# STDOUT:
---v---v---v---v---v---
Using /etc/ansible/ansible.cfg as config file
PLAY [test certificate issuance with run_after shell script] *******************
TASK [Gathering Facts] *********************************************************
Wednesday 31 August 2022 15:07:54 +0000 (0:00:00.020) 0:00:00.020 ******
ok: [sut]
TASK [Download current linux-system-roles.certificate] *************************
Wednesday 31 August 2022 15:07:55 +0000 (0:00:01.105) 0:00:01.126 ******
ok: [sut -> localhost] => {
"after": "830401555e447c33248d88222b28e82ba9a29c94",
"before": "830401555e447c33248d88222b28e82ba9a29c94",
"changed": false,
"remote_url_changed": false
}
TASK [Install cockpit] *********************************************************
Wednesday 31 August 2022 15:07:56 +0000 (0:00:01.136) 0:00:02.263 ******
TASK [linux-system-roles.cockpit : Ensure ansible_facts and variables used by role] ***
Wednesday 31 August 2022 15:07:56 +0000 (0:00:00.060) 0:00:02.323 ******
included: /WORKDIR/dist-git-cockpit-port-selinux-2ewFut/tests/roles/linux-system-roles.cockpit/tasks/set_vars.yml for sut
TASK [linux-system-roles.cockpit : Ensure ansible_facts used by role] **********
Wednesday 31 August 2022 15:07:56 +0000 (0:00:00.039) 0:00:02.363 ******
ok: [sut]
TASK [linux-system-roles.cockpit : Set version specific variables] *************
Wednesday 31 August 2022 15:07:57 +0000 (0:00:00.467) 0:00:02.830 ******
ok: [sut] => (item=/WORKDIR/dist-git-cockpit-port-selinux-2ewFut/tests/roles/linux-system-roles.cockpit/vars/RedHat-8.yml) => {
"ansible_facts": {
"__cockpit_packages": {
"default": "{{ __cockpit_packages_minimal + __cockpit_packages_default }}",
"full": "{{ __cockpit_packages_minimal + __cockpit_packages_default + __cockpit_packages_full }}",
"minimal": "{{ __cockpit_packages_minimal }}"
},
"__cockpit_packages_default": [
"cockpit",
"cockpit-networkmanager",
"cockpit-packagekit",
"cockpit-selinux",
"cockpit-storaged"
],
"__cockpit_packages_exclude": [
"cockpit-docker",
"cockpit-ostree",
"cockpit-tests"
],
"__cockpit_packages_full": [
"cockpit-*"
],
"__cockpit_packages_minimal": [
"cockpit-system",
"cockpit-ws"
]
},
"ansible_included_var_files": [
"/WORKDIR/dist-git-cockpit-port-selinux-2ewFut/tests/roles/linux-system-roles.cockpit/vars/RedHat-8.yml"
],
"ansible_loop_var": "item",
"changed": false,
"item": "/WORKDIR/dist-git-cockpit-port-selinux-2ewFut/tests/roles/linux-system-roles.cockpit/vars/RedHat-8.yml"
}
TASK [linux-system-roles.cockpit : List active RHEL repositories] **************
Wednesday 31 August 2022 15:07:57 +0000 (0:00:00.056) 0:00:02.887 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.cockpit : Enable RHEL repositories] *******************
Wednesday 31 August 2022 15:07:57 +0000 (0:00:00.033) 0:00:02.920 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.cockpit : Manage cockpit packages using platform specific package manager if applicable] ***
Wednesday 31 August 2022 15:07:57 +0000 (0:00:00.032) 0:00:02.953 ******
included: /WORKDIR/dist-git-cockpit-port-selinux-2ewFut/tests/roles/linux-system-roles.cockpit/tasks/setup-dnf.yml for sut => (item=/WORKDIR/dist-git-cockpit-port-selinux-2ewFut/tests/roles/linux-system-roles.cockpit/tasks/setup-dnf.yml)
TASK [linux-system-roles.cockpit : If choosing custom package set, ensure minimal cockpit is included] ***
Wednesday 31 August 2022 15:07:57 +0000 (0:00:00.051) 0:00:03.004 ******
ok: [sut] => {
"ansible_facts": {
"cockpit_packages": "minimal"
},
"changed": false
}
TASK [linux-system-roles.cockpit : Ensure Cockpit Web Console packages are installed.] ***
Wednesday 31 August 2022 15:07:57 +0000 (0:00:00.054) 0:00:03.059 ******
changed: [sut] => {
"changed": true,
"rc": 0,
"results": [
"Installed: policycoreutils-python-utils-2.9-20.el8.noarch",
"Installed: PackageKit-1.1.12-6.el8.x86_64",
"Installed: python3-gobject-3.28.3-2.el8.x86_64",
"Installed: PackageKit-glib-1.1.12-6.el8.x86_64",
"Installed: redhat-logos-84.5-1.el8.x86_64",
"Installed: bzip2-1.0.6-26.el8.x86_64",
"Installed: cairo-1.15.12-6.el8.x86_64",
"Installed: cairo-gobject-1.15.12-6.el8.x86_64",
"Installed: libsoup-2.62.3-2.el8.x86_64",
"Installed: abattis-cantarell-fonts-0.0.25-6.el8.noarch",
"Installed: setroubleshoot-plugins-3.3.14-1.el8.noarch",
"Installed: setroubleshoot-server-3.3.26-4.el8.x86_64",
"Installed: cockpit-bridge-273-2.el8.x86_64",
"Installed: libmodman-2.0.1-17.el8.x86_64",
"Installed: cockpit-system-273-2.el8.noarch",
"Installed: cockpit-ws-273-2.el8.x86_64",
"Installed: libX11-1.6.8-5.el8.x86_64",
"Installed: libstemmer-0-10.585svn.el8.x86_64",
"Installed: libX11-common-1.6.8-5.el8.noarch",
"Installed: libxcb-1.13.1-1.el8.x86_64",
"Installed: libXau-1.0.9-3.el8.x86_64",
"Installed: fontconfig-2.13.1-4.el8.x86_64",
"Installed: fontpackages-filesystem-1.44-22.el8.noarch",
"Installed: libXext-1.3.4-1.el8.x86_64",
"Installed: pixman-0.38.4-2.el8.x86_64",
"Installed: python3-pexpect-4.3.1-3.el8.noarch",
"Installed: libproxy-0.4.15-5.2.el8.x86_64",
"Installed: python3-ptyprocess-0.5.2-4.el8.noarch",
"Installed: sos-4.3-2.el8.noarch",
"Installed: gdk-pixbuf2-2.36.12-5.el8.x86_64",
"Installed: dejavu-fonts-common-2.35-7.el8.noarch",
"Installed: dejavu-sans-mono-fonts-2.35-7.el8.noarch",
"Installed: python3-pydbus-0.6.0-5.el8.noarch",
"Installed: python3-cairo-1.16.3-6.el8.x86_64",
"Installed: gsettings-desktop-schemas-3.32.0-6.el8.x86_64",
"Installed: glib-networking-2.56.1-1.1.el8.x86_64",
"Installed: libXrender-0.9.10-7.el8.x86_64",
"Installed: python3-systemd-234-8.el8.x86_64",
"Installed: libappstream-glib-0.7.14-3.el8.x86_64",
"Installed: sscg-3.0.0-5.el8.x86_64"
]
}
TASK [linux-system-roles.cockpit : Create custom port configuration file directory] ***
Wednesday 31 August 2022 15:08:32 +0000 (0:00:34.891) 0:00:37.950 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.cockpit : Create custom port configuration file] ******
Wednesday 31 August 2022 15:08:32 +0000 (0:00:00.045) 0:00:37.996 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.cockpit : Check if SELinux is enabled] ****************
Wednesday 31 August 2022 15:08:32 +0000 (0:00:00.047) 0:00:38.043 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [Allow cockpit to own custom port in SELinux policy] **********************
Wednesday 31 August 2022 15:08:32 +0000 (0:00:00.038) 0:00:38.082 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.cockpit : Clean up port configuration file for undefined custom port] ***
Wednesday 31 August 2022 15:08:32 +0000 (0:00:00.039) 0:00:38.121 ******
ok: [sut] => {
"changed": false,
"path": "/etc/systemd/system/cockpit.socket.d/listen.conf",
"state": "absent"
}
TASK [linux-system-roles.cockpit : Ensure Cockpit Web Console is started/stopped and enabled/disabled] ***
Wednesday 31 August 2022 15:08:32 +0000 (0:00:00.489) 0:00:38.610 ******
changed: [sut] => {
"changed": true,
"enabled": true,
"name": "cockpit.socket",
"state": "started",
"status": {
"Accept": "no",
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "systemd-journald.socket sysinit.target system.slice",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Backlog": "128",
"Before": "cockpit.service cockpit-motd.service sockets.target shutdown.target",
"BindIPv6Only": "default",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"Broadcast": "no",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "no",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"ConfigurationDirectoryMode": "0755",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"DeferAcceptUSec": "0",
"Delegate": "no",
"Description": "Cockpit Web Service Socket",
"DevicePolicy": "auto",
"DirectoryMode": "0755",
"Documentation": "man:cockpit-ws(8)",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"ExecStartPost": "{ path=/bin/ln ; argv[]=/bin/ln -snf active.motd /run/cockpit/motd ; ignore_errors=yes ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStopPost": "{ path=/bin/ln ; argv[]=/bin/ln -snf inactive.motd /run/cockpit/motd ; ignore_errors=yes ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorName": "cockpit.socket",
"FlushPending": "no",
"FragmentPath": "/usr/lib/systemd/system/cockpit.socket",
"FreeBind": "no",
"FreezerState": "running",
"GID": "[not set]",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"IPTOS": "-1",
"IPTTL": "-1",
"Id": "cockpit.socket",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeepAlive": "no",
"KeepAliveIntervalUSec": "0",
"KeepAliveProbes": "0",
"KeepAliveTimeUSec": "0",
"KeyringMode": "shared",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14143",
"LimitNPROCSoft": "14143",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14143",
"LimitSIGPENDINGSoft": "14143",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"Listen": "[::]:9090 (Stream)",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"Mark": "-1",
"MaxConnections": "64",
"MaxConnectionsPerSource": "0",
"MemoryAccounting": "yes",
"MemoryCurrent": "[not set]",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MessageQueueMaxMessages": "0",
"MessageQueueMessageSize": "0",
"MountAPIVFS": "no",
"MountFlags": "",
"NAccepted": "0",
"NConnections": "0",
"NRefused": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "cockpit.socket",
"NeedDaemonReload": "no",
"Nice": "0",
"NoDelay": "no",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PassCredentials": "no",
"PassPacketInfo": "no",
"PassSecurity": "no",
"Perpetual": "no",
"PipeSize": "0",
"Priority": "-1",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"ReceiveBuffer": "0",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemoveIPC": "no",
"RemoveOnStop": "no",
"RequiredBy": "cockpit.service",
"Requires": "system.slice sysinit.target",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"ReusePort": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendBuffer": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"SocketMode": "0666",
"SocketProtocol": "0",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestampMonotonic": "0",
"StateDirectoryMode": "0755",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "[not set]",
"TasksMax": "22628",
"TimeoutUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Transparent": "no",
"TriggerLimitBurst": "20",
"TriggerLimitIntervalUSec": "2s",
"Triggers": "cockpit.service",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"UtmpMode": "init",
"Wants": "cockpit-motd.service",
"Writable": "no"
}
}
TASK [linux-system-roles.cockpit : Create cockpit.conf configuration file] *****
Wednesday 31 August 2022 15:08:34 +0000 (0:00:01.131) 0:00:39.742 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.cockpit : Link to configured existing certificate] ****
Wednesday 31 August 2022 15:08:34 +0000 (0:00:00.037) 0:00:39.780 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.cockpit : Link to configured existing certificate key] ***
Wednesday 31 August 2022 15:08:34 +0000 (0:00:00.037) 0:00:39.817 ******
skipping: [sut] => {
"changed": false,
"skip_reason": "Conditional result was False"
}
TASK [Allow certmonger to write into Cockpit's certificate directory] **********
Wednesday 31 August 2022 15:08:34 +0000 (0:00:00.048) 0:00:39.866 ******
ok: [sut] => {
"changed": false,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/etc/cockpit/ws-certs.d/",
"secontext": "system_u:object_r:cert_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [Generate certificate with linux-system-roles.certificate] ****************
Wednesday 31 August 2022 15:08:34 +0000 (0:00:00.272) 0:00:40.139 ******
TASK [linux-system-roles.certificate : Set version specific variables] *********
Wednesday 31 August 2022 15:08:34 +0000 (0:00:00.063) 0:00:40.202 ******
included: /WORKDIR/dist-git-cockpit-port-selinux-2ewFut/tests/roles/linux-system-roles.certificate/tasks/set_vars.yml for sut
TASK [linux-system-roles.certificate : Ensure ansible_facts used by role] ******
Wednesday 31 August 2022 15:08:34 +0000 (0:00:00.041) 0:00:40.244 ******
ok: [sut]
TASK [linux-system-roles.certificate : Set platform/version specific variables] ***
Wednesday 31 August 2022 15:08:34 +0000 (0:00:00.452) 0:00:40.697 ******
skipping: [sut] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
skipping: [sut] => (item=RedHat.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat.yml",
"skip_reason": "Conditional result was False"
}
skipping: [sut] => (item=RedHat_8.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat_8.yml",
"skip_reason": "Conditional result was False"
}
skipping: [sut] => (item=RedHat_8.7.yml) => {
"ansible_loop_var": "item",
"changed": false,
"item": "RedHat_8.7.yml",
"skip_reason": "Conditional result was False"
}
TASK [linux-system-roles.certificate : Ensure certificate role dependencies are installed] ***
Wednesday 31 August 2022 15:08:35 +0000 (0:00:00.064) 0:00:40.761 ******
changed: [sut] => {
"changed": true,
"rc": 0,
"results": [
"Installed: python3-pyasn1-0.3.7-6.el8.noarch"
]
}
TASK [linux-system-roles.certificate : Ensure provider packages are installed] ***
Wednesday 31 August 2022 15:08:37 +0000 (0:00:02.495) 0:00:43.257 ******
changed: [sut] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": true,
"rc": 0,
"results": [
"Installed: xmlrpc-c-1.51.0-8.el8.x86_64",
"Installed: xmlrpc-c-client-1.51.0-8.el8.x86_64",
"Installed: certmonger-0.79.13-5.el8.x86_64"
]
}
TASK [linux-system-roles.certificate : Ensure pre-scripts hooks directory exists] ***
Wednesday 31 August 2022 15:08:41 +0000 (0:00:03.607) 0:00:46.864 ******
changed: [sut] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": true,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/etc/certmonger//pre-scripts",
"secontext": "unconfined_u:object_r:etc_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [linux-system-roles.certificate : Ensure post-scripts hooks directory exists] ***
Wednesday 31 August 2022 15:08:41 +0000 (0:00:00.307) 0:00:47.172 ******
changed: [sut] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": true,
"gid": 0,
"group": "root",
"mode": "0700",
"owner": "root",
"path": "/etc/certmonger//post-scripts",
"secontext": "unconfined_u:object_r:etc_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
TASK [linux-system-roles.certificate : Ensure provider service is running] *****
Wednesday 31 August 2022 15:08:41 +0000 (0:00:00.336) 0:00:47.509 ******
changed: [sut] => (item=certmonger) => {
"__certificate_provider": "certmonger",
"ansible_loop_var": "__certificate_provider",
"changed": true,
"enabled": true,
"name": "certmonger",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "sysinit.target system.slice systemd-journald.socket syslog.target dbus.socket basic.target network.target dbus.service",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "[not set]",
"BusName": "org.fedorahosted.certmonger",
"CPUAccounting": "no",
"CPUAffinity": "",
"CPUAffinityFromNUMA": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUQuotaPeriodUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "[not set]",
"CPUUsageNSec": "[not set]",
"CPUWeight": "[not set]",
"CacheDirectoryMode": "0755",
"CanFreeze": "yes",
"CanIsolate": "no",
"CanReload": "no",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf",
"CollectMode": "inactive",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"ConfigurationDirectoryMode": "0755",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"DefaultMemoryLow": "0",
"DefaultMemoryMin": "0",
"Delegate": "no",
"Description": "Certificate monitoring and PKI enrollment",
"DevicePolicy": "auto",
"DynamicUser": "no",
"EffectiveCPUs": "",
"EffectiveMemoryNodes": "",
"EnvironmentFiles": "/etc/sysconfig/certmonger (ignore_errors=yes)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecStart": "{ path=/usr/sbin/certmonger ; argv[]=/usr/sbin/certmonger -S -p /run/certmonger.pid -n $OPTS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/certmonger.service",
"FreezerState": "running",
"GID": "[not set]",
"GuessMainPID": "yes",
"IOAccounting": "no",
"IOSchedulingClass": "0",
"IOSchedulingPriority": "0",
"IOWeight": "[not set]",
"IPAccounting": "no",
"IPEgressBytes": "18446744073709551615",
"IPEgressPackets": "18446744073709551615",
"IPIngressBytes": "18446744073709551615",
"IPIngressPackets": "18446744073709551615",
"Id": "certmonger.service",
"IgnoreOnIsolate": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobRunningTimeoutUSec": "infinity",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "infinity",
"KeyringMode": "private",
"KillMode": "control-group",
"KillSignal": "15",
"LimitAS": "infinity",
"LimitASSoft": "infinity",
"LimitCORE": "infinity",
"LimitCORESoft": "0",
"LimitCPU": "infinity",
"LimitCPUSoft": "infinity",
"LimitDATA": "infinity",
"LimitDATASoft": "infinity",
"LimitFSIZE": "infinity",
"LimitFSIZESoft": "infinity",
"LimitLOCKS": "infinity",
"LimitLOCKSSoft": "infinity",
"LimitMEMLOCK": "65536",
"LimitMEMLOCKSoft": "65536",
"LimitMSGQUEUE": "819200",
"LimitMSGQUEUESoft": "819200",
"LimitNICE": "0",
"LimitNICESoft": "0",
"LimitNOFILE": "262144",
"LimitNOFILESoft": "1024",
"LimitNPROC": "14143",
"LimitNPROCSoft": "14143",
"LimitRSS": "infinity",
"LimitRSSSoft": "infinity",
"LimitRTPRIO": "0",
"LimitRTPRIOSoft": "0",
"LimitRTTIME": "infinity",
"LimitRTTIMESoft": "infinity",
"LimitSIGPENDING": "14143",
"LimitSIGPENDINGSoft": "14143",
"LimitSTACK": "infinity",
"LimitSTACKSoft": "8388608",
"LoadState": "loaded",
"LockPersonality": "no",
"LogLevelMax": "-1",
"LogRateLimitBurst": "0",
"LogRateLimitIntervalUSec": "0",
"LogsDirectoryMode": "0755",
"MainPID": "0",
"MemoryAccounting": "yes",
"MemoryCurrent": "[not set]",
"MemoryDenyWriteExecute": "no",
"MemoryHigh": "infinity",
"MemoryLimit": "infinity",
"MemoryLow": "0",
"MemoryMax": "infinity",
"MemoryMin": "0",
"MemorySwapMax": "infinity",
"MountAPIVFS": "no",
"MountFlags": "",
"NFileDescriptorStore": "0",
"NRestarts": "0",
"NUMAMask": "",
"NUMAPolicy": "n/a",
"Names": "certmonger.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "none",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PIDFile": "/run/certmonger.pid",
"PartOf": "dbus.service",
"PermissionsStartOnly": "no",
"Perpetual": "no",
"PrivateDevices": "no",
"PrivateMounts": "no",
"PrivateNetwork": "no",
"PrivateTmp": "no",
"PrivateUsers": "no",
"ProtectControlGroups": "no",
"ProtectHome": "no",
"ProtectKernelModules": "no",
"ProtectKernelTunables": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"RemoveIPC": "no",
"Requires": "sysinit.target system.slice dbus.socket",
"Restart": "no",
"RestartUSec": "100ms",
"RestrictNamespaces": "no",
"RestrictRealtime": "no",
"RestrictSUIDSGID": "no",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"RuntimeDirectoryPreserve": "no",
"RuntimeMaxUSec": "infinity",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardInputData": "",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitIntervalUSec": "10s",
"StartupBlockIOWeight": "[not set]",
"StartupCPUShares": "[not set]",
"StartupCPUWeight": "[not set]",
"StartupIOWeight": "[not set]",
"StateChangeTimestampMonotonic": "0",
"StateDirectoryMode": "0755",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SuccessAction": "none",
"SyslogFacility": "3",
"SyslogLevel": "6",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "yes",
"TasksCurrent": "[not set]",
"TasksMax": "22628",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "dbus",
"UID": "[not set]",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"UtmpMode": "init",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
TASK [linux-system-roles.certificate : Ensure certificate requests] ************
Wednesday 31 August 2022 15:08:42 +0000 (0:00:01.096) 0:00:48.606 ******
changed: [sut] => (item={'name': 'monger-cockpit', 'dns': ['localhost', 'www.example.com'], 'ca': 'local', 'group': 'cockpit-ws', 'run_after': 'DEST=/etc/cockpit/ws-certs.d/monger-cockpit.cert\ncat /etc/pki/tls/certs/monger-cockpit.crt \\\n/etc/pki/tls/private/monger-cockpit.key > $DEST\nchmod 640 $DEST\nchown root:cockpit-ws $DEST\n'}) => {
"ansible_loop_var": "item",
"changed": true,
"item": {
"ca": "local",
"dns": [
"localhost",
"www.example.com"
],
"group": "cockpit-ws",
"name": "monger-cockpit",
"run_after": "DEST=/etc/cockpit/ws-certs.d/monger-cockpit.cert\ncat /etc/pki/tls/certs/monger-cockpit.crt \\\n/etc/pki/tls/private/monger-cockpit.key > $DEST\nchmod 640 $DEST\nchown root:cockpit-ws $DEST\n"
}
}
MSG:
Certificate requested (new). Pre/Post run hooks updated. File attributes updated.
TASK [Get PEM of certmonger's local CA] ****************************************
Wednesday 31 August 2022 15:08:43 +0000 (0:00:00.922) 0:00:49.528 ******
changed: [sut] => {
"changed": true,
"cmd": [
"openssl",
"pkcs12",
"-in",
"/var/lib/certmonger/local/creds",
"-out",
"/var/lib/certmonger/local/ca.pem",
"-nokeys",
"-nodes",
"-passin",
"pass:"
],
"delta": "0:00:00.036825",
"end": "2022-08-31 15:08:44.198255",
"rc": 0,
"start": "2022-08-31 15:08:44.161430"
}
TASK [test - cockpit works with TLS and expected certificate] ******************
Wednesday 31 August 2022 15:08:44 +0000 (0:00:00.438) 0:00:49.967 ******
ok: [sut] => {
"changed": false,
"cmd": [
"curl",
"--cacert",
"/var/lib/certmonger/local/ca.pem",
"https://localhost:9090"
],
"delta": "0:00:00.230594",
"end": "2022-08-31 15:08:44.694948",
"rc": 0,
"start": "2022-08-31 15:08:44.464354"
}
STDOUT:
Loading...
Please enable JavaScript to use the Web Console.
Validating authentication token
A modern browser is required for security, reliability, and performance.
Download a new browser for free
STDERR:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 11348 0 11348 0 0 51348 0 --:--:-- --:--:-- --:--:-- 51348
TASK [test - get certmonger tracking status] ***********************************
Wednesday 31 August 2022 15:08:44 +0000 (0:00:00.490) 0:00:50.457 ******
ok: [sut] => {
"changed": false,
"cmd": [
"getcert",
"list",
"--tracking-only",
"-f",
"/etc/pki/tls/certs/monger-cockpit.crt"
],
"delta": "0:00:00.059504",
"end": "2022-08-31 15:08:45.017978",
"rc": 0,
"start": "2022-08-31 15:08:44.958474"
}
STDOUT:
Number of certificates and requests being tracked: 1.
Request ID '20220831150843':
status: MONITORING
stuck: no
key pair storage: type=FILE,location='/etc/pki/tls/private/monger-cockpit.key'
certificate: type=FILE,location='/etc/pki/tls/certs/monger-cockpit.crt'
CA: local
issuer: CN=a68075bd-5aa44b8a-a09dafbc-77c65f37,CN=Local Signing Authority
subject: CN=localhost
issued: 2022-08-31 15:08:43 UTC
expires: 2023-08-31 15:08:43 UTC
dns: localhost,www.example.com
key usage: digitalSignature,keyEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /etc/certmonger/post-scripts/monger-cockpit-59d1099.sh
track: yes
auto-renew: yes
TASK [test - ensure certificate generation succeeded] **************************
Wednesday 31 August 2022 15:08:45 +0000 (0:00:00.321) 0:00:50.779 ******
ok: [sut] => {
"changed": false
}
MSG:
All assertions passed
TASK [test - clean up tracked certificate] *************************************
Wednesday 31 August 2022 15:08:45 +0000 (0:00:00.047) 0:00:50.826 ******
ok: [sut] => {
"changed": false,
"cmd": [
"getcert",
"stop-tracking",
"-f",
"/etc/pki/tls/certs/monger-cockpit.crt"
],
"delta": "0:00:00.043044",
"end": "2022-08-31 15:08:45.370196",
"rc": 0,
"start": "2022-08-31 15:08:45.327152"
}
STDOUT:
Request "20220831150843" removed.
TASK [test - clean up generated certificate] ***********************************
Wednesday 31 August 2022 15:08:45 +0000 (0:00:00.303) 0:00:51.130 ******
changed: [sut] => {
"changed": true,
"path": "/etc/pki/tls/certs/monger-cockpit.crt",
"state": "absent"
}
TASK [test - clean up generated private key] ***********************************
Wednesday 31 August 2022 15:08:45 +0000 (0:00:00.267) 0:00:51.397 ******
changed: [sut] => {
"changed": true,
"path": "/etc/pki/tls/private/monger-cockpit.key",
"state": "absent"
}
TASK [test - clean up copied certificate] **************************************
Wednesday 31 August 2022 15:08:45 +0000 (0:00:00.265) 0:00:51.663 ******
changed: [sut] => {
"changed": true,
"path": "/etc/cockpit/ws-certs.d/monger-cockpit.cert",
"state": "absent"
}
TASK [test - generic cleanup] **************************************************
Wednesday 31 August 2022 15:08:46 +0000 (0:00:00.261) 0:00:51.925 ******
included: /WORKDIR/dist-git-cockpit-port-selinux-2ewFut/tests/tasks/cleanup.yml for sut
TASK [cleanup - packages] ******************************************************
Wednesday 31 August 2022 15:08:46 +0000 (0:00:00.042) 0:00:51.967 ******
changed: [sut] => {
"changed": true,
"rc": 0,
"results": [
"Removed: cockpit-bridge-273-2.el8.x86_64",
"Removed: cockpit-system-273-2.el8.noarch",
"Removed: cockpit-ws-273-2.el8.x86_64"
]
}
TASK [cleanup - find certificates] *********************************************
Wednesday 31 August 2022 15:09:06 +0000 (0:00:20.656) 0:01:12.624 ******
ok: [sut] => {
"changed": false,
"examined": 0,
"files": [],
"matched": 0,
"skipped_paths": {
"/etc/cockpit/ws-certs.d/": "'/etc/cockpit/ws-certs.d/' is not a directory"
}
}
MSG:
Not all paths examined, check warnings for details
TASK [cleanup - certificates] **************************************************
Wednesday 31 August 2022 15:09:07 +0000 (0:00:00.417) 0:01:13.042 ******
TASK [cleanup - config file] ***************************************************
Wednesday 31 August 2022 15:09:07 +0000 (0:00:00.030) 0:01:13.073 ******
ok: [sut] => {
"changed": false,
"path": "/etc/cockpit/cockpit.conf",
"state": "absent"
}
TASK [cleanup - port customization] ********************************************
Wednesday 31 August 2022 15:09:07 +0000 (0:00:00.263) 0:01:13.336 ******
ok: [sut] => {
"changed": false,
"path": "/etc/systemd/system/cockpit.socket.d/",
"state": "absent"
}
TASK [cleanup - reload systemd] ************************************************
Wednesday 31 August 2022 15:09:07 +0000 (0:00:00.264) 0:01:13.600 ******
ok: [sut] => {
"changed": false,
"name": null,
"status": {}
}
PLAY RECAP *********************************************************************
sut : ok=33 changed=13 unreachable=0 failed=0 skipped=11 rescued=0 ignored=0
Wednesday 31 August 2022 15:09:08 +0000 (0:00:00.633) 0:01:14.234 ******
===============================================================================
linux-system-roles.cockpit : Ensure Cockpit Web Console packages are installed. -- 34.89s
cleanup - packages ----------------------------------------------------- 20.66s
linux-system-roles.certificate : Ensure provider packages are installed --- 3.61s
linux-system-roles.certificate : Ensure certificate role dependencies are installed --- 2.50s
Download current linux-system-roles.certificate ------------------------- 1.14s
linux-system-roles.cockpit : Ensure Cockpit Web Console is started/stopped and enabled/disabled --- 1.13s
Gathering Facts --------------------------------------------------------- 1.11s
linux-system-roles.certificate : Ensure provider service is running ----- 1.10s
linux-system-roles.certificate : Ensure certificate requests ------------ 0.92s
cleanup - reload systemd ------------------------------------------------ 0.63s
test - cockpit works with TLS and expected certificate ------------------ 0.49s
linux-system-roles.cockpit : Clean up port configuration file for undefined custom port --- 0.49s
linux-system-roles.cockpit : Ensure ansible_facts used by role ---------- 0.47s
linux-system-roles.certificate : Ensure ansible_facts used by role ------ 0.45s
Get PEM of certmonger's local CA ---------------------------------------- 0.44s
cleanup - find certificates --------------------------------------------- 0.42s
linux-system-roles.certificate : Ensure post-scripts hooks directory exists --- 0.34s
test - get certmonger tracking status ----------------------------------- 0.32s
linux-system-roles.certificate : Ensure pre-scripts hooks directory exists --- 0.31s
test - clean up tracked certificate ------------------------------------- 0.30s
---^---^---^---^---^---
# STDERR:
---v---v---v---v---v---
[DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names
to new standard, use callbacks_enabled instead. This feature will be removed
from ansible-core in version 2.15. Deprecation warnings can be disabled by
setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Skipped '/etc/cockpit/ws-certs.d/' path due to this access issue:
'/etc/cockpit/ws-certs.d/' is not a directory
---^---^---^---^---^---