.yml"} TASK [ipaclient : Install IPA client] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:12 included: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [ipaclient : Install - Ensure that IPA client packages are installed] ***** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:4 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install - Set ipaclient_servers] ***************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:10 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [Install - Set ipaclient_servers from cluster inventory] ****************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:15 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check that either principal or keytab is set] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:21 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Set default principal if no keytab is given] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:25 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"ipaadmin_principal": "admin"}, "changed": false} TASK [ipaclient : Install - IPA client test] *********************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:30 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"basedn": "dc=test,dc=local", "changed": false, "client_already_configured": false, "client_domain": "test.local", "dnsok": false, "domain": "test.local", "hostname": "ipaserver.test.local", "ipa_python_version": 40806, "kdc": "ipaserver.test.local", "ntp_pool": null, "ntp_servers": null, "realm": "TEST.LOCAL", "servers": ["ipaserver.test.local"], "sssd": true} TASK [ipaclient : Install - Cleanup leftover ccache] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:56 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Install - Configure NTP] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:61 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false} TASK [ipaclient : Install - Make sure One-Time Password is enabled if it's already defined] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:73 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Disable One-Time Password for on_master] *********** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:78 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Test if IPA client has working krb5.keytab] ******** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:83 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ca_crt_exists": true, "changed": false, "krb5_conf_ok": true, "krb5_keytab_ok": true, "ping_test_ok": false} TASK [ipaclient : Install - Disable One-Time Password for client with working krb5.keytab] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:93 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Keytab or password is required for getting otp] **** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:109 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Get One-Time Password for client enrollment] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:113 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Report error for OTP generation] ******************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:132 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {} TASK [ipaclient : Install - Store the previously obtained OTP] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:138 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Store predefined OTP in admin_password] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:147 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Install - Check if principal and keytab are set] ************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:163 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Check if one of password or keytabs are set] ******* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:167 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Purge TEST.LOCAL from host keytab] ***************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:175 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Backup and set hostname] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:188 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Join IPA] ****************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:193 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:215 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:220 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : fail] ******************************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:223 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure IPA default.conf] ************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:235 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure SSSD] ************************************ task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:244 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure krb5 for IPA realm] ********************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:266 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - IPA API calls for remaining enrollment parts] ****** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:280 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ca_enabled": true, "changed": true, "subject_base": "O=TEST.LOCAL"} TASK [ipaclient : Install - Fix IPA ca] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:288 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Create IPA NSS database] *************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:298 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ca_enabled_ra": true, "changed": true} TASK [ipaclient : Install - Configure SSH and SSHD] **************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:329 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure automount] ******************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:337 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaclient : Install - Configure firefox] ********************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:343 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaclient : Install - Configure NIS] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:349 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaclient : Install - Restore original admin password if overwritten by OTP] *** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:367 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false} TASK [ipaclient : Cleanup leftover ccache] ************************************* task path: /tmp/freeipa-repo/roles/ipaclient/tasks/install.yml:373 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "path": "/etc/ipa/.dns_ccache", "state": "absent"} TASK [ipaclient : Uninstall IPA client] **************************************** task path: /tmp/freeipa-repo/roles/ipaclient/tasks/main.yml:16 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} TASK [ipaserver : Install - Enable IPA] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:428 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true} TASK [ipaserver : Install - Cleanup root IPA cache] **************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:435 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "path": "/root/.ipa_cache", "state": "absent"} TASK [ipaserver : Install - Configure firewalld] ******************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:441 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["firewall-cmd", "--permanent", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.254395", "end": "2020-10-31 21:41:10.277919", "rc": 0, "start": "2020-10-31 21:41:10.023524", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Install - Configure firewalld runtime] *********************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:455 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["firewall-cmd", "--zone=", "--add-service=freeipa-ldap", "--add-service=freeipa-ldaps", "--add-service=dns", "--add-service=ntp"], "delta": "0:00:00.283477", "end": "2020-10-31 21:41:10.896088", "rc": 0, "start": "2020-10-31 21:41:10.612611", "stderr": "", "stderr_lines": [], "stdout": "success", "stdout_lines": ["success"]} TASK [ipaserver : Cleanup temporary files] ************************************* task path: /tmp/freeipa-repo/roles/ipaserver/tasks/install.yml:471 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=/etc/ipa/.tmp_pkcs12_dirsrv) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_dirsrv", "path": "/etc/ipa/.tmp_pkcs12_dirsrv", "state": "absent"} ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=/etc/ipa/.tmp_pkcs12_http) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_http", "path": "/etc/ipa/.tmp_pkcs12_http", "state": "absent"} ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=/etc/ipa/.tmp_pkcs12_pkinit) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/ipa/.tmp_pkcs12_pkinit", "path": "/etc/ipa/.tmp_pkcs12_pkinit", "state": "absent"} TASK [ipaserver : Uninstall IPA server] **************************************** task path: /tmp/freeipa-repo/roles/ipaserver/tasks/main.yml:16 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY [Issue IPA signed certificate] ******************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_basic_ipa.yml:8 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestamp": "Sat 2020-10-31 21:38:40 UTC", "ActiveEnterTimestampMonotonic": "270416881", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "dbus.socket network.target systemd-journald.socket sysinit.target basic.target dbus-broker.service syslog.target system.slice", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2020-10-31 21:38:40 UTC", "AssertTimestampMonotonic": "270405211", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "39561796000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2020-10-31 21:38:40 UTC", "ConditionTimestampMonotonic": "270405210", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "19811", "ExecMainStartTimestamp": "Sat 2020-10-31 21:38:40 UTC", "ExecMainStartTimestampMonotonic": "270406338", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2020-10-31 21:38:40 UTC", "InactiveExitTimestampMonotonic": "270406660", "InvocationID": "7cb9e01cd2ac4ddc94c04844e19f64d1", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "19811", "MemoryAccounting": "yes", "MemoryCurrent": "31285248", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2020-10-31 21:41:06 UTC", "StateChangeTimestampMonotonic": "416734127", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'ipaserver.test.local', 'principal': 'HTTP/ipaserver.test.local@TEST.LOCAL', 'ca': 'ipa'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "ipa", "dns": "ipaserver.test.local", "name": "mycert", "principal": "HTTP/ipaserver.test.local@TEST.LOCAL"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_basic_ipa.yml:21 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_basic_ipa.yml:51 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180484.6247227, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a3d993d36249b1c5d89e535ef6db22158da56d9a", "ctime": 1604180484.6217227, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 148148, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180484.6217227, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1854, "uid": 0, "version": "1118846370", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180483.3497226, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1e8c1605f83ef971092f26c45b0c6ffec0b277ae", "ctime": 1604180484.6217227, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 148146, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180484.6217227, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1696522347", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.224921", "end": "2020-10-31 21:41:36.526079", "rc": 0, "start": "2020-10-31 21:41:36.301158", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"TEST.LOCAL\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"ipaserver.test.local\"\n }\n ],\n \"extensions\": {\n \"authorityKeyIdentifier\": {\n \"value\": \"E5:4F:1F:03:F0:06:23:F7:16:5F:5D:52:35:EC:3E:71:3B:31:05:17\",\n \"critical\": false\n },\n \"authorityInfoAccess\": {\n \"value\": [\n {\n \"method\": \"OCSP\",\n \"location\": \"http://ipa-ca.test.local/ca/ocsp\"\n }\n ],\n \"critical\": false\n },\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\",\n \"data_encipherment\"\n ],\n \"critical\": true\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"cRLDistributionPoints\": {\n \"value\": [\n {\n \"full_name\": [\n \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"\n ],\n \"crl_issuer\": [\n {\n \"organizationName\": \"ipaca\",\n \"commonName\": \"Certificate Authority\"\n }\n ]\n }\n ],\n \"critical\": false\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"43:7B:5D:91:75:19:A0:61:22:BC:2C:08:B4:FE:AD:F1:73:E6:2C:92\",\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"ipaserver.test.local\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"59:4E:33:D2:A0:D4:0D:A1:AC:5D:19:AD:4F:4C:0B:F7:AC:87:D2:E8:49:6B:61:E0:96:63:6F:3B:3C:1B:1E:B5:C5:4C:6E:57:7E:E3:F3:10:6E:35:CE:BF:D6:23:B2:05:A9:9F:BF:CE:33:11:DB:06:FD:90:A7:7F:17:8C:E5:30:EE:18:2C:FF:B8:5F:D9:FA:3A:4F:46:DC:88:D5:72:AD:12:B7:82:AA:08:12:95:3F:62:8E:5B:5E:CA:63:0B:86:64:01:8E:92:CB:AB:C9:CD:34:29:01:84:58:64:F4:5B:F2:DA:9E:61:BF:F8:B4:70:BA:3D:D3:CD:48:DF:D8:75:6B:C5:84:CB:54:0D:89:C5:E0:D8:84:25:E5:8C:97:F9:5B:B3:72:22:38:1F:1D:7C:6D:12:AA:FC:E9:CD:56:1A:9A:78:38:8B:F3:77:D0:5A:80:04:EE:63:FE:D3:DC:68:84:C4:6E:3A:06:4A:26:5B:AC:55:2F:C0:E1:97:9D:2F:47:B2:92:03:66:5C:2A:3E:8E:E5:BF:9A:9B:33:C6:26:50:62:F9:A5:05:4D:64:AA:C9:47:82:49:63:6C:1F:03:7D:AE:8A:22:8E:07:C3:4B:20:60:AA:98:22:E9:0A:0C:03:C6:FA:7E:B0:2A:FD:F7:01:E3:E1:3E:36:39:8C:6F:3B:77:93:F0:FD:A2:D2:A7:79:8B:D2:DC:24:01:B3:95:5E:B5:19:52:E9:9B:A7:12:52:F9:83:25:9A:1E:FA:3C:42:80:75:46:D0:4D:47:89:78:C0:A8:81:2A:24:5C:44:D0:56:6C:03:07:74:22:16:20:64:75:87:E1:7E:16:5E:24:19:76:55:39:EA:A6:7D:8D:D7:1D:51:A1:E8:84:82:75:89:C4:BA:6E:21:35:2F:2E:91:EB:8C:15:19:1F:7D:46:5B:0C:EA:DB:42:80:A5:4C:02:70:1C:37:C1:07:3C:6F:15:3C:DA:74:EE:D3:29:57:15:67:4F:DA:99:B2:9E\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2022-11-01 21:41:24\",\n \"not_valid_before\": \"2020-10-31 21:41:24\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"TEST.LOCAL\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"ipaserver.test.local\"", " }", " ],", " \"extensions\": {", " \"authorityKeyIdentifier\": {", " \"value\": \"E5:4F:1F:03:F0:06:23:F7:16:5F:5D:52:35:EC:3E:71:3B:31:05:17\",", " \"critical\": false", " },", " \"authorityInfoAccess\": {", " \"value\": [", " {", " \"method\": \"OCSP\",", " \"location\": \"http://ipa-ca.test.local/ca/ocsp\"", " }", " ],", " \"critical\": false", " },", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\",", " \"data_encipherment\"", " ],", " \"critical\": true", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"cRLDistributionPoints\": {", " \"value\": [", " {", " \"full_name\": [", " \"http://ipa-ca.test.local/ipa/crl/MasterCRL.bin\"", " ],", " \"crl_issuer\": [", " {", " \"organizationName\": \"ipaca\",", " \"commonName\": \"Certificate Authority\"", " }", " ]", " }", " ],", " \"critical\": false", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"43:7B:5D:91:75:19:A0:61:22:BC:2C:08:B4:FE:AD:F1:73:E6:2C:92\",", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"ipaserver.test.local\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/ipaserver.test.local@TEST.LOCAL\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"59:4E:33:D2:A0:D4:0D:A1:AC:5D:19:AD:4F:4C:0B:F7:AC:87:D2:E8:49:6B:61:E0:96:63:6F:3B:3C:1B:1E:B5:C5:4C:6E:57:7E:E3:F3:10:6E:35:CE:BF:D6:23:B2:05:A9:9F:BF:CE:33:11:DB:06:FD:90:A7:7F:17:8C:E5:30:EE:18:2C:FF:B8:5F:D9:FA:3A:4F:46:DC:88:D5:72:AD:12:B7:82:AA:08:12:95:3F:62:8E:5B:5E:CA:63:0B:86:64:01:8E:92:CB:AB:C9:CD:34:29:01:84:58:64:F4:5B:F2:DA:9E:61:BF:F8:B4:70:BA:3D:D3:CD:48:DF:D8:75:6B:C5:84:CB:54:0D:89:C5:E0:D8:84:25:E5:8C:97:F9:5B:B3:72:22:38:1F:1D:7C:6D:12:AA:FC:E9:CD:56:1A:9A:78:38:8B:F3:77:D0:5A:80:04:EE:63:FE:D3:DC:68:84:C4:6E:3A:06:4A:26:5B:AC:55:2F:C0:E1:97:9D:2F:47:B2:92:03:66:5C:2A:3E:8E:E5:BF:9A:9B:33:C6:26:50:62:F9:A5:05:4D:64:AA:C9:47:82:49:63:6C:1F:03:7D:AE:8A:22:8E:07:C3:4B:20:60:AA:98:22:E9:0A:0C:03:C6:FA:7E:B0:2A:FD:F7:01:E3:E1:3E:36:39:8C:6F:3B:77:93:F0:FD:A2:D2:A7:79:8B:D2:DC:24:01:B3:95:5E:B5:19:52:E9:9B:A7:12:52:F9:83:25:9A:1E:FA:3C:42:80:75:46:D0:4D:47:89:78:C0:A8:81:2A:24:5C:44:D0:56:6C:03:07:74:22:16:20:64:75:87:E1:7E:16:5E:24:19:76:55:39:EA:A6:7D:8D:D7:1D:51:A1:E8:84:82:75:89:C4:BA:6E:21:35:2F:2E:91:EB:8C:15:19:1F:7D:46:5B:0C:EA:DB:42:80:A5:4C:02:70:1C:37:C1:07:3C:6F:15:3C:DA:74:EE:D3:29:57:15:67:4F:DA:99:B2:9E\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2022-11-01 21:41:24\",", " \"not_valid_before\": \"2020-10-31 21:41:24\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityInfoAccess": {"critical": false, "value": [{"location": "http://ipa-ca.test.local/ca/ocsp", "method": "OCSP"}]}, "authorityKeyIdentifier": {"critical": false, "value": "E5:4F:1F:03:F0:06:23:F7:16:5F:5D:52:35:EC:3E:71:3B:31:05:17"}, "cRLDistributionPoints": {"critical": false, "value": [{"crl_issuer": [{"commonName": "Certificate Authority", "organizationName": "ipaca"}], "full_name": ["http://ipa-ca.test.local/ipa/crl/MasterCRL.bin"]}]}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": true, "value": ["digital_signature", "content_commitment", "key_encipherment", "data_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "ipaserver.test.local"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/ipaserver.test.local@TEST.LOCAL"}]}, "subjectKeyIdentifier": {"critical": false, "value": "43:7B:5D:91:75:19:A0:61:22:BC:2C:08:B4:FE:AD:F1:73:E6:2C:92"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "59:4E:33:D2:A0:D4:0D:A1:AC:5D:19:AD:4F:4C:0B:F7:AC:87:D2:E8:49:6B:61:E0:96:63:6F:3B:3C:1B:1E:B5:C5:4C:6E:57:7E:E3:F3:10:6E:35:CE:BF:D6:23:B2:05:A9:9F:BF:CE:33:11:DB:06:FD:90:A7:7F:17:8C:E5:30:EE:18:2C:FF:B8:5F:D9:FA:3A:4F:46:DC:88:D5:72:AD:12:B7:82:AA:08:12:95:3F:62:8E:5B:5E:CA:63:0B:86:64:01:8E:92:CB:AB:C9:CD:34:29:01:84:58:64:F4:5B:F2:DA:9E:61:BF:F8:B4:70:BA:3D:D3:CD:48:DF:D8:75:6B:C5:84:CB:54:0D:89:C5:E0:D8:84:25:E5:8C:97:F9:5B:B3:72:22:38:1F:1D:7C:6D:12:AA:FC:E9:CD:56:1A:9A:78:38:8B:F3:77:D0:5A:80:04:EE:63:FE:D3:DC:68:84:C4:6E:3A:06:4A:26:5B:AC:55:2F:C0:E1:97:9D:2F:47:B2:92:03:66:5C:2A:3E:8E:E5:BF:9A:9B:33:C6:26:50:62:F9:A5:05:4D:64:AA:C9:47:82:49:63:6C:1F:03:7D:AE:8A:22:8E:07:C3:4B:20:60:AA:98:22:E9:0A:0C:03:C6:FA:7E:B0:2A:FD:F7:01:E3:E1:3E:36:39:8C:6F:3B:77:93:F0:FD:A2:D2:A7:79:8B:D2:DC:24:01:B3:95:5E:B5:19:52:E9:9B:A7:12:52:F9:83:25:9A:1E:FA:3C:42:80:75:46:D0:4D:47:89:78:C0:A8:81:2A:24:5C:44:D0:56:6C:03:07:74:22:16:20:64:75:87:E1:7E:16:5E:24:19:76:55:39:EA:A6:7D:8D:D7:1D:51:A1:E8:84:82:75:89:C4:BA:6E:21:35:2F:2E:91:EB:8C:15:19:1F:7D:46:5B:0C:EA:DB:42:80:A5:4C:02:70:1C:37:C1:07:3C:6F:15:3C:DA:74:EE:D3:29:57:15:67:4F:DA:99:B2:9E"}, "subject": [{"name": "organizationName", "oid": "2.5.4.10", "value": "TEST.LOCAL"}, {"name": "commonName", "oid": "2.5.4.3", "value": "ipaserver.test.local"}], "validity": {"not_valid_after": "2022-11-01 21:41:24", "not_valid_before": "2020-10-31 21:41:24"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.045359", "end": "2020-10-31 21:41:37.021308", "rc": 0, "start": "2020-10-31 21:41:36.975949", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=74 changed=31 unreachable=0 failed=0 skipped=35 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_basic_self_signed.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_basic_self_signed.yml ****************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_basic_self_signed.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_basic_self_signed.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket network.target syslog.target basic.target systemd-journald.socket dbus-broker.service sysinit.target system.slice", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_basic_self_signed.yml:13 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_basic_self_signed.yml:27 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: six, pycparser, cffi, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: six, pycparser, cffi, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180559.326164, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b11787c7627418c63b0c3f24eac94bb73acc6122", "ctime": 1604180559.324164, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180559.324164, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "3262485402", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180559.282164, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9f11e0391816e5a53789d7569dbb214a3e502941", "ctime": 1604180559.324164, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180559.324164, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2286930983", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.197855", "end": "2020-10-31 21:42:51.437291", "rc": 0, "start": "2020-10-31 21:42:51.239436", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"C1:4A:2A:61:6F:53:A6:6D:59:7A:9A:57:72:3A:0D:DD:BC:E4:B5:18\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"7E:DE:44:FF:04:9A:1F:74:DF:6E:D5:AA:1D:5A:6A:26:ED:C4:89:E6\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"99:40:15:DD:A8:4C:C9:12:77:12:E7:19:C0:C8:99:49:81:E3:84:73:86:8C:3C:CA:69:97:FF:7B:F3:D4:FB:D4:32:E5:28:52:A4:9F:0F:77:CB:BA:4F:DD:FD:FC:41:98:11:31:98:81:23:24:23:D6:93:5C:B3:C8:65:20:BA:4B:97:B2:3B:99:49:79:D3:AC:AD:EA:5D:8C:CF:B3:01:79:15:BB:A5:53:76:6D:8F:63:C1:3A:8E:0D:2A:A8:C5:85:5E:17:DE:FA:B7:87:5F:4B:2E:FA:99:D3:2F:45:4F:E6:32:6F:DB:AB:2E:49:DF:B6:E9:30:64:76:00:EB:CE:34:D5:D0:C6:C7:A9:2D:75:21:21:8C:FC:9D:52:31:DA:3C:D9:A9:F7:A2:B5:21:45:A8:56:B1:AE:95:DA:C0:36:4B:7F:97:C5:70:AC:0E:74:A0:1B:8F:85:90:70:97:09:5C:94:E5:E7:0F:48:28:E0:90:39:2C:66:EC:A0:C5:4A:00:F9:CF:66:3D:F8:C1:DE:BA:3E:A3:8D:F2:FE:FC:C3:BB:C7:6C:CE:AA:0F:25:20:2E:81:F5:17:19:49:27:D0:12:30:D4:C2:9C:61:7C:AD:5E:C3:2A:A2:FD:A0:37:2D:B4:65:16:CC:A0:4B:CB:45:62:88:8D:28:00:A1:83:5A:69\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:42:38\",\n \"not_valid_before\": \"2020-10-31 21:42:39\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"C1:4A:2A:61:6F:53:A6:6D:59:7A:9A:57:72:3A:0D:DD:BC:E4:B5:18\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"7E:DE:44:FF:04:9A:1F:74:DF:6E:D5:AA:1D:5A:6A:26:ED:C4:89:E6\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"99:40:15:DD:A8:4C:C9:12:77:12:E7:19:C0:C8:99:49:81:E3:84:73:86:8C:3C:CA:69:97:FF:7B:F3:D4:FB:D4:32:E5:28:52:A4:9F:0F:77:CB:BA:4F:DD:FD:FC:41:98:11:31:98:81:23:24:23:D6:93:5C:B3:C8:65:20:BA:4B:97:B2:3B:99:49:79:D3:AC:AD:EA:5D:8C:CF:B3:01:79:15:BB:A5:53:76:6D:8F:63:C1:3A:8E:0D:2A:A8:C5:85:5E:17:DE:FA:B7:87:5F:4B:2E:FA:99:D3:2F:45:4F:E6:32:6F:DB:AB:2E:49:DF:B6:E9:30:64:76:00:EB:CE:34:D5:D0:C6:C7:A9:2D:75:21:21:8C:FC:9D:52:31:DA:3C:D9:A9:F7:A2:B5:21:45:A8:56:B1:AE:95:DA:C0:36:4B:7F:97:C5:70:AC:0E:74:A0:1B:8F:85:90:70:97:09:5C:94:E5:E7:0F:48:28:E0:90:39:2C:66:EC:A0:C5:4A:00:F9:CF:66:3D:F8:C1:DE:BA:3E:A3:8D:F2:FE:FC:C3:BB:C7:6C:CE:AA:0F:25:20:2E:81:F5:17:19:49:27:D0:12:30:D4:C2:9C:61:7C:AD:5E:C3:2A:A2:FD:A0:37:2D:B4:65:16:CC:A0:4B:CB:45:62:88:8D:28:00:A1:83:5A:69\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:42:38\",", " \"not_valid_before\": \"2020-10-31 21:42:39\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "7E:DE:44:FF:04:9A:1F:74:DF:6E:D5:AA:1D:5A:6A:26:ED:C4:89:E6"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "C1:4A:2A:61:6F:53:A6:6D:59:7A:9A:57:72:3A:0D:DD:BC:E4:B5:18"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "99:40:15:DD:A8:4C:C9:12:77:12:E7:19:C0:C8:99:49:81:E3:84:73:86:8C:3C:CA:69:97:FF:7B:F3:D4:FB:D4:32:E5:28:52:A4:9F:0F:77:CB:BA:4F:DD:FD:FC:41:98:11:31:98:81:23:24:23:D6:93:5C:B3:C8:65:20:BA:4B:97:B2:3B:99:49:79:D3:AC:AD:EA:5D:8C:CF:B3:01:79:15:BB:A5:53:76:6D:8F:63:C1:3A:8E:0D:2A:A8:C5:85:5E:17:DE:FA:B7:87:5F:4B:2E:FA:99:D3:2F:45:4F:E6:32:6F:DB:AB:2E:49:DF:B6:E9:30:64:76:00:EB:CE:34:D5:D0:C6:C7:A9:2D:75:21:21:8C:FC:9D:52:31:DA:3C:D9:A9:F7:A2:B5:21:45:A8:56:B1:AE:95:DA:C0:36:4B:7F:97:C5:70:AC:0E:74:A0:1B:8F:85:90:70:97:09:5C:94:E5:E7:0F:48:28:E0:90:39:2C:66:EC:A0:C5:4A:00:F9:CF:66:3D:F8:C1:DE:BA:3E:A3:8D:F2:FE:FC:C3:BB:C7:6C:CE:AA:0F:25:20:2E:81:F5:17:19:49:27:D0:12:30:D4:C2:9C:61:7C:AD:5E:C3:2A:A2:FD:A0:37:2D:B4:65:16:CC:A0:4B:CB:45:62:88:8D:28:00:A1:83:5A:69"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:42:38", "not_valid_before": "2020-10-31 21:42:39"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037976", "end": "2020-10-31 21:42:52.005341", "rc": 0, "start": "2020-10-31 21:42:51.967365", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=29 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_default.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_default.yml **************************************************** 1 plays in /tmp/tmpihz7fk_9/tests/tests_default.yml PLAY [Ensure that the role runs with default parameters] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_default.yml:3 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=4 changed=0 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_dns_ip_email.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_dns_ip_email.yml *********************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_dns_ip_email.yml PLAY [Issue certificate with dns, ip and email in SAN] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_dns_ip_email.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target basic.target systemd-journald.socket network.target dbus.socket dbus-broker.service sysinit.target system.slice", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'common_name': 'My Certificate with SAN', 'dns': ['sub1.example.com', 'www.example.com', 'sub2.example.com', 'sub3.example.com'], 'ip': ['192.0.2.12', '198.51.100.65', '2001:db8::2:1'], 'email': ['sysadmin@example.com', 'support@example.com'], 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "My Certificate with SAN", "dns": ["sub1.example.com", "www.example.com", "sub2.example.com", "sub3.example.com"], "email": ["sysadmin@example.com", "support@example.com"], "ip": ["192.0.2.12", "198.51.100.65", "2001:db8::2:1"], "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_dns_ip_email.yml:24 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_dns_ip_email.yml:54 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: six, pycparser, cffi, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: six, pycparser, cffi, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180696.6768773, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "09f87b0faf21ea459b33a7950b341e52bbe11f3d", "ctime": 1604180696.6748772, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180696.6748772, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1501, "uid": 0, "version": "1969624826", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180696.6308773, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "f9042590df21cbfea900a49d19fb0af4ad7e2c7f", "ctime": 1604180696.6748772, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180696.6748772, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "2051663524", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.202502", "end": "2020-10-31 21:45:08.853072", "rc": 0, "start": "2020-10-31 21:45:08.650570", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"My Certificate with SAN\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"sub1.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"sub2.example.com\"\n },\n {\n \"name\": \"DNS\",\n \"value\": \"sub3.example.com\"\n },\n {\n \"name\": \"email\",\n \"value\": \"sysadmin@example.com\"\n },\n {\n \"name\": \"email\",\n \"value\": \"support@example.com\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"192.0.2.12\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"198.51.100.65\"\n },\n {\n \"name\": \"IP Address\",\n \"value\": \"2001:db8::2:1\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"C7:5A:41:1A:D7:8A:8F:89:F6:1D:C8:BA:C1:09:B1:21:DF:07:F3:0A\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"2F:79:2E:1B:A4:50:5A:4C:62:3F:47:14:D6:CF:41:64:22:09:9C:DA\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"38:22:16:34:DC:AA:05:53:71:84:9F:A4:53:4F:21:67:45:3B:11:4B:75:A1:35:99:C7:74:34:6C:A0:B9:66:55:F1:9C:AE:E9:35:75:AE:ED:E7:3C:6F:A2:7B:6F:84:29:B9:A8:4A:23:E0:40:59:27:38:E4:68:C7:B8:F4:FB:59:03:DD:74:73:B1:B8:7E:47:62:72:C3:3E:95:01:07:CB:E7:A2:7B:46:9D:A2:1E:B6:AA:3A:61:02:19:F4:ED:83:5A:BF:4A:86:93:DE:FF:4B:1F:19:C8:58:AA:D7:BA:1C:DD:4E:4C:92:51:8F:13:A3:8C:FA:B6:1A:86:1B:AC:C5:C5:B6:C6:47:64:7C:6B:88:25:77:9F:37:9B:F3:81:2E:1D:D5:B8:91:3B:D5:CE:2A:03:8B:B9:1B:E5:40:BE:F7:9C:98:57:4F:11:54:68:3E:BB:BA:FC:2A:C8:E6:60:82:98:9B:D8:13:27:2A:F4:A9:B3:B7:94:D1:B0:DA:01:2E:52:10:09:2E:AB:71:8A:8B:ED:F7:E6:FE:BE:FB:AA:E0:22:CB:3A:74:1A:4C:8D:23:54:D1:CE:ED:42:77:72:7F:83:BE:51:A9:CE:A6:5F:C6:AD:90:7C:FE:38:5E:ED:3D:5D:B6:44:FB:A9:C6:C0:CE:69:55:41:49:E7:48:E6:73\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:44:56\",\n \"not_valid_before\": \"2020-10-31 21:44:56\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"My Certificate with SAN\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"sub1.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"sub2.example.com\"", " },", " {", " \"name\": \"DNS\",", " \"value\": \"sub3.example.com\"", " },", " {", " \"name\": \"email\",", " \"value\": \"sysadmin@example.com\"", " },", " {", " \"name\": \"email\",", " \"value\": \"support@example.com\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"192.0.2.12\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"198.51.100.65\"", " },", " {", " \"name\": \"IP Address\",", " \"value\": \"2001:db8::2:1\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"C7:5A:41:1A:D7:8A:8F:89:F6:1D:C8:BA:C1:09:B1:21:DF:07:F3:0A\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"2F:79:2E:1B:A4:50:5A:4C:62:3F:47:14:D6:CF:41:64:22:09:9C:DA\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"38:22:16:34:DC:AA:05:53:71:84:9F:A4:53:4F:21:67:45:3B:11:4B:75:A1:35:99:C7:74:34:6C:A0:B9:66:55:F1:9C:AE:E9:35:75:AE:ED:E7:3C:6F:A2:7B:6F:84:29:B9:A8:4A:23:E0:40:59:27:38:E4:68:C7:B8:F4:FB:59:03:DD:74:73:B1:B8:7E:47:62:72:C3:3E:95:01:07:CB:E7:A2:7B:46:9D:A2:1E:B6:AA:3A:61:02:19:F4:ED:83:5A:BF:4A:86:93:DE:FF:4B:1F:19:C8:58:AA:D7:BA:1C:DD:4E:4C:92:51:8F:13:A3:8C:FA:B6:1A:86:1B:AC:C5:C5:B6:C6:47:64:7C:6B:88:25:77:9F:37:9B:F3:81:2E:1D:D5:B8:91:3B:D5:CE:2A:03:8B:B9:1B:E5:40:BE:F7:9C:98:57:4F:11:54:68:3E:BB:BA:FC:2A:C8:E6:60:82:98:9B:D8:13:27:2A:F4:A9:B3:B7:94:D1:B0:DA:01:2E:52:10:09:2E:AB:71:8A:8B:ED:F7:E6:FE:BE:FB:AA:E0:22:CB:3A:74:1A:4C:8D:23:54:D1:CE:ED:42:77:72:7F:83:BE:51:A9:CE:A6:5F:C6:AD:90:7C:FE:38:5E:ED:3D:5D:B6:44:FB:A9:C6:C0:CE:69:55:41:49:E7:48:E6:73\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:44:56\",", " \"not_valid_before\": \"2020-10-31 21:44:56\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "2F:79:2E:1B:A4:50:5A:4C:62:3F:47:14:D6:CF:41:64:22:09:9C:DA"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "sub1.example.com"}, {"name": "DNS", "value": "www.example.com"}, {"name": "DNS", "value": "sub2.example.com"}, {"name": "DNS", "value": "sub3.example.com"}, {"name": "email", "value": "sysadmin@example.com"}, {"name": "email", "value": "support@example.com"}, {"name": "IP Address", "value": "192.0.2.12"}, {"name": "IP Address", "value": "198.51.100.65"}, {"name": "IP Address", "value": "2001:db8::2:1"}]}, "subjectKeyIdentifier": {"critical": false, "value": "C7:5A:41:1A:D7:8A:8F:89:F6:1D:C8:BA:C1:09:B1:21:DF:07:F3:0A"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "38:22:16:34:DC:AA:05:53:71:84:9F:A4:53:4F:21:67:45:3B:11:4B:75:A1:35:99:C7:74:34:6C:A0:B9:66:55:F1:9C:AE:E9:35:75:AE:ED:E7:3C:6F:A2:7B:6F:84:29:B9:A8:4A:23:E0:40:59:27:38:E4:68:C7:B8:F4:FB:59:03:DD:74:73:B1:B8:7E:47:62:72:C3:3E:95:01:07:CB:E7:A2:7B:46:9D:A2:1E:B6:AA:3A:61:02:19:F4:ED:83:5A:BF:4A:86:93:DE:FF:4B:1F:19:C8:58:AA:D7:BA:1C:DD:4E:4C:92:51:8F:13:A3:8C:FA:B6:1A:86:1B:AC:C5:C5:B6:C6:47:64:7C:6B:88:25:77:9F:37:9B:F3:81:2E:1D:D5:B8:91:3B:D5:CE:2A:03:8B:B9:1B:E5:40:BE:F7:9C:98:57:4F:11:54:68:3E:BB:BA:FC:2A:C8:E6:60:82:98:9B:D8:13:27:2A:F4:A9:B3:B7:94:D1:B0:DA:01:2E:52:10:09:2E:AB:71:8A:8B:ED:F7:E6:FE:BE:FB:AA:E0:22:CB:3A:74:1A:4C:8D:23:54:D1:CE:ED:42:77:72:7F:83:BE:51:A9:CE:A6:5F:C6:AD:90:7C:FE:38:5E:ED:3D:5D:B6:44:FB:A9:C6:C0:CE:69:55:41:49:E7:48:E6:73"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "My Certificate with SAN"}], "validity": {"not_valid_after": "2021-10-31 21:44:56", "not_valid_before": "2020-10-31 21:44:56"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038068", "end": "2020-10-31 21:45:09.441295", "rc": 0, "start": "2020-10-31 21:45:09.403227", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=29 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_fs_attrs.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_fs_attrs.yml *************************************************** 3 plays in /tmp/tmpihz7fk_9/tests/tests_fs_attrs.yml PLAY [Ensure UID and GID exists] *********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_fs_attrs.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Ensure user exists] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tests_fs_attrs.yml:5 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "comment": "", "create_home": true, "group": 1040, "home": "/home/user1", "name": "user1", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1040} TASK [Ensure group "somegroup" exists] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tests_fs_attrs.yml:9 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "gid": 1041, "name": "somegroup", "state": "present", "system": false} META: ran handlers META: ran handlers PLAY [Issue certificate setting user/group] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_fs_attrs.yml:13 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus-broker.service system.slice basic.target syslog.target systemd-journald.socket dbus.socket sysinit.target", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'owner': 'ftp', 'group': 'ftp', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "group": "ftp", "name": "mycert", "owner": "ftp"}, "msg": "Certificate requested (new). File attributes updated."} changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'certid', 'dns': 'www.example.com', 'owner': 1040, 'group': 1041, 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "group": 1041, "name": "certid", "owner": 1040}, "msg": "Certificate requested (new). File attributes updated."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_fs_attrs.yml:31 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_fs_attrs.yml:58 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180779.391091, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "5191540c9f1018d17704b1a0605c06805b045068", "ctime": 1604180779.467091, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 131718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180779.3890913, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 14, "version": "3719769832", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180779.3480911, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ba6b9fbb3695600716c61a80f853f8d9b85ded31", "ctime": 1604180779.4680912, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 50, "gr_name": "ftp", "inode": 131692, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180779.3890913, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "ftp", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 14, "version": "607533258", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.219486", "end": "2020-10-31 21:46:32.137198", "rc": 0, "start": "2020-10-31 21:46:31.917712", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"BA:7F:F0:71:6E:62:E5:FF:FC:94:35:5B:59:01:86:0D:94:E2:B7:E3\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"72:7B:FE:6B:0C:D4:7E:4B:FA:E1:66:D5:9B:F0:B3:10:53:21:B2:AC\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"48:E6:B1:CE:68:B7:E6:5C:D9:CB:51:B1:11:3D:49:62:64:7E:71:DE:0B:25:64:CC:24:F5:2F:CE:18:CB:6F:24:06:CE:55:B9:51:C4:A5:62:21:03:64:A7:59:FF:85:9E:A1:B9:8E:CD:F2:84:A2:09:8C:B2:DB:B2:97:AE:28:DC:A1:2D:46:89:36:EC:57:C8:DF:4F:CA:19:35:10:43:43:82:64:AD:A0:6C:52:53:20:8D:F4:A7:A6:E2:F5:5A:B7:A6:6E:42:7E:62:74:2F:99:D1:56:58:AF:DD:E4:F2:B4:A5:CB:8F:55:93:58:CD:2F:99:17:A0:41:D0:BE:31:EA:24:60:D8:E5:71:48:FF:EA:E7:BB:0A:E7:B7:40:86:46:39:86:A6:83:5A:41:02:08:9D:1C:E6:6F:26:3C:24:6B:DC:09:61:1D:37:0C:7C:C6:53:A1:DF:A7:78:5E:3A:C2:04:A3:22:97:52:74:B5:C0:B5:EB:5F:82:6D:0F:65:B3:90:AF:17:75:D7:E3:C8:AD:E0:F6:11:0C:D5:20:DE:C7:17:CA:FC:79:6A:6C:DF:C9:0A:2A:10:41:82:9E:A9:73:F7:3D:5C:1D:ED:8F:67:AF:31:27:DD:BA:A9:E9:2C:1D:9D:9B:3A:AF:46:63:10:77:B1:BB:6B:F8:7A:49:C4:52\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:46:18\",\n \"not_valid_before\": \"2020-10-31 21:46:19\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"BA:7F:F0:71:6E:62:E5:FF:FC:94:35:5B:59:01:86:0D:94:E2:B7:E3\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"72:7B:FE:6B:0C:D4:7E:4B:FA:E1:66:D5:9B:F0:B3:10:53:21:B2:AC\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"48:E6:B1:CE:68:B7:E6:5C:D9:CB:51:B1:11:3D:49:62:64:7E:71:DE:0B:25:64:CC:24:F5:2F:CE:18:CB:6F:24:06:CE:55:B9:51:C4:A5:62:21:03:64:A7:59:FF:85:9E:A1:B9:8E:CD:F2:84:A2:09:8C:B2:DB:B2:97:AE:28:DC:A1:2D:46:89:36:EC:57:C8:DF:4F:CA:19:35:10:43:43:82:64:AD:A0:6C:52:53:20:8D:F4:A7:A6:E2:F5:5A:B7:A6:6E:42:7E:62:74:2F:99:D1:56:58:AF:DD:E4:F2:B4:A5:CB:8F:55:93:58:CD:2F:99:17:A0:41:D0:BE:31:EA:24:60:D8:E5:71:48:FF:EA:E7:BB:0A:E7:B7:40:86:46:39:86:A6:83:5A:41:02:08:9D:1C:E6:6F:26:3C:24:6B:DC:09:61:1D:37:0C:7C:C6:53:A1:DF:A7:78:5E:3A:C2:04:A3:22:97:52:74:B5:C0:B5:EB:5F:82:6D:0F:65:B3:90:AF:17:75:D7:E3:C8:AD:E0:F6:11:0C:D5:20:DE:C7:17:CA:FC:79:6A:6C:DF:C9:0A:2A:10:41:82:9E:A9:73:F7:3D:5C:1D:ED:8F:67:AF:31:27:DD:BA:A9:E9:2C:1D:9D:9B:3A:AF:46:63:10:77:B1:BB:6B:F8:7A:49:C4:52\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:46:18\",", " \"not_valid_before\": \"2020-10-31 21:46:19\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "72:7B:FE:6B:0C:D4:7E:4B:FA:E1:66:D5:9B:F0:B3:10:53:21:B2:AC"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "BA:7F:F0:71:6E:62:E5:FF:FC:94:35:5B:59:01:86:0D:94:E2:B7:E3"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "48:E6:B1:CE:68:B7:E6:5C:D9:CB:51:B1:11:3D:49:62:64:7E:71:DE:0B:25:64:CC:24:F5:2F:CE:18:CB:6F:24:06:CE:55:B9:51:C4:A5:62:21:03:64:A7:59:FF:85:9E:A1:B9:8E:CD:F2:84:A2:09:8C:B2:DB:B2:97:AE:28:DC:A1:2D:46:89:36:EC:57:C8:DF:4F:CA:19:35:10:43:43:82:64:AD:A0:6C:52:53:20:8D:F4:A7:A6:E2:F5:5A:B7:A6:6E:42:7E:62:74:2F:99:D1:56:58:AF:DD:E4:F2:B4:A5:CB:8F:55:93:58:CD:2F:99:17:A0:41:D0:BE:31:EA:24:60:D8:E5:71:48:FF:EA:E7:BB:0A:E7:B7:40:86:46:39:86:A6:83:5A:41:02:08:9D:1C:E6:6F:26:3C:24:6B:DC:09:61:1D:37:0C:7C:C6:53:A1:DF:A7:78:5E:3A:C2:04:A3:22:97:52:74:B5:C0:B5:EB:5F:82:6D:0F:65:B3:90:AF:17:75:D7:E3:C8:AD:E0:F6:11:0C:D5:20:DE:C7:17:CA:FC:79:6A:6C:DF:C9:0A:2A:10:41:82:9E:A9:73:F7:3D:5C:1D:ED:8F:67:AF:31:27:DD:BA:A9:E9:2C:1D:9D:9B:3A:AF:46:63:10:77:B1:BB:6B:F8:7A:49:C4:52"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:46:18", "not_valid_before": "2020-10-31 21:46:19"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039076", "end": "2020-10-31 21:46:32.729377", "rc": 0, "start": "2020-10-31 21:46:32.690301", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.7/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (3.2.1)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (5.3.1)\nRequirement already satisfied: six>=1.4.1 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.15.0)\nRequirement already satisfied: cffi!=1.11.3,>=1.8 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.14.3)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.7/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (3.2.1)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (5.3.1)", "Requirement already satisfied: six>=1.4.1 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.15.0)", "Requirement already satisfied: cffi!=1.11.3,>=1.8 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.14.3)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180780.0750911, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "4e89d77a469e8920bc6558f923c2db6c61da0872", "ctime": 1604180780.1340911, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 131720, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180780.0730913, "nlink": 1, "path": "/etc/pki/tls/certs/certid.crt", "pw_name": "user1", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 1040, "version": "3044609430", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180780.0320911, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "de5b5c39ec276da1e28c63cbe4815f1e67659016", "ctime": 1604180780.1340911, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 1041, "gr_name": "somegroup", "inode": 131719, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180780.0730913, "nlink": 1, "path": "/etc/pki/tls/private/certid.key", "pw_name": "user1", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 1040, "version": "2820336614", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/certid.crt"], "delta": "0:00:00.199385", "end": "2020-10-31 21:46:39.349003", "rc": 0, "start": "2020-10-31 21:46:39.149618", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"2A:B3:6B:93:F0:17:7C:B5:DB:1A:14:A6:86:77:75:F7:3F:EC:78:7B\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"72:7B:FE:6B:0C:D4:7E:4B:FA:E1:66:D5:9B:F0:B3:10:53:21:B2:AC\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"AC:89:1F:2C:55:18:82:46:7D:20:8F:B3:FE:68:D6:59:90:A0:E1:51:F3:C8:03:62:FB:0C:9C:DF:A7:F6:E1:3F:74:C8:5B:84:57:6A:E3:E0:84:24:DA:E3:A4:82:42:E5:F6:01:90:F4:A9:A3:AE:AE:E8:4D:85:15:FA:1B:AD:FB:29:55:76:84:86:4C:6A:24:4C:FB:CE:1F:1B:F0:38:85:DF:E9:4F:21:7D:CB:65:BE:22:F9:0C:5E:D6:B2:B5:5E:B3:FD:28:3C:6C:EF:CB:83:A9:DC:5A:5B:5D:0B:27:AE:E2:73:C4:2A:57:C1:2B:7F:E3:EB:AA:06:33:14:3A:17:14:60:B3:15:82:AD:42:A0:BC:E7:34:DB:D7:75:E3:50:4A:A5:D8:F8:8F:1F:E8:0C:12:01:BA:8E:9A:E5:DA:22:AC:2E:B7:91:5C:52:22:23:DA:E5:6F:41:D0:C2:7D:13:0B:2E:CB:B2:EA:BA:67:FE:88:5A:8E:4D:13:2C:46:80:20:43:49:4C:92:4A:64:22:FE:90:DB:B9:A1:33:CD:8C:F8:48:BF:15:F5:AC:B3:5F:91:28:17:3C:65:1B:20:72:4D:DF:A1:DA:92:F2:C2:25:A6:9F:E7:55:36:FF:4B:BF:5D:D6:92:BF:AB:A8:2F:A8:52:E3:C4:98:0E:26:BB:51\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:46:18\",\n \"not_valid_before\": \"2020-10-31 21:46:20\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"2A:B3:6B:93:F0:17:7C:B5:DB:1A:14:A6:86:77:75:F7:3F:EC:78:7B\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"72:7B:FE:6B:0C:D4:7E:4B:FA:E1:66:D5:9B:F0:B3:10:53:21:B2:AC\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"AC:89:1F:2C:55:18:82:46:7D:20:8F:B3:FE:68:D6:59:90:A0:E1:51:F3:C8:03:62:FB:0C:9C:DF:A7:F6:E1:3F:74:C8:5B:84:57:6A:E3:E0:84:24:DA:E3:A4:82:42:E5:F6:01:90:F4:A9:A3:AE:AE:E8:4D:85:15:FA:1B:AD:FB:29:55:76:84:86:4C:6A:24:4C:FB:CE:1F:1B:F0:38:85:DF:E9:4F:21:7D:CB:65:BE:22:F9:0C:5E:D6:B2:B5:5E:B3:FD:28:3C:6C:EF:CB:83:A9:DC:5A:5B:5D:0B:27:AE:E2:73:C4:2A:57:C1:2B:7F:E3:EB:AA:06:33:14:3A:17:14:60:B3:15:82:AD:42:A0:BC:E7:34:DB:D7:75:E3:50:4A:A5:D8:F8:8F:1F:E8:0C:12:01:BA:8E:9A:E5:DA:22:AC:2E:B7:91:5C:52:22:23:DA:E5:6F:41:D0:C2:7D:13:0B:2E:CB:B2:EA:BA:67:FE:88:5A:8E:4D:13:2C:46:80:20:43:49:4C:92:4A:64:22:FE:90:DB:B9:A1:33:CD:8C:F8:48:BF:15:F5:AC:B3:5F:91:28:17:3C:65:1B:20:72:4D:DF:A1:DA:92:F2:C2:25:A6:9F:E7:55:36:FF:4B:BF:5D:D6:92:BF:AB:A8:2F:A8:52:E3:C4:98:0E:26:BB:51\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:46:18\",", " \"not_valid_before\": \"2020-10-31 21:46:20\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "72:7B:FE:6B:0C:D4:7E:4B:FA:E1:66:D5:9B:F0:B3:10:53:21:B2:AC"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "2A:B3:6B:93:F0:17:7C:B5:DB:1A:14:A6:86:77:75:F7:3F:EC:78:7B"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "AC:89:1F:2C:55:18:82:46:7D:20:8F:B3:FE:68:D6:59:90:A0:E1:51:F3:C8:03:62:FB:0C:9C:DF:A7:F6:E1:3F:74:C8:5B:84:57:6A:E3:E0:84:24:DA:E3:A4:82:42:E5:F6:01:90:F4:A9:A3:AE:AE:E8:4D:85:15:FA:1B:AD:FB:29:55:76:84:86:4C:6A:24:4C:FB:CE:1F:1B:F0:38:85:DF:E9:4F:21:7D:CB:65:BE:22:F9:0C:5E:D6:B2:B5:5E:B3:FD:28:3C:6C:EF:CB:83:A9:DC:5A:5B:5D:0B:27:AE:E2:73:C4:2A:57:C1:2B:7F:E3:EB:AA:06:33:14:3A:17:14:60:B3:15:82:AD:42:A0:BC:E7:34:DB:D7:75:E3:50:4A:A5:D8:F8:8F:1F:E8:0C:12:01:BA:8E:9A:E5:DA:22:AC:2E:B7:91:5C:52:22:23:DA:E5:6F:41:D0:C2:7D:13:0B:2E:CB:B2:EA:BA:67:FE:88:5A:8E:4D:13:2C:46:80:20:43:49:4C:92:4A:64:22:FE:90:DB:B9:A1:33:CD:8C:F8:48:BF:15:F5:AC:B3:5F:91:28:17:3C:65:1B:20:72:4D:DF:A1:DA:92:F2:C2:25:A6:9F:E7:55:36:FF:4B:BF:5D:D6:92:BF:AB:A8:2F:A8:52:E3:C4:98:0E:26:BB:51"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:46:18", "not_valid_before": "2020-10-31 21:46:20"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/certid.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038381", "end": "2020-10-31 21:46:39.992644", "rc": 0, "start": "2020-10-31 21:46:39.954263", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=51 changed=8 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_include_vars_from_parent.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_include_vars_from_parent.yml *********************************** 1 plays in /tmp/tmpihz7fk_9/tests/tests_include_vars_from_parent.yml PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_include_vars_from_parent.yml:1 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [create var file in caller that can override the one in called role] ****** task path: /tmp/tmpihz7fk_9/tests/tests_include_vars_from_parent.yml:3 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=Fedora-31) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpihz7fk_9/tests/roles/caller/vars/Fedora-31.yml", "gid": 0, "group": "root", "item": "Fedora-31", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0644", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1604180814.6749296-171009-139128952505946/source", "state": "file", "uid": 0} changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=Fedora_31) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpihz7fk_9/tests/roles/caller/vars/Fedora_31.yml", "gid": 0, "group": "root", "item": "Fedora_31", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0644", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1604180815.2362955-171009-263739551611028/source", "state": "file", "uid": 0} changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=Fedora) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpihz7fk_9/tests/roles/caller/vars/Fedora.yml", "gid": 0, "group": "root", "item": "Fedora", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0644", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1604180815.5466669-171009-12277940947052/source", "state": "file", "uid": 0} changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=RedHat) => {"ansible_loop_var": "item", "changed": true, "checksum": "870b2314d3f4184a363b31373f07abb444f26444", "dest": "/tmp/tmpihz7fk_9/tests/roles/caller/vars/RedHat.yml", "gid": 0, "group": "root", "item": "RedHat", "md5sum": "5a57da448a1d752b982858b38aab344d", "mode": "0644", "owner": "root", "size": 23, "src": "/root/.ansible/tmp/ansible-tmp-1604180815.8670988-171009-14120706702656/source", "state": "file", "uid": 0} TASK [include_role : {{ roletoinclude }}] ************************************** task path: /tmp/tmpihz7fk_9/tests/roles/caller/tasks/main.yml:4 TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 TASK [caller : assert] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/roles/caller/tasks/main.yml:7 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=6 changed=1 unreachable=0 failed=0 skipped=6 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_key_size.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_key_size.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target basic.target dbus.socket sysinit.target dbus-broker.service syslog.target systemd-journald.socket system.slice", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_key_size.yml:14 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_key_size.yml:29 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180928.7425113, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9956c41aabb52027eacb9089340913f44094fa68", "ctime": 1604180928.7405112, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180928.7405112, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1659, "uid": 0, "version": "848867", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604180928.6865113, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "fcd4a99b5c8d62ce7f99d7f9d5cb3cf315bee003", "ctime": 1604180928.7405112, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604180928.7405112, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "2580217842", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.207756", "end": "2020-10-31 21:49:00.802221", "rc": 0, "start": "2020-10-31 21:49:00.594465", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"18:71:F4:17:67:3E:04:54:9A:DB:A7:80:E2:EA:30:94:B8:42:C8:A5\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"A6:02:70:34:CB:62:A8:C6:73:AE:A1:CB:C4:8A:F4:33:24:43:64:F2\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"98:51:52:2D:88:D7:69:F0:A2:F2:B3:72:F4:43:AC:E9:24:E9:FB:B0:FD:AB:A1:5D:57:EF:94:8F:5E:D3:98:33:73:84:B4:A7:0E:AC:0C:23:8F:37:0E:8E:37:F0:08:26:16:96:8A:96:3A:F2:56:A2:CE:A6:10:67:26:ED:85:46:D2:80:80:0D:07:D4:6B:A4:C2:90:C5:68:91:73:3F:6D:50:2A:97:30:29:D2:E8:F1:D0:F0:5C:14:C5:8B:A3:91:4D:36:A0:EC:F3:26:2B:45:C5:C1:B1:98:9D:71:BB:88:93:87:AD:A8:2F:F8:62:18:59:7B:70:62:6E:E6:59:5E:1F:21:71:8B:C8:7A:23:4E:1E:7E:D4:20:9D:7D:86:FF:27:D5:61:AE:74:E3:9C:DC:E2:F4:B5:63:38:E1:B5:49:CD:60:B0:FB:11:26:9B:BB:07:08:57:70:91:72:9D:D0:56:31:AB:27:35:94:CC:D0:BB:92:C1:E8:22:3A:2B:0D:A5:B9:D3:85:CE:C8:88:74:B2:27:7E:DF:AB:77:C8:60:2E:71:96:35:AF:D3:54:ED:C8:CE:03:AE:32:68:11:EA:F0:D2:FD:84:E0:63:2C:14:0C:3D:CA:53:E5:76:4F:72:4F:06:6B:12:51:F9:57:D6:4C:0A:0A:2A:AD:56:15:D7\"\n },\n \"key_size\": 4096,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:48:47\",\n \"not_valid_before\": \"2020-10-31 21:48:48\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"18:71:F4:17:67:3E:04:54:9A:DB:A7:80:E2:EA:30:94:B8:42:C8:A5\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"A6:02:70:34:CB:62:A8:C6:73:AE:A1:CB:C4:8A:F4:33:24:43:64:F2\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"98:51:52:2D:88:D7:69:F0:A2:F2:B3:72:F4:43:AC:E9:24:E9:FB:B0:FD:AB:A1:5D:57:EF:94:8F:5E:D3:98:33:73:84:B4:A7:0E:AC:0C:23:8F:37:0E:8E:37:F0:08:26:16:96:8A:96:3A:F2:56:A2:CE:A6:10:67:26:ED:85:46:D2:80:80:0D:07:D4:6B:A4:C2:90:C5:68:91:73:3F:6D:50:2A:97:30:29:D2:E8:F1:D0:F0:5C:14:C5:8B:A3:91:4D:36:A0:EC:F3:26:2B:45:C5:C1:B1:98:9D:71:BB:88:93:87:AD:A8:2F:F8:62:18:59:7B:70:62:6E:E6:59:5E:1F:21:71:8B:C8:7A:23:4E:1E:7E:D4:20:9D:7D:86:FF:27:D5:61:AE:74:E3:9C:DC:E2:F4:B5:63:38:E1:B5:49:CD:60:B0:FB:11:26:9B:BB:07:08:57:70:91:72:9D:D0:56:31:AB:27:35:94:CC:D0:BB:92:C1:E8:22:3A:2B:0D:A5:B9:D3:85:CE:C8:88:74:B2:27:7E:DF:AB:77:C8:60:2E:71:96:35:AF:D3:54:ED:C8:CE:03:AE:32:68:11:EA:F0:D2:FD:84:E0:63:2C:14:0C:3D:CA:53:E5:76:4F:72:4F:06:6B:12:51:F9:57:D6:4C:0A:0A:2A:AD:56:15:D7\"", " },", " \"key_size\": 4096,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:48:47\",", " \"not_valid_before\": \"2020-10-31 21:48:48\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "A6:02:70:34:CB:62:A8:C6:73:AE:A1:CB:C4:8A:F4:33:24:43:64:F2"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "18:71:F4:17:67:3E:04:54:9A:DB:A7:80:E2:EA:30:94:B8:42:C8:A5"}}, "key_size": 4096, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "98:51:52:2D:88:D7:69:F0:A2:F2:B3:72:F4:43:AC:E9:24:E9:FB:B0:FD:AB:A1:5D:57:EF:94:8F:5E:D3:98:33:73:84:B4:A7:0E:AC:0C:23:8F:37:0E:8E:37:F0:08:26:16:96:8A:96:3A:F2:56:A2:CE:A6:10:67:26:ED:85:46:D2:80:80:0D:07:D4:6B:A4:C2:90:C5:68:91:73:3F:6D:50:2A:97:30:29:D2:E8:F1:D0:F0:5C:14:C5:8B:A3:91:4D:36:A0:EC:F3:26:2B:45:C5:C1:B1:98:9D:71:BB:88:93:87:AD:A8:2F:F8:62:18:59:7B:70:62:6E:E6:59:5E:1F:21:71:8B:C8:7A:23:4E:1E:7E:D4:20:9D:7D:86:FF:27:D5:61:AE:74:E3:9C:DC:E2:F4:B5:63:38:E1:B5:49:CD:60:B0:FB:11:26:9B:BB:07:08:57:70:91:72:9D:D0:56:31:AB:27:35:94:CC:D0:BB:92:C1:E8:22:3A:2B:0D:A5:B9:D3:85:CE:C8:88:74:B2:27:7E:DF:AB:77:C8:60:2E:71:96:35:AF:D3:54:ED:C8:CE:03:AE:32:68:11:EA:F0:D2:FD:84:E0:63:2C:14:0C:3D:CA:53:E5:76:4F:72:4F:06:6B:12:51:F9:57:D6:4C:0A:0A:2A:AD:56:15:D7"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:48:47", "not_valid_before": "2020-10-31 21:48:48"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.036997", "end": "2020-10-31 21:49:01.393495", "rc": 0, "start": "2020-10-31 21:49:01.356498", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=29 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_key_usage_and_extended_key_usage.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_key_usage_and_extended_key_usage.yml *************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_key_usage_and_extended_key_usage.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_key_usage_and_extended_key_usage.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket dbus.socket system.slice network.target syslog.target dbus-broker.service sysinit.target basic.target", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'key_usage': ['digitalSignature', 'nonRepudiation', 'keyEncipherment'], 'extended_key_usage': ['id-kp-clientAuth', 'id-kp-serverAuth', 'id-kp-ipsecTunnel', '1.3.6.1.5.2.3.5'], 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "extended_key_usage": ["id-kp-clientAuth", "id-kp-serverAuth", "id-kp-ipsecTunnel", "1.3.6.1.5.2.3.5"], "key_usage": ["digitalSignature", "nonRepudiation", "keyEncipherment"], "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_key_usage_and_extended_key_usage.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_key_usage_and_extended_key_usage.yml:49 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: six, pycparser, cffi, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: six, pycparser, cffi, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181008.183901, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6c777ff4ef91b4a3911d041663f2c2b87d3a247d", "ctime": 1604181008.180901, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181008.180901, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1334, "uid": 0, "version": "4141658125", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181008.137901, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2a45084640a887599062912ce8d2c42bc22f4190", "ctime": 1604181008.180901, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181008.180901, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "1087148334", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.203391", "end": "2020-10-31 21:50:20.260246", "rc": 0, "start": "2020-10-31 21:50:20.056855", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"content_commitment\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n },\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-ipsecTunnel\",\n \"oid\": \"1.3.6.1.5.5.7.3.6\"\n },\n {\n \"name\": null,\n \"oid\": \"1.3.6.1.5.2.3.5\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"77:1D:38:E8:A0:17:C4:02:42:76:F5:BE:D5:55:CD:EB:22:CA:8F:D1\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"D1:3C:50:97:59:4B:CB:52:D5:AB:51:23:9C:B2:AE:A7:54:09:BF:F4\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"0D:52:3D:47:04:93:59:DF:EB:FB:3D:56:04:F5:C3:96:75:BC:BE:AF:4F:D7:9C:35:4C:F0:37:73:A5:13:AB:B3:93:83:29:48:52:5E:68:C1:7B:C6:C6:53:4D:91:1D:20:75:A9:EF:AD:7E:20:DD:84:19:83:9A:C8:A3:DD:AC:15:72:96:97:9D:DD:C1:27:04:18:B4:7E:4B:02:97:42:D9:DF:98:FC:8C:56:D5:99:58:83:8E:84:A1:E1:31:94:F3:A9:45:6E:1C:65:33:63:52:29:C8:7F:C0:38:F8:9D:38:DF:A1:F4:43:87:23:07:A6:AE:15:CA:1B:C8:04:C6:16:CB:78:33:6D:6A:B7:2F:64:B0:41:1C:7D:00:6E:9D:BB:10:31:ED:18:F6:60:84:5A:C7:D8:39:65:4E:31:72:BA:49:24:F5:2A:B8:2E:79:C7:00:B9:1A:D1:87:F1:5F:86:18:F6:32:38:BA:C3:75:B0:88:6A:CA:A1:6F:2B:3C:FA:18:F7:E9:65:D0:E0:A2:2B:86:E1:82:29:0C:C0:C6:44:B4:A2:98:5F:F3:22:09:41:B2:9D:BD:15:20:8A:20:E6:D1:F1:73:20:21:B1:D6:D8:CA:0B:D6:0C:3D:FB:9C:85:5B:EE:87:05:64:3D:0E:EA:91:BF:C5:0E:39:0B:EE:57\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:50:07\",\n \"not_valid_before\": \"2020-10-31 21:50:08\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"content_commitment\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " },", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-ipsecTunnel\",", " \"oid\": \"1.3.6.1.5.5.7.3.6\"", " },", " {", " \"name\": null,", " \"oid\": \"1.3.6.1.5.2.3.5\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"77:1D:38:E8:A0:17:C4:02:42:76:F5:BE:D5:55:CD:EB:22:CA:8F:D1\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"D1:3C:50:97:59:4B:CB:52:D5:AB:51:23:9C:B2:AE:A7:54:09:BF:F4\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"0D:52:3D:47:04:93:59:DF:EB:FB:3D:56:04:F5:C3:96:75:BC:BE:AF:4F:D7:9C:35:4C:F0:37:73:A5:13:AB:B3:93:83:29:48:52:5E:68:C1:7B:C6:C6:53:4D:91:1D:20:75:A9:EF:AD:7E:20:DD:84:19:83:9A:C8:A3:DD:AC:15:72:96:97:9D:DD:C1:27:04:18:B4:7E:4B:02:97:42:D9:DF:98:FC:8C:56:D5:99:58:83:8E:84:A1:E1:31:94:F3:A9:45:6E:1C:65:33:63:52:29:C8:7F:C0:38:F8:9D:38:DF:A1:F4:43:87:23:07:A6:AE:15:CA:1B:C8:04:C6:16:CB:78:33:6D:6A:B7:2F:64:B0:41:1C:7D:00:6E:9D:BB:10:31:ED:18:F6:60:84:5A:C7:D8:39:65:4E:31:72:BA:49:24:F5:2A:B8:2E:79:C7:00:B9:1A:D1:87:F1:5F:86:18:F6:32:38:BA:C3:75:B0:88:6A:CA:A1:6F:2B:3C:FA:18:F7:E9:65:D0:E0:A2:2B:86:E1:82:29:0C:C0:C6:44:B4:A2:98:5F:F3:22:09:41:B2:9D:BD:15:20:8A:20:E6:D1:F1:73:20:21:B1:D6:D8:CA:0B:D6:0C:3D:FB:9C:85:5B:EE:87:05:64:3D:0E:EA:91:BF:C5:0E:39:0B:EE:57\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:50:07\",", " \"not_valid_before\": \"2020-10-31 21:50:08\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "D1:3C:50:97:59:4B:CB:52:D5:AB:51:23:9C:B2:AE:A7:54:09:BF:F4"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}, {"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-ipsecTunnel", "oid": "1.3.6.1.5.5.7.3.6"}, {"name": null, "oid": "1.3.6.1.5.2.3.5"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "content_commitment", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "77:1D:38:E8:A0:17:C4:02:42:76:F5:BE:D5:55:CD:EB:22:CA:8F:D1"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "0D:52:3D:47:04:93:59:DF:EB:FB:3D:56:04:F5:C3:96:75:BC:BE:AF:4F:D7:9C:35:4C:F0:37:73:A5:13:AB:B3:93:83:29:48:52:5E:68:C1:7B:C6:C6:53:4D:91:1D:20:75:A9:EF:AD:7E:20:DD:84:19:83:9A:C8:A3:DD:AC:15:72:96:97:9D:DD:C1:27:04:18:B4:7E:4B:02:97:42:D9:DF:98:FC:8C:56:D5:99:58:83:8E:84:A1:E1:31:94:F3:A9:45:6E:1C:65:33:63:52:29:C8:7F:C0:38:F8:9D:38:DF:A1:F4:43:87:23:07:A6:AE:15:CA:1B:C8:04:C6:16:CB:78:33:6D:6A:B7:2F:64:B0:41:1C:7D:00:6E:9D:BB:10:31:ED:18:F6:60:84:5A:C7:D8:39:65:4E:31:72:BA:49:24:F5:2A:B8:2E:79:C7:00:B9:1A:D1:87:F1:5F:86:18:F6:32:38:BA:C3:75:B0:88:6A:CA:A1:6F:2B:3C:FA:18:F7:E9:65:D0:E0:A2:2B:86:E1:82:29:0C:C0:C6:44:B4:A2:98:5F:F3:22:09:41:B2:9D:BD:15:20:8A:20:E6:D1:F1:73:20:21:B1:D6:D8:CA:0B:D6:0C:3D:FB:9C:85:5B:EE:87:05:64:3D:0E:EA:91:BF:C5:0E:39:0B:EE:57"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:50:07", "not_valid_before": "2020-10-31 21:50:08"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037569", "end": "2020-10-31 21:50:20.846953", "rc": 0, "start": "2020-10-31 21:50:20.809384", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=29 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_many_self_signed.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_many_self_signed.yml ******************************************* 2 plays in /tmp/tmpihz7fk_9/tests/tests_many_self_signed.yml PLAY [Issue many self-signed certificates] ************************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_many_self_signed.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target basic.target dbus.socket systemd-journald.socket system.slice network.target syslog.target dbus-broker.service", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'other-cert', 'dns': 'www.example.org', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.org", "name": "other-cert"}, "msg": "Certificate requested (new)."} changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'another-cert', 'dns': 'www.example.net', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.net", "name": "another-cert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_many_self_signed.yml:18 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_many_self_signed.yml:50 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181082.130331, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bdbdcd5832590967d7e14e59ff5e3f19557fbd27", "ctime": 1604181082.1283312, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181082.1283312, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "3381186672", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181082.087331, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "2105442009d08eb66bd0d0d0725f9ea7c5671112", "ctime": 1604181082.1283312, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181082.1283312, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "3876908459", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.204187", "end": "2020-10-31 21:51:35.495339", "rc": 0, "start": "2020-10-31 21:51:35.291152", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"AA:69:1D:E5:07:55:1E:AB:A2:75:E6:08:48:C8:FF:FC:BF:6C:B1:CB\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"1E:78:65:1F:C1:79:0B:F7:E1:BF:8C:D4:FE:51:0D:74:F1:B0:84:36:35:B3:C2:FC:EC:85:41:83:4A:82:DF:8C:97:98:F5:84:A9:08:43:1E:0F:A7:90:DA:BD:61:75:88:CC:FC:EC:FD:7D:3E:1A:2D:8A:ED:14:BC:9A:A5:17:11:79:32:7D:EC:6E:F4:BE:9C:6A:15:F8:79:B3:53:61:09:D7:5F:43:96:78:B7:6F:F7:A9:91:56:28:BA:FE:7B:D8:A1:41:EA:83:33:F1:3F:4F:03:E8:BC:01:29:3F:DA:7B:71:53:B9:D1:E8:84:77:53:4D:1C:20:DB:54:4E:2A:B3:90:5F:60:47:AE:BC:4D:42:DA:EF:98:AF:53:69:DA:11:D3:52:F7:20:90:F2:E6:60:FC:0E:9D:4E:0F:5F:8E:F9:72:75:5A:D9:AC:4B:8C:23:1F:98:3F:77:B7:EC:F9:70:B1:3C:6F:EE:D0:DA:72:6F:8A:FF:FC:B1:00:2C:79:FB:FC:DF:74:9F:EC:58:AD:4B:87:29:48:18:F1:B2:BB:08:B6:60:C2:4E:A7:A7:B6:C0:F7:2D:ED:90:EC:9A:41:8F:71:88:6C:44:95:24:AF:1A:7E:12:4F:B5:D2:F6:A1:4B:CF:A4:8E:A1:9B:D4:CA:35:20:C3:F6:07:83:32:64:4B\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:51:21\",\n \"not_valid_before\": \"2020-10-31 21:51:22\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"AA:69:1D:E5:07:55:1E:AB:A2:75:E6:08:48:C8:FF:FC:BF:6C:B1:CB\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"1E:78:65:1F:C1:79:0B:F7:E1:BF:8C:D4:FE:51:0D:74:F1:B0:84:36:35:B3:C2:FC:EC:85:41:83:4A:82:DF:8C:97:98:F5:84:A9:08:43:1E:0F:A7:90:DA:BD:61:75:88:CC:FC:EC:FD:7D:3E:1A:2D:8A:ED:14:BC:9A:A5:17:11:79:32:7D:EC:6E:F4:BE:9C:6A:15:F8:79:B3:53:61:09:D7:5F:43:96:78:B7:6F:F7:A9:91:56:28:BA:FE:7B:D8:A1:41:EA:83:33:F1:3F:4F:03:E8:BC:01:29:3F:DA:7B:71:53:B9:D1:E8:84:77:53:4D:1C:20:DB:54:4E:2A:B3:90:5F:60:47:AE:BC:4D:42:DA:EF:98:AF:53:69:DA:11:D3:52:F7:20:90:F2:E6:60:FC:0E:9D:4E:0F:5F:8E:F9:72:75:5A:D9:AC:4B:8C:23:1F:98:3F:77:B7:EC:F9:70:B1:3C:6F:EE:D0:DA:72:6F:8A:FF:FC:B1:00:2C:79:FB:FC:DF:74:9F:EC:58:AD:4B:87:29:48:18:F1:B2:BB:08:B6:60:C2:4E:A7:A7:B6:C0:F7:2D:ED:90:EC:9A:41:8F:71:88:6C:44:95:24:AF:1A:7E:12:4F:B5:D2:F6:A1:4B:CF:A4:8E:A1:9B:D4:CA:35:20:C3:F6:07:83:32:64:4B\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:51:21\",", " \"not_valid_before\": \"2020-10-31 21:51:22\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "AA:69:1D:E5:07:55:1E:AB:A2:75:E6:08:48:C8:FF:FC:BF:6C:B1:CB"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "1E:78:65:1F:C1:79:0B:F7:E1:BF:8C:D4:FE:51:0D:74:F1:B0:84:36:35:B3:C2:FC:EC:85:41:83:4A:82:DF:8C:97:98:F5:84:A9:08:43:1E:0F:A7:90:DA:BD:61:75:88:CC:FC:EC:FD:7D:3E:1A:2D:8A:ED:14:BC:9A:A5:17:11:79:32:7D:EC:6E:F4:BE:9C:6A:15:F8:79:B3:53:61:09:D7:5F:43:96:78:B7:6F:F7:A9:91:56:28:BA:FE:7B:D8:A1:41:EA:83:33:F1:3F:4F:03:E8:BC:01:29:3F:DA:7B:71:53:B9:D1:E8:84:77:53:4D:1C:20:DB:54:4E:2A:B3:90:5F:60:47:AE:BC:4D:42:DA:EF:98:AF:53:69:DA:11:D3:52:F7:20:90:F2:E6:60:FC:0E:9D:4E:0F:5F:8E:F9:72:75:5A:D9:AC:4B:8C:23:1F:98:3F:77:B7:EC:F9:70:B1:3C:6F:EE:D0:DA:72:6F:8A:FF:FC:B1:00:2C:79:FB:FC:DF:74:9F:EC:58:AD:4B:87:29:48:18:F1:B2:BB:08:B6:60:C2:4E:A7:A7:B6:C0:F7:2D:ED:90:EC:9A:41:8F:71:88:6C:44:95:24:AF:1A:7E:12:4F:B5:D2:F6:A1:4B:CF:A4:8E:A1:9B:D4:CA:35:20:C3:F6:07:83:32:64:4B"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:51:21", "not_valid_before": "2020-10-31 21:51:22"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.046385", "end": "2020-10-31 21:51:36.097273", "rc": 0, "start": "2020-10-31 21:51:36.050888", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.7/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (3.2.1)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (5.3.1)\nRequirement already satisfied: cffi!=1.11.3,>=1.8 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.14.3)\nRequirement already satisfied: six>=1.4.1 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.15.0)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.7/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (3.2.1)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (5.3.1)", "Requirement already satisfied: cffi!=1.11.3,>=1.8 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.14.3)", "Requirement already satisfied: six>=1.4.1 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.15.0)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181082.774331, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9c03c97ac4208d42d4a3c19632be0f5e1262efec", "ctime": 1604181082.772331, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131716, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181082.772331, "nlink": 1, "path": "/etc/pki/tls/certs/other-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "4136503996", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181082.7303312, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "b1eb2eb4792247f6ce5a25d6c231041cbc72f5ff", "ctime": 1604181082.772331, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131715, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181082.772331, "nlink": 1, "path": "/etc/pki/tls/private/other-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "60720201", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/other-cert.crt"], "delta": "0:00:00.208213", "end": "2020-10-31 21:51:42.847880", "rc": 0, "start": "2020-10-31 21:51:42.639667", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.org\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.org\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"22:59:76:87:5A:46:F5:4A:2E:25:23:EF:E9:B1:EE:03:A9:00:38:8B\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"8D:04:D1:E0:01:08:35:B1:FF:FD:1E:C0:73:38:82:EC:59:60:6A:63:CE:87:3A:28:0E:4F:D0:86:52:5E:E3:BF:20:2E:35:A5:1D:5D:FC:5E:7D:AB:EF:C1:E9:99:7B:56:34:01:50:54:30:B3:EE:4A:E2:24:F4:5B:02:0D:32:FF:F1:9C:14:DD:77:62:DE:45:8A:DA:DC:D2:A3:3E:7B:99:2D:27:28:35:4F:6E:1A:E1:F2:95:74:1D:0C:14:2F:A6:84:A4:7F:E9:22:99:5C:05:F5:9B:07:10:2C:EC:4B:19:5D:85:E0:F0:D7:E6:70:36:97:0A:A3:7B:68:DE:6F:16:EC:9C:AE:85:07:AB:BE:29:3C:CD:F0:60:3F:BD:E7:12:02:74:B6:A5:19:5D:6C:37:A9:F9:F8:71:B8:8B:40:F1:E8:81:56:7C:E9:ED:06:69:48:82:D9:9C:9A:65:0A:31:63:0F:F9:FC:AA:EC:22:FE:9D:71:BA:B2:74:87:F4:A9:46:05:7E:10:2A:3D:FB:B6:66:45:F7:CA:D5:B0:BF:92:D0:2E:59:BC:CC:AF:E2:EE:55:BE:84:EC:C4:0B:51:CB:9F:D9:A8:8C:30:95:49:33:C9:5F:47:A1:3E:AC:0B:9F:AD:EE:32:25:E5:87:79:69:FD:32:33:EC:E5:71:90:14\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:51:21\",\n \"not_valid_before\": \"2020-10-31 21:51:22\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.org\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.org\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"22:59:76:87:5A:46:F5:4A:2E:25:23:EF:E9:B1:EE:03:A9:00:38:8B\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"8D:04:D1:E0:01:08:35:B1:FF:FD:1E:C0:73:38:82:EC:59:60:6A:63:CE:87:3A:28:0E:4F:D0:86:52:5E:E3:BF:20:2E:35:A5:1D:5D:FC:5E:7D:AB:EF:C1:E9:99:7B:56:34:01:50:54:30:B3:EE:4A:E2:24:F4:5B:02:0D:32:FF:F1:9C:14:DD:77:62:DE:45:8A:DA:DC:D2:A3:3E:7B:99:2D:27:28:35:4F:6E:1A:E1:F2:95:74:1D:0C:14:2F:A6:84:A4:7F:E9:22:99:5C:05:F5:9B:07:10:2C:EC:4B:19:5D:85:E0:F0:D7:E6:70:36:97:0A:A3:7B:68:DE:6F:16:EC:9C:AE:85:07:AB:BE:29:3C:CD:F0:60:3F:BD:E7:12:02:74:B6:A5:19:5D:6C:37:A9:F9:F8:71:B8:8B:40:F1:E8:81:56:7C:E9:ED:06:69:48:82:D9:9C:9A:65:0A:31:63:0F:F9:FC:AA:EC:22:FE:9D:71:BA:B2:74:87:F4:A9:46:05:7E:10:2A:3D:FB:B6:66:45:F7:CA:D5:B0:BF:92:D0:2E:59:BC:CC:AF:E2:EE:55:BE:84:EC:C4:0B:51:CB:9F:D9:A8:8C:30:95:49:33:C9:5F:47:A1:3E:AC:0B:9F:AD:EE:32:25:E5:87:79:69:FD:32:33:EC:E5:71:90:14\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:51:21\",", " \"not_valid_before\": \"2020-10-31 21:51:22\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.org"}]}, "subjectKeyIdentifier": {"critical": false, "value": "22:59:76:87:5A:46:F5:4A:2E:25:23:EF:E9:B1:EE:03:A9:00:38:8B"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "8D:04:D1:E0:01:08:35:B1:FF:FD:1E:C0:73:38:82:EC:59:60:6A:63:CE:87:3A:28:0E:4F:D0:86:52:5E:E3:BF:20:2E:35:A5:1D:5D:FC:5E:7D:AB:EF:C1:E9:99:7B:56:34:01:50:54:30:B3:EE:4A:E2:24:F4:5B:02:0D:32:FF:F1:9C:14:DD:77:62:DE:45:8A:DA:DC:D2:A3:3E:7B:99:2D:27:28:35:4F:6E:1A:E1:F2:95:74:1D:0C:14:2F:A6:84:A4:7F:E9:22:99:5C:05:F5:9B:07:10:2C:EC:4B:19:5D:85:E0:F0:D7:E6:70:36:97:0A:A3:7B:68:DE:6F:16:EC:9C:AE:85:07:AB:BE:29:3C:CD:F0:60:3F:BD:E7:12:02:74:B6:A5:19:5D:6C:37:A9:F9:F8:71:B8:8B:40:F1:E8:81:56:7C:E9:ED:06:69:48:82:D9:9C:9A:65:0A:31:63:0F:F9:FC:AA:EC:22:FE:9D:71:BA:B2:74:87:F4:A9:46:05:7E:10:2A:3D:FB:B6:66:45:F7:CA:D5:B0:BF:92:D0:2E:59:BC:CC:AF:E2:EE:55:BE:84:EC:C4:0B:51:CB:9F:D9:A8:8C:30:95:49:33:C9:5F:47:A1:3E:AC:0B:9F:AD:EE:32:25:E5:87:79:69:FD:32:33:EC:E5:71:90:14"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.org"}], "validity": {"not_valid_after": "2021-10-31 21:51:21", "not_valid_before": "2020-10-31 21:51:22"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/other-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.042063", "end": "2020-10-31 21:51:43.420153", "rc": 0, "start": "2020-10-31 21:51:43.378090", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.7/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (3.2.1)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (5.3.1)\nRequirement already satisfied: cffi!=1.11.3,>=1.8 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.14.3)\nRequirement already satisfied: six>=1.4.1 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.15.0)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.7/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (3.2.1)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (5.3.1)", "Requirement already satisfied: cffi!=1.11.3,>=1.8 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.14.3)", "Requirement already satisfied: six>=1.4.1 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.15.0)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181083.491331, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ed7f8d4fc820e9f6075aebad46e96562b33a7a0a", "ctime": 1604181083.488331, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181083.488331, "nlink": 1, "path": "/etc/pki/tls/certs/another-cert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "4193453889", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181083.448331, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "66f18e555444ddb5f2efc72aa91d0170d33afd86", "ctime": 1604181083.488331, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131717, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181083.488331, "nlink": 1, "path": "/etc/pki/tls/private/another-cert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2298968493", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/another-cert.crt"], "delta": "0:00:00.197941", "end": "2020-10-31 21:51:49.876178", "rc": 0, "start": "2020-10-31 21:51:49.678237", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.net\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.net\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"64:01:C2:3D:F5:6F:E4:C2:6E:6F:C8:49:D4:92:4A:A1:FF:3E:5B:CF\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"68:90:C0:6F:B9:BA:5F:D9:C6:B5:1A:1F:42:3B:D7:BD:47:6A:BF:22:C4:DE:9B:B6:34:A5:57:28:AB:20:D9:5B:13:4E:C0:79:F3:7C:35:7F:D3:E6:8C:E4:F4:39:CC:B3:C0:CA:B9:20:AE:9F:F6:B6:39:F4:BB:DD:38:BB:E9:91:0E:B6:32:5D:70:38:0E:A6:86:83:69:98:C7:84:FF:EC:C7:33:93:45:66:9E:29:EF:46:E1:5B:08:53:D6:26:3D:D6:98:2F:00:7C:AF:31:98:C0:5D:78:73:9B:FF:61:8E:57:8E:F3:11:BD:DD:EF:F0:CD:C8:BA:80:01:58:F5:32:AA:27:E6:0E:33:64:12:86:8B:E9:3E:B4:CE:77:DD:98:64:40:2B:60:7E:18:32:D9:31:7A:C4:D7:F5:BE:24:D7:BC:AB:D3:26:56:B0:92:48:C2:E6:C3:08:96:81:18:36:CC:31:E0:4E:CD:AA:CA:ED:28:54:DC:00:3B:8E:CE:65:C9:A4:BC:64:1D:21:AA:2D:A4:14:D3:ED:57:AE:B2:DD:64:7F:E0:43:F0:6F:7D:5C:54:15:DF:AF:D2:88:D0:22:2E:35:58:82:94:BA:B7:57:2F:F9:0F:37:8B:12:87:21:10:05:A6:4A:35:25:42:C2:0B:92:56:FF:AC:04:B3:7A\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:51:21\",\n \"not_valid_before\": \"2020-10-31 21:51:23\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.net\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.net\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"64:01:C2:3D:F5:6F:E4:C2:6E:6F:C8:49:D4:92:4A:A1:FF:3E:5B:CF\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"68:90:C0:6F:B9:BA:5F:D9:C6:B5:1A:1F:42:3B:D7:BD:47:6A:BF:22:C4:DE:9B:B6:34:A5:57:28:AB:20:D9:5B:13:4E:C0:79:F3:7C:35:7F:D3:E6:8C:E4:F4:39:CC:B3:C0:CA:B9:20:AE:9F:F6:B6:39:F4:BB:DD:38:BB:E9:91:0E:B6:32:5D:70:38:0E:A6:86:83:69:98:C7:84:FF:EC:C7:33:93:45:66:9E:29:EF:46:E1:5B:08:53:D6:26:3D:D6:98:2F:00:7C:AF:31:98:C0:5D:78:73:9B:FF:61:8E:57:8E:F3:11:BD:DD:EF:F0:CD:C8:BA:80:01:58:F5:32:AA:27:E6:0E:33:64:12:86:8B:E9:3E:B4:CE:77:DD:98:64:40:2B:60:7E:18:32:D9:31:7A:C4:D7:F5:BE:24:D7:BC:AB:D3:26:56:B0:92:48:C2:E6:C3:08:96:81:18:36:CC:31:E0:4E:CD:AA:CA:ED:28:54:DC:00:3B:8E:CE:65:C9:A4:BC:64:1D:21:AA:2D:A4:14:D3:ED:57:AE:B2:DD:64:7F:E0:43:F0:6F:7D:5C:54:15:DF:AF:D2:88:D0:22:2E:35:58:82:94:BA:B7:57:2F:F9:0F:37:8B:12:87:21:10:05:A6:4A:35:25:42:C2:0B:92:56:FF:AC:04:B3:7A\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:51:21\",", " \"not_valid_before\": \"2020-10-31 21:51:23\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "CC:DA:5F:D3:0B:8D:A1:96:D0:26:ED:FE:F9:14:45:F8:E1:8D:8D:E2"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.net"}]}, "subjectKeyIdentifier": {"critical": false, "value": "64:01:C2:3D:F5:6F:E4:C2:6E:6F:C8:49:D4:92:4A:A1:FF:3E:5B:CF"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "68:90:C0:6F:B9:BA:5F:D9:C6:B5:1A:1F:42:3B:D7:BD:47:6A:BF:22:C4:DE:9B:B6:34:A5:57:28:AB:20:D9:5B:13:4E:C0:79:F3:7C:35:7F:D3:E6:8C:E4:F4:39:CC:B3:C0:CA:B9:20:AE:9F:F6:B6:39:F4:BB:DD:38:BB:E9:91:0E:B6:32:5D:70:38:0E:A6:86:83:69:98:C7:84:FF:EC:C7:33:93:45:66:9E:29:EF:46:E1:5B:08:53:D6:26:3D:D6:98:2F:00:7C:AF:31:98:C0:5D:78:73:9B:FF:61:8E:57:8E:F3:11:BD:DD:EF:F0:CD:C8:BA:80:01:58:F5:32:AA:27:E6:0E:33:64:12:86:8B:E9:3E:B4:CE:77:DD:98:64:40:2B:60:7E:18:32:D9:31:7A:C4:D7:F5:BE:24:D7:BC:AB:D3:26:56:B0:92:48:C2:E6:C3:08:96:81:18:36:CC:31:E0:4E:CD:AA:CA:ED:28:54:DC:00:3B:8E:CE:65:C9:A4:BC:64:1D:21:AA:2D:A4:14:D3:ED:57:AE:B2:DD:64:7F:E0:43:F0:6F:7D:5C:54:15:DF:AF:D2:88:D0:22:2E:35:58:82:94:BA:B7:57:2F:F9:0F:37:8B:12:87:21:10:05:A6:4A:35:25:42:C2:0B:92:56:FF:AC:04:B3:7A"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.net"}], "validity": {"not_valid_after": "2021-10-31 21:51:21", "not_valid_before": "2020-10-31 21:51:23"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/another-cert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038884", "end": "2020-10-31 21:51:50.453535", "rc": 0, "start": "2020-10-31 21:51:50.414651", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=67 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_no_auto_renew.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_no_auto_renew.yml ********************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_no_auto_renew.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_no_auto_renew.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "system.slice network.target dbus.socket basic.target dbus-broker.service sysinit.target syslog.target systemd-journald.socket", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'auto_renew': False}) => {"ansible_loop_var": "item", "changed": true, "item": {"auto_renew": false, "ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'defaultcert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "defaultcert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_no_auto_renew.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_no_auto_renew.yml:42 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: six, pycparser, cffi, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: six, pycparser, cffi, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181176.0741575, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "67162430575d6523256e09f2f97fbf3f89148e30", "ctime": 1604181176.0711575, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181176.0711575, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "2893116530", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181176.0291574, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "de99925f13ca21cd5533fd1ddec3cd98365065be", "ctime": 1604181176.0711575, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181176.0711575, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2361306964", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.202185", "end": "2020-10-31 21:53:09.233353", "rc": 0, "start": "2020-10-31 21:53:09.031168", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"01:26:E6:D1:0A:28:42:9B:0C:54:E2:BF:F9:07:C1:24:62:EB:BD:8E\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"E0:7F:0E:B4:7E:0F:08:F0:0C:44:67:ED:05:DD:CE:A7:CF:A8:6F:77\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"5D:8D:6B:09:0B:F5:4C:1A:4D:7C:AA:8D:0F:17:C4:0B:85:AB:48:2D:19:C8:0C:6A:06:B1:23:CD:C3:E1:F7:5A:AE:9D:25:1B:49:81:44:56:39:BD:0C:00:CD:D5:0C:89:6D:AC:88:20:88:61:B0:59:15:0C:A3:3D:42:F2:70:5C:97:32:2D:11:E9:48:74:2C:84:C5:F9:CE:3A:FF:D8:46:6B:DA:EA:E6:07:12:5C:7B:69:B3:9E:A2:48:46:F3:F0:A5:65:C0:1E:A7:64:AD:45:08:A2:B0:18:9D:3F:91:2B:1F:C4:6D:A8:DD:9A:AF:62:81:CE:1D:16:6B:47:64:7B:BC:4A:13:18:2A:3A:17:E0:C1:69:49:16:40:78:B0:22:2F:61:2B:3F:1D:C8:CC:CC:A4:D4:5F:96:AD:04:46:4B:FD:66:75:91:A3:20:55:A4:8C:41:9E:1D:37:43:0D:0D:5B:E6:AC:65:68:07:74:BD:7C:E0:7F:6C:81:C9:6B:00:79:7E:D2:2F:AF:7D:5D:A6:93:3F:C3:17:13:E5:17:19:73:A0:99:CA:15:34:F3:BD:E3:9D:C7:D3:E7:6A:EA:B4:84:BD:B4:43:02:4C:26:DB:25:E0:5F:9E:C0:6D:FD:FE:25:3B:99:60:F3:30:B4:40:39:BD:AD:1C:DE:14:11:7D\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:52:55\",\n \"not_valid_before\": \"2020-10-31 21:52:56\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"01:26:E6:D1:0A:28:42:9B:0C:54:E2:BF:F9:07:C1:24:62:EB:BD:8E\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"E0:7F:0E:B4:7E:0F:08:F0:0C:44:67:ED:05:DD:CE:A7:CF:A8:6F:77\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"5D:8D:6B:09:0B:F5:4C:1A:4D:7C:AA:8D:0F:17:C4:0B:85:AB:48:2D:19:C8:0C:6A:06:B1:23:CD:C3:E1:F7:5A:AE:9D:25:1B:49:81:44:56:39:BD:0C:00:CD:D5:0C:89:6D:AC:88:20:88:61:B0:59:15:0C:A3:3D:42:F2:70:5C:97:32:2D:11:E9:48:74:2C:84:C5:F9:CE:3A:FF:D8:46:6B:DA:EA:E6:07:12:5C:7B:69:B3:9E:A2:48:46:F3:F0:A5:65:C0:1E:A7:64:AD:45:08:A2:B0:18:9D:3F:91:2B:1F:C4:6D:A8:DD:9A:AF:62:81:CE:1D:16:6B:47:64:7B:BC:4A:13:18:2A:3A:17:E0:C1:69:49:16:40:78:B0:22:2F:61:2B:3F:1D:C8:CC:CC:A4:D4:5F:96:AD:04:46:4B:FD:66:75:91:A3:20:55:A4:8C:41:9E:1D:37:43:0D:0D:5B:E6:AC:65:68:07:74:BD:7C:E0:7F:6C:81:C9:6B:00:79:7E:D2:2F:AF:7D:5D:A6:93:3F:C3:17:13:E5:17:19:73:A0:99:CA:15:34:F3:BD:E3:9D:C7:D3:E7:6A:EA:B4:84:BD:B4:43:02:4C:26:DB:25:E0:5F:9E:C0:6D:FD:FE:25:3B:99:60:F3:30:B4:40:39:BD:AD:1C:DE:14:11:7D\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:52:55\",", " \"not_valid_before\": \"2020-10-31 21:52:56\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "E0:7F:0E:B4:7E:0F:08:F0:0C:44:67:ED:05:DD:CE:A7:CF:A8:6F:77"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "01:26:E6:D1:0A:28:42:9B:0C:54:E2:BF:F9:07:C1:24:62:EB:BD:8E"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "5D:8D:6B:09:0B:F5:4C:1A:4D:7C:AA:8D:0F:17:C4:0B:85:AB:48:2D:19:C8:0C:6A:06:B1:23:CD:C3:E1:F7:5A:AE:9D:25:1B:49:81:44:56:39:BD:0C:00:CD:D5:0C:89:6D:AC:88:20:88:61:B0:59:15:0C:A3:3D:42:F2:70:5C:97:32:2D:11:E9:48:74:2C:84:C5:F9:CE:3A:FF:D8:46:6B:DA:EA:E6:07:12:5C:7B:69:B3:9E:A2:48:46:F3:F0:A5:65:C0:1E:A7:64:AD:45:08:A2:B0:18:9D:3F:91:2B:1F:C4:6D:A8:DD:9A:AF:62:81:CE:1D:16:6B:47:64:7B:BC:4A:13:18:2A:3A:17:E0:C1:69:49:16:40:78:B0:22:2F:61:2B:3F:1D:C8:CC:CC:A4:D4:5F:96:AD:04:46:4B:FD:66:75:91:A3:20:55:A4:8C:41:9E:1D:37:43:0D:0D:5B:E6:AC:65:68:07:74:BD:7C:E0:7F:6C:81:C9:6B:00:79:7E:D2:2F:AF:7D:5D:A6:93:3F:C3:17:13:E5:17:19:73:A0:99:CA:15:34:F3:BD:E3:9D:C7:D3:E7:6A:EA:B4:84:BD:B4:43:02:4C:26:DB:25:E0:5F:9E:C0:6D:FD:FE:25:3B:99:60:F3:30:B4:40:39:BD:AD:1C:DE:14:11:7D"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:52:55", "not_valid_before": "2020-10-31 21:52:56"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.039911", "end": "2020-10-31 21:53:09.848144", "rc": 0, "start": "2020-10-31 21:53:09.808233", "stderr": "", "stderr_lines": [], "stdout": "no", "stdout_lines": ["no"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.7/site-packages (0.1.1)\nRequirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (3.2.1)\nRequirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (0.4.8)\nRequirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (5.3.1)\nRequirement already satisfied: cffi!=1.11.3,>=1.8 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.14.3)\nRequirement already satisfied: six>=1.4.1 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.15.0)\nRequirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1) (2.20)\n", "stdout_lines": ["Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.7/site-packages (0.1.1)", "Requirement already satisfied: cryptography in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (3.2.1)", "Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (0.4.8)", "Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.7/site-packages (from certreader>=0.1.1) (5.3.1)", "Requirement already satisfied: cffi!=1.11.3,>=1.8 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.14.3)", "Requirement already satisfied: six>=1.4.1 in ./certificate-tests-venv/lib/python3.7/site-packages (from cryptography->certreader>=0.1.1) (1.15.0)", "Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1) (2.20)"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181176.7851574, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "a20bfc881329362b1af5a6d7049e3ae17e9d1353", "ctime": 1604181176.7831576, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131716, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181176.7831576, "nlink": 1, "path": "/etc/pki/tls/certs/defaultcert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "835485184", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181176.7411575, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e938ea7e5364a9451c3bda2f7cf248808a46943d", "ctime": 1604181176.7831576, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131715, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181176.7831576, "nlink": 1, "path": "/etc/pki/tls/private/defaultcert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3527673210", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/defaultcert.crt"], "delta": "0:00:00.216082", "end": "2020-10-31 21:53:16.378197", "rc": 0, "start": "2020-10-31 21:53:16.162115", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"12:A7:6E:43:47:C1:F7:8E:6E:A7:84:1F:97:E0:BF:BC:64:12:B0:6E\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"E0:7F:0E:B4:7E:0F:08:F0:0C:44:67:ED:05:DD:CE:A7:CF:A8:6F:77\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"60:CA:31:BC:D2:4D:5D:48:9F:44:E9:AE:D3:59:67:84:9D:3B:9D:2B:75:72:AE:26:8B:1A:6D:A8:21:75:23:61:96:32:22:9A:76:1F:24:F5:67:15:EF:00:DB:3A:1F:9F:96:AE:34:4E:38:B0:F2:35:AA:0E:AB:86:87:DD:B4:69:6D:F1:A3:3A:B2:AD:FB:30:3F:0B:73:B2:70:08:24:D0:81:23:FF:F7:59:EC:B2:6E:1E:11:7B:0E:65:D7:71:E9:1B:70:69:99:8B:C1:5A:40:CE:43:06:C9:A1:09:B5:DB:95:2A:D9:9C:DD:13:9A:9F:D2:71:6A:AD:38:84:F7:BB:8F:EF:A2:B3:FC:54:FB:23:67:23:45:32:5B:53:A3:3E:35:CE:24:DE:6A:A6:C0:F6:9B:E8:AD:BA:4B:66:CB:5C:F9:DF:2C:A7:7E:BA:1D:85:23:0C:A8:3D:A4:F2:36:85:9B:02:B5:52:94:21:32:5C:01:24:90:B9:47:CC:70:31:07:D7:A5:DC:19:E1:ED:38:10:29:E8:02:D5:26:30:EB:15:97:5F:F6:EA:F1:3C:22:18:78:03:45:B7:19:7B:F3:CD:39:6D:F5:88:EF:A2:43:5D:AE:5E:85:F2:9D:61:7B:84:7A:BA:9D:DD:2C:12:B5:93:A7:5C:D1:6F:AC:60:71\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:52:55\",\n \"not_valid_before\": \"2020-10-31 21:52:56\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"12:A7:6E:43:47:C1:F7:8E:6E:A7:84:1F:97:E0:BF:BC:64:12:B0:6E\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"E0:7F:0E:B4:7E:0F:08:F0:0C:44:67:ED:05:DD:CE:A7:CF:A8:6F:77\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"60:CA:31:BC:D2:4D:5D:48:9F:44:E9:AE:D3:59:67:84:9D:3B:9D:2B:75:72:AE:26:8B:1A:6D:A8:21:75:23:61:96:32:22:9A:76:1F:24:F5:67:15:EF:00:DB:3A:1F:9F:96:AE:34:4E:38:B0:F2:35:AA:0E:AB:86:87:DD:B4:69:6D:F1:A3:3A:B2:AD:FB:30:3F:0B:73:B2:70:08:24:D0:81:23:FF:F7:59:EC:B2:6E:1E:11:7B:0E:65:D7:71:E9:1B:70:69:99:8B:C1:5A:40:CE:43:06:C9:A1:09:B5:DB:95:2A:D9:9C:DD:13:9A:9F:D2:71:6A:AD:38:84:F7:BB:8F:EF:A2:B3:FC:54:FB:23:67:23:45:32:5B:53:A3:3E:35:CE:24:DE:6A:A6:C0:F6:9B:E8:AD:BA:4B:66:CB:5C:F9:DF:2C:A7:7E:BA:1D:85:23:0C:A8:3D:A4:F2:36:85:9B:02:B5:52:94:21:32:5C:01:24:90:B9:47:CC:70:31:07:D7:A5:DC:19:E1:ED:38:10:29:E8:02:D5:26:30:EB:15:97:5F:F6:EA:F1:3C:22:18:78:03:45:B7:19:7B:F3:CD:39:6D:F5:88:EF:A2:43:5D:AE:5E:85:F2:9D:61:7B:84:7A:BA:9D:DD:2C:12:B5:93:A7:5C:D1:6F:AC:60:71\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:52:55\",", " \"not_valid_before\": \"2020-10-31 21:52:56\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "E0:7F:0E:B4:7E:0F:08:F0:0C:44:67:ED:05:DD:CE:A7:CF:A8:6F:77"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "12:A7:6E:43:47:C1:F7:8E:6E:A7:84:1F:97:E0:BF:BC:64:12:B0:6E"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "60:CA:31:BC:D2:4D:5D:48:9F:44:E9:AE:D3:59:67:84:9D:3B:9D:2B:75:72:AE:26:8B:1A:6D:A8:21:75:23:61:96:32:22:9A:76:1F:24:F5:67:15:EF:00:DB:3A:1F:9F:96:AE:34:4E:38:B0:F2:35:AA:0E:AB:86:87:DD:B4:69:6D:F1:A3:3A:B2:AD:FB:30:3F:0B:73:B2:70:08:24:D0:81:23:FF:F7:59:EC:B2:6E:1E:11:7B:0E:65:D7:71:E9:1B:70:69:99:8B:C1:5A:40:CE:43:06:C9:A1:09:B5:DB:95:2A:D9:9C:DD:13:9A:9F:D2:71:6A:AD:38:84:F7:BB:8F:EF:A2:B3:FC:54:FB:23:67:23:45:32:5B:53:A3:3E:35:CE:24:DE:6A:A6:C0:F6:9B:E8:AD:BA:4B:66:CB:5C:F9:DF:2C:A7:7E:BA:1D:85:23:0C:A8:3D:A4:F2:36:85:9B:02:B5:52:94:21:32:5C:01:24:90:B9:47:CC:70:31:07:D7:A5:DC:19:E1:ED:38:10:29:E8:02:D5:26:30:EB:15:97:5F:F6:EA:F1:3C:22:18:78:03:45:B7:19:7B:F3:CD:39:6D:F5:88:EF:A2:43:5D:AE:5E:85:F2:9D:61:7B:84:7A:BA:9D:DD:2C:12:B5:93:A7:5C:D1:6F:AC:60:71"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:52:55", "not_valid_before": "2020-10-31 21:52:56"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/defaultcert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037603", "end": "2020-10-31 21:53:16.953692", "rc": 0, "start": "2020-10-31 21:53:16.916089", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=48 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_not_wait_for_cert.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_not_wait_for_cert.yml ****************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_not_wait_for_cert.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_not_wait_for_cert.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "network.target dbus.socket systemd-journald.socket sysinit.target syslog.target basic.target dbus-broker.service system.slice", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_not_wait_for_cert.yml:14 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Wait for certificate] **************************************************** task path: /tmp/tmpihz7fk_9/tests/tests_not_wait_for_cert.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'path': '/etc/pki/tls/certs/mycert.crt', 'key_path': '/etc/pki/tls/private/mycert.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}]}) => {"ansible_loop_var": "item", "changed": false, "elapsed": 0, "gid": 0, "group": "root", "item": {"key_path": "/etc/pki/tls/private/mycert.key", "path": "/etc/pki/tls/certs/mycert.crt", "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "subject_alt_name": [{"name": "DNS", "value": "www.example.com"}]}, "match_groupdict": {}, "match_groups": [], "mode": "0600", "owner": "root", "path": "/etc/pki/tls/certs/mycert.crt", "port": null, "search_regex": null, "secontext": "system_u:object_r:cert_t:s0", "size": 1310, "state": "file", "uid": 0} TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_not_wait_for_cert.yml:34 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181258.679803, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "911986692aea6787868cdaa2ec14d0a4a69144f7", "ctime": 1604181258.6778028, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131671, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181258.6778028, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "944053979", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181258.636803, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "1dd6b349890034dc539b81b816dea414f4a366cd", "ctime": 1604181258.6778028, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131650, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181258.6778028, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2663034464", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.204864", "end": "2020-10-31 21:54:30.775855", "rc": 0, "start": "2020-10-31 21:54:30.570991", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"9C:5F:56:6B:3E:76:00:28:F3:3A:D4:00:7A:00:E8:B9:88:23:54:F2\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"6E:84:F8:17:B1:C5:ED:80:1A:5A:FA:67:0D:71:80:79:DE:3C:2B:5D\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"4D:4D:7F:96:1A:0A:93:DA:23:34:26:3F:56:D1:3B:9F:B0:02:4F:BF:4B:B8:E6:19:0D:E8:B0:96:DB:F2:38:71:97:5E:CD:9C:42:CB:42:BC:1E:89:75:39:07:8C:71:4E:C2:DB:A4:76:94:BD:09:18:31:2F:9D:D5:15:71:04:2A:F3:5F:D9:39:A1:06:86:90:6D:82:B9:8A:04:5E:8F:12:B7:EF:11:AC:10:95:C2:36:BE:46:7C:77:9A:33:08:88:40:EE:0A:C1:9E:7D:24:8D:06:AB:1C:FF:83:6B:9C:3B:7E:25:85:E2:26:DD:7C:FB:A6:69:05:3A:27:B5:F2:30:4D:F4:92:BF:AE:16:B9:7E:9E:1B:36:69:9F:0F:19:8E:1D:DB:EF:AA:4F:A7:3B:AC:36:A1:FF:FE:21:04:20:4C:04:93:46:21:EB:98:4C:37:DD:7D:E3:7A:CF:D2:32:7D:BD:A2:A7:6A:49:3E:94:3E:CE:BC:B8:96:28:27:3C:F6:B2:DB:D9:5A:E1:0D:52:A5:18:47:23:56:30:B8:90:54:8F:07:45:84:05:59:3B:62:B6:B9:C5:A6:64:B5:D5:5D:02:5E:87:5C:DE:5B:3A:FC:2E:40:1E:C7:61:A7:71:53:4F:2A:1E:AA:8F:06:A6:C7:1B:43:DE:25:A0:45:AA:C7\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:54:17\",\n \"not_valid_before\": \"2020-10-31 21:54:18\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"9C:5F:56:6B:3E:76:00:28:F3:3A:D4:00:7A:00:E8:B9:88:23:54:F2\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"6E:84:F8:17:B1:C5:ED:80:1A:5A:FA:67:0D:71:80:79:DE:3C:2B:5D\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"4D:4D:7F:96:1A:0A:93:DA:23:34:26:3F:56:D1:3B:9F:B0:02:4F:BF:4B:B8:E6:19:0D:E8:B0:96:DB:F2:38:71:97:5E:CD:9C:42:CB:42:BC:1E:89:75:39:07:8C:71:4E:C2:DB:A4:76:94:BD:09:18:31:2F:9D:D5:15:71:04:2A:F3:5F:D9:39:A1:06:86:90:6D:82:B9:8A:04:5E:8F:12:B7:EF:11:AC:10:95:C2:36:BE:46:7C:77:9A:33:08:88:40:EE:0A:C1:9E:7D:24:8D:06:AB:1C:FF:83:6B:9C:3B:7E:25:85:E2:26:DD:7C:FB:A6:69:05:3A:27:B5:F2:30:4D:F4:92:BF:AE:16:B9:7E:9E:1B:36:69:9F:0F:19:8E:1D:DB:EF:AA:4F:A7:3B:AC:36:A1:FF:FE:21:04:20:4C:04:93:46:21:EB:98:4C:37:DD:7D:E3:7A:CF:D2:32:7D:BD:A2:A7:6A:49:3E:94:3E:CE:BC:B8:96:28:27:3C:F6:B2:DB:D9:5A:E1:0D:52:A5:18:47:23:56:30:B8:90:54:8F:07:45:84:05:59:3B:62:B6:B9:C5:A6:64:B5:D5:5D:02:5E:87:5C:DE:5B:3A:FC:2E:40:1E:C7:61:A7:71:53:4F:2A:1E:AA:8F:06:A6:C7:1B:43:DE:25:A0:45:AA:C7\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:54:17\",", " \"not_valid_before\": \"2020-10-31 21:54:18\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "6E:84:F8:17:B1:C5:ED:80:1A:5A:FA:67:0D:71:80:79:DE:3C:2B:5D"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "9C:5F:56:6B:3E:76:00:28:F3:3A:D4:00:7A:00:E8:B9:88:23:54:F2"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "4D:4D:7F:96:1A:0A:93:DA:23:34:26:3F:56:D1:3B:9F:B0:02:4F:BF:4B:B8:E6:19:0D:E8:B0:96:DB:F2:38:71:97:5E:CD:9C:42:CB:42:BC:1E:89:75:39:07:8C:71:4E:C2:DB:A4:76:94:BD:09:18:31:2F:9D:D5:15:71:04:2A:F3:5F:D9:39:A1:06:86:90:6D:82:B9:8A:04:5E:8F:12:B7:EF:11:AC:10:95:C2:36:BE:46:7C:77:9A:33:08:88:40:EE:0A:C1:9E:7D:24:8D:06:AB:1C:FF:83:6B:9C:3B:7E:25:85:E2:26:DD:7C:FB:A6:69:05:3A:27:B5:F2:30:4D:F4:92:BF:AE:16:B9:7E:9E:1B:36:69:9F:0F:19:8E:1D:DB:EF:AA:4F:A7:3B:AC:36:A1:FF:FE:21:04:20:4C:04:93:46:21:EB:98:4C:37:DD:7D:E3:7A:CF:D2:32:7D:BD:A2:A7:6A:49:3E:94:3E:CE:BC:B8:96:28:27:3C:F6:B2:DB:D9:5A:E1:0D:52:A5:18:47:23:56:30:B8:90:54:8F:07:45:84:05:59:3B:62:B6:B9:C5:A6:64:B5:D5:5D:02:5E:87:5C:DE:5B:3A:FC:2E:40:1E:C7:61:A7:71:53:4F:2A:1E:AA:8F:06:A6:C7:1B:43:DE:25:A0:45:AA:C7"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:54:17", "not_valid_before": "2020-10-31 21:54:18"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.038699", "end": "2020-10-31 21:54:31.323253", "rc": 0, "start": "2020-10-31 21:54:31.284554", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=30 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_principal.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_principal.yml ************************************************** 3 plays in /tmp/tmpihz7fk_9/tests/tests_principal.yml PLAY [Test issuing certificate with principal.] ******************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_principal.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target basic.target dbus.socket syslog.target network.target dbus-broker.service system.slice systemd-journald.socket", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice dbus.socket sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'principal': 'HTTP/www.example.com@EXAMPLE.COM', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "principal": "HTTP/www.example.com@EXAMPLE.COM"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_principal.yml:13 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_principal.yml:33 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181336.2421153, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "101c61e4195e168dcb742534723fa6fa83cd8782", "ctime": 1604181336.2391152, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181336.2391152, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1472, "uid": 0, "version": "3561475190", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181336.1981153, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "9263921038594e5cfbf8d21a900e45d13ce7fbe9", "ctime": 1604181336.2391152, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181336.2391152, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "2368214597", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.206542", "end": "2020-10-31 21:55:48.592518", "rc": 0, "start": "2020-10-31 21:55:48.385976", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n },\n {\n \"name\": \"Universal Principal Name (UPN)\",\n \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",\n \"oid\": \"1.3.6.1.4.1.311.20.2.3\"\n },\n {\n \"name\": \"Kerberos principalname\",\n \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",\n \"oid\": \"1.3.6.1.5.2.2\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"43:CC:8C:F8:09:D5:FF:92:53:FD:EE:DA:DE:50:E5:D1:B9:4F:A5:DD\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"03:14:D5:A8:0E:57:93:39:68:15:E1:BC:14:69:9E:D5:0A:D8:97:74\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"37:70:2E:32:7C:3F:88:35:7C:6C:D3:CA:AF:20:9E:30:B7:AF:5E:D3:97:A0:10:DD:70:DB:1C:A6:1D:B5:B8:C6:00:CD:20:94:B5:15:7D:48:B2:B2:73:61:66:D8:EF:DA:5A:91:C1:03:AD:49:37:65:EF:AA:11:34:F3:73:51:0F:A7:C0:0F:5C:FB:E3:1C:ED:68:F5:3D:73:BF:87:D8:96:B3:E2:BC:3B:F9:49:F1:29:C2:48:A8:0B:F1:BD:5D:21:F1:65:4A:16:B7:2E:5F:AA:B2:E9:3E:B2:56:28:DD:B1:74:7B:6E:39:BC:EF:77:15:21:9B:12:90:65:B6:38:87:C8:4D:9A:48:8F:41:79:4C:D0:89:AF:D1:B5:E1:B1:94:A9:5F:F7:B3:41:E5:C8:13:74:FD:84:EF:53:38:8E:10:84:A0:29:CF:D9:82:AD:B8:63:A8:47:E7:CE:8F:E0:C5:A8:8F:A6:F5:D4:21:0D:94:A9:8D:DA:16:D3:95:07:3B:23:59:14:1E:BC:BC:E0:42:81:48:EB:05:03:D2:9D:88:91:12:3A:25:0E:D7:A5:F1:55:35:46:AC:62:D1:73:9F:01:1D:82:35:A9:06:FA:AE:36:F1:06:93:58:51:78:0B:1E:E0:05:6E:E8:D8:96:A6:91:B4:25:3B:7D:F1:AB:17\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:55:35\",\n \"not_valid_before\": \"2020-10-31 21:55:36\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " },", " {", " \"name\": \"Universal Principal Name (UPN)\",", " \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",", " \"oid\": \"1.3.6.1.4.1.311.20.2.3\"", " },", " {", " \"name\": \"Kerberos principalname\",", " \"value\": \"HTTP/www.example.com@EXAMPLE.COM\",", " \"oid\": \"1.3.6.1.5.2.2\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"43:CC:8C:F8:09:D5:FF:92:53:FD:EE:DA:DE:50:E5:D1:B9:4F:A5:DD\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"03:14:D5:A8:0E:57:93:39:68:15:E1:BC:14:69:9E:D5:0A:D8:97:74\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"37:70:2E:32:7C:3F:88:35:7C:6C:D3:CA:AF:20:9E:30:B7:AF:5E:D3:97:A0:10:DD:70:DB:1C:A6:1D:B5:B8:C6:00:CD:20:94:B5:15:7D:48:B2:B2:73:61:66:D8:EF:DA:5A:91:C1:03:AD:49:37:65:EF:AA:11:34:F3:73:51:0F:A7:C0:0F:5C:FB:E3:1C:ED:68:F5:3D:73:BF:87:D8:96:B3:E2:BC:3B:F9:49:F1:29:C2:48:A8:0B:F1:BD:5D:21:F1:65:4A:16:B7:2E:5F:AA:B2:E9:3E:B2:56:28:DD:B1:74:7B:6E:39:BC:EF:77:15:21:9B:12:90:65:B6:38:87:C8:4D:9A:48:8F:41:79:4C:D0:89:AF:D1:B5:E1:B1:94:A9:5F:F7:B3:41:E5:C8:13:74:FD:84:EF:53:38:8E:10:84:A0:29:CF:D9:82:AD:B8:63:A8:47:E7:CE:8F:E0:C5:A8:8F:A6:F5:D4:21:0D:94:A9:8D:DA:16:D3:95:07:3B:23:59:14:1E:BC:BC:E0:42:81:48:EB:05:03:D2:9D:88:91:12:3A:25:0E:D7:A5:F1:55:35:46:AC:62:D1:73:9F:01:1D:82:35:A9:06:FA:AE:36:F1:06:93:58:51:78:0B:1E:E0:05:6E:E8:D8:96:A6:91:B4:25:3B:7D:F1:AB:17\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:55:35\",", " \"not_valid_before\": \"2020-10-31 21:55:36\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "03:14:D5:A8:0E:57:93:39:68:15:E1:BC:14:69:9E:D5:0A:D8:97:74"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}, {"name": "Universal Principal Name (UPN)", "oid": "1.3.6.1.4.1.311.20.2.3", "value": "HTTP/www.example.com@EXAMPLE.COM"}, {"name": "Kerberos principalname", "oid": "1.3.6.1.5.2.2", "value": "HTTP/www.example.com@EXAMPLE.COM"}]}, "subjectKeyIdentifier": {"critical": false, "value": "43:CC:8C:F8:09:D5:FF:92:53:FD:EE:DA:DE:50:E5:D1:B9:4F:A5:DD"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "37:70:2E:32:7C:3F:88:35:7C:6C:D3:CA:AF:20:9E:30:B7:AF:5E:D3:97:A0:10:DD:70:DB:1C:A6:1D:B5:B8:C6:00:CD:20:94:B5:15:7D:48:B2:B2:73:61:66:D8:EF:DA:5A:91:C1:03:AD:49:37:65:EF:AA:11:34:F3:73:51:0F:A7:C0:0F:5C:FB:E3:1C:ED:68:F5:3D:73:BF:87:D8:96:B3:E2:BC:3B:F9:49:F1:29:C2:48:A8:0B:F1:BD:5D:21:F1:65:4A:16:B7:2E:5F:AA:B2:E9:3E:B2:56:28:DD:B1:74:7B:6E:39:BC:EF:77:15:21:9B:12:90:65:B6:38:87:C8:4D:9A:48:8F:41:79:4C:D0:89:AF:D1:B5:E1:B1:94:A9:5F:F7:B3:41:E5:C8:13:74:FD:84:EF:53:38:8E:10:84:A0:29:CF:D9:82:AD:B8:63:A8:47:E7:CE:8F:E0:C5:A8:8F:A6:F5:D4:21:0D:94:A9:8D:DA:16:D3:95:07:3B:23:59:14:1E:BC:BC:E0:42:81:48:EB:05:03:D2:9D:88:91:12:3A:25:0E:D7:A5:F1:55:35:46:AC:62:D1:73:9F:01:1D:82:35:A9:06:FA:AE:36:F1:06:93:58:51:78:0B:1E:E0:05:6E:E8:D8:96:A6:91:B4:25:3B:7D:F1:AB:17"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:55:35", "not_valid_before": "2020-10-31 21:55:36"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.036651", "end": "2020-10-31 21:55:49.158196", "rc": 0, "start": "2020-10-31 21:55:49.121545", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY [Test issuing certificate with invalid principal.] ************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_principal.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestamp": "Sat 2020-10-31 21:55:35 UTC", "ActiveEnterTimestampMonotonic": "59286183", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "dbus-broker.service basic.target network.target dbus.socket sysinit.target system.slice systemd-journald.socket syslog.target", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "yes", "AssertTimestamp": "Sat 2020-10-31 21:55:35 UTC", "AssertTimestampMonotonic": "59275087", "Before": "shutdown.target multi-user.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "411580000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2020-10-31 21:55:35 UTC", "ConditionTimestampMonotonic": "59275087", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6529", "ExecMainStartTimestamp": "Sat 2020-10-31 21:55:35 UTC", "ExecMainStartTimestampMonotonic": "59276176", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[Sat 2020-10-31 21:55:35 UTC] ; stop_time=[n/a] ; pid=6529 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[Sat 2020-10-31 21:55:35 UTC] ; stop_time=[n/a] ; pid=6529 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2020-10-31 21:55:35 UTC", "InactiveExitTimestampMonotonic": "59276633", "InvocationID": "cdc062e4d7d94418a93a9bb759a7c35f", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "6529", "MemoryAccounting": "yes", "MemoryCurrent": "6344704", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target dbus.socket system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestamp": "Sat 2020-10-31 21:55:35 UTC", "StateChangeTimestampMonotonic": "59286183", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "1", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 failed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] (item={'name': 'mycertinvalid', 'dns': 'www.example.com', 'principal': 'HTTP/abc', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycertinvalid", "principal": "HTTP/abc"}, "msg": "Invalid principal 'HTTP/abc'. It should be formatted as 'primary/instance@REALM'"} TASK [assert...] *************************************************************** task path: /tmp/tmpihz7fk_9/tests/tests_principal.yml:58 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=37 changed=6 unreachable=0 failed=0 skipped=1 rescued=1 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_provider.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_provider.yml *************************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_provider.yml PLAY [Test issuing certificate with certmonger provider] *********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_provider.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "sysinit.target systemd-journald.socket dbus.socket network.target system.slice basic.target syslog.target dbus-broker.service", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "sysinit.target system.slice dbus.socket", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'certmonger'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "certmonger"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_provider.yml:13 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_provider.yml:27 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181423.7106078, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "ad734f4d90c1caa79515f87a28ecec66053074f6", "ctime": 1604181423.708608, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181423.708608, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "3002941132", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181423.6666079, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "497ac9e0af134482ab9e012cc2c069bbef4e08bb", "ctime": 1604181423.7076077, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181423.7076077, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "478104913", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.195942", "end": "2020-10-31 21:57:15.733304", "rc": 0, "start": "2020-10-31 21:57:15.537362", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"CF:A8:23:11:1A:3A:D3:18:EC:26:7F:01:2B:9E:47:11:C1:24:7D:10\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"97:FD:37:80:5C:C4:E1:96:FE:06:A2:FA:B5:4E:11:60:74:FF:39:45\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"01:E0:34:12:1A:20:A6:3D:3C:2C:3A:56:FE:98:14:0C:1D:65:E5:86:58:25:41:E3:F7:69:D2:A4:74:E5:04:C7:03:78:A6:1C:DA:DE:6D:FD:6E:11:C1:57:BF:43:82:34:A2:93:01:81:6E:29:2B:1B:A2:BE:A4:22:EE:21:34:3B:EA:FB:98:FA:EF:45:CC:88:73:E6:B2:32:9D:5B:1F:8A:2D:44:35:9E:F6:B9:B7:EC:56:91:27:9F:90:50:46:9C:0B:F0:B6:96:53:0F:12:70:2E:D2:B5:CA:5F:73:B6:53:1A:4B:FB:DF:4F:54:04:2A:FC:04:4C:D4:8F:04:58:5E:85:90:F7:9C:3B:9B:EC:46:CF:8F:1D:D2:F5:60:A1:AC:07:AB:05:1C:8E:F3:5C:99:19:0C:88:69:C1:AF:52:62:16:35:21:FA:4A:FB:46:6D:70:68:91:08:5C:1E:C8:A1:21:57:93:C6:12:86:35:92:FE:4B:0F:1D:92:1A:97:3D:C5:CC:16:BB:39:1C:EB:95:86:21:2F:24:10:C0:A9:90:9C:2D:AF:AF:A6:EE:BA:AD:FD:2B:FA:1B:6C:12:B6:49:97:7A:E1:2B:12:30:3F:51:9F:F5:30:8F:60:F1:53:C7:7B:C9:9E:A0:44:AF:FB:5F:0B:CD:04:25:B2:07:9C:85\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:57:03\",\n \"not_valid_before\": \"2020-10-31 21:57:03\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"CF:A8:23:11:1A:3A:D3:18:EC:26:7F:01:2B:9E:47:11:C1:24:7D:10\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"97:FD:37:80:5C:C4:E1:96:FE:06:A2:FA:B5:4E:11:60:74:FF:39:45\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"01:E0:34:12:1A:20:A6:3D:3C:2C:3A:56:FE:98:14:0C:1D:65:E5:86:58:25:41:E3:F7:69:D2:A4:74:E5:04:C7:03:78:A6:1C:DA:DE:6D:FD:6E:11:C1:57:BF:43:82:34:A2:93:01:81:6E:29:2B:1B:A2:BE:A4:22:EE:21:34:3B:EA:FB:98:FA:EF:45:CC:88:73:E6:B2:32:9D:5B:1F:8A:2D:44:35:9E:F6:B9:B7:EC:56:91:27:9F:90:50:46:9C:0B:F0:B6:96:53:0F:12:70:2E:D2:B5:CA:5F:73:B6:53:1A:4B:FB:DF:4F:54:04:2A:FC:04:4C:D4:8F:04:58:5E:85:90:F7:9C:3B:9B:EC:46:CF:8F:1D:D2:F5:60:A1:AC:07:AB:05:1C:8E:F3:5C:99:19:0C:88:69:C1:AF:52:62:16:35:21:FA:4A:FB:46:6D:70:68:91:08:5C:1E:C8:A1:21:57:93:C6:12:86:35:92:FE:4B:0F:1D:92:1A:97:3D:C5:CC:16:BB:39:1C:EB:95:86:21:2F:24:10:C0:A9:90:9C:2D:AF:AF:A6:EE:BA:AD:FD:2B:FA:1B:6C:12:B6:49:97:7A:E1:2B:12:30:3F:51:9F:F5:30:8F:60:F1:53:C7:7B:C9:9E:A0:44:AF:FB:5F:0B:CD:04:25:B2:07:9C:85\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:57:03\",", " \"not_valid_before\": \"2020-10-31 21:57:03\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "97:FD:37:80:5C:C4:E1:96:FE:06:A2:FA:B5:4E:11:60:74:FF:39:45"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "CF:A8:23:11:1A:3A:D3:18:EC:26:7F:01:2B:9E:47:11:C1:24:7D:10"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "01:E0:34:12:1A:20:A6:3D:3C:2C:3A:56:FE:98:14:0C:1D:65:E5:86:58:25:41:E3:F7:69:D2:A4:74:E5:04:C7:03:78:A6:1C:DA:DE:6D:FD:6E:11:C1:57:BF:43:82:34:A2:93:01:81:6E:29:2B:1B:A2:BE:A4:22:EE:21:34:3B:EA:FB:98:FA:EF:45:CC:88:73:E6:B2:32:9D:5B:1F:8A:2D:44:35:9E:F6:B9:B7:EC:56:91:27:9F:90:50:46:9C:0B:F0:B6:96:53:0F:12:70:2E:D2:B5:CA:5F:73:B6:53:1A:4B:FB:DF:4F:54:04:2A:FC:04:4C:D4:8F:04:58:5E:85:90:F7:9C:3B:9B:EC:46:CF:8F:1D:D2:F5:60:A1:AC:07:AB:05:1C:8E:F3:5C:99:19:0C:88:69:C1:AF:52:62:16:35:21:FA:4A:FB:46:6D:70:68:91:08:5C:1E:C8:A1:21:57:93:C6:12:86:35:92:FE:4B:0F:1D:92:1A:97:3D:C5:CC:16:BB:39:1C:EB:95:86:21:2F:24:10:C0:A9:90:9C:2D:AF:AF:A6:EE:BA:AD:FD:2B:FA:1B:6C:12:B6:49:97:7A:E1:2B:12:30:3F:51:9F:F5:30:8F:60:F1:53:C7:7B:C9:9E:A0:44:AF:FB:5F:0B:CD:04:25:B2:07:9C:85"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:57:03", "not_valid_before": "2020-10-31 21:57:03"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040682", "end": "2020-10-31 21:57:16.313269", "rc": 0, "start": "2020-10-31 21:57:16.272587", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=29 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_run_hooks.yml ************************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "syslog.target sysinit.target system.slice systemd-journald.socket dbus-broker.service dbus.socket basic.target network.target", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket system.slice sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'run_before': 'touch /etc/pki/before_cert.tmp\n', 'run_after': 'touch /etc/pki/after_cert.tmp\n'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "run_after": "touch /etc/pki/after_cert.tmp\n", "run_before": "touch /etc/pki/before_cert.tmp\n"}, "msg": "Certificate requested (new). Pre/Post run hooks updated."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml:31 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181499.6508658, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6e8e045ff304ec5cb63b606e308b8677a5dbaaca", "ctime": 1604181499.648866, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131717, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181499.648866, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "1704584144", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181499.602866, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "55dd121ebe06114fac9a86acb752ff3df36d85bf", "ctime": 1604181499.648866, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131715, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181499.648866, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "3094838399", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.202033", "end": "2020-10-31 21:58:31.856046", "rc": 0, "start": "2020-10-31 21:58:31.654013", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"www.example.com\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"D5:01:FD:34:8C:35:F4:7A:01:2F:D6:A3:2F:59:7A:C3:B4:CB:0A:96\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"E6:A7:A5:3A:4B:44:C8:58:66:61:89:1A:88:86:C2:DA:72:D2:8E:F9\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"88:71:71:B8:AA:33:61:3C:98:AD:06:25:46:88:94:EF:DA:38:75:47:50:C5:0A:8E:12:1A:5D:93:64:66:DB:28:F7:9D:7E:0B:D8:9A:08:F7:48:9A:64:4B:20:90:26:12:DE:96:3C:49:06:9D:BB:80:2D:82:B4:6E:B4:C8:E1:C5:C4:4F:6D:47:D2:CC:99:29:72:B3:3A:EB:4E:BE:F0:76:41:2D:30:8D:EA:92:B4:3D:3E:09:32:22:3F:03:2C:D0:E4:91:15:C9:61:7F:1E:BA:07:27:6B:72:36:BB:73:13:E8:66:E0:09:F9:D1:30:76:E7:66:EC:9B:17:BA:4B:94:57:B7:9A:56:46:3A:28:5B:4B:34:21:D2:69:DB:7F:80:97:E6:DA:A3:8B:04:32:3A:B0:FA:1B:CB:A9:F4:45:7A:58:3C:1C:35:99:1A:8C:10:A3:06:00:E0:2F:4C:F0:9E:A5:1C:FD:B9:78:3D:AB:62:32:42:D0:89:20:6A:64:40:43:A4:39:6F:B3:05:C9:C3:DF:EE:51:36:C5:D5:FA:BC:0C:BB:9C:D1:D1:C0:68:25:89:44:22:77:25:EF:D6:D5:A3:4B:8A:6E:D2:F8:E0:09:16:60:F6:97:B5:59:56:33:44:A2:F3:60:39:9C:B8:CA:0B:9C:1E:5A:1C:A8:D5:91\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:58:18\",\n \"not_valid_before\": \"2020-10-31 21:58:19\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"www.example.com\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"D5:01:FD:34:8C:35:F4:7A:01:2F:D6:A3:2F:59:7A:C3:B4:CB:0A:96\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"E6:A7:A5:3A:4B:44:C8:58:66:61:89:1A:88:86:C2:DA:72:D2:8E:F9\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"88:71:71:B8:AA:33:61:3C:98:AD:06:25:46:88:94:EF:DA:38:75:47:50:C5:0A:8E:12:1A:5D:93:64:66:DB:28:F7:9D:7E:0B:D8:9A:08:F7:48:9A:64:4B:20:90:26:12:DE:96:3C:49:06:9D:BB:80:2D:82:B4:6E:B4:C8:E1:C5:C4:4F:6D:47:D2:CC:99:29:72:B3:3A:EB:4E:BE:F0:76:41:2D:30:8D:EA:92:B4:3D:3E:09:32:22:3F:03:2C:D0:E4:91:15:C9:61:7F:1E:BA:07:27:6B:72:36:BB:73:13:E8:66:E0:09:F9:D1:30:76:E7:66:EC:9B:17:BA:4B:94:57:B7:9A:56:46:3A:28:5B:4B:34:21:D2:69:DB:7F:80:97:E6:DA:A3:8B:04:32:3A:B0:FA:1B:CB:A9:F4:45:7A:58:3C:1C:35:99:1A:8C:10:A3:06:00:E0:2F:4C:F0:9E:A5:1C:FD:B9:78:3D:AB:62:32:42:D0:89:20:6A:64:40:43:A4:39:6F:B3:05:C9:C3:DF:EE:51:36:C5:D5:FA:BC:0C:BB:9C:D1:D1:C0:68:25:89:44:22:77:25:EF:D6:D5:A3:4B:8A:6E:D2:F8:E0:09:16:60:F6:97:B5:59:56:33:44:A2:F3:60:39:9C:B8:CA:0B:9C:1E:5A:1C:A8:D5:91\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:58:18\",", " \"not_valid_before\": \"2020-10-31 21:58:19\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "E6:A7:A5:3A:4B:44:C8:58:66:61:89:1A:88:86:C2:DA:72:D2:8E:F9"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "D5:01:FD:34:8C:35:F4:7A:01:2F:D6:A3:2F:59:7A:C3:B4:CB:0A:96"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "88:71:71:B8:AA:33:61:3C:98:AD:06:25:46:88:94:EF:DA:38:75:47:50:C5:0A:8E:12:1A:5D:93:64:66:DB:28:F7:9D:7E:0B:D8:9A:08:F7:48:9A:64:4B:20:90:26:12:DE:96:3C:49:06:9D:BB:80:2D:82:B4:6E:B4:C8:E1:C5:C4:4F:6D:47:D2:CC:99:29:72:B3:3A:EB:4E:BE:F0:76:41:2D:30:8D:EA:92:B4:3D:3E:09:32:22:3F:03:2C:D0:E4:91:15:C9:61:7F:1E:BA:07:27:6B:72:36:BB:73:13:E8:66:E0:09:F9:D1:30:76:E7:66:EC:9B:17:BA:4B:94:57:B7:9A:56:46:3A:28:5B:4B:34:21:D2:69:DB:7F:80:97:E6:DA:A3:8B:04:32:3A:B0:FA:1B:CB:A9:F4:45:7A:58:3C:1C:35:99:1A:8C:10:A3:06:00:E0:2F:4C:F0:9E:A5:1C:FD:B9:78:3D:AB:62:32:42:D0:89:20:6A:64:40:43:A4:39:6F:B3:05:C9:C3:DF:EE:51:36:C5:D5:FA:BC:0C:BB:9C:D1:D1:C0:68:25:89:44:22:77:25:EF:D6:D5:A3:4B:8A:6E:D2:F8:E0:09:16:60:F6:97:B5:59:56:33:44:A2:F3:60:39:9C:B8:CA:0B:9C:1E:5A:1C:A8:D5:91"}, "subject": [{"name": "commonName", "oid": "2.5.4.3", "value": "www.example.com"}], "validity": {"not_valid_after": "2021-10-31 21:58:18", "not_valid_before": "2020-10-31 21:58:19"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.040522", "end": "2020-10-31 21:58:32.440978", "rc": 0, "start": "2020-10-31 21:58:32.400456", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Get certificate timestamp] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml:39 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181499.6508658, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "6e8e045ff304ec5cb63b606e308b8677a5dbaaca", "ctime": 1604181499.648866, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131717, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181499.648866, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1310, "uid": 0, "version": "1704584144", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Get pre-run file timestamp] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml:43 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181499.6468658, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1604181499.6468658, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131716, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1604181499.6468658, "nlink": 1, "path": "/etc/pki/before_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "362890814", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Get post-run file timestamp] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml:47 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181499.681866, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 0, "charset": "binary", "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "ctime": 1604181499.681866, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131718, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "inode/x-empty", "mode": "0600", "mtime": 1604181499.681866, "nlink": 1, "path": "/etc/pki/after_cert.tmp", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 0, "uid": 0, "version": "839362312", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Assert file created before cert] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Assert file created after cert] ****************************************** task path: /tmp/tmpihz7fk_9/tests/tests_run_hooks.yml:58 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=34 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_subject.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_subject.yml **************************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_subject.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_subject.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "basic.target syslog.target system.slice dbus.socket systemd-journald.socket dbus-broker.service sysinit.target network.target", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': 'Some other common name', 'country': 'US', 'state': 'NC', 'locality': 'Raleigh', 'organization': 'Red Hat', 'organizational_unit': 'Linux', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "Some other common name", "country": "US", "dns": "www.example.com", "locality": "Raleigh", "name": "mycert", "organization": "Red Hat", "organizational_unit": "Linux", "state": "NC"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_subject.yml:19 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_subject.yml:48 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181573.5102599, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "482a1015948eac441ab696d1799499b8e6b60cb3", "ctime": 1604181573.5082598, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181573.5082598, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1428, "uid": 0, "version": "1348904956", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181573.46726, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "73c193550c8c6a69b2d926fa111a3d09ca8436de", "ctime": 1604181573.5082598, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181573.5082598, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1708, "uid": 0, "version": "4253248390", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.201047", "end": "2020-10-31 21:59:45.542198", "rc": 0, "start": "2020-10-31 21:59:45.341151", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"countryName\",\n \"oid\": \"2.5.4.6\",\n \"value\": \"US\"\n },\n {\n \"name\": \"stateOrProvinceName\",\n \"oid\": \"2.5.4.8\",\n \"value\": \"NC\"\n },\n {\n \"name\": \"localityName\",\n \"oid\": \"2.5.4.7\",\n \"value\": \"Raleigh\"\n },\n {\n \"name\": \"organizationName\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"Red Hat\"\n },\n {\n \"name\": \"organizationalUnitName\",\n \"oid\": \"2.5.4.11\",\n \"value\": \"Linux\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"Some other common name\"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"54:EC:DD:61:8F:2B:13:E7:87:DB:DE:62:60:7E:03:97:10:F6:07:06\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"7E:CF:76:0E:04:4D:1D:9B:A9:F1:F5:0D:0F:F4:25:F8:4F:02:3B:2B\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"4F:93:6C:AB:1C:85:49:D7:9C:23:AF:16:59:FF:89:B4:7A:4B:42:C8:25:1E:35:27:66:29:97:74:BD:C0:83:B7:8B:26:6B:C7:85:3D:7F:5F:19:E7:F5:9C:72:77:79:28:A9:92:F5:9B:9F:70:87:EF:B4:7B:77:62:03:DE:42:4F:1E:90:2B:28:18:85:DB:35:5B:DF:53:A6:51:71:F7:A0:45:65:5C:20:99:1A:88:AC:00:4B:5D:68:EA:26:A6:D8:82:E9:B0:D0:10:8F:9B:FC:A8:40:0A:7F:E4:6D:92:7F:7A:45:8C:2B:C5:30:91:9E:D6:3C:34:4A:8F:A9:63:3C:E2:AC:97:6B:43:B0:F6:77:29:5F:BB:EB:BA:59:52:F9:49:A0:B3:74:14:5F:45:C8:8F:34:44:1F:8A:CB:BC:E1:AA:0A:05:36:46:7E:3B:18:75:7F:F1:43:24:C2:DB:32:6C:DD:B9:E3:2F:8F:5F:88:0E:19:02:F2:B5:B5:F0:AA:B2:58:57:C1:78:DD:CB:3E:7D:F4:4B:88:A3:BE:EF:CB:8B:97:62:1B:35:05:8E:87:6B:12:C4:8C:77:4C:14:49:A9:0B:F9:1E:7F:8C:C7:1C:BF:75:B1:DF:95:70:8E:C9:BF:CE:7C:3F:FD:49:37:50:B3:CD:EA:2C:31:CD:8E:64\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 21:59:32\",\n \"not_valid_before\": \"2020-10-31 21:59:33\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"countryName\",", " \"oid\": \"2.5.4.6\",", " \"value\": \"US\"", " },", " {", " \"name\": \"stateOrProvinceName\",", " \"oid\": \"2.5.4.8\",", " \"value\": \"NC\"", " },", " {", " \"name\": \"localityName\",", " \"oid\": \"2.5.4.7\",", " \"value\": \"Raleigh\"", " },", " {", " \"name\": \"organizationName\",", " \"oid\": \"2.5.4.10\",", " \"value\": \"Red Hat\"", " },", " {", " \"name\": \"organizationalUnitName\",", " \"oid\": \"2.5.4.11\",", " \"value\": \"Linux\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"Some other common name\"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"54:EC:DD:61:8F:2B:13:E7:87:DB:DE:62:60:7E:03:97:10:F6:07:06\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"7E:CF:76:0E:04:4D:1D:9B:A9:F1:F5:0D:0F:F4:25:F8:4F:02:3B:2B\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"4F:93:6C:AB:1C:85:49:D7:9C:23:AF:16:59:FF:89:B4:7A:4B:42:C8:25:1E:35:27:66:29:97:74:BD:C0:83:B7:8B:26:6B:C7:85:3D:7F:5F:19:E7:F5:9C:72:77:79:28:A9:92:F5:9B:9F:70:87:EF:B4:7B:77:62:03:DE:42:4F:1E:90:2B:28:18:85:DB:35:5B:DF:53:A6:51:71:F7:A0:45:65:5C:20:99:1A:88:AC:00:4B:5D:68:EA:26:A6:D8:82:E9:B0:D0:10:8F:9B:FC:A8:40:0A:7F:E4:6D:92:7F:7A:45:8C:2B:C5:30:91:9E:D6:3C:34:4A:8F:A9:63:3C:E2:AC:97:6B:43:B0:F6:77:29:5F:BB:EB:BA:59:52:F9:49:A0:B3:74:14:5F:45:C8:8F:34:44:1F:8A:CB:BC:E1:AA:0A:05:36:46:7E:3B:18:75:7F:F1:43:24:C2:DB:32:6C:DD:B9:E3:2F:8F:5F:88:0E:19:02:F2:B5:B5:F0:AA:B2:58:57:C1:78:DD:CB:3E:7D:F4:4B:88:A3:BE:EF:CB:8B:97:62:1B:35:05:8E:87:6B:12:C4:8C:77:4C:14:49:A9:0B:F9:1E:7F:8C:C7:1C:BF:75:B1:DF:95:70:8E:C9:BF:CE:7C:3F:FD:49:37:50:B3:CD:EA:2C:31:CD:8E:64\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 21:59:32\",", " \"not_valid_before\": \"2020-10-31 21:59:33\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "7E:CF:76:0E:04:4D:1D:9B:A9:F1:F5:0D:0F:F4:25:F8:4F:02:3B:2B"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "54:EC:DD:61:8F:2B:13:E7:87:DB:DE:62:60:7E:03:97:10:F6:07:06"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "4F:93:6C:AB:1C:85:49:D7:9C:23:AF:16:59:FF:89:B4:7A:4B:42:C8:25:1E:35:27:66:29:97:74:BD:C0:83:B7:8B:26:6B:C7:85:3D:7F:5F:19:E7:F5:9C:72:77:79:28:A9:92:F5:9B:9F:70:87:EF:B4:7B:77:62:03:DE:42:4F:1E:90:2B:28:18:85:DB:35:5B:DF:53:A6:51:71:F7:A0:45:65:5C:20:99:1A:88:AC:00:4B:5D:68:EA:26:A6:D8:82:E9:B0:D0:10:8F:9B:FC:A8:40:0A:7F:E4:6D:92:7F:7A:45:8C:2B:C5:30:91:9E:D6:3C:34:4A:8F:A9:63:3C:E2:AC:97:6B:43:B0:F6:77:29:5F:BB:EB:BA:59:52:F9:49:A0:B3:74:14:5F:45:C8:8F:34:44:1F:8A:CB:BC:E1:AA:0A:05:36:46:7E:3B:18:75:7F:F1:43:24:C2:DB:32:6C:DD:B9:E3:2F:8F:5F:88:0E:19:02:F2:B5:B5:F0:AA:B2:58:57:C1:78:DD:CB:3E:7D:F4:4B:88:A3:BE:EF:CB:8B:97:62:1B:35:05:8E:87:6B:12:C4:8C:77:4C:14:49:A9:0B:F9:1E:7F:8C:C7:1C:BF:75:B1:DF:95:70:8E:C9:BF:CE:7C:3F:FD:49:37:50:B3:CD:EA:2C:31:CD:8E:64"}, "subject": [{"name": "countryName", "oid": "2.5.4.6", "value": "US"}, {"name": "stateOrProvinceName", "oid": "2.5.4.8", "value": "NC"}, {"name": "localityName", "oid": "2.5.4.7", "value": "Raleigh"}, {"name": "organizationName", "oid": "2.5.4.10", "value": "Red Hat"}, {"name": "organizationalUnitName", "oid": "2.5.4.11", "value": "Linux"}, {"name": "commonName", "oid": "2.5.4.3", "value": "Some other common name"}], "validity": {"not_valid_after": "2021-10-31 21:59:32", "not_valid_before": "2020-10-31 21:59:33"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.037541", "end": "2020-10-31 21:59:46.123456", "rc": 0, "start": "2020-10-31 21:59:46.085915", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=29 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_subject_complex.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_subject_complex.yml ******************************************** 2 plays in /tmp/tmpihz7fk_9/tests/tests_subject_complex.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_subject_complex.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "msg": "", "rc": 0, "results": ["Installed: nss-softokn-3.57.0-1.fc31.x86_64", "Installed: dbus-tools-1:1.12.20-1.fc31.x86_64", "Installed: nss-softokn-freebl-3.57.0-1.fc31.x86_64", "Installed: nss-sysinit-3.57.0-1.fc31.x86_64", "Installed: nss-util-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-1.51.0-9.fc31.x86_64", "Installed: nspr-4.29.0-1.fc31.x86_64", "Installed: nss-3.57.0-1.fc31.x86_64", "Installed: xmlrpc-c-client-1.51.0-9.fc31.x86_64", "Installed: certmonger-0.79.11-2.fc31.x86_64"]} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "state": "directory", "uid": 0} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=certmonger) => {"__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": true, "enabled": true, "name": "certmonger", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "dbus.socket system.slice sysinit.target network.target basic.target dbus-broker.service syslog.target systemd-journald.socket", "AllowIsolate": "no", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "yes", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "18446744073709551615", "IOReadOperations": "18446744073709551615", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IOWriteBytes": "18446744073709551615", "IOWriteOperations": "18446744073709551615", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "15546", "LimitNPROCSoft": "15546", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "15546", "LimitSIGPENDINGSoft": "15546", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/run/certmonger.pid", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "4663", "TimeoutAbortUSec": "1min 30s", "TimeoutCleanUSec": "infinity", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item={'name': 'mycert', 'dns': 'www.example.com', 'common_name': '# \\\\Every"thing+that,ne;edsing\\0 ', 'contact_email': 'admin@example.com', 'ca': 'self-sign'}) => {"ansible_loop_var": "item", "changed": true, "item": {"ca": "self-sign", "common_name": "# \\\\Every\"thing+that,ne;edsing\\0 ", "contact_email": "admin@example.com", "dns": "www.example.com", "name": "mycert"}, "msg": "Certificate requested (new)."} META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_subject_complex.yml:16 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_subject_complex.yml:36 included: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml for /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__virtualenv_path": "/tmp/certificate-tests-venv"}, "changed": false} TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:6 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [Install certreader] ****************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:11 changed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": true, "cmd": ["/tmp/certificate-tests-venv/bin/pip3", "install", "certreader>=0.1.1"], "name": ["certreader>=0.1.1"], "requirements": null, "state": "present", "stderr": "WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.\nYou should consider upgrading via the 'pip install --upgrade pip' command.\n", "stderr_lines": ["WARNING: You are using pip version 19.1.1, however version 20.2.4 is available.", "You should consider upgrading via the 'pip install --upgrade pip' command."], "stdout": "Collecting certreader>=0.1.1\n Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz\nCollecting cryptography (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)\nCollecting pyasn1 (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)\nCollecting pyyaml (from certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)\nCollecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)\nCollecting six>=1.4.1 (from cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl\nCollecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)\n Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)\nInstalling collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader\n Running setup.py install for pyyaml: started\n Running setup.py install for pyyaml: finished with status 'done'\n Running setup.py install for certreader: started\n Running setup.py install for certreader: finished with status 'done'\nSuccessfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0\n", "stdout_lines": ["Collecting certreader>=0.1.1", " Downloading https://files.pythonhosted.org/packages/96/87/c52b155ac007ec2fcda3beb5d355d187387513ef99fed11e06a520655452/certreader-0.1.1.tar.gz", "Collecting cryptography (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/4c/a2/6565c5271a79e3c96d7a079053b4d8408a740d4bf365f0f5f244a807bd09/cryptography-3.2.1-cp35-abi3-manylinux2010_x86_64.whl (2.6MB)", "Collecting pyasn1 (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/62/1e/a94a8d635fa3ce4cfc7f506003548d0a2447ae76fd5ca53932970fe3053f/pyasn1-0.4.8-py2.py3-none-any.whl (77kB)", "Collecting pyyaml (from certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)", "Collecting cffi!=1.11.3,>=1.8 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/26/d7/1c485a42d59d45f14f27bb93769e56142518c85ddf379dbdad7e42d0ffcd/cffi-1.14.3-cp37-cp37m-manylinux1_x86_64.whl (401kB)", "Collecting six>=1.4.1 (from cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl", "Collecting pycparser (from cffi!=1.11.3,>=1.8->cryptography->certreader>=0.1.1)", " Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)", "Installing collected packages: pycparser, cffi, six, cryptography, pyasn1, pyyaml, certreader", " Running setup.py install for pyyaml: started", " Running setup.py install for pyyaml: finished with status 'done'", " Running setup.py install for certreader: started", " Running setup.py install for certreader: finished with status 'done'", "Successfully installed certreader-0.1.1 cffi-1.14.3 cryptography-3.2.1 pyasn1-0.4.8 pycparser-2.20 pyyaml-5.3.1 six-1.15.0"], "version": null, "virtualenv": "/tmp/certificate-tests-venv"} TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181651.1694264, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "8c1109222d30ef6f7f31c6aaee8fbdd02fc96c7f", "ctime": 1604181651.1664264, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131714, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181651.1664264, "nlink": 1, "path": "/etc/pki/tls/certs/mycert.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1391, "uid": 0, "version": "2585101195", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:22 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:28 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:40 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "stat": {"atime": 1604181651.1234264, "attr_flags": "e", "attributes": ["extents"], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "e49b85197f91309d98ee0ac2aaef7792747e9abf", "ctime": 1604181651.1664264, "dev": 64513, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 131690, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1604181651.1664264, "nlink": 1, "path": "/etc/pki/tls/private/mycert.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1704, "uid": 0, "version": "488109852", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}} TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:45 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:51 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Parse certificate] ******************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:63 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": ["/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert.crt"], "delta": "0:00:00.205085", "end": "2020-10-31 22:01:03.454252", "rc": 0, "start": "2020-10-31 22:01:03.249167", "stderr": "", "stderr_lines": [], "stdout": "{\n \"subject\": [\n {\n \"name\": \"emailAddress\",\n \"oid\": \"1.2.840.113549.1.9.1\",\n \"value\": \"admin@example.com\"\n },\n {\n \"name\": \"commonName\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"# \\\\\\\\Every\\\"thing+that,ne;edsing\\\\0 \"\n }\n ],\n \"extensions\": {\n \"keyUsage\": {\n \"value\": [\n \"digital_signature\",\n \"key_encipherment\"\n ],\n \"critical\": false\n },\n \"subjectAltName\": {\n \"value\": [\n {\n \"name\": \"DNS\",\n \"value\": \"www.example.com\"\n }\n ],\n \"critical\": false\n },\n \"extendedKeyUsage\": {\n \"value\": [\n {\n \"name\": \"id-kp-serverAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.1\"\n },\n {\n \"name\": \"id-kp-clientAuth\",\n \"oid\": \"1.3.6.1.5.5.7.3.2\"\n }\n ],\n \"critical\": false\n },\n \"basicConstraints\": {\n \"value\": {\n \"ca\": false\n },\n \"critical\": true\n },\n \"subjectKeyIdentifier\": {\n \"value\": \"25:5F:42:29:67:CA:C1:2D:FD:73:31:BC:7D:86:4B:DA:1F:98:79:3D\",\n \"critical\": false\n },\n \"authorityKeyIdentifier\": {\n \"value\": \"B6:48:8F:37:02:1D:00:09:F8:ED:61:8D:B8:93:1D:C5:96:7E:9A:A7\",\n \"critical\": false\n }\n },\n \"signature_algorithm\": {\n \"algorithm\": \"sha256WithRSAEncryption\",\n \"signature\": \"9A:13:A8:4B:00:99:72:25:F8:31:64:4B:67:2E:58:3A:8E:1D:97:88:B2:E6:31:30:FE:AE:BC:A1:0D:E7:84:C1:FC:11:92:4A:47:F2:86:80:2C:15:2C:BE:1C:E5:65:81:AF:C2:5A:A6:FA:C0:2D:47:5F:1B:14:CE:4A:C2:96:9B:7C:A8:D9:76:E4:E9:2B:3A:A4:2F:2A:1B:6F:DC:97:07:5B:E8:F7:94:4D:7F:53:00:8E:28:F1:5B:66:D3:FE:C7:D1:5D:69:A1:03:0F:72:02:29:A8:92:84:25:63:4F:78:A8:1D:82:28:38:63:F2:D5:72:B3:6F:7B:A9:55:02:FC:4F:5A:D2:5F:D3:39:B2:A3:77:05:F7:2F:E4:14:A9:2E:9F:F5:83:74:D9:12:1B:5D:B7:F8:C0:6B:A3:FC:DC:94:90:3C:FC:A2:13:99:A4:A8:6F:E9:D9:03:36:92:79:99:E3:B0:AD:3D:15:80:4B:27:67:3D:97:DA:2B:32:60:AF:B4:B3:68:AE:1D:3F:DD:49:B1:0D:45:46:26:99:A3:F0:FC:8F:93:E9:AB:49:AE:AC:4D:C5:32:5E:9D:C5:57:5C:E6:13:16:F8:42:E3:F3:95:17:C8:AF:7C:3F:79:F5:E8:36:7E:10:32:B1:36:BE:BE:6F:DB:BA:4C:0A:AB:D2:5D\"\n },\n \"key_size\": 2048,\n \"validity\": {\n \"not_valid_after\": \"2021-10-31 22:00:50\",\n \"not_valid_before\": \"2020-10-31 22:00:51\"\n }\n}", "stdout_lines": ["{", " \"subject\": [", " {", " \"name\": \"emailAddress\",", " \"oid\": \"1.2.840.113549.1.9.1\",", " \"value\": \"admin@example.com\"", " },", " {", " \"name\": \"commonName\",", " \"oid\": \"2.5.4.3\",", " \"value\": \"# \\\\\\\\Every\\\"thing+that,ne;edsing\\\\0 \"", " }", " ],", " \"extensions\": {", " \"keyUsage\": {", " \"value\": [", " \"digital_signature\",", " \"key_encipherment\"", " ],", " \"critical\": false", " },", " \"subjectAltName\": {", " \"value\": [", " {", " \"name\": \"DNS\",", " \"value\": \"www.example.com\"", " }", " ],", " \"critical\": false", " },", " \"extendedKeyUsage\": {", " \"value\": [", " {", " \"name\": \"id-kp-serverAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.1\"", " },", " {", " \"name\": \"id-kp-clientAuth\",", " \"oid\": \"1.3.6.1.5.5.7.3.2\"", " }", " ],", " \"critical\": false", " },", " \"basicConstraints\": {", " \"value\": {", " \"ca\": false", " },", " \"critical\": true", " },", " \"subjectKeyIdentifier\": {", " \"value\": \"25:5F:42:29:67:CA:C1:2D:FD:73:31:BC:7D:86:4B:DA:1F:98:79:3D\",", " \"critical\": false", " },", " \"authorityKeyIdentifier\": {", " \"value\": \"B6:48:8F:37:02:1D:00:09:F8:ED:61:8D:B8:93:1D:C5:96:7E:9A:A7\",", " \"critical\": false", " }", " },", " \"signature_algorithm\": {", " \"algorithm\": \"sha256WithRSAEncryption\",", " \"signature\": \"9A:13:A8:4B:00:99:72:25:F8:31:64:4B:67:2E:58:3A:8E:1D:97:88:B2:E6:31:30:FE:AE:BC:A1:0D:E7:84:C1:FC:11:92:4A:47:F2:86:80:2C:15:2C:BE:1C:E5:65:81:AF:C2:5A:A6:FA:C0:2D:47:5F:1B:14:CE:4A:C2:96:9B:7C:A8:D9:76:E4:E9:2B:3A:A4:2F:2A:1B:6F:DC:97:07:5B:E8:F7:94:4D:7F:53:00:8E:28:F1:5B:66:D3:FE:C7:D1:5D:69:A1:03:0F:72:02:29:A8:92:84:25:63:4F:78:A8:1D:82:28:38:63:F2:D5:72:B3:6F:7B:A9:55:02:FC:4F:5A:D2:5F:D3:39:B2:A3:77:05:F7:2F:E4:14:A9:2E:9F:F5:83:74:D9:12:1B:5D:B7:F8:C0:6B:A3:FC:DC:94:90:3C:FC:A2:13:99:A4:A8:6F:E9:D9:03:36:92:79:99:E3:B0:AD:3D:15:80:4B:27:67:3D:97:DA:2B:32:60:AF:B4:B3:68:AE:1D:3F:DD:49:B1:0D:45:46:26:99:A3:F0:FC:8F:93:E9:AB:49:AE:AC:4D:C5:32:5E:9D:C5:57:5C:E6:13:16:F8:42:E3:F3:95:17:C8:AF:7C:3F:79:F5:E8:36:7E:10:32:B1:36:BE:BE:6F:DB:BA:4C:0A:AB:D2:5D\"", " },", " \"key_size\": 2048,", " \"validity\": {", " \"not_valid_after\": \"2021-10-31 22:00:50\",", " \"not_valid_before\": \"2020-10-31 22:00:51\"", " }", "}"]} TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:68 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"cert_issued": {"extensions": {"authorityKeyIdentifier": {"critical": false, "value": "B6:48:8F:37:02:1D:00:09:F8:ED:61:8D:B8:93:1D:C5:96:7E:9A:A7"}, "basicConstraints": {"critical": true, "value": {"ca": false}}, "extendedKeyUsage": {"critical": false, "value": [{"name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1"}, {"name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2"}]}, "keyUsage": {"critical": false, "value": ["digital_signature", "key_encipherment"]}, "subjectAltName": {"critical": false, "value": [{"name": "DNS", "value": "www.example.com"}]}, "subjectKeyIdentifier": {"critical": false, "value": "25:5F:42:29:67:CA:C1:2D:FD:73:31:BC:7D:86:4B:DA:1F:98:79:3D"}}, "key_size": 2048, "signature_algorithm": {"algorithm": "sha256WithRSAEncryption", "signature": "9A:13:A8:4B:00:99:72:25:F8:31:64:4B:67:2E:58:3A:8E:1D:97:88:B2:E6:31:30:FE:AE:BC:A1:0D:E7:84:C1:FC:11:92:4A:47:F2:86:80:2C:15:2C:BE:1C:E5:65:81:AF:C2:5A:A6:FA:C0:2D:47:5F:1B:14:CE:4A:C2:96:9B:7C:A8:D9:76:E4:E9:2B:3A:A4:2F:2A:1B:6F:DC:97:07:5B:E8:F7:94:4D:7F:53:00:8E:28:F1:5B:66:D3:FE:C7:D1:5D:69:A1:03:0F:72:02:29:A8:92:84:25:63:4F:78:A8:1D:82:28:38:63:F2:D5:72:B3:6F:7B:A9:55:02:FC:4F:5A:D2:5F:D3:39:B2:A3:77:05:F7:2F:E4:14:A9:2E:9F:F5:83:74:D9:12:1B:5D:B7:F8:C0:6B:A3:FC:DC:94:90:3C:FC:A2:13:99:A4:A8:6F:E9:D9:03:36:92:79:99:E3:B0:AD:3D:15:80:4B:27:67:3D:97:DA:2B:32:60:AF:B4:B3:68:AE:1D:3F:DD:49:B1:0D:45:46:26:99:A3:F0:FC:8F:93:E9:AB:49:AE:AC:4D:C5:32:5E:9D:C5:57:5C:E6:13:16:F8:42:E3:F3:95:17:C8:AF:7C:3F:79:F5:E8:36:7E:10:32:B1:36:BE:BE:6F:DB:BA:4C:0A:AB:D2:5D"}, "subject": [{"name": "emailAddress", "oid": "1.2.840.113549.1.9.1", "value": "admin@example.com"}, {"name": "commonName", "oid": "2.5.4.3", "value": "# \\\\Every\"thing+that,ne;edsing\\0 "}], "validity": {"not_valid_after": "2021-10-31 22:00:50", "not_valid_before": "2020-10-31 22:00:51"}}}, "changed": false} TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:72 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:81 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify key size] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:90 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:97 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:110 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:126 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "cmd": "getcert list -f /etc/pki/tls/certs/mycert.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.053099", "end": "2020-10-31 22:01:04.059050", "rc": 0, "start": "2020-10-31 22:01:04.005951", "stderr": "", "stderr_lines": [], "stdout": "yes", "stdout_lines": ["yes"]} TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpihz7fk_9/tests/tasks/assert_certificate_parameters.yml:134 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=29 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 + cd /tmp/tmpihz7fk_9/tests; TEST_SUBJECTS=/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 TEST_ARTIFACTS=/tmp/linux-system-role-test-work-pull-linux-system-roles_certificate-67-8b7dd96-fedora-31-cidtvxdw/artifacts ansible-playbook -vv --inventory=/usr/share/ansible/inventory/standard-inventory-qcow2 /tmp/tmpihz7fk_9/_setup.yml /tmp/tmpihz7fk_9/tests/tests_wrong_provider.yml ansible-playbook 2.9.14 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/tester/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible-playbook python version = 3.8.6 (default, Sep 25 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)] Using /etc/ansible/ansible.cfg as config file PLAYBOOK: _setup.yml *********************************************************** 1 plays in /tmp/tmpihz7fk_9/_setup.yml PLAY [Fail when only localhost is available] *********************************** META: ran handlers TASK [debug] ******************************************************************* task path: /tmp/tmpihz7fk_9/_setup.yml:5 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "groups": { "all": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "localhost": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "subjects": [ "/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2" ], "ungrouped": [] } } TASK [fail] ******************************************************************** task path: /tmp/tmpihz7fk_9/_setup.yml:7 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "skip_reason": "Conditional result was False"} META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 PLAYBOOK: tests_wrong_provider.yml ********************************************* 1 plays in /tmp/tmpihz7fk_9/tests/tests_wrong_provider.yml PLAY [Test issuing certificate with nonexistent provider] ********************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpihz7fk_9/tests/tests_wrong_provider.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpihz7fk_9/tasks/main.yml:2 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"ansible_facts": {"__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": ["python3-pyasn1", "python3-cryptography", "python3-dbus"]}, "ansible_included_var_files": ["/tmp/tmpihz7fk_9/vars/default.yml"], "changed": false} TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:17 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => {"changed": false, "msg": "Nothing to do", "rc": 0, "results": []} TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:34 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:45 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpihz7fk_9/tasks/main.yml:71 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpihz7fk_9/tasks/main.yml:100 skipping: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => (item=fake-provider) => {"__certificate_provider": "fake-provider", "ansible_loop_var": "__certificate_provider", "changed": false, "skip_reason": "Conditional result was False"} TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpihz7fk_9/tasks/main.yml:112 failed: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] (item={'name': 'mycert', 'dns': 'www.example.com', 'ca': 'self-sign', 'provider': 'fake-provider'}) => {"ansible_loop_var": "item", "changed": false, "item": {"ca": "self-sign", "dns": "www.example.com", "name": "mycert", "provider": "fake-provider"}, "msg": "Chosen provider 'fake-provider' is not available."} TASK [assert...] *************************************************************** task path: /tmp/tmpihz7fk_9/tests/tests_wrong_provider.yml:21 ok: [/cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2] => { "changed": false, "msg": "All assertions passed" } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/Fedora-Cloud-Base-31-20201031.0.x86_64.qcow2 : ok=5 changed=0 unreachable=0 failed=0 skipped=5 rescued=1 ignored=0