ansible-playbook 2.9.27 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.9/site-packages/ansible executable location = /usr/local/bin/ansible-playbook python version = 3.9.19 (main, May 16 2024, 11:40:09) [GCC 8.5.0 20210514 (Red Hat 8.5.0-22)] No config file found; using defaults [WARNING]: running playbook inside collection fedora.linux_system_roles Skipping callback 'actionable', as we already have a stdout callback. Skipping callback 'counter_enabled', as we already have a stdout callback. Skipping callback 'debug', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'dense', as we already have a stdout callback. Skipping callback 'full_skip', as we already have a stdout callback. Skipping callback 'json', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'null', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. Skipping callback 'selective', as we already have a stdout callback. Skipping callback 'skippy', as we already have a stdout callback. Skipping callback 'stderr', as we already have a stdout callback. Skipping callback 'unixy', as we already have a stdout callback. Skipping callback 'yaml', as we already have a stdout callback. PLAYBOOK: tests_reload.yml ***************************************************** 1 plays in /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml PLAY [Ensure that crypto_policy_reload variable works] ************************* TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:3 Monday 29 July 2024 14:46:49 -0400 (0:00:00.020) 0:00:00.020 *********** ok: [managed_node1] META: ran handlers TASK [Run role to make sure all dependencies are installed] ******************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:8 Monday 29 July 2024 14:46:50 -0400 (0:00:00.956) 0:00:00.976 *********** TASK [fedora.linux_system_roles.crypto_policies : Set platform/version specific variables] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:3 Monday 29 July 2024 14:46:50 -0400 (0:00:00.032) 0:00:01.008 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Ensure ansible_facts used by role] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:2 Monday 29 July 2024 14:46:50 -0400 (0:00:00.020) 0:00:01.029 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Check if system is ostree] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:10 Monday 29 July 2024 14:46:50 -0400 (0:00:00.031) 0:00:01.060 *********** ok: [managed_node1] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.crypto_policies : Set flag to indicate system is ostree] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:15 Monday 29 July 2024 14:46:50 -0400 (0:00:00.467) 0:00:01.527 *********** ok: [managed_node1] => { "ansible_facts": { "__crypto_policies_is_ostree": false }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:22 Monday 29 July 2024 14:46:50 -0400 (0:00:00.032) 0:00:01.559 *********** ok: [managed_node1] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.crypto_policies : Set flag if transactional-update exists] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:27 Monday 29 July 2024 14:46:50 -0400 (0:00:00.370) 0:00:01.930 *********** ok: [managed_node1] => { "ansible_facts": { "__crypto_policies_is_transactional": false }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Set platform/version specific variables] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:31 Monday 29 July 2024 14:46:51 -0400 (0:00:00.032) 0:00:01.962 *********** skipping: [managed_node1] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Ensure required packages are installed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:6 Monday 29 July 2024 14:46:51 -0400 (0:00:00.048) 0:00:02.011 *********** ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.crypto_policies : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:18 Monday 29 July 2024 14:46:55 -0400 (0:00:04.152) 0:00:06.164 *********** skipping: [managed_node1] => {} TASK [fedora.linux_system_roles.crypto_policies : Reboot transactional update systems] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:23 Monday 29 July 2024 14:46:55 -0400 (0:00:00.030) 0:00:06.194 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Fail if reboot is needed and not set] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:28 Monday 29 July 2024 14:46:55 -0400 (0:00:00.029) 0:00:06.224 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Gather facts] **************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:36 Monday 29 July 2024 14:46:55 -0400 (0:00:00.029) 0:00:06.254 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 Monday 29 July 2024 14:46:55 -0400 (0:00:00.018) 0:00:06.272 *********** ok: [managed_node1] => { "changed": false, "cmd": [ "update-crypto-policies", "--show" ], "delta": "0:00:00.071739", "end": "2024-07-29 14:46:55.799539", "rc": 0, "start": "2024-07-29 14:46:55.727800" } STDOUT: DEFAULT TASK [fedora.linux_system_roles.crypto_policies : Set current policy fact] ***** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:9 Monday 29 July 2024 14:46:55 -0400 (0:00:00.520) 0:00:06.792 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_active": "DEFAULT" }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Find base policies files] **** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:39 Monday 29 July 2024 14:46:55 -0400 (0:00:00.030) 0:00:06.823 *********** ok: [managed_node1] => { "changed": false, "examined": 7, "files": [ { "atime": 1722278780.4144213, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047304, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/DEFAULT.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2153, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047305, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/EMPTY.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 267, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047306, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/FIPS.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1726, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1722278747.220543, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047307, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/FUTURE.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2102, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047308, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/LEGACY.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2471, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } ], "matched": 5 } TASK [fedora.linux_system_roles.crypto_policies : Set available base policies fact] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:47 Monday 29 July 2024 14:46:56 -0400 (0:00:00.457) 0:00:07.280 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_policies": [ "LEGACY", "FUTURE", "EMPTY", "DEFAULT", "FIPS" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Find subpolicy files] ******** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:54 Monday 29 July 2024 14:46:56 -0400 (0:00:00.031) 0:00:07.312 *********** ok: [managed_node1] => { "changed": false, "examined": 5, "files": [ { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695037, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 322, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695038, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 121, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695039, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/NO-CAMELLIA.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 90, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695104, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/NO-SHA1.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 123, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695105, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/OSPP.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1986, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } ], "matched": 5 } TASK [fedora.linux_system_roles.crypto_policies : Set available subpolicies fact] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:62 Monday 29 July 2024 14:46:56 -0400 (0:00:00.349) 0:00:07.662 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_subpolicies": [ "NO-CAMELLIA", "ECDHE-ONLY", "OSPP", "NO-SHA1", "AD-SUPPORT" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Set crypto_policies_available_modules fact (deprecated)] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:69 Monday 29 July 2024 14:46:56 -0400 (0:00:00.031) 0:00:07.694 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_modules": [ "NO-CAMELLIA", "ECDHE-ONLY", "OSPP", "NO-SHA1", "AD-SUPPORT" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Update crypto policy if needed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:75 Monday 29 July 2024 14:46:56 -0400 (0:00:00.029) 0:00:07.723 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set the reboot_required flag if needed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:87 Monday 29 July 2024 14:46:56 -0400 (0:00:00.029) 0:00:07.753 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Update facts after applying policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:95 Monday 29 July 2024 14:46:56 -0400 (0:00:00.027) 0:00:07.781 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 Monday 29 July 2024 14:46:56 -0400 (0:00:00.018) 0:00:07.799 *********** ok: [managed_node1] => { "changed": false, "cmd": [ "update-crypto-policies", "--show" ], "delta": "0:00:00.050775", "end": "2024-07-29 14:46:57.211554", "rc": 0, "start": "2024-07-29 14:46:57.160779" } STDOUT: DEFAULT TASK [fedora.linux_system_roles.crypto_policies : Set current policy fact] ***** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:9 Monday 29 July 2024 14:46:57 -0400 (0:00:00.403) 0:00:08.202 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_active": "DEFAULT" }, "changed": false } TASK [Get SSHD pid before policy update] *************************************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:12 Monday 29 July 2024 14:46:57 -0400 (0:00:00.031) 0:00:08.234 *********** ok: [managed_node1] => { "changed": false, "content": "OTkwCg==", "encoding": "base64", "source": "/var/run/sshd.pid" } TASK [Change policy from DEFAULT TO LEGACY (disable reload)] ******************* task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:17 Monday 29 July 2024 14:46:57 -0400 (0:00:00.443) 0:00:08.677 *********** TASK [fedora.linux_system_roles.crypto_policies : Set platform/version specific variables] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:3 Monday 29 July 2024 14:46:57 -0400 (0:00:00.035) 0:00:08.712 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Ensure ansible_facts used by role] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:2 Monday 29 July 2024 14:46:57 -0400 (0:00:00.019) 0:00:08.732 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Check if system is ostree] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:10 Monday 29 July 2024 14:46:57 -0400 (0:00:00.030) 0:00:08.762 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set flag to indicate system is ostree] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:15 Monday 29 July 2024 14:46:57 -0400 (0:00:00.032) 0:00:08.795 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:22 Monday 29 July 2024 14:46:57 -0400 (0:00:00.028) 0:00:08.823 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set flag if transactional-update exists] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:27 Monday 29 July 2024 14:46:57 -0400 (0:00:00.029) 0:00:08.853 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set platform/version specific variables] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:31 Monday 29 July 2024 14:46:57 -0400 (0:00:00.028) 0:00:08.881 *********** skipping: [managed_node1] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Ensure required packages are installed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:6 Monday 29 July 2024 14:46:57 -0400 (0:00:00.048) 0:00:08.930 *********** ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.crypto_policies : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:18 Monday 29 July 2024 14:47:00 -0400 (0:00:02.489) 0:00:11.419 *********** skipping: [managed_node1] => {} TASK [fedora.linux_system_roles.crypto_policies : Reboot transactional update systems] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:23 Monday 29 July 2024 14:47:00 -0400 (0:00:00.029) 0:00:11.449 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Fail if reboot is needed and not set] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:28 Monday 29 July 2024 14:47:00 -0400 (0:00:00.030) 0:00:11.480 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Gather facts] **************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:36 Monday 29 July 2024 14:47:00 -0400 (0:00:00.028) 0:00:11.509 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 Monday 29 July 2024 14:47:00 -0400 (0:00:00.018) 0:00:11.527 *********** ok: [managed_node1] => { "changed": false, "cmd": [ "update-crypto-policies", "--show" ], "delta": "0:00:00.050824", "end": "2024-07-29 14:47:00.944851", "rc": 0, "start": "2024-07-29 14:47:00.894027" } STDOUT: DEFAULT TASK [fedora.linux_system_roles.crypto_policies : Set current policy fact] ***** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:9 Monday 29 July 2024 14:47:01 -0400 (0:00:00.412) 0:00:11.940 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_active": "DEFAULT" }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Find base policies files] **** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:39 Monday 29 July 2024 14:47:01 -0400 (0:00:00.029) 0:00:11.970 *********** ok: [managed_node1] => { "changed": false, "examined": 7, "files": [ { "atime": 1722278780.4144213, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047304, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/DEFAULT.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2153, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047305, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/EMPTY.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 267, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047306, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/FIPS.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1726, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1722278747.220543, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047307, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/FUTURE.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2102, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047308, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/LEGACY.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2471, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } ], "matched": 5 } TASK [fedora.linux_system_roles.crypto_policies : Set available base policies fact] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:47 Monday 29 July 2024 14:47:01 -0400 (0:00:00.362) 0:00:12.333 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_policies": [ "LEGACY", "FUTURE", "EMPTY", "DEFAULT", "FIPS" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Find subpolicy files] ******** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:54 Monday 29 July 2024 14:47:01 -0400 (0:00:00.033) 0:00:12.366 *********** ok: [managed_node1] => { "changed": false, "examined": 5, "files": [ { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695037, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 322, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695038, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 121, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695039, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/NO-CAMELLIA.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 90, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695104, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/NO-SHA1.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 123, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695105, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/OSPP.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1986, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } ], "matched": 5 } TASK [fedora.linux_system_roles.crypto_policies : Set available subpolicies fact] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:62 Monday 29 July 2024 14:47:01 -0400 (0:00:00.369) 0:00:12.736 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_subpolicies": [ "NO-CAMELLIA", "ECDHE-ONLY", "OSPP", "NO-SHA1", "AD-SUPPORT" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Set crypto_policies_available_modules fact (deprecated)] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:69 Monday 29 July 2024 14:47:01 -0400 (0:00:00.033) 0:00:12.769 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_modules": [ "NO-CAMELLIA", "ECDHE-ONLY", "OSPP", "NO-SHA1", "AD-SUPPORT" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Update crypto policy if needed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:75 Monday 29 July 2024 14:47:01 -0400 (0:00:00.031) 0:00:12.801 *********** NOTIFIED HANDLER fedora.linux_system_roles.crypto_policies : Reboot the managed host to apply crypto policies changes for managed_node1 NOTIFIED HANDLER fedora.linux_system_roles.crypto_policies : Clear the crypto_policies_reboot_required flag for managed_node1 NOTIFIED HANDLER fedora.linux_system_roles.crypto_policies : Reboot the managed host to apply crypto policies changes for managed_node1 NOTIFIED HANDLER fedora.linux_system_roles.crypto_policies : Clear the crypto_policies_reboot_required flag for managed_node1 changed: [managed_node1] => { "changed": true, "cmd": [ "update-crypto-policies", "--no-reload", "--set", "LEGACY" ], "delta": "0:00:00.113096", "end": "2024-07-29 14:47:02.299591", "rc": 0, "start": "2024-07-29 14:47:02.186495" } STDOUT: Setting system policy to LEGACY Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. TASK [fedora.linux_system_roles.crypto_policies : Set the reboot_required flag if needed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:87 Monday 29 July 2024 14:47:02 -0400 (0:00:00.495) 0:00:13.296 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_reboot_required": true }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Update facts after applying policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:95 Monday 29 July 2024 14:47:02 -0400 (0:00:00.032) 0:00:13.329 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 Monday 29 July 2024 14:47:02 -0400 (0:00:00.019) 0:00:13.349 *********** ok: [managed_node1] => { "changed": false, "cmd": [ "update-crypto-policies", "--show" ], "delta": "0:00:00.051921", "end": "2024-07-29 14:47:02.763377", "rc": 0, "start": "2024-07-29 14:47:02.711456" } STDOUT: LEGACY TASK [fedora.linux_system_roles.crypto_policies : Set current policy fact] ***** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:9 Monday 29 July 2024 14:47:02 -0400 (0:00:00.404) 0:00:13.754 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_active": "LEGACY" }, "changed": false } TASK [Get sshd pid after first update] ***************************************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:24 Monday 29 July 2024 14:47:02 -0400 (0:00:00.029) 0:00:13.784 *********** ok: [managed_node1] => { "changed": false, "content": "OTkwCg==", "encoding": "base64", "source": "/var/run/sshd.pid" } TASK [Verify that policy was changed to LEGACY] ******************************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:29 Monday 29 July 2024 14:47:03 -0400 (0:00:00.350) 0:00:14.135 *********** ok: [managed_node1] => { "changed": false } MSG: All assertions passed TASK [Check the sshd was not reloaded] ***************************************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:33 Monday 29 July 2024 14:47:03 -0400 (0:00:00.030) 0:00:14.165 *********** ok: [managed_node1] => { "changed": false } MSG: All assertions passed TASK [Change policy from LEGACY to DEFAULT (reload by default)] **************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:38 Monday 29 July 2024 14:47:03 -0400 (0:00:00.032) 0:00:14.198 *********** TASK [fedora.linux_system_roles.crypto_policies : Set platform/version specific variables] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:3 Monday 29 July 2024 14:47:03 -0400 (0:00:00.046) 0:00:14.244 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Ensure ansible_facts used by role] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:2 Monday 29 July 2024 14:47:03 -0400 (0:00:00.021) 0:00:14.265 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Check if system is ostree] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:10 Monday 29 July 2024 14:47:03 -0400 (0:00:00.033) 0:00:14.299 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set flag to indicate system is ostree] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:15 Monday 29 July 2024 14:47:03 -0400 (0:00:00.028) 0:00:14.327 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:22 Monday 29 July 2024 14:47:03 -0400 (0:00:00.031) 0:00:14.359 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set flag if transactional-update exists] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:27 Monday 29 July 2024 14:47:03 -0400 (0:00:00.083) 0:00:14.443 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set platform/version specific variables] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:31 Monday 29 July 2024 14:47:03 -0400 (0:00:00.031) 0:00:14.475 *********** skipping: [managed_node1] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Ensure required packages are installed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:6 Monday 29 July 2024 14:47:03 -0400 (0:00:00.047) 0:00:14.522 *********** ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.crypto_policies : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:18 Monday 29 July 2024 14:47:06 -0400 (0:00:02.473) 0:00:16.996 *********** skipping: [managed_node1] => {} TASK [fedora.linux_system_roles.crypto_policies : Reboot transactional update systems] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:23 Monday 29 July 2024 14:47:06 -0400 (0:00:00.029) 0:00:17.025 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Fail if reboot is needed and not set] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:28 Monday 29 July 2024 14:47:06 -0400 (0:00:00.029) 0:00:17.055 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Gather facts] **************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:36 Monday 29 July 2024 14:47:06 -0400 (0:00:00.028) 0:00:17.084 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 Monday 29 July 2024 14:47:06 -0400 (0:00:00.018) 0:00:17.102 *********** ok: [managed_node1] => { "changed": false, "cmd": [ "update-crypto-policies", "--show" ], "delta": "0:00:00.052286", "end": "2024-07-29 14:47:06.519787", "rc": 0, "start": "2024-07-29 14:47:06.467501" } STDOUT: LEGACY TASK [fedora.linux_system_roles.crypto_policies : Set current policy fact] ***** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:9 Monday 29 July 2024 14:47:06 -0400 (0:00:00.409) 0:00:17.512 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_active": "LEGACY" }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Find base policies files] **** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:39 Monday 29 July 2024 14:47:06 -0400 (0:00:00.031) 0:00:17.544 *********** ok: [managed_node1] => { "changed": false, "examined": 7, "files": [ { "atime": 1722278780.4144213, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047304, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/DEFAULT.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2153, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047305, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/EMPTY.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 267, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047306, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/FIPS.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1726, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1722278747.220543, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047307, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/FUTURE.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2102, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1722278822.234524, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047308, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/LEGACY.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2471, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } ], "matched": 5 } TASK [fedora.linux_system_roles.crypto_policies : Set available base policies fact] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:47 Monday 29 July 2024 14:47:06 -0400 (0:00:00.357) 0:00:17.901 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_policies": [ "LEGACY", "FUTURE", "EMPTY", "DEFAULT", "FIPS" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Find subpolicy files] ******** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:54 Monday 29 July 2024 14:47:06 -0400 (0:00:00.033) 0:00:17.935 *********** ok: [managed_node1] => { "changed": false, "examined": 5, "files": [ { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695037, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 322, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695038, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 121, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695039, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/NO-CAMELLIA.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 90, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695104, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/NO-SHA1.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 123, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695105, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/OSPP.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1986, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } ], "matched": 5 } TASK [fedora.linux_system_roles.crypto_policies : Set available subpolicies fact] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:62 Monday 29 July 2024 14:47:07 -0400 (0:00:00.366) 0:00:18.301 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_subpolicies": [ "NO-CAMELLIA", "ECDHE-ONLY", "OSPP", "NO-SHA1", "AD-SUPPORT" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Set crypto_policies_available_modules fact (deprecated)] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:69 Monday 29 July 2024 14:47:07 -0400 (0:00:00.034) 0:00:18.336 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_modules": [ "NO-CAMELLIA", "ECDHE-ONLY", "OSPP", "NO-SHA1", "AD-SUPPORT" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Update crypto policy if needed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:75 Monday 29 July 2024 14:47:07 -0400 (0:00:00.029) 0:00:18.365 *********** NOTIFIED HANDLER fedora.linux_system_roles.crypto_policies : Reboot the managed host to apply crypto policies changes for managed_node1 NOTIFIED HANDLER fedora.linux_system_roles.crypto_policies : Clear the crypto_policies_reboot_required flag for managed_node1 changed: [managed_node1] => { "changed": true, "cmd": [ "update-crypto-policies", "--set", "DEFAULT" ], "delta": "0:00:00.142710", "end": "2024-07-29 14:47:07.892228", "rc": 0, "start": "2024-07-29 14:47:07.749518" } STDOUT: Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. TASK [fedora.linux_system_roles.crypto_policies : Set the reboot_required flag if needed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:87 Monday 29 July 2024 14:47:07 -0400 (0:00:00.519) 0:00:18.885 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_reboot_required": true }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Update facts after applying policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:95 Monday 29 July 2024 14:47:07 -0400 (0:00:00.033) 0:00:18.918 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 Monday 29 July 2024 14:47:07 -0400 (0:00:00.020) 0:00:18.938 *********** ok: [managed_node1] => { "changed": false, "cmd": [ "update-crypto-policies", "--show" ], "delta": "0:00:00.054181", "end": "2024-07-29 14:47:08.355912", "rc": 0, "start": "2024-07-29 14:47:08.301731" } STDOUT: DEFAULT TASK [fedora.linux_system_roles.crypto_policies : Set current policy fact] ***** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:9 Monday 29 July 2024 14:47:08 -0400 (0:00:00.413) 0:00:19.351 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_active": "DEFAULT" }, "changed": false } TASK [Get sshd pid after second update] **************************************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:44 Monday 29 July 2024 14:47:08 -0400 (0:00:00.032) 0:00:19.384 *********** ok: [managed_node1] => { "changed": false, "content": "NDE0MQo=", "encoding": "base64", "source": "/var/run/sshd.pid" } TASK [Verify that policy was changed to DEFAULT] ******************************* task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:49 Monday 29 July 2024 14:47:08 -0400 (0:00:00.352) 0:00:19.736 *********** ok: [managed_node1] => { "changed": false } MSG: All assertions passed TASK [Check the sshd was reloaded] ********************************************* task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:54 Monday 29 July 2024 14:47:08 -0400 (0:00:00.032) 0:00:19.768 *********** ok: [managed_node1] => { "changed": false } MSG: All assertions passed TASK [Restore policy to DEFAULT] *********************************************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:60 Monday 29 July 2024 14:47:08 -0400 (0:00:00.029) 0:00:19.798 *********** TASK [fedora.linux_system_roles.crypto_policies : Set platform/version specific variables] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:3 Monday 29 July 2024 14:47:08 -0400 (0:00:00.039) 0:00:19.837 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Ensure ansible_facts used by role] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:2 Monday 29 July 2024 14:47:08 -0400 (0:00:00.020) 0:00:19.858 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Check if system is ostree] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:10 Monday 29 July 2024 14:47:08 -0400 (0:00:00.032) 0:00:19.891 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set flag to indicate system is ostree] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:15 Monday 29 July 2024 14:47:08 -0400 (0:00:00.028) 0:00:19.919 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:22 Monday 29 July 2024 14:47:09 -0400 (0:00:00.029) 0:00:19.949 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set flag if transactional-update exists] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:27 Monday 29 July 2024 14:47:09 -0400 (0:00:00.029) 0:00:19.979 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set platform/version specific variables] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:31 Monday 29 July 2024 14:47:09 -0400 (0:00:00.034) 0:00:20.013 *********** skipping: [managed_node1] => (item=RedHat.yml) => { "ansible_loop_var": "item", "changed": false, "item": "RedHat.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=CentOS_8.yml) => { "ansible_loop_var": "item", "changed": false, "item": "CentOS_8.yml", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Ensure required packages are installed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:6 Monday 29 July 2024 14:47:09 -0400 (0:00:00.053) 0:00:20.067 *********** ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do TASK [fedora.linux_system_roles.crypto_policies : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:18 Monday 29 July 2024 14:47:11 -0400 (0:00:02.475) 0:00:22.542 *********** skipping: [managed_node1] => {} TASK [fedora.linux_system_roles.crypto_policies : Reboot transactional update systems] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:23 Monday 29 July 2024 14:47:11 -0400 (0:00:00.032) 0:00:22.575 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Fail if reboot is needed and not set] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:28 Monday 29 July 2024 14:47:11 -0400 (0:00:00.030) 0:00:22.605 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Gather facts] **************** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:36 Monday 29 July 2024 14:47:11 -0400 (0:00:00.033) 0:00:22.638 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 Monday 29 July 2024 14:47:11 -0400 (0:00:00.019) 0:00:22.658 *********** ok: [managed_node1] => { "changed": false, "cmd": [ "update-crypto-policies", "--show" ], "delta": "0:00:00.050383", "end": "2024-07-29 14:47:12.071169", "rc": 0, "start": "2024-07-29 14:47:12.020786" } STDOUT: DEFAULT TASK [fedora.linux_system_roles.crypto_policies : Set current policy fact] ***** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:9 Monday 29 July 2024 14:47:12 -0400 (0:00:00.404) 0:00:23.062 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_active": "DEFAULT" }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Find base policies files] **** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:39 Monday 29 July 2024 14:47:12 -0400 (0:00:00.031) 0:00:23.094 *********** ok: [managed_node1] => { "changed": false, "examined": 7, "files": [ { "atime": 1722278780.4144213, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047304, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/DEFAULT.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2153, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047305, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/EMPTY.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 267, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047306, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/FIPS.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1726, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1722278747.220543, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047307, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/FUTURE.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2102, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1722278822.234524, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4047308, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/LEGACY.pol", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 2471, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } ], "matched": 5 } TASK [fedora.linux_system_roles.crypto_policies : Set available base policies fact] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:47 Monday 29 July 2024 14:47:12 -0400 (0:00:00.358) 0:00:23.453 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_policies": [ "LEGACY", "FUTURE", "EMPTY", "DEFAULT", "FIPS" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Find subpolicy files] ******** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:54 Monday 29 July 2024 14:47:12 -0400 (0:00:00.034) 0:00:23.487 *********** ok: [managed_node1] => { "changed": false, "examined": 5, "files": [ { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695037, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 322, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695038, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 121, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695039, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/NO-CAMELLIA.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 90, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695104, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/NO-SHA1.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 123, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false }, { "atime": 1690903086.0, "ctime": 1716968718.641, "dev": 51713, "gid": 0, "gr_name": "root", "inode": 4695105, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1690903086.0, "nlink": 1, "path": "/usr/share/crypto-policies/policies/modules/OSPP.pmod", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 1986, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false } ], "matched": 5 } TASK [fedora.linux_system_roles.crypto_policies : Set available subpolicies fact] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:62 Monday 29 July 2024 14:47:12 -0400 (0:00:00.363) 0:00:23.850 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_subpolicies": [ "NO-CAMELLIA", "ECDHE-ONLY", "OSPP", "NO-SHA1", "AD-SUPPORT" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Set crypto_policies_available_modules fact (deprecated)] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:69 Monday 29 July 2024 14:47:12 -0400 (0:00:00.033) 0:00:23.884 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_available_modules": [ "NO-CAMELLIA", "ECDHE-ONLY", "OSPP", "NO-SHA1", "AD-SUPPORT" ] }, "changed": false } TASK [fedora.linux_system_roles.crypto_policies : Update crypto policy if needed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:75 Monday 29 July 2024 14:47:12 -0400 (0:00:00.030) 0:00:23.914 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Set the reboot_required flag if needed] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:87 Monday 29 July 2024 14:47:13 -0400 (0:00:00.031) 0:00:23.946 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.crypto_policies : Update facts after applying policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:95 Monday 29 July 2024 14:47:13 -0400 (0:00:00.031) 0:00:23.977 *********** included: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml for managed_node1 TASK [fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 Monday 29 July 2024 14:47:13 -0400 (0:00:00.019) 0:00:23.997 *********** ok: [managed_node1] => { "changed": false, "cmd": [ "update-crypto-policies", "--show" ], "delta": "0:00:00.057020", "end": "2024-07-29 14:47:13.418669", "rc": 0, "start": "2024-07-29 14:47:13.361649" } STDOUT: DEFAULT TASK [fedora.linux_system_roles.crypto_policies : Set current policy fact] ***** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:9 Monday 29 July 2024 14:47:13 -0400 (0:00:00.411) 0:00:24.409 *********** ok: [managed_node1] => { "ansible_facts": { "crypto_policies_active": "DEFAULT" }, "changed": false } RUNNING HANDLER [fedora.linux_system_roles.crypto_policies : Reboot the managed host to apply crypto policies changes] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/handlers/main.yml:4 Monday 29 July 2024 14:47:13 -0400 (0:00:00.028) 0:00:24.437 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } RUNNING HANDLER [fedora.linux_system_roles.crypto_policies : Clear the crypto_policies_reboot_required flag] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/handlers/main.yml:11 Monday 29 July 2024 14:47:13 -0400 (0:00:00.030) 0:00:24.467 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } RUNNING HANDLER [fedora.linux_system_roles.crypto_policies : Reboot the managed host to apply crypto policies changes] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/handlers/main.yml:4 Monday 29 July 2024 14:47:13 -0400 (0:00:00.031) 0:00:24.498 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } RUNNING HANDLER [fedora.linux_system_roles.crypto_policies : Clear the crypto_policies_reboot_required flag] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/handlers/main.yml:11 Monday 29 July 2024 14:47:13 -0400 (0:00:00.029) 0:00:24.528 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } RUNNING HANDLER [fedora.linux_system_roles.crypto_policies : Reboot the managed host to apply crypto policies changes] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/handlers/main.yml:4 Monday 29 July 2024 14:47:13 -0400 (0:00:00.032) 0:00:24.561 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } RUNNING HANDLER [fedora.linux_system_roles.crypto_policies : Clear the crypto_policies_reboot_required flag] *** task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/handlers/main.yml:11 Monday 29 July 2024 14:47:13 -0400 (0:00:00.030) 0:00:24.591 *********** skipping: [managed_node1] => { "changed": false, "skip_reason": "Conditional result was False" } META: ran handlers TASK [Check the current policy has been restored to DEFAULT] ******************* task path: /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:73 Monday 29 July 2024 14:47:13 -0400 (0:00:00.035) 0:00:24.627 *********** ok: [managed_node1] => { "changed": false } MSG: All assertions passed META: ran handlers META: ran handlers PLAY RECAP ********************************************************************* managed_node1 : ok=69 changed=2 unreachable=0 failed=0 skipped=42 rescued=0 ignored=0 Monday 29 July 2024 14:47:13 -0400 (0:00:00.029) 0:00:24.656 *********** =============================================================================== fedora.linux_system_roles.crypto_policies : Ensure required packages are installed --- 4.15s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:6 fedora.linux_system_roles.crypto_policies : Ensure required packages are installed --- 2.49s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:6 fedora.linux_system_roles.crypto_policies : Ensure required packages are installed --- 2.48s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:6 Gathering Facts --------------------------------------------------------- 0.96s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:3 fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy --- 0.52s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 fedora.linux_system_roles.crypto_policies : Update crypto policy if needed --- 0.50s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:75 fedora.linux_system_roles.crypto_policies : Check if system is ostree --- 0.47s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:10 fedora.linux_system_roles.crypto_policies : Find base policies files ---- 0.46s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:39 Get SSHD pid before policy update --------------------------------------- 0.44s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/tests/crypto_policies/tests_reload.yml:12 fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy --- 0.41s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy --- 0.41s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy --- 0.41s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy --- 0.41s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy --- 0.40s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy --- 0.40s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 fedora.linux_system_roles.crypto_policies : Find out what is the currently active policy --- 0.40s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/gather_facts.yml:3 fedora.linux_system_roles.crypto_policies : Check if transactional-update exists in /sbin --- 0.37s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/set_vars.yml:22 fedora.linux_system_roles.crypto_policies : Find subpolicy files -------- 0.37s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:54 fedora.linux_system_roles.crypto_policies : Find subpolicy files -------- 0.36s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:54 fedora.linux_system_roles.crypto_policies : Find base policies files ---- 0.36s /tmp/tmp.TNKFjRCNXS/ansible_collections/fedora/linux_system_roles/roles/crypto_policies/tasks/main.yml:39