ansible-playbook [core 2.12.6] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpoau9jedf executable location = /usr/bin/ansible-playbook python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmpqiz1ijmo/tests/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpqiz1ijmo/tests/tests_key_size.yml:2 Wednesday 06 July 2022 05:35:50 +0000 (0:00:00.015) 0:00:00.015 ******** ok: [/cache/centos-7.qcow2c.snap] META: ran handlers TASK [linux-system-roles.certificate : Set version specific variables] ********* task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:2 Wednesday 06 July 2022 05:35:51 +0000 (0:00:01.039) 0:00:01.054 ******** included: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for /cache/centos-7.qcow2c.snap TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ****** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Wednesday 06 July 2022 05:35:51 +0000 (0:00:00.025) 0:00:01.080 ******** ok: [/cache/centos-7.qcow2c.snap] TASK [linux-system-roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:8 Wednesday 06 July 2022 05:35:51 +0000 (0:00:00.419) 0:00:01.500 ******** skipping: [/cache/centos-7.qcow2c.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/centos-7.qcow2c.snap] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } ok: [/cache/centos-7.qcow2c.snap] => (item=CentOS_7.yml) => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python-pyasn1", "python-cryptography", "python-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/vars/CentOS_7.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.yml" } skipping: [/cache/centos-7.qcow2c.snap] => (item=CentOS_7.9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.9.yml", "skip_reason": "Conditional result was False" } TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 Wednesday 06 July 2022 05:35:51 +0000 (0:00:00.052) 0:00:01.552 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed", "dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed" ] } TASK [linux-system-roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 Wednesday 06 July 2022 05:35:53 +0000 (0:00:01.172) 0:00:02.724 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [ "certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed" ] } TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 Wednesday 06 July 2022 05:35:53 +0000 (0:00:00.594) 0:00:03.319 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 Wednesday 06 July 2022 05:35:54 +0000 (0:00:00.489) 0:00:03.808 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [linux-system-roles.certificate : Ensure provider service is running] ***** task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 Wednesday 06 July 2022 05:35:54 +0000 (0:00:00.356) 0:00:04.165 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Wed 2022-07-06 05:31:41 UTC", "ActiveEnterTimestampMonotonic": "172162297", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "systemd-journald.socket basic.target system.slice network.target syslog.target dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Wed 2022-07-06 05:31:41 UTC", "AssertTimestampMonotonic": "172148815", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2022-07-06 05:31:41 UTC", "ConditionTimestampMonotonic": "172148814", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6078", "ExecMainStartTimestamp": "Wed 2022-07-06 05:31:41 UTC", "ExecMainStartTimestampMonotonic": "172149537", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2022-07-06 05:31:41 UTC", "InactiveExitTimestampMonotonic": "172149585", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14960", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14960", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "6078", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/var/run/certmonger.pid", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Wed 2022-07-06 05:31:41 UTC", "WatchdogTimestampMonotonic": "172162252", "WatchdogUSec": "0" } } TASK [linux-system-roles.certificate : Ensure certificate requests] ************ task path: /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 Wednesday 06 July 2022 05:35:55 +0000 (0:00:00.694) 0:00:04.859 ******** changed: [/cache/centos-7.qcow2c.snap] => (item={'name': 'mycert_key_size', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert_key_size" } } MSG: Certificate requested (new). META: role_complete for /cache/centos-7.qcow2c.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmpqiz1ijmo/tests/tests_key_size.yml:14 Wednesday 06 July 2022 05:35:57 +0000 (0:00:02.539) 0:00:07.399 ******** ok: [/cache/centos-7.qcow2c.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmpqiz1ijmo/tests/tests_key_size.yml:29 Wednesday 06 July 2022 05:35:58 +0000 (0:00:00.731) 0:00:08.131 ******** included: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml for /cache/centos-7.qcow2c.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_size.crt', 'key_path': '/etc/pki/tls/private/mycert_key_size.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_size': 4096}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 05:35:58 +0000 (0:00:00.041) 0:00:08.173 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 05:35:58 +0000 (0:00:00.028) 0:00:08.202 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 05:35:59 +0000 (0:00:00.559) 0:00:08.761 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 05:36:00 +0000 (0:00:01.082) 0:00:09.844 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 05:36:00 +0000 (0:00:00.831) 0:00:10.675 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657085757.5363765, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bc17140dc57f9e12fb96678a2e2091a7b559315e", "ctime": 1657085757.5333765, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668529, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657085757.5333765, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_size.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1643, "uid": 0, "version": "18446744073422018846", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 05:36:01 +0000 (0:00:00.462) 0:00:11.138 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 05:36:01 +0000 (0:00:00.033) 0:00:11.171 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:49 Wednesday 06 July 2022 05:36:01 +0000 (0:00:00.049) 0:00:11.221 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:55 Wednesday 06 July 2022 05:36:01 +0000 (0:00:00.075) 0:00:11.296 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657085757.4763763, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "0fd59d6dee5033a20f7532eae7eac34f466f1c9f", "ctime": 1657085757.5333765, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668528, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657085757.5333765, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_size.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "268984536", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:60 Wednesday 06 July 2022 05:36:01 +0000 (0:00:00.358) 0:00:11.655 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:66 Wednesday 06 July 2022 05:36:02 +0000 (0:00:00.069) 0:00:11.724 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:78 Wednesday 06 July 2022 05:36:02 +0000 (0:00:00.083) 0:00:11.808 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_size.crt" ], "delta": "0:00:00.260688", "end": "2022-07-06 05:36:02.703425", "rc": 0, "start": "2022-07-06 05:36:02.442737" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "F2:6A:3A:BA:9D:D7:90:94:DD:C1:DB:DC:57:14:71:C8:B3:4D:D9:C3", "critical": false }, "authorityKeyIdentifier": { "value": "02:AD:DA:38:F4:E2:5E:3D:60:C0:9D:C9:B6:8B:BA:75:33:70:48:A5", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6D:0B:D0:F2:27:FD:59:5E:97:48:81:48:A0:C5:A6:59:93:24:7C:91:17:6A:C9:EC:0C:D6:62:FD:83:EF:77:81:60:82:6C:B1:8C:BF:57:ED:7E:EA:25:C1:2D:82:3A:31:37:D4:8D:34:47:C4:7F:47:E4:F7:35:3B:25:3C:20:82:FB:21:35:9F:13:F4:F7:20:7B:7B:3F:B7:69:93:D5:8F:60:7E:69:15:BC:75:AA:33:EC:AA:9A:EE:54:C8:35:68:B7:0E:EB:BE:4C:CF:FC:B0:53:9C:8D:AE:BC:30:01:5C:80:01:B9:7B:85:6F:BE:5B:8E:EF:A2:12:01:F8:D1:B2:E3:3E:C5:3F:BD:25:54:5F:E1:75:9A:79:83:BE:EC:D2:46:49:2C:58:4B:3F:B2:11:95:59:BF:15:7C:F4:9A:37:13:CC:21:84:05:1B:BC:11:B7:1D:A3:F7:FF:83:EE:FC:CB:CE:31:A0:B7:83:02:98:34:19:18:28:CE:26:16:25:12:CE:39:F0:64:B7:D0:14:8A:8D:8F:F1:E8:87:84:E6:73:CE:5E:89:8A:56:6E:97:3C:46:E7:1D:F4:ED:67:5F:FD:43:3C:53:EA:1D:FC:08:89:73:09:8A:3F:2C:42:88:EB:F7:E1:2B:F4:CB:3A:FC:13:3C:5A:3D:79:4C:F2:A7" }, "key_size": 4096, "validity": { "not_valid_after": "2023-07-06 05:31:41", "not_valid_before": "2022-07-06 05:35:57" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 05:36:02 +0000 (0:00:00.675) 0:00:12.484 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "02:AD:DA:38:F4:E2:5E:3D:60:C0:9D:C9:B6:8B:BA:75:33:70:48:A5" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "F2:6A:3A:BA:9D:D7:90:94:DD:C1:DB:DC:57:14:71:C8:B3:4D:D9:C3" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "6D:0B:D0:F2:27:FD:59:5E:97:48:81:48:A0:C5:A6:59:93:24:7C:91:17:6A:C9:EC:0C:D6:62:FD:83:EF:77:81:60:82:6C:B1:8C:BF:57:ED:7E:EA:25:C1:2D:82:3A:31:37:D4:8D:34:47:C4:7F:47:E4:F7:35:3B:25:3C:20:82:FB:21:35:9F:13:F4:F7:20:7B:7B:3F:B7:69:93:D5:8F:60:7E:69:15:BC:75:AA:33:EC:AA:9A:EE:54:C8:35:68:B7:0E:EB:BE:4C:CF:FC:B0:53:9C:8D:AE:BC:30:01:5C:80:01:B9:7B:85:6F:BE:5B:8E:EF:A2:12:01:F8:D1:B2:E3:3E:C5:3F:BD:25:54:5F:E1:75:9A:79:83:BE:EC:D2:46:49:2C:58:4B:3F:B2:11:95:59:BF:15:7C:F4:9A:37:13:CC:21:84:05:1B:BC:11:B7:1D:A3:F7:FF:83:EE:FC:CB:CE:31:A0:B7:83:02:98:34:19:18:28:CE:26:16:25:12:CE:39:F0:64:B7:D0:14:8A:8D:8F:F1:E8:87:84:E6:73:CE:5E:89:8A:56:6E:97:3C:46:E7:1D:F4:ED:67:5F:FD:43:3C:53:EA:1D:FC:08:89:73:09:8A:3F:2C:42:88:EB:F7:E1:2B:F4:CB:3A:FC:13:3C:5A:3D:79:4C:F2:A7" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 05:31:41", "not_valid_before": "2022-07-06 05:35:57" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:87 Wednesday 06 July 2022 05:36:02 +0000 (0:00:00.042) 0:00:12.526 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:96 Wednesday 06 July 2022 05:36:02 +0000 (0:00:00.043) 0:00:12.570 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:105 Wednesday 06 July 2022 05:36:02 +0000 (0:00:00.031) 0:00:12.601 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:112 Wednesday 06 July 2022 05:36:02 +0000 (0:00:00.041) 0:00:12.643 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:125 Wednesday 06 July 2022 05:36:02 +0000 (0:00:00.043) 0:00:12.687 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 05:36:03 +0000 (0:00:00.045) 0:00:12.732 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_size.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.062057", "end": "2022-07-06 05:36:03.324390", "rc": 0, "start": "2022-07-06 05:36:03.262333" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:150 Wednesday 06 July 2022 05:36:03 +0000 (0:00:00.370) 0:00:13.103 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/centos-7.qcow2c.snap : ok=32 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Wednesday 06 July 2022 05:36:03 +0000 (0:00:00.054) 0:00:13.157 ******** =============================================================================== linux-system-roles.certificate : Ensure certificate requests ------------ 2.54s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:100 linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 1.17s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:5 -- Install the package, force upgrade -------------------------------------- 1.08s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:11 ------------- Gathering Facts --------------------------------------------------------- 1.04s /tmp/tmpqiz1ijmo/tests/tests_key_size.yml:2 ----------------------------------- Install certreader ------------------------------------------------------ 0.83s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:18 ------------- Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmpqiz1ijmo/tests/tests_key_size.yml:14 ---------------------------------- linux-system-roles.certificate : Ensure provider service is running ----- 0.69s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:88 - Parse certificate ------------------------------------------------------- 0.68s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:78 ------------- linux-system-roles.certificate : Ensure provider packages are installed --- 0.59s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:22 - Ensure python3 is installed --------------------------------------------- 0.56s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:6 -------------- linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.49s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:33 - Retrieve certificate file stats ----------------------------------------- 0.46s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:26 ------------- linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.42s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.37s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:141 ------------ Retrieve key file stats ------------------------------------------------- 0.36s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:55 ------------- linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.36s /tmp/tmpqiz1ijmo/tests/roles/linux-system-roles.certificate/tasks/main.yml:59 - Verify key file owner and group ----------------------------------------- 0.08s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:66 ------------- Verify certificate permissions ------------------------------------------ 0.08s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:49 ------------- Verify if key file exists ----------------------------------------------- 0.07s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:60 ------------- Verify certificate auto-renew flag -------------------------------------- 0.05s /tmp/tmpqiz1ijmo/tests/tasks/assert_certificate_parameters.yml:150 ------------ ansible-playbook [core 2.12.6] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /tmp/tmpoau9jedf executable location = /usr/bin/ansible-playbook python version = 3.9.13 (main, May 18 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] jinja version = 2.11.3 libyaml = True Using /etc/ansible/ansible.cfg as config file Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_key_size.yml *************************************************** 2 plays in /tmp/tmp5ygcfjec/tests/certificate/tests_key_size.yml PLAY [Issue simple self-signed certificate] ************************************ TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tests_key_size.yml:2 Wednesday 06 July 2022 05:45:36 +0000 (0:00:00.014) 0:00:00.014 ******** ok: [/cache/centos-7.qcow2c.snap] META: ran handlers TASK [fedora.linux_system_roles.certificate : Set version specific variables] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:2 Wednesday 06 July 2022 05:45:37 +0000 (0:00:01.032) 0:00:01.047 ******** included: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml for /cache/centos-7.qcow2c.snap TASK [fedora.linux_system_roles.certificate : Ensure ansible_facts used by role] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Wednesday 06 July 2022 05:45:37 +0000 (0:00:00.027) 0:00:01.074 ******** ok: [/cache/centos-7.qcow2c.snap] TASK [fedora.linux_system_roles.certificate : Set platform/version specific variables] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:7 Wednesday 06 July 2022 05:45:37 +0000 (0:00:00.456) 0:00:01.531 ******** skipping: [/cache/centos-7.qcow2c.snap] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [/cache/centos-7.qcow2c.snap] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } ok: [/cache/centos-7.qcow2c.snap] => (item=CentOS_7.yml) => { "ansible_facts": { "__certificate_default_directory": "/etc/pki/tls", "__certificate_packages": [ "python-pyasn1", "python-cryptography", "python-dbus" ] }, "ansible_included_var_files": [ "/tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/vars/CentOS_7.yml" ], "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.yml" } skipping: [/cache/centos-7.qcow2c.snap] => (item=CentOS_7.9.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_7.9.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Wednesday 06 July 2022 05:45:37 +0000 (0:00:00.057) 0:00:01.589 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python2-pyasn1-0.1.9-7.el7.noarch providing python-pyasn1 is already installed", "python2-cryptography-1.7.2-2.el7.x86_64 providing python-cryptography is already installed", "dbus-python-1.1.1-9.el7.x86_64 providing python-dbus is already installed" ] } TASK [fedora.linux_system_roles.certificate : Ensure provider packages are installed] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Wednesday 06 July 2022 05:45:38 +0000 (0:00:01.157) 0:00:02.746 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "rc": 0, "results": [ "certmonger-0.78.4-17.el7_9.x86_64 providing certmonger is already installed" ] } TASK [fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Wednesday 06 July 2022 05:45:39 +0000 (0:00:00.627) 0:00:03.374 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//pre-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Wednesday 06 July 2022 05:45:39 +0000 (0:00:00.492) 0:00:03.867 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "gid": 0, "group": "root", "mode": "0700", "owner": "root", "path": "/etc/certmonger//post-scripts", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 6, "state": "directory", "uid": 0 } TASK [fedora.linux_system_roles.certificate : Ensure provider service is running] *** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 Wednesday 06 July 2022 05:45:40 +0000 (0:00:00.348) 0:00:04.216 ******** ok: [/cache/centos-7.qcow2c.snap] => (item=certmonger) => { "__certificate_provider": "certmonger", "ansible_loop_var": "__certificate_provider", "changed": false, "enabled": true, "name": "certmonger", "state": "started", "status": { "ActiveEnterTimestamp": "Wed 2022-07-06 05:41:20 UTC", "ActiveEnterTimestampMonotonic": "176677201", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice syslog.target systemd-journald.socket network.target basic.target dbus.service", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Wed 2022-07-06 05:41:20 UTC", "AssertTimestampMonotonic": "176662452", "Before": "multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "BusName": "org.fedorahosted.certmonger", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Wed 2022-07-06 05:41:20 UTC", "ConditionTimestampMonotonic": "176662451", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/certmonger.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "Certificate monitoring and PKI enrollment", "DevicePolicy": "auto", "EnvironmentFile": "/etc/sysconfig/certmonger (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "6092", "ExecMainStartTimestamp": "Wed 2022-07-06 05:41:20 UTC", "ExecMainStartTimestampMonotonic": "176663195", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/certmonger.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "certmonger.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Wed 2022-07-06 05:41:20 UTC", "InactiveExitTimestampMonotonic": "176663230", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "14960", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "14960", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "6092", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "certmonger.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PIDFile": "/var/run/certmonger.pid", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "basic.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "enabled", "WantedBy": "multi-user.target", "WatchdogTimestamp": "Wed 2022-07-06 05:41:20 UTC", "WatchdogTimestampMonotonic": "176677056", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.certificate : Ensure certificate requests] ***** task path: /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 Wednesday 06 July 2022 05:45:40 +0000 (0:00:00.680) 0:00:04.896 ******** changed: [/cache/centos-7.qcow2c.snap] => (item={'name': 'mycert_key_size', 'dns': 'www.example.com', 'ca': 'self-sign', 'key_size': 4096}) => { "ansible_loop_var": "item", "changed": true, "item": { "ca": "self-sign", "dns": "www.example.com", "key_size": 4096, "name": "mycert_key_size" } } MSG: Certificate requested (new). META: role_complete for /cache/centos-7.qcow2c.snap META: ran handlers META: ran handlers PLAY [Verify certificate] ****************************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tests_key_size.yml:14 Wednesday 06 July 2022 05:45:42 +0000 (0:00:01.527) 0:00:06.424 ******** ok: [/cache/centos-7.qcow2c.snap] META: ran handlers TASK [Verify each certificate] ************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tests_key_size.yml:29 Wednesday 06 July 2022 05:45:43 +0000 (0:00:00.726) 0:00:07.150 ******** included: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml for /cache/centos-7.qcow2c.snap => (item={'path': '/etc/pki/tls/certs/mycert_key_size.crt', 'key_path': '/etc/pki/tls/private/mycert_key_size.key', 'subject': [{'name': 'commonName', 'oid': '2.5.4.3', 'value': 'www.example.com'}], 'subject_alt_name': [{'name': 'DNS', 'value': 'www.example.com'}], 'key_size': 4096}) TASK [Set virtualenv_path] ***************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:2 Wednesday 06 July 2022 05:45:43 +0000 (0:00:00.046) 0:00:07.197 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "__virtualenv_path": "/tmp/certificate-tests-venv" }, "changed": false } TASK [Ensure python3 is installed] ********************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:6 Wednesday 06 July 2022 05:45:43 +0000 (0:00:00.028) 0:00:07.225 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "rc": 0, "results": [ "python3-3.6.8-18.el7.x86_64 providing python3 is already installed" ] } TASK [Install the package, force upgrade] ************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:11 Wednesday 06 July 2022 05:45:43 +0000 (0:00:00.597) 0:00:07.822 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "-U", "pip" ], "name": [ "pip" ], "requirements": null, "state": "latest", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: pip in ./certificate-tests-venv/lib/python3.6/site-packages (21.3.1) TASK [Install certreader] ****************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:18 Wednesday 06 July 2022 05:45:45 +0000 (0:00:01.149) 0:00:08.971 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/pip", "install", "cryptography<35", "certreader>=0.1.1" ], "name": [ "cryptography<35", "certreader>=0.1.1" ], "requirements": null, "state": "present", "version": null, "virtualenv": "/tmp/certificate-tests-venv" } STDOUT: Requirement already satisfied: cryptography<35 in ./certificate-tests-venv/lib/python3.6/site-packages (3.4.8) Requirement already satisfied: certreader>=0.1.1 in ./certificate-tests-venv/lib/python3.6/site-packages (0.1.1) Requirement already satisfied: cffi>=1.12 in ./certificate-tests-venv/lib/python3.6/site-packages (from cryptography<35) (1.15.1) Requirement already satisfied: pyasn1 in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (0.4.8) Requirement already satisfied: pyyaml in ./certificate-tests-venv/lib/python3.6/site-packages (from certreader>=0.1.1) (6.0) Requirement already satisfied: pycparser in ./certificate-tests-venv/lib/python3.6/site-packages (from cffi>=1.12->cryptography<35) (2.21) TASK [Retrieve certificate file stats] ***************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:26 Wednesday 06 July 2022 05:45:45 +0000 (0:00:00.810) 0:00:09.782 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657086342.0653508, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "79258c8cd31d5f5a482725f46f9f7f9109cb2c35", "ctime": 1657086342.0613508, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668433, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657086342.0613508, "nlink": 1, "path": "/etc/pki/tls/certs/mycert_key_size.crt", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 1643, "uid": 0, "version": "18446744072270991426", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if certificate file exists] *************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:31 Wednesday 06 July 2022 05:45:46 +0000 (0:00:00.459) 0:00:10.241 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate file owner and group] ********************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:37 Wednesday 06 July 2022 05:45:46 +0000 (0:00:00.064) 0:00:10.306 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate permissions] ****************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:47 Wednesday 06 July 2022 05:45:46 +0000 (0:00:00.075) 0:00:10.381 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve key file stats] ************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:53 Wednesday 06 July 2022 05:45:46 +0000 (0:00:00.046) 0:00:10.428 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "stat": { "atime": 1657086342.0013509, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "48610c04416944cb71bd2a75c0e4eca8b34865de", "ctime": 1657086342.0613508, "dev": 64769, "device_type": 0, "executable": false, "exists": true, "gid": 0, "gr_name": "root", "inode": 9668432, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0600", "mtime": 1657086342.0613508, "nlink": 1, "path": "/etc/pki/tls/private/mycert_key_size.key", "pw_name": "root", "readable": true, "rgrp": false, "roth": false, "rusr": true, "size": 3272, "uid": 0, "version": "18446744073554884432", "wgrp": false, "woth": false, "writeable": true, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } } TASK [Verify if key file exists] *********************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:58 Wednesday 06 July 2022 05:45:46 +0000 (0:00:00.320) 0:00:10.749 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key file owner and group] ***************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:64 Wednesday 06 July 2022 05:45:46 +0000 (0:00:00.033) 0:00:10.783 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Parse certificate] ******************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:74 Wednesday 06 July 2022 05:45:46 +0000 (0:00:00.077) 0:00:10.860 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": [ "/tmp/certificate-tests-venv/bin/certreader2json", "/etc/pki/tls/certs/mycert_key_size.crt" ], "delta": "0:00:00.301680", "end": "2022-07-06 05:45:47.414043", "rc": 0, "start": "2022-07-06 05:45:47.112363" } STDOUT: { "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "extensions": { "keyUsage": { "value": [ "digital_signature", "key_encipherment" ], "critical": false }, "subjectAltName": { "value": [ { "name": "DNS", "value": "www.example.com" } ], "critical": false }, "extendedKeyUsage": { "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ], "critical": false }, "basicConstraints": { "value": { "ca": false }, "critical": true }, "subjectKeyIdentifier": { "value": "57:8F:E1:12:02:C6:94:D6:49:AA:FE:3A:9F:C5:AF:07:21:04:B8:B1", "critical": false }, "authorityKeyIdentifier": { "value": "86:6C:07:61:C3:94:A9:ED:89:69:38:21:CE:07:8B:89:13:CF:C0:06", "critical": false } }, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "60:14:82:9B:8C:4A:10:8E:A9:3B:89:76:97:F4:B7:06:F8:F1:60:97:31:81:DE:BB:DC:4A:9F:02:1D:2C:9F:B6:1F:75:79:1B:8C:62:25:8F:BE:B5:68:83:0B:46:91:44:AA:8C:84:F5:E1:36:41:4A:95:58:84:6A:28:19:88:D7:88:99:D3:34:98:71:99:B0:0C:86:66:B3:A5:CE:D8:80:94:E1:6E:03:ED:24:8A:6C:FF:51:6F:90:26:1B:A0:1C:FA:38:BC:F8:7C:C3:66:CE:39:B7:51:05:88:DC:91:81:1D:73:15:50:6B:56:EC:37:0B:72:8F:13:9E:5B:10:71:B2:60:BA:F2:CB:F3:D7:EB:CF:4D:E9:2B:DF:50:E3:30:18:6A:6C:4D:16:72:37:31:88:F5:75:B3:F5:74:5A:40:CC:55:FB:3F:51:F9:04:48:55:BC:D2:3A:A7:5C:95:04:E6:AB:A0:BD:22:EF:FE:CC:4D:AF:B3:1F:50:3C:AB:D3:3B:A7:59:D3:DD:0C:54:0D:47:8E:33:87:6E:65:F3:9E:6A:46:99:FE:CE:95:53:38:8E:6F:42:96:C9:0D:51:F0:CC:FA:70:56:A6:68:64:DA:9B:72:03:7F:B5:6B:DD:B4:38:20:5E:E3:CA:7A:ED:4E:E2:8F:4F:FF:CA:E9:33:44" }, "key_size": 4096, "validity": { "not_valid_after": "2023-07-06 05:41:20", "not_valid_before": "2022-07-06 05:45:42" } } TASK [Load certificate YAML to cert_issued variable] *************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:79 Wednesday 06 July 2022 05:45:47 +0000 (0:00:00.754) 0:00:11.615 ******** ok: [/cache/centos-7.qcow2c.snap] => { "ansible_facts": { "cert_issued": { "extensions": { "authorityKeyIdentifier": { "critical": false, "value": "86:6C:07:61:C3:94:A9:ED:89:69:38:21:CE:07:8B:89:13:CF:C0:06" }, "basicConstraints": { "critical": true, "value": { "ca": false } }, "extendedKeyUsage": { "critical": false, "value": [ { "name": "id-kp-serverAuth", "oid": "1.3.6.1.5.5.7.3.1" }, { "name": "id-kp-clientAuth", "oid": "1.3.6.1.5.5.7.3.2" } ] }, "keyUsage": { "critical": false, "value": [ "digital_signature", "key_encipherment" ] }, "subjectAltName": { "critical": false, "value": [ { "name": "DNS", "value": "www.example.com" } ] }, "subjectKeyIdentifier": { "critical": false, "value": "57:8F:E1:12:02:C6:94:D6:49:AA:FE:3A:9F:C5:AF:07:21:04:B8:B1" } }, "key_size": 4096, "signature_algorithm": { "algorithm": "sha256WithRSAEncryption", "signature": "60:14:82:9B:8C:4A:10:8E:A9:3B:89:76:97:F4:B7:06:F8:F1:60:97:31:81:DE:BB:DC:4A:9F:02:1D:2C:9F:B6:1F:75:79:1B:8C:62:25:8F:BE:B5:68:83:0B:46:91:44:AA:8C:84:F5:E1:36:41:4A:95:58:84:6A:28:19:88:D7:88:99:D3:34:98:71:99:B0:0C:86:66:B3:A5:CE:D8:80:94:E1:6E:03:ED:24:8A:6C:FF:51:6F:90:26:1B:A0:1C:FA:38:BC:F8:7C:C3:66:CE:39:B7:51:05:88:DC:91:81:1D:73:15:50:6B:56:EC:37:0B:72:8F:13:9E:5B:10:71:B2:60:BA:F2:CB:F3:D7:EB:CF:4D:E9:2B:DF:50:E3:30:18:6A:6C:4D:16:72:37:31:88:F5:75:B3:F5:74:5A:40:CC:55:FB:3F:51:F9:04:48:55:BC:D2:3A:A7:5C:95:04:E6:AB:A0:BD:22:EF:FE:CC:4D:AF:B3:1F:50:3C:AB:D3:3B:A7:59:D3:DD:0C:54:0D:47:8E:33:87:6E:65:F3:9E:6A:46:99:FE:CE:95:53:38:8E:6F:42:96:C9:0D:51:F0:CC:FA:70:56:A6:68:64:DA:9B:72:03:7F:B5:6B:DD:B4:38:20:5E:E3:CA:7A:ED:4E:E2:8F:4F:FF:CA:E9:33:44" }, "subject": [ { "name": "commonName", "oid": "2.5.4.3", "value": "www.example.com" } ], "validity": { "not_valid_after": "2023-07-06 05:41:20", "not_valid_before": "2022-07-06 05:45:42" } } }, "changed": false } TASK [Verify certificate subject] ********************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:83 Wednesday 06 July 2022 05:45:47 +0000 (0:00:00.043) 0:00:11.658 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate SAN] ************************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:91 Wednesday 06 July 2022 05:45:47 +0000 (0:00:00.077) 0:00:11.736 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify key size] ********************************************************* task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:99 Wednesday 06 July 2022 05:45:47 +0000 (0:00:00.082) 0:00:11.819 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Key Usage] ******************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:106 Wednesday 06 July 2022 05:45:47 +0000 (0:00:00.069) 0:00:11.888 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Verify certificate Extended Key Usage] *********************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:118 Wednesday 06 July 2022 05:45:47 +0000 (0:00:00.072) 0:00:11.960 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed TASK [Retrieve auto-renew flag] ************************************************ task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:132 Wednesday 06 July 2022 05:45:48 +0000 (0:00:00.045) 0:00:12.006 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false, "cmd": "set -euo pipefail; getcert list -f /etc/pki/tls/certs/mycert_key_size.crt | grep 'auto-renew' | sed 's/^\\s\\+auto-renew: //g'", "delta": "0:00:00.062998", "end": "2022-07-06 05:45:48.199353", "rc": 0, "start": "2022-07-06 05:45:48.136355" } STDOUT: yes TASK [Verify certificate auto-renew flag] ************************************** task path: /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:141 Wednesday 06 July 2022 05:45:48 +0000 (0:00:00.386) 0:00:12.392 ******** ok: [/cache/centos-7.qcow2c.snap] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* /cache/centos-7.qcow2c.snap : ok=32 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 Wednesday 06 July 2022 05:45:48 +0000 (0:00:00.056) 0:00:12.449 ******** =============================================================================== fedora.linux_system_roles.certificate : Ensure certificate requests ----- 1.53s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:99 fedora.linux_system_roles.certificate : Ensure certificate role dependencies are installed --- 1.16s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:5 Install the package, force upgrade -------------------------------------- 1.15s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:11 - Gathering Facts --------------------------------------------------------- 1.03s /tmp/tmp5ygcfjec/tests/certificate/tests_key_size.yml:2 ----------------------- Install certreader ------------------------------------------------------ 0.81s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:18 - Parse certificate ------------------------------------------------------- 0.75s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:74 - Gathering Facts --------------------------------------------------------- 0.73s /tmp/tmp5ygcfjec/tests/certificate/tests_key_size.yml:14 ---------------------- fedora.linux_system_roles.certificate : Ensure provider service is running --- 0.68s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:88 fedora.linux_system_roles.certificate : Ensure provider packages are installed --- 0.63s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:22 Ensure python3 is installed --------------------------------------------- 0.60s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:6 -- fedora.linux_system_roles.certificate : Ensure pre-scripts hooks directory exists --- 0.49s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:33 Retrieve certificate file stats ----------------------------------------- 0.46s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:26 - fedora.linux_system_roles.certificate : Ensure ansible_facts used by role --- 0.46s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/set_vars.yml:2 Retrieve auto-renew flag ------------------------------------------------ 0.39s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:132 fedora.linux_system_roles.certificate : Ensure post-scripts hooks directory exists --- 0.35s /tmp/tmpoau9jedf/ansible_collections/fedora/linux_system_roles/roles/certificate/tasks/main.yml:59 Retrieve key file stats ------------------------------------------------- 0.32s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:53 - Verify certificate SAN -------------------------------------------------- 0.08s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:91 - Verify certificate subject ---------------------------------------------- 0.08s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:83 - Verify key file owner and group ----------------------------------------- 0.08s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:64 - Verify certificate file owner and group --------------------------------- 0.08s /tmp/tmp5ygcfjec/tests/certificate/tasks/assert_certificate_parameters.yml:37 -